Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
teamviewer_Px-yDq1.exe

Overview

General Information

Sample Name:teamviewer_Px-yDq1.exe
Analysis ID:1333246
MD5:e0cb873b4abc6e0650ebfcf9b7a328ff
SHA1:bacdeece4458ac1ee50cb505bd775588c4616b45
SHA256:3e6dd43ddc4d7f8b25bcfcefa639eb791e837325b92f137f61c1098ea11af0a8
Infos:

Detection

Score:44
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:36
Range:0 - 100

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes many files with high entropy
Writes a notice file (html or txt) to demand a ransom
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Drops certificate files (DER)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
query blbeacon for getting browser version
EXE planting / hijacking vulnerabilities found
Drops files with a non-matching file extension (content does not match file extension)
Adds / modifies Windows certificates
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Registers a DLL
HTML page contains hidden URLs or javascript code
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Deletes files inside the Windows folder
Contains functionality to shutdown / reboot the system
Creates files inside the system directory
PE file contains sections with non-standard names
Stores large binary data to the registry
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Searches the installation path of Mozilla Firefox
Enables debug privileges
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
Allocates memory with a write watch (potentially for evading sandboxes)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates or modifies windows services
Queries disk information (often used to detect virtual machines)

Classification

Process Tree

  • System is w10x64
  • teamviewer_Px-yDq1.exe (PID: 6884 cmdline: C:\Users\user\Desktop\teamviewer_Px-yDq1.exe MD5: E0CB873B4ABC6E0650EBFCF9B7A328FF)
    • teamviewer_Px-yDq1.tmp (PID: 6960 cmdline: "C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp" /SL5="$2042C,831488,831488,C:\Users\user\Desktop\teamviewer_Px-yDq1.exe" MD5: C2A9A21C0C0BD341958033EA11684FEA)
      • file_Px-yDq1.exe (PID: 6328 cmdline: "C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64 MD5: EE66976DF0A5C903F5A718ABF3E8AC85)
        • file_Px-yDq1.tmp (PID: 6392 cmdline: "C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp" /SL5="$2049E,1559708,780800,C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64 MD5: 4AFC5E8740E48A3A9DEF088703BF320F)
          • saBSI.exe (PID: 792 cmdline: "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: BB7CF61C4E671FF05649BDA83B85FA3D)
            • installer.exe (PID: 7744 cmdline: "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 58EB889F91B5133D5DB88612CA6E5887)
              • installer.exe (PID: 6328 cmdline: "C:\Program Files\McAfee\Temp1463644285\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 38F970B5919FA4F8174F559A91003924)
          • avg_antivirus_free_setup.exe (PID: 5468 cmdline: "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a MD5: 26816AF65F2A3F1C61FB44C682510C97)
            • avg_antivirus_free_online_setup.exe (PID: 1700 cmdline: "C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d MD5: 3817B172EA2CEF28D73F746A40F3B275)
              • icarus.exe (PID: 3804 cmdline: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d MD5: A87978C382EABC0165DB0C7EDC5797B2)
                • icarus.exe (PID: 6408 cmdline: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps MD5: 9A20D03282B552AAE11F3EBB5C6FE6EC)
                • icarus.exe (PID: 3940 cmdline: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av MD5: A87978C382EABC0165DB0C7EDC5797B2)
          • teamviewer.exe (PID: 6236 cmdline: "C:\Users\user\Downloads\teamviewer.exe" MD5: D9CC2F111B059473F9AAEA203B42104F)
            • TeamViewer_.exe (PID: 7576 cmdline: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" MD5: 2E185F8A6622BC3062254F6F195ACC81)
              • schtasks.exe (PID: 3736 cmdline: C:\Windows\system32\schtasks /Create /TN TVInstallRestore /TR "\"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe\" /RESTORE" /RU SYSTEM /SC ONLOGON /F MD5: 48C2FE20575769DE916F48EF0676A965)
                • conhost.exe (PID: 2692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • schtasks.exe (PID: 7772 cmdline: C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F MD5: 48C2FE20575769DE916F48EF0676A965)
                • conhost.exe (PID: 7824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • chrome.exe (PID: 2004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://download.it/?typ=1 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 3720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1848,i,17643070967775352318,13633463432469469210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • sc.exe (PID: 4308 cmdline: sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regsvr32.exe (PID: 6268 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 6184 cmdline: /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • sc.exe (PID: 6644 cmdline: sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 6596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regsvr32.exe (PID: 4320 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
        • sc.exe (PID: 6440 cmdline: sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 3484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regsvr32.exe (PID: 1780 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
          • regsvr32.exe (PID: 1456 cmdline: /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • sc.exe (PID: 1196 cmdline: sc.exe start "McAfee WebAdvisor" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 6404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • regsvr32.exe (PID: 6316 cmdline: regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
  • svchost.exe (PID: 3520 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • TeamViewer_.exe (PID: 7560 cmdline: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE MD5: 2E185F8A6622BC3062254F6F195ACC81)
    • schtasks.exe (PID: 2060 cmdline: C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • servicehost.exe (PID: 4248 cmdline: C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe MD5: 786DA7AE2B6CCFE4A6A15675EE687036)
    • uihost.exe (PID: 7612 cmdline: "C:\Program Files\McAfee\WebAdvisor\UIHost.exe" MD5: 12AC81D29928BF8B46E49A97AA9863C8)
    • cmd.exe (PID: 6528 cmdline: C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • updater.exe (PID: 8008 cmdline: "C:\Program Files\McAfee\WebAdvisor\updater.exe" MD5: 58F4650AC344EFBBD2F4D1EEE6076FC4)
      • cmd.exe (PID: 6560 cmdline: C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" ) MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 4924 cmdline: C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 6372 cmdline: C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\is-K6OSH.tmpAvira: detection malicious, Label: PUA/OfferCore.Gen
Multi AV Scanner detection for submitted file
Source: teamviewer_Px-yDq1.exeReversingLabs: Detection: 21%
Source: teamviewer_Px-yDq1.exeVirustotal: Detection: 25%Perma Link
Antivirus / Scanner detection for submitted sample
Source: teamviewer_Px-yDq1.exeAvira: detected
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_a0a779b3-6
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpEXE: C:\Users\user\Downloads\teamviewer.exeJump to behavior
Source: https://0c67c5932ebd9e761b8c1cb2313653a5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.htmlHTTP Parser: Base64 decoded: https://a.tribalfusion.com/i.match?p=b6&u=CAESEGhHD-_NAwxACZg5XX9NFM0&google_cver=1&google_push=AXcoOmTN-6MpGZ-nYcIn_RMkqLfQa_JDo351kpnoS0spM-jG77550cFsAJjg87etctgKdzSys-arRRCFL7NaWP-FxcxpsnVYtw4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%...
Source: https://0c67c5932ebd9e761b8c1cb2313653a5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.htmlHTTP Parser: No favicon
Source: https://0c67c5932ebd9e761b8c1cb2313653a5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.htmlHTTP Parser: No favicon
Source: https://0c67c5932ebd9e761b8c1cb2313653a5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.htmlHTTP Parser: No favicon
Source: https://0c67c5932ebd9e761b8c1cb2313653a5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.htmlHTTP Parser: No favicon
Source: https://securepubads.g.doubleclick.net/static/topics/topics_frame.htmlHTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/aframeHTTP Parser: No favicon

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpEXE: C:\Users\user\Downloads\teamviewer.exeJump to behavior
Uses 32bit PE files
Source: teamviewer_Px-yDq1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Found installer window with terms and condition text
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpWindow detected: HYPERLINK "https://cassinilabs.com/privacy-policy/" End User License AgreementHYPERLINK "https://cassinilabs.com/privacy-policy/" Privacy PolicyThis will download TeamViewer to your computer click "Next" to continue.Una soluzione efficace per realizzare...Welcome to TeamViewer Download Manager&NextCancel
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeWindow detected: Accept - next Welcome to TeamViewerRemote Support unattended access meetings and presentationsLicense Agreement: By continuing you agree to the terms of the license agreement.License Agreement:Default installationInstall and set up unattended access to this deviceRun only (one time use)Show advanced settingsHow do you want to proceed?
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-TW.txt
Creates a directory in C:\Program Files
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\analyticsmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\analyticstelemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\balloon_safe_annotation.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\browserhost.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\browserplugin.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\downloadscan.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\eventmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\icon_complete.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\icon_failed.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\icon_laptop.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jquery-1.9.0.min.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\l10n.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\logicmodule.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\logicscripts.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\lookupmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\main_close_large.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mcafeecerts.xml
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mcafee_pc_install_icon.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mcafee_pc_install_icon2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw-mwb.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw-nps.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw-webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\resource.dll
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\resourcedll.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\servicehost.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\settingmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\taskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\telemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\uihost.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\uimanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\uninstaller.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\updater.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-common.css
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-core.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-install.css
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-install.html
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-ui-install.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-utils.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wataskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_check.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_check2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_close.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_close2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_error.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_logo.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_logo2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\webadvisor.ico
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wssdep.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-TW.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-zh-TW.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\resource.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor.ico
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\uihost.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\win32\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\updater.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\x64\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\browserhost.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\aj_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\edge_onboarding.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\usage_calculation.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\affid_monitor.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wps.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wss.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor_v2.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\reset_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\allow.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow-right.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\card_bg_image.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\celebration_white_bg_color.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\telemetry.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_wa.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-wa-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_0.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_3.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_ext_on_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_off.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_on.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_1_3.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-bg.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_increase_bg_left.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg_v2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_good.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_red.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_yellow.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop-features.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\edge_search_events.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\chrome_extension_push_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new_tab_main_logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\overlay_ui_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\toast_impact_close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast-bing.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-danger.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-wss.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js
Creates install or setup log file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\TeamViewer\TV15Install.log
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\RollbackTemp\TV15Install.log
PE / OLE file has a valid certificate
Source: teamviewer_Px-yDq1.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: teamviewer_Px-yDq1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\linoy\Documents\GitHub\zbShield-Utils-CPP\zbShieldUtils\bin\Release\Helper.pdb source: file_Px-yDq1.tmp, 00000003.00000003.2133607807.00000000075C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb, source: installer.exe, 00000015.00000002.2755914555.00007FF7C0E6B000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_w32exe.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\TVWorkspace\teamviewer\Installer\plugins\CustomerData\Release_Unicode\CustomerTools.pdb source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_x64exe.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb/ source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\DriverBuild\Drivers\Win\DeviceRedirection\bin\x64\Release\TeamViewer_VirtualDeviceDriver.pdb source: TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 0000000A.00000000.2066592502.0000000000A43000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win\Release\WriteDump.pdba source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_w32exe.pdbU source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb source: installer.exe, 00000015.00000002.2755914555.00007FF7C0E6B000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000000.2084104655.0000000000DA1000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_x64dll.pdb source: TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\TVWorkspace\teamviewer\Installer\plugins\CustomerData\Release_Unicode\CustomerTools.pdb{ source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win\FULL\Release\TeamViewer_Desktop.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.00000000093CF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\DriverBuild\Drivers\RemotePrintingDriver\Win\XPSDriverFilter\Build\XPSFilter\x64\Release\TeamViewer_XPSDriverFilter.pdb source: TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: t:\untgz\Joel_plugins_src\dialogsEx\dialogs\Release\dialogsEx.pdb source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\8275ee1af8aecc7e\wxwidgets\projects\x64\lib\vc_x64_dll\wxmsw315u_core_vc.pdb source: icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win\Release\WriteDump.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_x64exe.pdbR source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmpJump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_00405FFD FindFirstFileA,FindClose,12_2_00405FFD
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,12_2_0040559B
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_00402688 FindFirstFileA,12_2_00402688
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,16_2_0040596F
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_004064C1 FindFirstFileW,FindClose,16_2_004064C1
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_004027FB FindFirstFileW,16_2_004027FB
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,19_2_0040596F
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_004064C1 FindFirstFileW,FindClose,19_2_004064C1
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_004027FB FindFirstFileW,19_2_004027FB
Source: Joe Sandbox ViewIP Address: 104.18.25.173 104.18.25.173
Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
Source: Joe Sandbox ViewIP Address: 104.18.24.173 104.18.24.173
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0Content-Encodingdeflate
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2291307626.000000000561C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2262931475.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2264019181.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501528318.00000000072C0000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2291307626.000000000561C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cert.ssl.com/DTNT-Intermediate-codeSigning-RSA-4096-R2.cer0Q
Source: regsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2291307626.000000000561C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2262931475.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2264019181.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501528318.00000000072C0000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501528318.00000000072C0000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/DTNT-Intermediate-codeSigning-RSA-4096-R2.crl0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSL.com-Enterprise-Intermediate-codeSigning-RSA-4096-R1.crl0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002468000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000847000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000084C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007CB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dl.jalecdn.com/IT/teamviewer.exe
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000080C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.0000000000808000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dl.jalecdn.com/IT/teamviewer.exession
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B224D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 0000000A.00000000.2066592502.0000000000A43000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jimmac.musichall.cz
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: teamviewer.exe, teamviewer.exe, 0000000C.00000000.2111586882.0000000000409000.00000008.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: teamviewer.exe, 0000000C.00000000.2111586882.0000000000409000.00000008.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, TeamViewer_.exe, 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501528318.00000000072C0000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2291307626.000000000561C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2291307626.000000000561C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2262931475.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2264019181.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2282119529.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294238986.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289262227.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2295349834.000000000526C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296354233.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2281966470.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2294351526.000000000526B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2296269629.000000000526B000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2084491218.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2686145349.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2687328679.0000000005376000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2071890612.000000000530D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2084491218.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2686145349.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2687328679.0000000005376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi$
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2084491218.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2686145349.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2687328679.0000000005376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi/
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2685529309.000000000530D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2071890612.0000000005322000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501528318.00000000072C0000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1783076889.00000000022D2000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1655816568.0000000002640000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1780757285.0000000002523000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1661799059.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.0000000002348000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007586000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fdos.org/win32/nsis.
Source: icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gimp.orgg
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2687328679.0000000005376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2084491218.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2686145349.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2687328679.0000000005376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/C
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2685529309.000000000530D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: saBSI.exe, 00000009.00000003.2289674671.0000000005522000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005267000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/SSL.com-Enterprise-Intermediate-codeSigning-RSA-4096-R1.crt0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
Source: teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000003.2138794289.00000000029B9000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501528318.00000000072C0000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teamviewer.com
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teamviewer.com/link/?url=271351
Source: TeamViewer_.exe, 00000010.00000003.2507152637.00000000087D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teamviewer.com/printschema/2018
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDlltimeZoneUTCdateStyletimeStyle
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/privacy
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/privacy)
Source: TeamViewer_.exe, 00000010.00000003.2163003743.0000000006D00000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2236526797.0000000006E70000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2165932546.0000000006D00000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2606009645.0000000000782000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2236105153.0000000006E70000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2601874246.0000000000782000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpString found in binary or memory: https://aka.ms/privacy.
Source: TeamViewer_.exe, 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpString found in binary or memory: https://aka.ms/privacy.Error:
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/privacy.TeamViewer
Source: saBSI.exe, 00000009.00000003.2105113721.0000000000A42000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2110622930.0000000000A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.m
Source: saBSI.exe, 00000009.00000003.2089684422.0000000000A21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordS9
Source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2267472747.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2233925092.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2102452563.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2171834940.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2116197831.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2288531593.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2256465464.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2288531593.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/C
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2171378026.0000000005691000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000000.2084104655.0000000000DA1000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25installSending
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: file_Px-yDq1.tmp, 00000003.00000003.1785614157.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cassinilabs.com/privacy-policy/
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cassinilabs.com/privacy-policy/ent=true&oc=
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: file_Px-yDq1.tmp, 00000003.00000003.1771898549.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1829344246.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1785614157.00000000054BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.download.it/
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000081B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000847000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000084C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000822000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.download.it/gen/teamviewer-100x100.png
Source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://client.teamviewer.com/uninstall/index.aspx?source=uninstallation&ID=
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: TeamViewer_.exe, 00000010.00000003.2481883034.00000000093CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://configdl.teamviewer.com/configs/https://configdl.teamviewer.com/rev/https://configdl-test.te
Source: file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f
Source: file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/AVG/images/09052021/EN.png
Source: file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/AVG/images/09052021/EN.pnggf&ug
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.00000000023E8000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000754B000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/AVG_AV/files/1319/avg.zip
Source: file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi
Source: file_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000754B000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/AVG_AV/files/1319/avg.zipi
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.0000000000857000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2040056768.00000000054D8000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165515889.0000000000857000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2040056768.0000000005506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/files/1248/saBSI.zip
Source: file_Px-yDq1.tmp, 00000003.00000003.2065675635.0000000005591000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065221435.0000000005599000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/files/1248/saBSI.zip$
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/files/1248/saBSI.zipb4
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.0000000000857000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165515889.0000000000857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/files/1248/saBSI.zipera_.T
Source: file_Px-yDq1.tmp, 00000003.00000003.2040056768.00000000054D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/files/1248/saBSI.zipn&
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2040056768.00000000054D8000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/images/943/EN.png
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/images/943/EN.pngf28b4
Source: file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007470000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/o
Source: file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d1i3c1dyhuowa7.cloudfront.net/zbd
Source: teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d2nko69k18f2wb.cloudfront.net/
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1655816568.0000000002640000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1783076889.0000000002339000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1780757285.0000000002523000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1779830086.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.00000000038CB000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1779830086.0000000000A00000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1780757285.00000000025AC000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1779830086.0000000000A2A000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1661799059.00000000035D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2nko69k18f2wb.cloudfront.net/installer/737209/825485955765064
Source: teamviewer_Px-yDq1.tmp, 00000001.00000002.1780757285.0000000002599000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d2nko69k18f2wb.cloudfront.net/installer/737209/825485955765064fString;
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1%
Source: file_Px-yDq1.tmp, 00000003.00000002.2205164792.0000000005506000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141439746.0000000005506000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1(
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1-
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=10QSf
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=15
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1HR
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1R
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1R#g
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1T
Source: file_Px-yDq1.tmp, 00000003.00000003.2118293689.0000000006E7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1ca
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1ln
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it/?typ=1m
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000748A000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201100444.0000000000788000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000847000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it?typ=1
Source: file_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000748A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.it?typ=1Q
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.it?typ=1ows
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B22C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2272000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B22C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B22A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2131977592.00000241B2307000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B22C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns-legacy.sb.avast.com
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eula
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2685529309.000000000530D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2071890612.000000000530D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2071591792.0000000005327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2071591792.0000000005327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exea
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/1de6/62d6/a416/1de662d6a41687462bc259fb9e3ba374edf79947739ce997d3e
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2171834940.0000000002EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/4246/af29/4055/4246af29405597481f4d3e6f1e55cf71175e7762e69f97a3470
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2116197831.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/7794/cf36/a622/7794cf36a6228135bef6581458eeb15d420159596fe2f0ea629
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2171834940.0000000002EE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/ac47/c136/e574/ac47c136e574da442ad0961667930a5076c3082f98e0edcb8fb
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/ed05/1b68/0240/ed051b68024077e7b870548a54887574ecfefa3b18159fc2ab8
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f376/e9af/363d/f376e9af363d39e60246c7dce9c8c9accb7da5dc8d23e548617
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f3d4/1563/ef59/f3d41563ef598f824db6dce8e182b3110696c20a868329c5bd8
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: teamviewer_Px-yDq1.exe, 00000000.00000000.1655149734.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B22C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000E.00000003.2131977592.00000241B2272000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000836000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000081B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies2
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.643/updatefile.json
Source: saBSI.exe, 00000009.00000003.2124587174.0000000000AA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.m
Source: saBSI.exe, 00000009.00000003.2110622930.0000000000A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000009.00000003.2124587174.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2130793543.0000000000AA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000009.00000003.2129611785.0000000005220000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121470160.0000000005220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000009.00000003.2124587174.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2130793543.0000000000AA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml
Source: saBSI.exe, 00000009.00000003.2129611785.0000000005220000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121470160.0000000005220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml/
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, 00000009.00000003.2105113721.0000000000A42000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmp, saBSI.exe, 00000009.00000003.2110622930.0000000000A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000009.00000003.2110622930.0000000000A42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xmllEK
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonff_ext_update_url_PROXY_SYST
Source: saBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/846/
Source: saBSI.exe, 00000009.00000003.2262931475.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2264019181.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2262258407.0000000000AA9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/846/64/installer.exeexem_
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000009.00000003.2206644684.0000000005276000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2261844825.0000000005276000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updater
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2234801176.00000000057B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.ff.avast.com
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2285191917.00000000056B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.ff.avast.comhttp://honzik.avcdn.net/settings_mgr::get_bundle_guid()
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000081B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.comhttps://hns-legacy.sb.avast.comhttps://submit.sb.avast.comhttps://virusl
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/license/
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.360totalsecurity.com/en/privacy/
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-prod
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-productsrg
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en
Source: file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007536000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065675635.0000000005591000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2164369874.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141566314.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065221435.0000000005599000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000081B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulaR
Source: file_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000756F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/priv
Source: file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007536000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002416000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2164369874.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141566314.00000000055A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: file_Px-yDq1.tmp, 00000003.00000003.2065675635.0000000005591000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065221435.0000000005599000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/p
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.c1
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/t
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/te/
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/ter
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/term
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms$
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.E
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-_
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-g
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.A
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.h
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.ht
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.htm
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.html
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.html/privacy-policy/79-8B2BC0F020CA
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/content/terms.en-gb.htmlcg
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.eR
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.htm.
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?t
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=d
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=do
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docAg
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/p
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/priv
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privac
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privacy-
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privacy-p
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privacy-po
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privacy-polH
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privacy-policy/
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpl=docs/privacy-policy/dd
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000085C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/general.en.html?tmpo
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000551C000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000018.00000003.2508231372.0000019039AB6000.00000004.00000020.00020000.00000000.sdmp, servicehost.exe, 0000002B.00000003.2715956637.0000019954840000.00000004.00000020.00020000.00000000.sdmp, uihost.exe, 0000002D.00000003.2757329015.000002BA5D53A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002780000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000000.1659427649.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file_Px-yDq1.exe, 00000002.00000003.1729691451.000000007FCE4000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.1726169486.0000000002958000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000000.1732298506.0000000000575000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.innosetup.com/
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html0
Source: file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmle42cb54996d9bf28b4nOPzD9C77LA6CXbKiz8a
Source: file_Px-yDq1.tmp, 00000003.00000003.1771898549.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1829344246.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2208102549.0000000006E76000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2118293689.0000000006E73000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204263596.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1785614157.00000000054BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlx
Source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmp, regsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: regsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html8
Source: regsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmlS
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.00000000007F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/a
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.co
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers1
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1n
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v~
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002780000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000000.1659427649.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file_Px-yDq1.exe, 00000002.00000003.1729691451.000000007FCE4000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.1726169486.0000000002958000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000000.1732298506.0000000000575000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ssl.com/repository0
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/de/dpa-annex/
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/de/dpa-annex/#annex-2
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/de/dpa-annex/#annex-3
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/en/dpa-annex/#annex-1
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/en/dpa-annex/#annex-2
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/en/dpa-annex/#annex-3
Source: TeamViewer_.exe, 00000010.00000003.2334600804.00000000087D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/en/eula/
Source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.teamviewer.com/link/?url=271878Hinweis
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/eula.html
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/eula.htmlm
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.winzip.com/win/en/privacy.html
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_00405050 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,12_2_00405050
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_a4356b5b-d
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewer_VirtualDeviceDriver.catJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\teamviewer_xpsdriverfilter.catJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\teamviewervpn.catJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\teamviewervpn.catJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\tvmonitor.catJump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\Downloads\teamviewer.exe entropy: 7.9933049737Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe entropy: 7.99261107729Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\4573d21f-2216-498f-b102-4ffd1d936bd5 entropy: 7.9999157529Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\a12b761c-8740-40b5-9833-826bc4bc41ab entropy: 7.99995168182Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\f5f4d95f-8007-4f23-b0bf-1e0596f9ae86 entropy: 7.99962117313Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\468fef76-f5e5-4065-8dd1-90c0812fa466 entropy: 7.99986670566Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\39c2fa3e-f823-4454-a605-dbcf48949c0f entropy: 7.99864990699Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\setupui.cont entropy: 7.99945960987Jump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\651b0b1e-94f1-44e1-91fd-e39dafaab7eb entropy: 7.99936819868Jump to dropped file
Source: C:\Users\user\Downloads\teamviewer.exeFile created: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe entropy: 7.99794260412Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tvfiles.7z entropy: 7.9999947809Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tvfilesx64.7z entropy: 7.99938803123Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tvfiles_printer_WithPDFSupport_x64.7z entropy: 7.99953353808Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe entropy: 7.99794260412Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\setupui.cont entropy: 7.99945960987Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_product.dll.lzma entropy: 7.99989642885Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_rvrt.exe.lzma entropy: 7.99377130708Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\aswOfferTool.exe.lzma entropy: 7.99978706309Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe.lzma entropy: 7.9999178993Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_product.dll.lzma entropy: 7.99943192939Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99377130708Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\dump_process.exe.lzma entropy: 7.99958464338Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\bug_report.exe.lzma entropy: 7.99985206343Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\downloadscan.cab entropy: 7.99976400125Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\eventmanager.cab entropy: 7.99956598882Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\logicmodule.cab entropy: 7.99960093777Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\lookupmanager.cab entropy: 7.99852985626Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\mfw-webadvisor.cab entropy: 7.99735105928Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\mfw.cab entropy: 7.99508058214Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\servicehost.cab entropy: 7.99608701279Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\settingmanager.cab entropy: 7.9994274548Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\taskmanager.cab entropy: 7.99954412419Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\uihost.cab entropy: 7.99651369261Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\uimanager.cab entropy: 7.99959504638Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\uninstaller.cab entropy: 7.99935092903Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\updater.cab entropy: 7.99930681513Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\wataskmanager.cab entropy: 7.99983539171Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\wssdep.cab entropy: 7.99865937314Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\analyticsmanager.cab entropy: 7.99961438969Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\browserhost.cab entropy: 7.99953579752Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\browserplugin.cab entropy: 7.99922249191Jump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi entropy: 7.99707344308Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\proximanova-bold.otf.ipending.4ab6c68a.lzma entropy: 7.99712136803Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\proximanova-light.otf.ipending.4ab6c68a.lzma entropy: 7.99666325181Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\proximanova-regular.otf.ipending.4ab6c68a.lzma entropy: 7.99679210304Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Bold.ttf.ipending.4ab6c68a.lzma entropy: 7.99701168768Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Regular.ttf.ipending.4ab6c68a.lzma entropy: 7.99684634931Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.4ab6c68a.lzma entropy: 7.99899868764Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.4ab6c68a.lzma entropy: 7.99915880061Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.4ab6c68a.lzma entropy: 7.99918959678Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.4ab6c68a.lzma entropy: 7.99943239748Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.4ab6c68a.lzma entropy: 7.99903381697Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.4ab6c68a.lzma entropy: 7.99980955527Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.4ab6c68a.lzma entropy: 7.99164485218Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.4ab6c68a.lzma entropy: 7.99725178325Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.4ab6c68a.lzma entropy: 7.998938028Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.4ab6c68a.lzma entropy: 7.99898939951Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Bold.ttf.ipending.4ab6c68a.lzma entropy: 7.9977231274Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Italic.ttf.ipending.4ab6c68a.lzma entropy: 7.99720058116Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Light.ttf.ipending.4ab6c68a.lzma entropy: 7.99704619052Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Regular.ttf.ipending.4ab6c68a.lzma entropy: 7.9974162603Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.4ab6c68a.lzma entropy: 7.99656545214Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.4ab6c68a.lzma entropy: 7.99033791586Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.4ab6c68a.lzma entropy: 7.99823442036Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.4ab6c68a.lzma entropy: 7.99957799233Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.4ab6c68a.lzma entropy: 7.99942062624Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.4ab6c68a.lzma entropy: 7.99678854255Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.4ab6c68a.lzma entropy: 7.9998103104Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.4ab6c68a.lzma entropy: 7.99980484409Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.4ab6c68a.lzma entropy: 7.99978269742Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.4ab6c68a.lzma entropy: 7.99993066527Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.4ab6c68a.lzma entropy: 7.99874129129Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.4ab6c68a.lzma entropy: 7.99830235989Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.4ab6c68a.lzma entropy: 7.99874895684Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.4ab6c68a.lzma entropy: 7.99944350491Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\asulaunch.exe.ipending.4ab6c68a.lzma entropy: 7.99241431934Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.4ab6c68a.lzma entropy: 7.9933860121Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.4ab6c68a.lzma entropy: 7.99870673233Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.4ab6c68a.lzma entropy: 7.99934780435Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.4ab6c68a.lzma entropy: 7.99993200222Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.4ab6c68a.lzma entropy: 7.99431952794Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.4ab6c68a.lzma entropy: 7.99971517323Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.4ab6c68a.lzma entropy: 7.99970096275Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.4ab6c68a.lzma entropy: 7.99812117138Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.4ab6c68a.lzma entropy: 7.99974685749Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.4ab6c68a.lzma entropy: 7.99993700166Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\TuneupSmartScan.dll.ipending.4ab6c68a.lzma entropy: 7.99994425733Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.4ab6c68a.lzma entropy: 7.99920068603Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.4ab6c68a.lzma entropy: 7.99879619001Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ipending.4ab6c68a.lzma entropy: 7.99962684812Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.4ab6c68a.lzma entropy: 7.99901790467Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.4ab6c68a.lzma entropy: 7.99935625725Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.4ab6c68a.lzma entropy: 7.99911750628Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ipending.4ab6c68a entropy: 7.9996461815Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.4ab6c68a.lzma entropy: 7.9999406041Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.4ab6c68a.lzma entropy: 7.99982099248Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.4ab6c68a.lzma entropy: 7.9995486209Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.4ab6c68a.lzma entropy: 7.99705064162Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.4ab6c68a.lzma entropy: 7.99919166662Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Licenses\EULA.txt.ipending.4ab6c68a.lzma entropy: 7.99191450393Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.4ab6c68a.lzma entropy: 7.99889831688Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.4ab6c68a.lzma entropy: 7.9980191868Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.4ab6c68a.lzma entropy: 7.99927868492Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.4ab6c68a.lzma entropy: 7.99996794478Jump to dropped file
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile dropped: C:\Program Files (x86)\TeamViewer\TVExtractTemp\eula-en.html -> encrypted connections (handshake) and for the forwarding of data packets (routing) in connection with the use of the software (<strong>server services</strong>), as well as (iii) any further cloud-based services provided by teamviewer. the software, server services and other cloud-based services provided by teamviewer are hereinafter collectively referred to as <strong>services</strong>.</p><h3>c. hardware specific terms</h3><p>the hardware specific terms contain the terms and conditions that additionally apply to your purchase and/or lease of physical goods, including smart glasses, iot devices or similar items (<strong>hardware</strong>).</p><h3>d. product specific terms</h3><p>the product specific terms contain the terms and conditions that additionally apply to your use and purchase of certain teamviewer products described in this section (each, a <strong>product</strong>). the product specific terms include various links to the description of features, limits of use and syJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile dropped: C:\Program Files\McAfee\Temp1463644285\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will notJump to dropped file
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_0040634412_2_00406344
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_0040488F12_2_0040488F
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_0040684616_2_00406846
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_00404C5916_2_00404C59
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_0040684619_2_00406846
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_00404C5919_2_00404C59
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeSection loaded: icuuc.dll
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeSection loaded: icuin.dll
Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
Source: teamviewer_Px-yDq1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile deleted: C:\Windows\Temp\nsx8CFB.tmp
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,12_2_004030D9
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,16_2_004033B6
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,19_2_004033B6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_2004_1679536864
Source: teamviewer_Px-yDq1.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: file_Px-yDq1.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.9.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 27965291 bytes, 132 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 975 datablocks, 0x1 compression
Source: TeamViewer_Resource_ar.dll.16.drStatic PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
Source: TeamViewer_Resource_cs.dll.16.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: TeamViewer_Resource_de.dll.16.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE ECOFF executable not stripped - version 0.101
Source: TeamViewer_Resource_el.dll.16.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: TeamViewer_Resource_el.dll.16.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
Source: TeamViewer_Resource_es.dll.16.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.100
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory
Source: TeamViewer_Resource_cs.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_bg.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_en.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_ar.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_fi.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_de.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_da.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_es.dll.16.drStatic PE information: No import functions for PE file found
Source: TeamViewer_Resource_el.dll.16.drStatic PE information: No import functions for PE file found
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1783076889.0000000002368000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs teamviewer_Px-yDq1.exe
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs teamviewer_Px-yDq1.exe
Source: teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs teamviewer_Px-yDq1.exe
Source: teamviewer_Px-yDq1.exe, 00000000.00000000.1655326758.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs teamviewer_Px-yDq1.exe
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: classification engineClassification label: mal44.rans.spyw.evad.winEXE@102/1990@0/85
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: teamviewer_Px-yDq1.exeReversingLabs: Detection: 21%
Source: teamviewer_Px-yDq1.exeVirustotal: Detection: 25%
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeFile read: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeJump to behavior
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\teamviewer_Px-yDq1.exe C:\Users\user\Desktop\teamviewer_Px-yDq1.exe
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp "C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp" /SL5="$2042C,831488,831488,C:\Users\user\Desktop\teamviewer_Px-yDq1.exe"
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe "C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp "C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp" /SL5="$2049E,1559708,780800,C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\Downloads\teamviewer.exe "C:\Users\user\Downloads\teamviewer.exe"
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://download.it/?typ=1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1848,i,17643070967775352318,13633463432469469210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Downloads\teamviewer.exeProcess created: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Create /TN TVInstallRestore /TR "\"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe\" /RESTORE" /RU SYSTEM /SC ONLOGON /F
Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1463644285\installer.exe "C:\Program Files\McAfee\Temp1463644285\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\sc.exe sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\sc.exe sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\sc.exe sc.exe start "McAfee WebAdvisor"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
Source: unknownProcess created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Program Files\McAfee\WebAdvisor\uihost.exe "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Program Files\McAfee\WebAdvisor\updater.exe "C:\Program Files\McAfee\WebAdvisor\updater.exe"
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp "C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp" /SL5="$2042C,831488,831488,C:\Users\user\Desktop\teamviewer_Px-yDq1.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe "C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp "C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp" /SL5="$2049E,1559708,780800,C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8aJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\Downloads\teamviewer.exe "C:\Users\user\Downloads\teamviewer.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://download.it/?typ=1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8dJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8dJump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeProcess created: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1848,i,17643070967775352318,13633463432469469210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Create /TN TVInstallRestore /TR "\"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe\" /RESTORE" /RU SYSTEM /SC ONLOGON /F
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp1463644285\installer.exe "C:\Program Files\McAfee\Temp1463644285\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\sc.exe sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\sc.exe sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\sc.exe sc.exe start "McAfee WebAdvisor"
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Program Files\McAfee\WebAdvisor\uihost.exe "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Program Files\McAfee\WebAdvisor\updater.exe "C:\Program Files\McAfee\WebAdvisor\updater.exe"
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_004030D9 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,12_2_004030D9
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,16_2_004033B6
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_004033B6 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,19_2_004033B6
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : select Architecture from Win32_processor where Architecture=5 or Architecture=12
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : select Architecture from Win32_processor where Architecture=5 or Architecture=12
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%klekeajafkkpokaofllcadenjdckhinm%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%fheoggkfdfchfphceeifdbepaooicaho%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%fheoggkfdfchfphceeifdbepaooicaho%&apos;
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select * from Win32_Process where name=&apos;browserhost.exe&apos; and SessionId=1 and commandline like &apos;%fdhgeoginicibhagdmblfikbgbkahibd%&apos;
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeFile created: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmpJump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_0040205E CoCreateInstance,MultiByteToWideChar,12_2_0040205E
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_0040431C GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,12_2_0040431C
Source: TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2692:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6596:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4092:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5160:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{0e71c6a0-3828-42ba-8e37-07180bcc1157}suy
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5580:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMutant created: \BaseNamedObjects\AnalyticsManager_CAD0E02E86CD4436B6318C111B9092AC
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeMutant created: \Sessions\1\BaseNamedObjects\TeamViewer_Win32_Instance_Mutex
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpMutant created: \Sessions\1\BaseNamedObjects\{0e71c6a0-3828-42ba-8e37-07180bcc1157}suy
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6404:120:WilError_03
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Local\6f1e49a956ffe67ae2fe2842450062e4
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3484:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpMutant created: \Sessions\1\BaseNamedObjects\{1f6554c2-d7a7-40d9-b3be-1de5d37df66d}Installer
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1704:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7824:120:WilError_03
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\b12d5ea496202aba4bdb4c138fbf1eef
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{1f6554c2-d7a7-40d9-b3be-1de5d37df66d}Installer
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\f8b3beaa1c9011dcf183dd3c29f0b5e1
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\86169859e72c61a77bef27f70ed64b49
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Local\86169859e72c61a77bef27f70ed64b49
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5684:120:WilError_03
Source: installer.exeString found in binary or memory: wa-install.css
Source: installer.exeString found in binary or memory: wa-ui-install.js
Source: installer.exeString found in binary or memory: wa-install.html
Source: installer.exeString found in binary or memory: jslang\wa-res-install-cs-CZ.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-es-ES.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-en-US.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-el-GR.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-de-DE.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-da-DK.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-hu-HU.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-hr-HR.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-fr-FR.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-fr-CA.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-fi-FI.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-es-MX.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-nl-NL.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-nb-NO.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-ko-KR.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-ja-JP.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-it-IT.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-sr-Latn-CS.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-sk-SK.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-ru-RU.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-pt-PT.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-pt-BR.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-pl-PL.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-zh-TW.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-zh-CN.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-tr-TR.js
Source: installer.exeString found in binary or memory: jslang\wa-res-install-sv-SE.js
Source: C:\Users\user\Downloads\teamviewer.exeFile written: C:\Users\user\AppData\Local\Temp\TeamViewer\tvinfo.ini
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpAutomated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpAutomated click: Run
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeAutomated click: Accept - next
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpWindow detected: HYPERLINK "https://cassinilabs.com/privacy-policy/" End User License AgreementHYPERLINK "https://cassinilabs.com/privacy-policy/" Privacy PolicyThis will download TeamViewer to your computer click "Next" to continue.Una soluzione efficace per realizzare...Welcome to TeamViewer Download Manager&NextCancel
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeWindow detected: Accept - next Welcome to TeamViewerRemote Support unattended access meetings and presentationsLicense Agreement: By continuing you agree to the terms of the license agreement.License Agreement:Default installationInstall and set up unattended access to this deviceRun only (one time use)Show advanced settingsHow do you want to proceed?
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Office\24.0\Outlook
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\analyticsmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\analyticstelemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\balloon_safe_annotation.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\browserhost.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\browserplugin.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\downloadscan.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\eventmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\icon_complete.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\icon_failed.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\icon_laptop.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\installer.exe
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jquery-1.9.0.min.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\l10n.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\logicmodule.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\logicscripts.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\lookupmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\main_close_large.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mcafeecerts.xml
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mcafee_pc_install_icon.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mcafee_pc_install_icon2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw-mwb.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw-nps.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw-webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\mfw.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\resource.dll
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\resourcedll.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\servicehost.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\settingmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\taskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\telemetry.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\uihost.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\uimanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\uninstaller.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\updater.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-common.css
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-core.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-install.css
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-install.html
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-ui-install.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa-utils.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wataskmanager.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_check.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_check2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_close.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_close2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_install_error.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_logo.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wa_logo2.png
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\webadvisor.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\webadvisor.ico
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\wssdep.cab
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-TW.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-zh-TW.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-cs-CZ.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-da-DK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-de-DE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-el-GR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-en-US.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-es-ES.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-es-MX.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fi-FI.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fr-CA.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fr-FR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-hr-HR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-hu-HU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-it-IT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ja-JP.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ko-KR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-nb-NO.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-nl-NL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pl-PL.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pt-BR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pt-PT.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ru-RU.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sk-SK.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sr-Latn-CS.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sv-SE.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-tr-TR.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-zh-CN.js
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeDirectory created: C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\resource.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor.ico
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\uihost.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\win32\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\updater.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\x64\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\browserhost.exe
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\aj_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\edge_onboarding.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\usage_calculation.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\affid_monitor.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wps.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wss.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor_v2.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\reset_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\allow.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow-right.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\card_bg_image.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\celebration_white_bg_color.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\telemetry.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_wa.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-wa-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_0.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_3.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_ext_on_guide.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_off.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_on.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_1_3.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step1.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-bg.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_increase_bg_left.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg_v2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_good.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_red.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_yellow.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop-features.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\edge_search_events.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\chrome_extension_push_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new_tab_main_logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\overlay_ui_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\toast_impact_close.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-CN.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-TW.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-cs-CZ.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-de-DE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-el-GR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-MX.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-FR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ja-JP.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ko-KR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nb-NO.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nl-NL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pl-PL.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast-bing.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-BR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-danger.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ru-RU.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sk-SK.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sr-Latn-CS.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-wss.png
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sv-SE.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.css
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.html
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDirectory created: C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js
Source: teamviewer_Px-yDq1.exeStatic file information: File size 1742072 > 1048576
Source: teamviewer_Px-yDq1.exeStatic PE information: certificate valid
Source: teamviewer_Px-yDq1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\linoy\Documents\GitHub\zbShield-Utils-CPP\zbShieldUtils\bin\Release\Helper.pdb source: file_Px-yDq1.tmp, 00000003.00000003.2133607807.00000000075C0000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb, source: installer.exe, 00000015.00000002.2755914555.00007FF7C0E6B000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_w32exe.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\TVWorkspace\teamviewer\Installer\plugins\CustomerData\Release_Unicode\CustomerTools.pdb source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_x64exe.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb/ source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\DriverBuild\Drivers\Win\DeviceRedirection\bin\x64\Release\TeamViewer_VirtualDeviceDriver.pdb source: TeamViewer_.exe, 00000010.00000003.2501909420.0000000009140000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 0000000A.00000000.2066592502.0000000000A43000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win\Release\WriteDump.pdba source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_w32exe.pdbU source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\non_system\code\WebAdvisor-ISGIS\build\x64\Release\Installer.pdb source: installer.exe, 00000015.00000002.2755914555.00007FF7C0E6B000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000000.2084104655.0000000000DA1000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_x64dll.pdb source: TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\TVWorkspace\teamviewer\Installer\plugins\CustomerData\Release_Unicode\CustomerTools.pdb{ source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win\FULL\Release\TeamViewer_Desktop.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.00000000093CF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\DriverBuild\Drivers\RemotePrintingDriver\Win\XPSDriverFilter\Build\XPSFilter\x64\Release\TeamViewer_XPSDriverFilter.pdb source: TeamViewer_.exe, 00000010.00000003.2509541990.0000000008C96000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: t:\untgz\Joel_plugins_src\dialogsEx\dialogs\Release\dialogsEx.pdb source: TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\work\8275ee1af8aecc7e\wxwidgets\projects\x64\lib\vc_x64_dll\wxmsw315u_core_vc.pdb source: icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2120920976.00000000059A7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win\Release\WriteDump.pdb source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\WS\tv_prel_dcr\build_cmake_win_HOOKS\Release\tv_x64exe.pdbR source: TeamViewer_.exe, 00000010.00000003.2481883034.000000000A4B2000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
Source: teamviewer_Px-yDq1.exeStatic PE information: section name: .didata
Source: teamviewer_Px-yDq1.tmp.0.drStatic PE information: section name: .didata
Source: is-K6OSH.tmp.1.drStatic PE information: section name: .didata
Source: file_Px-yDq1.tmp.2.drStatic PE information: section name: .didata
Source: saBSI.exe.3.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.3.drStatic PE information: section name: .didat
Source: installer.exe.9.drStatic PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.10.drStatic PE information: section name: .didat
Source: icarus.exe.11.drStatic PE information: section name: .didat
Source: icarus.exe.11.drStatic PE information: section name: _RDATA
Source: icarus_ui.exe.11.drStatic PE information: section name: _RDATA
Source: dump_process.exe.11.drStatic PE information: section name: .didat
Source: dump_process.exe.11.drStatic PE information: section name: _RDATA
Source: bug_report.exe.11.drStatic PE information: section name: _RDATA
Source: TeamViewer.exe.16.drStatic PE information: section name: .didat
Source: TeamViewer.exe.16.drStatic PE information: section name: .rodata
Source: TeamViewer_Desktop.exe.16.drStatic PE information: section name: .orpc
Source: TeamViewer_Desktop.exe.16.drStatic PE information: section name: .didat
Source: TeamViewer_Desktop.exe.16.drStatic PE information: section name: .rodata
Source: TeamViewer_Note.exe.16.drStatic PE information: section name: .didat
Source: TeamViewer_Service.exe.16.drStatic PE information: section name: .didat
Source: tv_w32.exe.16.drStatic PE information: section name: .didat
Source: tv_x64.exe.16.drStatic PE information: section name: .didat
Source: tv_x64.exe.16.drStatic PE information: section name: _RDATA
Source: TeamViewerMeetingAddinShim64.dll.16.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\teamviewervpn.sy_Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\teamviewervpn.sy_Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TVMonitor.sy_Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\asulaunch.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\TuneupSmartScan.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_el.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\botva2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_de.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_zhTW.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ar.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Windows\Temp\nsv94CD.tmp\nsExec.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\linker.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_w32.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_x64.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\System.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Note.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\dump_process.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\TvGetVersion.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_da.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_hu.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_es.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\Downloads\teamviewer.exeFile created: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\TuneupSmartScan.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-12944.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\Helper.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_x64.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\lookupmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer.exeJump to dropped file
Source: C:\Users\user\Downloads\teamviewer.exeFile created: C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddIn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_pt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TVWebRTC.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewer_VirtualDeviceDriver.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\asulaunch.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Windows\Temp\nsv94CD.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_cs.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\Downloads\teamviewer.exeFile created: C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\TvGetVersion.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeFile created: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sv.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_bg.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Service.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\installer.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_tr.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\nsArray.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-12944.tmp\is-K6OSH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_hr.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_zhCN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_he.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\teamviewervpn.sy_Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\teamviewervpn.sy_Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Windows\Temp\nsv94CD.tmp\nsArray.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\Downloads\teamviewer.exeJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_nl.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_w32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\WriteDump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\resource.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_it.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\x64\TeamViewer_XPSDriverFilter.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\servicehost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_vi.dllJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\eventmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeFile created: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\wataskmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\ManagedAggregator.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_StaticRes.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_no.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_fr.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\uninstall.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\UserInfo.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ko.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\UAC.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_th.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-4L4VT.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_uk.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.4ab6c68aJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpFile created: (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\InstallOptions.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TVMonitor.sy_Jump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.4ab6c68aJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Windows\Temp\nsv94CD.tmp\System.dllJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Windows\Temp\nsv94CD.tmp\nsExec.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Windows\Temp\nsv94CD.tmp\nsArray.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-TW.txt
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile created: C:\Users\user\AppData\Local\Temp\TeamViewer\TV15Install.log
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeFile created: C:\Program Files (x86)\TeamViewer\RollbackTemp\TV15Install.log

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Create /TN TVInstallRestore /TR "\"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe\" /RESTORE" /RU SYSTEM /SC ONLOGON /F
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess created: C:\Windows\System32\sc.exe sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
Source: C:\Users\user\Desktop\teamviewer_Px-yDq1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2234801176.00000000057B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_A64%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2234801176.00000000057B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2234801176.00000000057B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2234801176.00000000057B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp TID: 3020Thread sleep time: -150000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp TID: 3020Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe TID: 5516Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 5228Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe TID: 5552Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 1868Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\Temp1463644285\installer.exe TID: 3300Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe TID: 7320Thread sleep count: 118 > 30
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe TID: 7320Thread sleep count: 67 > 30
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe TID: 7320Thread sleep count: 44 > 30
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe TID: 7320Thread sleep count: 78 > 30
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 6284Thread sleep time: -90000s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Service.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_el.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_de.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\botva2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_zhTW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_w32.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_x64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_zhCN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_he.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Note.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\teamviewervpn.sy_Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\teamviewervpn.sy_Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-12944.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_w32.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_x64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\WriteDump.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\x64\TeamViewer_XPSDriverFilter.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_it.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddIn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_pt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewer_VirtualDeviceDriver.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TVWebRTC.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\ManagedAggregator.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_no.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\uninstall.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_fi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_bg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeDropped PE file which has not been started: C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TVMonitor.sy_Jump to dropped file
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 19954BD0000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1A154D80000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 1A154DA0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : select Architecture from Win32_processor where Architecture=5 or Architecture=12
Source: C:\Program Files\McAfee\Temp1463644285\installer.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : select Architecture from Win32_processor where Architecture=5 or Architecture=12
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeAPI call chain: ExitProcess graph end nodegraph_12-3278
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeAPI call chain: ExitProcess graph end nodegraph_16-3624
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeAPI call chain: ExitProcess graph end nodegraph_19-3555
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmpJump to behavior
Source: teamviewer_Px-yDq1.tmp, 00000001.00000002.1779830086.0000000000A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWw
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2228622675.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2288531593.0000000002F35000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2274588896.0000000002F33000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2171834940.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2102452563.0000000002F35000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2267163891.0000000002F34000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2116197831.0000000002F35000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2250649838.0000000002F34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
Source: avg_antivirus_free_online_setup.exe, 0000000B.00000003.2088337405.0000000002EA3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000836000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvn":["HKCR\\ReasonPersistentStorage\\AvUninstallTime"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"x":10,"v":1}},{"ad":{"n":"","f":"ZB_Opera_re_V3","o":"Opera_reengaged"},"ps":{"i":"Opera/images/DOTPS-483/EN.png","dn":"Opera","u":"Opera/files/1117/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_reengaged","c":"opera_reengaged","a":["OperaSetup","OperaSetup.exe",
Source: file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000836000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvn":["HKCR\\ReasonPersistentStorage\\AvUninstallTime"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"x":10,"v":1}},{"ad":{"n":"","f":"ZB_Opera_re_V3","o":"Opera_reengaged"},"ps":{"i":"Opera/images/DOTPS-483/EN.png","dn":"Opera","u":"Opera/files/1117/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_reengaged","c":"opera_reengaged","a":["OperaSetup","OperaSetup.exe",
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.00000000007EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<
Source: file_Px-yDq1.tmp, 00000003.00000003.2141827368.0000000000808000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: teamviewer_Px-yDq1.tmp, 00000001.00000002.1780310735.0000000000A67000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777960013.0000000000A63000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.00000000007EF000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2089684422.0000000000A2D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2071591792.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2084491218.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2686145349.000000000536D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: file_Px-yDq1.tmp, 00000003.00000003.2059570860.000000000552D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efL
Source: file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000084C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: osoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvn":["HKCR\\ReasonPersistentStorage\\AvUninstallTime"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"x":10,"v":1}},{"ad":{"n":"","f":"ZB_Opera_re_V3","o":"Opera_reengaged"},"ps":{"i":"Opera/images/DOTPS-483/EN.png","dn":"Opera","u":"Opera/files/1117/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_reengaged","c":"opera_reengaged","a":["OperaSetup","OperaSetup.exe","OperaGXSetup.exe","OperaGXSetup"],"ir":["Opera Software"],"rp":["Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\^Opera"],"cp":"https://www.opera.com/he/privacy","ctu":"https://www.opera.com/he/eula/computers","ov":100,"pv":"1.34","v":3}},{"ad":{"n":"","f":"ZB_booking_v1","o":"Booking_com"},"ps":{"dn":"Booking.com","i":"Booking/images/DOTPS-405/booking_v1/EN.png","u":"Booking/files/DOTPS-551/booking.com.zip","p":"/VERYSILENT","r":["\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13D4CD54-EA09-4FDB-B979-8B2BC0F020CA}_is1"],"cp":"https://www.booking.com/general.en.html?tmpl=docs/privacy-policy/","ctu":"https://www.booking.com/content/terms.en-gb.html","ov":61,"pv":"1.28","x":11,"v":4}}],"c":""}
Source: avg_antivirus_free_setup.exe, 0000000A.00000003.2071591792.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2084491218.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2686145349.000000000536D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2687427426.000000000536D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vasoft\\Web Companion","Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8f3e930d-12d6-45f3-8522-b86dd3515c63}"],"cp":"https://webcompanion.com/privacy","ctu":"https://webcompanion.com/terms","ia":["chrome"],"pv":"1.27","x":5,"v":2}},{"ad":{"n":"","f":"ZB_Norton_BRW","o":"AVG_BRW"},"ps":{"i":"NORTON_BRW/images/1305/resize/EN.png","dn":"Norton Secure Browser","u":"NORTON_BRW/files/1305/norton_secure_browser_setup.zip","p":"/s /make-default /run_source=\"norton_ppi_is\"","c":"norton","r":["AVG\\Browser\\Installed","AVASTSoftware\\Browser\\Installed","Avira\\Browser\\Installed","Norton\\Browser\\Installed","Piriform\\Browser\\Installed","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avira Security_is1","Microsoft\\Windows\\CurrentVersion\\Uninstall\\NGC"],"a":["Avira.Spotlight.Service"],"cp":"https://www.nortonlifelock.com/us/en/privacy/","ctu":"https://www.nortonlifelock.com/us/en/legal/license-services-agreement/","pv":"1.29","ov":100,"v":3}},{"ad":{"n":"","f":"ZB_WinZip","o":"Winzip19"},"ps":{"dn":"WinZip","i":"WinZip/images/905/EN.png","u":"WinZip/files/1292/winzip28-dci5.zip","p":"/qn","c":"reg","r":["Nico Mak Computing\\WinZip"],"cp":"https://www.winzip.com/win/en/privacy.html","ctu":"https://www.winzip.com/win/en/eula.html","win64":true,"ov":100,"pv":"1.23","v":6}},{"ad":{"n":"","f":"ZB_Opera_New_DLM","o":"Opera_new"},"ps":{"i":"Opera/images/DOTPS-717/NCB/EN.png","dn":"Opera","u":"Opera/files/1117/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b","c":"opera_new_b","a":["OperaSetup","OperaSetup.exe","OperaGXSetup.exe","OperaGXSetup"],"r":["Opera Software"],"cp":"https://www.opera.com/he/privacy","ctu":"https://www.opera.com/he/eula/computers","ov":100,"pv":"1.23","x":0,"v":3}},{"ad":{"n":"","f":"ZB_TotalSecurity_V4","o":"TotalSecurity_AV"},"ps":{"i":"TotalSecurity_AV/images/1127/V4/EN.png","dn":"360 Total Security","u":"TotalSecurity_AV/files/1127/ts360Setup.zip","p":"/s","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","360TotalSecurity","360Safe","VMware, Inc."],"cp":"https://www.360totalsecurity.com/en/privacy/","ctu":"https://www.360totalsecurity.com/en/license/","pv":"1.26","v":1}},{"ad":{"n":9,"nn":"Med_Ntiles","f":"ZB_Avast","o":"AVAST"},"ps":{"i":"AVAST/images/DOTPS-403/EN.png","dn":"Avast Antivirus","u":"AVAST/files/cookie_mmm_irs_ppi_005_888_a.zip","p":"/silent /ws /psh:{pxl}","rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"r":["AVAST Software\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast","Microsoft\\Windows\\CurrentVersion\\Uninstall\\Avast Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\AVG Antivirus","Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4CB91122-AA85-4431-953C-BEFAEC86DA97}_is1","WebBar","WebDiscoverBrowser","AVG\\Antivirus\\Version","AVG\\AV\\Dir"],"a":["AvastSvc","instup","AvastUI","AVGUI","avguix","AVGSvc","avgsvca"],"ctu":"https://www.avast.com/eul
Source: file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "release_small.zip","p":"/silent","r":["Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}","McAfee\\SiteAdvisor","McAfee\\WebAdvisor","Microsoft\\Windows\\CurrentVersion\\Uninstall\\McAfee Security Scan"],"cp":"https://www.mcafee.com/consumer/en-us/policy/global/legal.html","ctu":"https://home.mcafee.com/Root/AboutUs.aspx?id=eula","pv":"1.26","ov":62,"ud":true,"v":4}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvn":["HKCR\\ReasonPersistentStorage\\AvUninstallTime"],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"x":10,"v":1}},{"ad":{"n":"","f":"ZB_Opera_re_V3","o":"Opera_reengaged"},"ps":{"i":"Opera/images/DOTPS-483/EN.png","dn":"Opera","u":"Opera/files/1117/OperaSetup.zip","p":"--silent --allusers=0 --otd=utm.medium:pb,utm.source:ais,utm.campaign:opera_reengaged","c":"opera_reengaged","a":["OperaSetup","OperaSetup.exe",
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_00405FFD FindFirstFileA,FindClose,12_2_00405FFD
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_0040559B GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,12_2_0040559B
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_00402688 FindFirstFileA,12_2_00402688
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,16_2_0040596F
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_004064C1 FindFirstFileW,FindClose,16_2_004064C1
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeCode function: 16_2_004027FB FindFirstFileW,16_2_004027FB
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_0040596F CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,19_2_0040596F
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_004064C1 FindFirstFileW,FindClose,19_2_004064C1
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeCode function: 19_2_004027FB FindFirstFileW,19_2_004027FB
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8d
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8d
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8dJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8dJump to behavior
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe c:\windows\temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pttvrlghuecvdojmety11lm0w8piensafeftqos53ibbwrfol5ub5tifnopzd9c77la6cxbkiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:c:\windows\temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8aJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Users\user\Downloads\teamviewer.exe "C:\Users\user\Downloads\teamviewer.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://download.it/?typ=1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8dJump to behavior
Source: C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8dJump to behavior
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Create /TN TVInstallRestore /TR "\"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe\" /RESTORE" /RU SYSTEM /SC ONLOGON /F
Source: C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
Source: C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeProcess created: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
Source: C:\Program Files\McAfee\WebAdvisor\updater.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
Source: TeamViewer_.exe, 00000010.00000003.2495447733.000000000D140000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SharedMem_SetLogLevel: %u -> %u******* assertion failed: 'release', line %i, err %i******* assertion failed: 'setev', line %i, err %i******* assertion failed: '(type == State_x64) || (type == State_w32)', line %i, err %iSetDirectXHookStatus %u -> %uStarting Single Window******* assertion failed: 'hwnd', line %i, err %iStopping Single Window******* assertion failed: 'unhooksc', line %i, err %iStarting Update HookProgmanSHELLDLL_DefViewSysListView32Stopping Update Hook******* assertion failed: 'hdc', line %i, err %i******* assertion failed: 'ctos1 && ctos2', line %i, err %i******* assertion failed: 'wrect', line %i, err %i
Source: TeamViewer_.exe, 00000010.00000003.2481883034.00000000093CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SysShadowCAppSelection_Win::GetMetroRects() GetAppVisibilityOnMonitor(%1%) failed with hr=%2$xProgmanCAppSelection_Win::OutgrayTVRegion(): AlphaBlend failed!CDesktop::run() CoCreateInstance(AppVisibility) failed with hr=%1$xCAppSelection_Win::IsMetroAppVisible() GetAppVisibilityOnMonitor(%1%) failed with hr=%2$xCAppSelection_Win::IsMetroLauncherVisible() IsLauncherVisible() failed with hr=%1$xshellexperiencehost.exeCAppSelection_Win::AddStartMenuToMetroRects() IsLauncherVisible() failed with hr=%1$x-
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\mainlogo.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\WebAdvisor.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\AVG_AV.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\finish.png VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exeCode function: 21_2_00007FF7C0E4C16C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,21_2_00007FF7C0E4C16C
Source: C:\Users\user\Downloads\teamviewer.exeCode function: 12_2_00405D1B GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,12_2_00405D1B
Source: C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Program Files\McAfee\WebAdvisor\uihost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts11
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		1
OS Credential Dumping		1
System Time Discovery		Remote Services11
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
Data Encrypted for Impact
Default Accounts12
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
DLL Side-Loading		11
Input Capture		1
Gather Victim Host Information		Remote Desktop Protocol1
Man in the Browser		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
System Shutdown/Reboot
Domain Accounts1
Scheduled Task/Job		11
Windows Service		1
Access Token Manipulation		1
DLL Search Order Hijacking		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin Shares1
Data from Local System		Automated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts1
Service Execution		1
Scheduled Task/Job		11
Windows Service		1
File Deletion		NTDS38
System Information Discovery		Distributed Component Object Model11
Input Capture		Scheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon Script12
Process Injection		33
Masquerading		LSA Secrets1
Query Registry		SSH1
Clipboard Data		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.common1
Scheduled Task/Job		1
Modify Registry		Cached Domain Credentials221
Security Software Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items14
Virtualization/Sandbox Evasion		DCSync14
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem2
Process Discovery		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)12
Process Injection		/etc/passwd and /etc/shadow2
System Owner/User Discovery		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
Regsvr32		Network Sniffing1
Remote System Discovery		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1333246 Sample: teamviewer_Px-yDq1.exe Startdate: 27/10/2023 Architecture: WINDOWS Score: 44 243 Antivirus detection for dropped file 2->243 245 Antivirus / Scanner detection for submitted sample 2->245 247 Multi AV Scanner detection for submitted file 2->247 249 Writes many files with high entropy 2->249 12 teamviewer_Px-yDq1.exe 2 2->12         started        15 servicehost.exe 2->15         started        19 TeamViewer_.exe 2->19         started        21 svchost.exe 2->21         started        process3 dnsIp4 179 C:\Users\user\...\teamviewer_Px-yDq1.tmp, PE32 12->179 dropped 23 teamviewer_Px-yDq1.tmp 3 13 12->23         started        229 23.15.9.64 AKAMAI-ASN1EU United States 15->229 241 Tries to harvest and steal browser information (history, passwords, etc) 15->241 27 uihost.exe 15->27         started        30 updater.exe 15->30         started        32 cmd.exe 15->32         started        34 cmd.exe 15->34         started        181 C:\Windows\Temp\nsv94CD.tmp\nsExec.dll, PE32 19->181 dropped 183 C:\Windows\Temp\nsv94CD.tmp\nsArray.dll, PE32 19->183 dropped 185 C:\Windows\Temp\nsv94CD.tmp\System.dll, PE32 19->185 dropped 36 schtasks.exe 19->36         started        231 23.62.172.112 GTT-BACKBONEGTTDE United States 21->231 233 127.0.0.1 unknown unknown 21->233 file5 signatures6 process7 dnsIp8 225 3.162.115.194 AMAZON-02US United States 23->225 173 C:\Users\user\AppData\Local\...\is-K6OSH.tmp, PE32 23->173 dropped 175 (copy), PE32 23->175 dropped 177 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->177 dropped 38 file_Px-yDq1.exe 2 23->38         started        271 Tries to harvest and steal browser information (history, passwords, etc) 27->271 227 52.11.169.57 AMAZON-02US United States 30->227 41 cmd.exe 30->41         started        43 cmd.exe 30->43         started        45 conhost.exe 32->45         started        47 conhost.exe 34->47         started        49 conhost.exe 36->49         started        file9 signatures10 process11 file12 153 C:\Users\user\AppData\...\file_Px-yDq1.tmp, PE32 38->153 dropped 51 file_Px-yDq1.tmp 5 42 38->51         started        56 sc.exe 38->56         started        58 regsvr32.exe 38->58         started        64 6 other processes 38->64 60 conhost.exe 41->60         started        62 conhost.exe 43->62         started        process13 dnsIp14 219 95.168.168.24 LEASEWEB-NL-AMS-01NetherlandsNL Netherlands 51->219 221 104.26.15.127 CLOUDFLARENETUS United States 51->221 223 108.138.82.13 AMAZON-02US United States 51->223 145 C:\Users\user\Downloads\teamviewer.exe, PE32 51->145 dropped 147 C:\Users\...\avg_antivirus_free_setup.exe, PE32 51->147 dropped 149 C:\Users\user\AppData\Local\...\saBSI.exe, PE32 51->149 dropped 151 4 other files (3 malicious) 51->151 dropped 259 Writes many files with high entropy 51->259 66 avg_antivirus_free_setup.exe 1 3 51->66         started        71 teamviewer.exe 51->71         started        73 saBSI.exe 10 8 51->73         started        75 chrome.exe 51->75         started        77 conhost.exe 56->77         started        79 regsvr32.exe 58->79         started        81 conhost.exe 64->81         started        83 conhost.exe 64->83         started        85 2 other processes 64->85 file15 signatures16 process17 dnsIp18 195 142.251.16.138 GOOGLEUS United States 66->195 197 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 66->197 199 23.56.213.120 AS6453US United States 66->199 119 C:\...\avg_antivirus_free_online_setup.exe, PE32 66->119 dropped 251 Query firmware table information (likely to detect VMs) 66->251 87 avg_antivirus_free_online_setup.exe 28 66->87         started        121 C:\Users\user\AppData\...\TvGetVersion.dll, PE32 71->121 dropped 123 C:\Users\user\AppData\...\TeamViewer_.exe, PE32 71->123 dropped 125 C:\Users\user\AppData\Local\...\System.dll, PE32 71->125 dropped 253 Writes many files with high entropy 71->253 91 TeamViewer_.exe 71->91         started        201 104.18.20.226 CLOUDFLARENETUS United States 73->201 203 54.201.121.230 AMAZON-02US United States 73->203 205 23.46.150.81 AKAMAI-ASN1EU United States 73->205 127 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 73->127 dropped 93 installer.exe 73->93         started        207 2 other IPs or domains 75->207 95 chrome.exe 75->95         started        file19 signatures20 process21 dnsIp22 155 C:\Windows\Temp\...\icarus_ui.exe, PE32+ 87->155 dropped 157 C:\Windows\Temp\...\icarus_mod.dll, PE32 87->157 dropped 159 C:\Windows\Temp\...\icarus.exe, PE32+ 87->159 dropped 167 9 other malicious files 87->167 dropped 261 Query firmware table information (likely to detect VMs) 87->261 263 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 87->263 265 Writes many files with high entropy 87->265 98 icarus.exe 87->98         started        161 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 91->161 dropped 163 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 91->163 dropped 165 C:\Users\user\AppData\...\TvGetVersion.dll, PE32 91->165 dropped 169 65 other files (58 malicious) 91->169 dropped 267 Writes a notice file (html or txt) to demand a ransom 91->267 269 Uses schtasks.exe or at.exe to add and modify task schedules 91->269 103 schtasks.exe 91->103         started        105 schtasks.exe 91->105         started        171 21 other malicious files 93->171 dropped 107 installer.exe 93->107         started        235 192.184.68.134 QUANTCASTUS United States 95->235 237 192.184.68.149 QUANTCASTUS United States 95->237 239 61 other IPs or domains 95->239 file23 signatures24 process25 dnsIp26 209 34.160.176.28 ATGS-MMD-ASUS United States 98->209 211 104.76.105.95 AKAMAI-ASUS United States 98->211 217 2 other IPs or domains 98->217 129 C:\Windows\Temp\...\icarus_ui.exe, PE32+ 98->129 dropped 131 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 98->131 dropped 133 C:\Windows\Temp\...\icarus_product.dll, PE32+ 98->133 dropped 141 18 other malicious files 98->141 dropped 255 Query firmware table information (likely to detect VMs) 98->255 257 Writes many files with high entropy 98->257 109 icarus.exe 98->109         started        113 icarus.exe 98->113         started        115 conhost.exe 103->115         started        117 conhost.exe 105->117         started        213 52.10.241.80 AMAZON-02US United States 107->213 215 54.69.68.107 AMAZON-02US United States 107->215 135 C:\Program Files\McAfee\...\wssdep.dll, PE32+ 107->135 dropped 137 C:\Program Files\McAfee\...\downloadscan.dll, PE32+ 107->137 dropped 139 C:\Program Files\McAfee\...\wssdep.dll, PE32 107->139 dropped 143 17 other malicious files 107->143 dropped file27 signatures28 process29 file30 187 C:\Windows\System32\icarus_rvrt.exe, PE32+ 109->187 dropped 189 C:\...\snxhk.dll.ipending.4ab6c68a, PE32 109->189 dropped 191 C:\...\gaming_hook.exe.ipending.4ab6c68a, PE32 109->191 dropped 193 112 other malicious files 109->193 dropped 273 Query firmware table information (likely to detect VMs) 109->273 275 Writes many files with high entropy 109->275 signatures31

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
teamviewer_Px-yDq1.exe22%ReversingLabsWin32.PUA.InstallCore
teamviewer_Px-yDq1.exe25%VirustotalBrowse
teamviewer_Px-yDq1.exe100%AviraPUA/OfferCore.Gen

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\is-12944.tmp\is-K6OSH.tmp100%AviraPUA/OfferCore.Gen
C:\Users\user\AppData\Local\Temp\is-12944.tmp\is-K6OSH.tmp100%Joe Sandbox ML
C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe0%ReversingLabs
C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\x64\TeamViewer_XPSDriverFilter.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\x64\TeamViewer_XPSDriverFilter.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TVWebRTC.dll4%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TVWebRTC.dll1%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer.exe0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer.exe0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exe0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exe0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Note.exe0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Note.exe0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ar.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ar.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_bg.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_bg.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_cs.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_cs.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_da.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_da.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_de.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_de.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_el.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_el.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dll0%VirustotalBrowse
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_es.dll0%ReversingLabs
C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_es.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.remobjects.com/ps0%URL Reputationsafe
http://www.avast.com0/0%URL Reputationsafe
http://www.fdos.org/win32/nsis.0%Avira URL Cloudsafe
https://cdn.download.it/gen/teamviewer-100x100.png0%Avira URL Cloudsafe
https://cdn.download.it/0%Avira URL Cloudsafe
https://www.premieropinion.com/common/termsofservice-v10%Avira URL Cloudsafe
https://www.innosetup.com/0%Avira URL Cloudsafe
https://download.it/?typ=10QSf0%Avira URL Cloudsafe
https://www.premieropinion.com/common/termsofservice-v~0%Avira URL Cloudsafe
https://download.it?typ=10%Avira URL Cloudsafe
http://%s:%d;https=https://%s:%dHTTP/1.0Content-Encodingdeflate0%Avira URL Cloudsafe
https://www.premieropinion.com/common/termsofservice-v10%VirustotalBrowse
http://https://:allow_fallback/installer.exe0%Avira URL Cloudsafe
https://cdn.download.it/0%VirustotalBrowse
https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r0%Avira URL Cloudsafe
https://www.innosetup.com/2%VirustotalBrowse
http://dl.jalecdn.com/IT/teamviewer.exe0%Avira URL Cloudsafe
https://download.it/?typ=1m0%Avira URL Cloudsafe
https://download.it?typ=1ows0%Avira URL Cloudsafe
https://reasonlabs.com/policies0%Avira URL Cloudsafe
http://www.dk-soft.org/0%Avira URL Cloudsafe
http://www.fdos.org/win32/nsis.0%VirustotalBrowse
http://dl.jalecdn.com/IT/teamviewer.exe1%VirustotalBrowse
https://download.it/?typ=1ln0%Avira URL Cloudsafe
https://download.it?typ=10%VirustotalBrowse
https://reasonlabs.com/policies0%VirustotalBrowse
http://www.dk-soft.org/0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://securepubads.g.doubleclick.net/static/topics/topics_frame.htmlfalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://webcompanion.com/termsfile_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://home.mcafee.com/Root/AboutUs.aspx?id=eulafile_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000009.00000003.2129611785.0000000005220000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121470160.0000000005220000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://cdn.download.it/file_Px-yDq1.tmp, 00000003.00000003.1771898549.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1829344246.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1785614157.00000000054BD000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://www.booking.com/general.en.html?tmpl=docs/privacy-pfile_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.opera.com/he/eula/computers1file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://www.premieropinion.com/common/termsofservice-v1file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000E.00000003.2131977592.00000241B2272000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://www.avg.com/ww-en/privacy-us/pfile_Px-yDq1.tmp, 00000003.00000003.2065675635.0000000005591000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065221435.0000000005599000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.mcafee.com/consumer/v/wa-how.htmlSregsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://www.avg.com/ww-en/eula/en-us/file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065675635.0000000005591000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2164369874.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141566314.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065221435.0000000005599000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.avast.com/eula-avast-consumer-productsrgfile_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://www.remobjects.com/psteamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002780000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000000.1659427649.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file_Px-yDq1.exe, 00000002.00000003.1729691451.000000007FCE4000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.1726169486.0000000002958000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000000.1732298506.0000000000575000.00000020.00000001.01000000.00000008.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://www.innosetup.com/teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002780000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000000.1659427649.0000000000401000.00000020.00000001.01000000.00000004.sdmp, file_Px-yDq1.exe, 00000002.00000003.1729691451.000000007FCE4000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.1726169486.0000000002958000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000000.1732298506.0000000000575000.00000020.00000001.01000000.00000008.sdmpfalse
                            • 2%, Virustotal, Browse
                            • Avira URL Cloud: safe
                            		unknown
                            https://www.mcafee.com/consumer/en-us/policy/legal.htmlxfile_Px-yDq1.tmp, 00000003.00000003.1771898549.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1829344246.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2208102549.0000000006E76000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2118293689.0000000006E73000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204263596.00000000054BD000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1785614157.00000000054BD000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://www.fdos.org/win32/nsis.TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://winqual.sb.avast.comavg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://client.teamviewer.com/uninstall/index.aspx?source=uninstallation&ID=TeamViewer_.exe, 00000010.00000003.2481883034.000000000A640000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://analytics.avcdn.net/Cavg_antivirus_free_online_setup.exe, 0000000B.00000003.2288531593.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://my.avast.comavg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://cdn.download.it/gen/teamviewer-100x100.pngfile_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000081B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000847000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000084C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000822000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000821000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000E.00000003.2131977592.00000241B22C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://download.it/?typ=10QSffile_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007DA000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.booking.com/general.en.html?tmpl=dofile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.mcafee.com/consumer/v/wa-how.html8regsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.premieropinion.com/common/termsofservice-v~file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.winzip.com/win/en/privacy.htmlfile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://download.it?typ=1file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000748A000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201100444.0000000000788000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000847000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 0%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://%s:%d;https=https://%s:%dHTTP/1.0Content-Encodingdeflateavg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                https://www.booking.com/content/terms.en-gb.htmlfile_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.booking.com/general.en.html?tmpl=docs/pfile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://id.avast.com/inAvastiumavg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.booking.com/content/file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/images/943/EN.pngfile_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2040056768.00000000054D8000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141640648.00000000054D3000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2204923417.00000000054DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.booking.com/general.en.html?tmpl=docs/file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.opera.com/he/eula/computersfile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.mcafee.com/consumer/en-us/policy/legal.html0file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000800000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_setup.exe, 0000000A.00000003.2071591792.0000000005327000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://pair.ff.avast.comavg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xmlsaBSI.exe, 00000009.00000003.2124587174.0000000000AA9000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2130793543.0000000000AA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://d2nko69k18f2wb.cloudfront.net/installer/737209/825485955765064fString;teamviewer_Px-yDq1.tmp, 00000001.00000002.1780757285.0000000002599000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://nsis.sf.net/NSIS_Errorteamviewer.exe, teamviewer.exe, 0000000C.00000000.2111586882.0000000000409000.00000008.00000001.01000000.00000013.sdmp, teamviewer.exe, 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpfalse
                                                                          		high
                                                                          http://https://:allow_fallback/installer.exeavg_antivirus_free_setup.exe, 0000000A.00000000.2066592502.0000000000A43000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          http://submit.sb.avast.com/V1/PD/avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000009.00000000.2060469426.000000000101E000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://viruslab-samples.sb.avast.comavg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://shepherd.ff.avast.comavg_antivirus_free_online_setup.exe, 0000000B.00000003.2234801176.00000000057B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.booking.com/content/terms.en-gb.htmlcgfile_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.booking.com/general.en.html?tmpl=docs/privacy-pofile_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://dl.jalecdn.com/IT/teamviewer.exefile_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002468000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000852000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.0000000000847000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000084C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007CB000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2201550184.00000000007C9000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • 1%, Virustotal, Browse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://d1i3c1dyhuowa7.cloudfront.net/f/AVG_AV/files/1319/avg.zipifile_Px-yDq1.tmp, 00000003.00000003.2196121911.000000000754B000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.booking.com/contentfile_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.winzip.com/win/en/eula.htmlfile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgiavg_antivirus_free_setup.exe, 0000000A.00000003.2685529309.000000000530D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2071890612.0000000005322000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeavg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.booking.com/general.en.html?tmpl=docs/privacy-file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://configdl.teamviewer.com/configs/https://configdl.teamviewer.com/rev/https://configdl-test.teTeamViewer_.exe, 00000010.00000003.2481883034.00000000093CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.avast.com0/file_Px-yDq1.tmp, 00000003.00000003.2090151888.0000000006A15000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005517000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2196167587.0000000005809000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2103264864.0000000005790000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2151839156.0000000005B2A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2269201024.0000000005794000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmp, icarus.exe, 0000001A.00000003.2625710615.0000017268DE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.ssl.com/repository/SSL.com-Enterprise-Intermediate-codeSigning-RSA-4096-R1.crt0teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1778345596.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1777920233.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1782166659.0000000003848000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://download.it/?typ=1mfile_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRulesISB.xml/saBSI.exe, 00000009.00000003.2129611785.0000000005220000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121470160.0000000005220000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://hns-legacy.sb.avast.comavg_antivirus_free_online_setup.exe, 0000000B.00000003.2211134876.00000000058E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.teamviewer.comTeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://reasonlabs.com/policiesfile_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000836000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • 0%, Virustotal, Browse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://shepherd.ff.avast.com/avg_antivirus_free_setup.exe, 0000000A.00000003.2080982799.000000000539E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2285191917.00000000056B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://ipm.avcdn.net/avg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.avg.com/ww-enfile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://sadownload.mcafee.com/saBSI.exe, 00000009.00000003.2110622930.0000000000A42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.avg.com/ww-en/privacy-us/file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2164369874.00000000055A1000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141566314.00000000055A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://download.it/?typ=1file_Px-yDq1.tmp, 00000003.00000003.2141827368.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117632859.0000000005527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.mcafee.com/consumer/en-us/policy/legal.htmle42cb54996d9bf28b4nOPzD9C77LA6CXbKiz8afile_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.teamviewer.com/link/?url=271351TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.booking.com/general.eRfile_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000826000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xmlsaBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://honzik.avcdn.net/universe/7794/cf36/a622/7794cf36a6228135bef6581458eeb15d420159596fe2f0ea629avg_antivirus_free_online_setup.exe, 0000000B.00000003.2116197831.0000000002EE8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/saBSI.exe, 00000009.00000003.2207717533.0000000000AA1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000AA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.booking.com/general.en.html?tmpl=docs/privacfile_Px-yDq1.tmp, 00000003.00000003.1753511647.0000000000803000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://download.it?typ=1owsfile_Px-yDq1.tmp, 00000003.00000002.2201550184.000000000083C000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exeavg_antivirus_free_online_setup.exe, 0000000B.00000003.2271609095.0000000005785000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/846/64/installer.exeexem_saBSI.exe, 00000009.00000003.2262931475.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2264019181.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2262258407.0000000000AA9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xmlsaBSI.exe, 00000009.00000003.2110601718.0000000000A8B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2121763143.0000000000A8C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000009.00000003.2207717533.0000000000A8B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://d1i3c1dyhuowa7.cloudfront.net/f/file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://d1i3c1dyhuowa7.cloudfront.net/f/WebAdvisor/files/1248/saBSI.zip$file_Px-yDq1.tmp, 00000003.00000003.2065675635.0000000005591000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2117232136.00000000055A0000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2065221435.0000000005599000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.00000000055A7000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2165236174.00000000055A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crls.ssl.com/DTNT-Intermediate-codeSigning-RSA-4096-R2.crl0teamviewer_Px-yDq1.exe, 00000000.00000003.1656886690.0000000002877000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1657339742.000000007FE33000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://www.dk-soft.org/teamviewer_Px-yDq1.exe, 00000000.00000003.1783076889.00000000022D2000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.exe, 00000000.00000003.1655816568.0000000002640000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000002.1780757285.0000000002523000.00000004.00001000.00020000.00000000.sdmp, teamviewer_Px-yDq1.tmp, 00000001.00000003.1661799059.00000000035D0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.0000000002348000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007586000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.360totalsecurity.com/en/license/file_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.000000000083D000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2141827368.000000000083C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://clients2.google.com/service/update2/crxregsvr32.exe, 0000002A.00000003.2703784470.0000000003248000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://download.it/?typ=1lnfile_Px-yDq1.tmp, 00000003.00000003.2117232136.000000000557B000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000002.2205505849.000000000557B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://honzik.avcdn.net/universe/1de6/62d6/a416/1de662d6a41687462bc259fb9e3ba374edf79947739ce997d3eavg_antivirus_free_online_setup.exe, 0000000B.00000003.2268948228.0000000002F4E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.booking.com/content/terms.en-gb.htfile_Px-yDq1.tmp, 00000003.00000003.1753394671.0000000000839000.00000004.00000020.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1754138509.0000000000841000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://aka.ms/privacy)TeamViewer_.exe, 00000010.00000002.2608083985.00000000029EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://d1i3c1dyhuowa7.cloudfront.net/ofile_Px-yDq1.exe, 00000002.00000003.1722463086.00000000026A0000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.exe, 00000002.00000003.2209798580.00000000023AE000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.1735227864.0000000003460000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2196121911.0000000007470000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2169203073.0000000003B1F000.00000004.00001000.00020000.00000000.sdmp, file_Px-yDq1.tmp, 00000003.00000003.2198240267.0000000002372000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://aka.ms/privacy.TeamViewer_.exe, 00000010.00000003.2163003743.0000000006D00000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2236526797.0000000006E70000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2165932546.0000000006D00000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2606009645.0000000000782000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2236105153.0000000006E70000.00000004.00000800.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000003.2601874246.0000000000782000.00000004.00000020.00020000.00000000.sdmp, TeamViewer_.exe, 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://honzik.avcdn.net/universe/4246/af29/4055/4246af29405597481f4d3e6f1e55cf71175e7762e69f97a3470avg_antivirus_free_online_setup.exe, 0000000B.00000003.2171834940.0000000002EE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high

                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                    Public IPs

                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                    172.253.62.154
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    142.251.16.132
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.18.25.173
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    151.101.1.91
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		54113FASTLYUSfalse
                                                                                                                                                                    104.18.24.173
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.253.63.84
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.122.132
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    142.251.163.147
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    142.251.16.138
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    130.211.23.194
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.20.218.77
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    172.253.115.106
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    192.184.68.149
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		27281QUANTCASTUSfalse
                                                                                                                                                                    162.19.138.83
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                                                                                                                                                    23.47.169.88
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16625AKAMAI-ASUSfalse
                                                                                                                                                                    35.190.80.1
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    1.1.1.1
                                                                                                                                                                    		unknownAustralia
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.26.2.70
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    34.149.135.28
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                    54.243.195.81
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    216.239.32.181
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.63.148
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.63.94
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    23.62.172.112
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		3257GTT-BACKBONEGTTDEfalse
                                                                                                                                                                    142.251.163.113
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    52.10.241.80
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    23.56.213.120
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		6453AS6453USfalse
                                                                                                                                                                    239.255.255.250
                                                                                                                                                                    		unknownReserved
                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                    172.253.115.156
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.115.155
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.76.105.95
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16625AKAMAI-ASUSfalse
                                                                                                                                                                    172.253.62.157
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.62.132
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    142.250.31.104
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    141.95.98.65
                                                                                                                                                                    		unknownGermany
                                                                                                                                                                    		680DFNVereinzurFoerderungeinesDeutschenForschungsnetzesefalse
                                                                                                                                                                    142.251.167.100
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    142.251.167.102
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.26.14.127
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    142.251.167.149
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    23.52.164.133
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16625AKAMAI-ASUSfalse
                                                                                                                                                                    50.16.183.65
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    23.46.150.81
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                    172.253.122.155
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    20.253.86.149
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                    172.253.122.156
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    74.119.119.150
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		19750AS-CRITEOUSfalse
                                                                                                                                                                    95.168.168.24
                                                                                                                                                                    		unknownNetherlands
                                                                                                                                                                    		60781LEASEWEB-NL-AMS-01NetherlandsNLfalse
                                                                                                                                                                    142.251.167.94
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    142.251.167.95
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    108.138.82.13
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    104.16.56.101
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    54.201.121.230
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    142.251.163.99
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.115.97
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.115.94
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    3.210.56.15
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    142.251.163.95
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.253.62.100
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    35.71.139.29
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		237MERIT-AS-14USfalse
                                                                                                                                                                    142.250.31.155
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    23.15.9.64
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                    142.251.167.155
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    172.67.69.19
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    54.69.68.107
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    172.67.75.124
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    13.32.195.219
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    34.160.176.28
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                    34.117.223.223
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                    172.253.63.132
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                    104.22.53.86
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.20.219.77
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.22.74.216
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    192.184.68.134
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		27281QUANTCASTUSfalse
                                                                                                                                                                    192.184.68.254
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		27281QUANTCASTUSfalse
                                                                                                                                                                    18.67.76.101
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                                                                    3.162.115.194
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    52.85.151.68
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                    104.18.20.226
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    104.26.3.190
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    35.153.13.157
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		14618AMAZON-AESUSfalse
                                                                                                                                                                    162.19.138.118
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                                                                                                                                                    104.26.15.127
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                    52.11.169.57
                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                    		16509AMAZON-02USfalse

                                                                                                                                                                    Private

                                                                                                                                                                    IP
                                                                                                                                                                    192.168.2.4
                                                                                                                                                                    127.0.0.1

                                                                                                                                                                    General Information

                                                                                                                                                                    Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                                                                    Analysis ID:1333246
                                                                                                                                                                    Start date and time:2023-10-27 14:18:12 +02:00
                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                    Overall analysis duration:0h 13m 31s
                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                    Report type:full
                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                    Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                    Number of analysed new started processes analysed:55
                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                    Technologies:
                                                                                                                                                                    • HCA enabled
                                                                                                                                                                    • EGA enabled
                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                    Sample file name:teamviewer_Px-yDq1.exe
                                                                                                                                                                    Detection:MAL
                                                                                                                                                                    Classification:mal44.rans.spyw.evad.winEXE@102/1990@0/85
                                                                                                                                                                    EGA Information:
                                                                                                                                                                    • Successful, ratio: 75%
                                                                                                                                                                    HCA Information:
                                                                                                                                                                    • Successful, ratio: 73%
                                                                                                                                                                    • Number of executed functions: 146
                                                                                                                                                                    • Number of non-executed functions: 71
                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                    Warnings

                                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
                                                                                                                                                                    • Execution Graph export aborted for target installer.exe, PID 7744 because there are no executed function
                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                    • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                    • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                                                                    Simulations

                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                    13:20:02Task SchedulerRun new task: TVInstallRestore path: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" s>/RESTORE
                                                                                                                                                                    14:19:11API Interceptor9x Sleep call for process: file_Px-yDq1.tmp modified
                                                                                                                                                                    14:19:44API Interceptor2x Sleep call for process: avg_antivirus_free_setup.exe modified
                                                                                                                                                                    14:19:45API Interceptor10x Sleep call for process: avg_antivirus_free_online_setup.exe modified
                                                                                                                                                                    14:19:49API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                    14:20:19API Interceptor5x Sleep call for process: icarus.exe modified
                                                                                                                                                                    14:20:50API Interceptor10x Sleep call for process: servicehost.exe modified
                                                                                                                                                                    14:20:51API Interceptor1x Sleep call for process: installer.exe modified
                                                                                                                                                                    14:20:56API Interceptor1x Sleep call for process: saBSI.exe modified

                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                    IPs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    104.18.25.173https://www.google.com/url?q=https://nwp0otxd.page.link/RtQw&sa=D&source=editors&ust=1698325187920038&usg=AOvVaw0mg0cllXFrqTmYcNPBcAu6Get hashmaliciousUnknownBrowse
                                                                                                                                                                      http://gemmadeealexander.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                        https://%C4%BEa.eu/5UUGet hashmaliciousUnknownBrowse
                                                                                                                                                                          http://4576cjdgaj786eugtdeuatda.z6.web.core.windows.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                            https://99images.com/android/business/com.axis.cbk/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                              http://www.calendrier-imprimer.frGet hashmaliciousUnknownBrowse
                                                                                                                                                                                https://centreswebceni.wapka.us/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                  https://o7jq6.app.link/RdqZsE2bcDbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    https://kw0ze.app.link/DuusEvsnaDbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      http://cfc1ijrqb55.greesa.cc/34546de4235m342356?affsub2=N5TESGWEds&st=sI7ejNPtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        CuteWriter.exeGet hashmaliciousMars Stealer, VidarBrowse
                                                                                                                                                                                          https://pastebin.com/JqXDqsBrGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                            https://s5gi8q27.page.link/Zi7XGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://asacannes.com/quelle-pression-de-pneu-sur-ford-puma/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                http://fbytbz.llcion.cc/34546de4235m342356?affsub2=ravayoikm&st=muixbpGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  https://fkbs0x3o.page.link/qL6jGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    https://www.google.com/url?q=https://pozm2035.page.link/PZXe&source=gmail&ust=1692781564559000&usg=AOvVaw084xa1EwhX85qijmfZW_0pGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://320z0b3d.page.link/H3EdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://fotorussia.su/pl/delete-pl/jak-trwale-usun-wiadomoci-e-mail-z-programu-outlook/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://red0zv3n.page.link/nYJzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            151.101.1.91file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              http://lovekizoar.liveGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://caribtix.com/event-details?eid=90622&mc_cid=c4132bb49f&mc_eid=UNIQIDGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://iongterm-offer.lovely-bright.bond/676f/amazing-2bd-2ba-christchurch-central-city-christchurch-8013/eb8886Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    https://paroquiaguiacuiaba.com.br/wp-admin/a#gbushnell@rdgusa.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://filehippo.com/download_xumouseGet hashmaliciousRedAlertBrowse
                                                                                                                                                                                                                        https://andbu.resourcequickbook.click/?oik=mqpevbWFyeS5oYXR6QG1pbm5lc290YWVuZXJneXJlc291cmNlcy5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          picasa-3.9.141.303-installer_8atA-M1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            picasa-3.9.141.303-installer_8atA-M1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              victoria-ssd-hdd_xI-yRO1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                http://bounce.dialogue.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  http://dialogue.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    https://www.jcogs.org/track.php?id=8234c36f03c645e3a0436ca93afbfaa0&color=8c8c8c&url=https://ams3.digitaloceanspaces.com/eths2673jw8291/QW2154765445b-32c6-49b0-83e6.htm#YnJlbmRhbi5tYWhvbkBrYmMuaWU=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      https://temp-rgsxywerhhbzwdbcugyp.webador.com/?_gl=1*19q69zb*_ga*MjExMTI4Njk5My4xNjc0ODI4ODUx*_ga_E6PZPGE4QM*MTY3NTA2OTYzMC41LjEuMTY3NTA3MTU1OC4wLjAuMA..Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        https://temp-rgsxywerhhbzwdbcugyp.webador.com/?_gl=1*19q69zb*_ga*MjExMTI4Njk5My4xNjc0ODI4ODUx*_ga_E6PZPGE4QM*MTY3NTA2OTYzMC41LjEuMTY3NTA3MTU1OC4wLjAuMA..Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                          https://www.enclosed-docs.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            microsoft-edge_gXo7-D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              microsoft-edge_gXo7-D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                microsoft-edge_gXo7-D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  microsoft-edge_gXo7-D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    104.18.24.173https://3h2cuxg1.page.link/naxz&sa=D&source=editors&ust=1698325144367624&usg=AOvVaw04Zt9ypPNZfaUBkeZWuoTXGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      http://gemmadeealexander.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                        https://allezlens.fr/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          https://%C4%BEa.eu/5UUGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            https://open.substack.com/pub/davidlebovitz/p/brittany-addresses?r=aq9on&utm_medium=ios&utm_campaign=postGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                              https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.generation-nt.com/reponses/on-gnome-xfce-kde-bientot-nous-aurons-windows-entraide-3844211.html%3Fpage%3D2&ved=2ahUKEwin4OyqhYyCAxXzlWoFHdflDIsQFnoECAgQAQ&usg=AOvVaw0aU9VdyHXl9jH_yb4I9bI0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                http://4576cjdgaj786eugtdeuatda.z6.web.core.windows.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                  https://pdfcentralapp.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    http://iplogger.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                      https://rosmodem.wordpress.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        https://p.feedblitz.com/t3/882921/109614235/13473938/https://viewfromthewing.com/airbnb-guest-stayed-500-nights-and-demanded-100000-to-leave-because-california/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          https://u2086731.ct.sendgrid.net/ls/click?upn=WEUvnfP6yvbln-2BENGxjch9ZEeL80VW3ue7vVF1MFujfB-2FHV0S4rlePUt2PdsP1bLgS-2FNGEi9c6Ew6NJ-2FIw9KTuCXrEWFIxDhWCWzlmGP8j4-3DM4VD_-2F6YzgLUDBwNokpjZvTxMHxLMhVzQIKWXd7Q2q9HZQ1O3jwfkBKKV75-2BfivsmqltQyUT-2BIvB-2FeAUXdgA55XBJKqIZRWihZ-2BEIhZjhXt0q4rgd6o9BI9VhmvlljasAnrPaeXjmhqSdrYEH1SYE1KozI5uh4SeN0SocsZAtGBr3JlhvqfOhT-2FejERQjaXtlnG1CBGOMt9K6tNFALiWwmdDcMz8MfYpRZKn-2BZ1Ivpn3xM9c-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            https://99images.com/android/business/com.axis.cbk/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              http://7gdmq.fiferan.cc/34546de4235m342356Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                http://nmri5.fiferan.cc/34546de4235m342356Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  http://www.calendrier-imprimer.frGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                    https://fpq68.app.link/vl1f9jtoaDbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                      https://o7jq6.app.link/RdqZsE2bcDbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        http://www.viralstuf.xyz/2023/08/07/players-tom-ellis-gina-rodriguez-netflix-movie-what-we-know-so-farGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          http://cfc1ijrqb55.greesa.cc/34546de4235m342356?affsub2=N5TESGWEds&st=sI7ejNPtGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                            FASTLYUSfile.exeGet hashmaliciousAmadey, Babadeda, Mystic Stealer, RedLine, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                                            • 151.101.65.21
                                                                                                                                                                                                                                                                                            https://www.fio.cz/bank-services/internetbanking-apiGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                                                                                                                            • 151.101.1.229
                                                                                                                                                                                                                                                                                            https://bestandssm.xyz/product_details/3974767.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.0.155
                                                                                                                                                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001fnceSdmaaNUV8eetNpehU13V_dlSdoIQLlSufkjJkyQiliqH1cIB0BjsFPuQdFat3HilYNkCYbPtxcvJ8VOMI_mlwpez1RwkL9XLAWIUDo6hyO0cRWP0TJshPtbPNOe0wiOb9xrLFJ324D_FnHBMJoIOENtEryYM&c=&ch=&__=/asdf/enNhZmFyQGZhcmFoZXhwZXJpZW5jZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.65.229
                                                                                                                                                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001fnceSdmaaNUV8eetNpehU13V_dlSdoIQLlSufkjJkyQiliqH1cIB0BjsFPuQdFat3HilYNkCYbPtxcvJ8VOMI_mlwpez1RwkL9XLAWIUDo6hyO0cRWP0TJshPtbPNOe0wiOb9xrLFJ324D_FnHBMJoIOENtEryYM&c=&ch=&__=/asdf/enNhZmFyQGZhcmFoZXhwZXJpZW5jZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.1.229
                                                                                                                                                                                                                                                                                            http://fightinggullyroadwines.com.au/shop/2017-Aglianico-Beechworth-p140185982Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.65.21
                                                                                                                                                                                                                                                                                            https://cloudflare-ipfs.com/ipfs/QmcJr7uDEi8UA3xStQsp51VrbV18LTPts7u1rBvEveqpt2/index2kim1610.html#meainfo@energy.state.md.usGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                                                                                                                                            https://pub-2598caa00dcf4c658bf8753f6761f962.r2.dev/compki.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                                                                                                                                            http://47.102.120.37/pc/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.193.26
                                                                                                                                                                                                                                                                                            https://pub-4fdbb77a22ae415dbd5e34989a2a8e5d.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.66.137
                                                                                                                                                                                                                                                                                            SWbDGRCFU4.exeGet hashmaliciousAmadey, Babadeda, Glupteba, Mystic Stealer, Raccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                                                                                                                            http://dmihgm.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.2.133
                                                                                                                                                                                                                                                                                            https://steancomnutity.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.129.229
                                                                                                                                                                                                                                                                                            https://steampowerad.top/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.1.229
                                                                                                                                                                                                                                                                                            https://longhaired-locrian-box.glitch.me/kalo.shtmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.65.229
                                                                                                                                                                                                                                                                                            Remittance.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.130.137
                                                                                                                                                                                                                                                                                            https://moli.nl-ams-1.linodeobjects.com/link.html#Y2hhZC5jb2hlbkBjYXBlbGxhc3BhY2UuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.66.137
                                                                                                                                                                                                                                                                                            https://metaobservation.com/98561234617931/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 151.101.2.137
                                                                                                                                                                                                                                                                                            https://ipfs.io/ipfs/bafybeifvzj5fz7nq6xclrmyooytccqq2h7bcop4xjhud7mbv3pfx5s6up4/43lJTZJ7j9.html?camp_id=139122&utm_term=Frameworks+for+medical+image+analysis,Medical+image+analysis+frameworks,Medical+imaging+software+frameworks,AI+frameworks+for+medical+image+analysis,Image+analysis+platforms+for+medical+research,Medical+image+analysis+solutions,Frameworks+for+medical+image+analysis,Medical+image+analysis+frameworks,Medical+imaging+software+frameworks,AI+frameworks+for+medical+image+analysis,Image+analysis+platforms+for+medical+research,Medical+image+analysis+solutions&device=c&ag_id=150516213565&c_id=20430622520&src=adwd&kw=&mt=&plmt=kolikoweb.com&pos=&fi_id=&gdn1=network&gclid=EAIaIQobChMIwbWjoIOjgQMV1SdECB1xbAU6EAEYASAAEgL9w_D_BwEGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 151.101.66.137
                                                                                                                                                                                                                                                                                            https://terebinajeenafb10.s3.ap-south-1.amazonaws.com/Win08SmtDaEr08d8d77/index.html#Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                                                                                            • 151.101.194.137
                                                                                                                                                                                                                                                                                            CLOUDFLARENETUSfile.exeGet hashmaliciousAmadey, Babadeda, Mystic Stealer, RedLine, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                                                            • 1.1.1.1
                                                                                                                                                                                                                                                                                            http://hubbardcon.comGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                                                            bexj1tfMZF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 172.67.165.77
                                                                                                                                                                                                                                                                                            bexj1tfMZF.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                                                            • 172.67.165.77
                                                                                                                                                                                                                                                                                            https://take.quiz-maker.com/poll4967948x2A0045Cb-152Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 104.26.3.190
                                                                                                                                                                                                                                                                                            saham.apkGet hashmaliciousIrataBrowse
                                                                                                                                                                                                                                                                                            • 172.67.136.157
                                                                                                                                                                                                                                                                                            saham.apkGet hashmaliciousIrataBrowse
                                                                                                                                                                                                                                                                                            • 172.67.176.15
                                                                                                                                                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001zhtTQPxU58q5ZLgeQOgQthqjZn4aCT7k6VLt-CGvyK60Sb45i37H_6BRJIJSY0rc4c3yADcURNqMUSu_nLLkDRikJRo1vEM-NPNMDIVhsaY01deiFtr-6Ttc3o2J5AR7lUJlj8sK4Z5Qm9x231O0J9Q3-C0mZos4&c=&ch==&__=/asdf/cml0YS5zYW50b3NAbm92b2JhbmNvLnB0Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 104.16.126.175
                                                                                                                                                                                                                                                                                            uM5nD8x8pc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                            • 1.12.59.177
                                                                                                                                                                                                                                                                                            Fiyat_teklifi_Istegi_23070_PER_1000_Adet_#U2026scanneed_00101.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                            • 162.159.135.233
                                                                                                                                                                                                                                                                                            saham.apkGet hashmaliciousIrataBrowse
                                                                                                                                                                                                                                                                                            • 104.21.88.38
                                                                                                                                                                                                                                                                                            saham.apkGet hashmaliciousIrataBrowse
                                                                                                                                                                                                                                                                                            • 104.21.34.131
                                                                                                                                                                                                                                                                                            saham.apkGet hashmaliciousIrataBrowse
                                                                                                                                                                                                                                                                                            • 172.67.141.243
                                                                                                                                                                                                                                                                                            http://bthgruop.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 104.17.3.184
                                                                                                                                                                                                                                                                                            https://bestandssm.xyz/product_details/3974767.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 104.19.166.65
                                                                                                                                                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001fnceSdmaaNUV8eetNpehU13V_dlSdoIQLlSufkjJkyQiliqH1cIB0BjsFPuQdFat3HilYNkCYbPtxcvJ8VOMI_mlwpez1RwkL9XLAWIUDo6hyO0cRWP0TJshPtbPNOe0wiOb9xrLFJ324D_FnHBMJoIOENtEryYM&c=&ch=&__=/asdf/enNhZmFyQGZhcmFoZXhwZXJpZW5jZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001fnceSdmaaNUV8eetNpehU13V_dlSdoIQLlSufkjJkyQiliqH1cIB0BjsFPuQdFat3HilYNkCYbPtxcvJ8VOMI_mlwpez1RwkL9XLAWIUDo6hyO0cRWP0TJshPtbPNOe0wiOb9xrLFJ324D_FnHBMJoIOENtEryYM&c=&ch=&__=/asdf/enNhZmFyQGZhcmFoZXhwZXJpZW5jZXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                                                            http://fightinggullyroadwines.com.au/shop/2017-Aglianico-Beechworth-p140185982Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 172.67.188.13
                                                                                                                                                                                                                                                                                            https://s.free.fr/bHysthwaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 104.21.5.161
                                                                                                                                                                                                                                                                                            Application_Form_Bonobos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            • 172.67.213.194

                                                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                            (copy)

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2457016
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.708667186018291
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:6qe3f6aje0NQq5rISAGF6KDaaAexGENRbUgPVlDlp:TSiUNNC7exGa/xlbLP/hp
                                                                                                                                                                                                                                                                                            MD5:EE66976DF0A5C903F5A718ABF3E8AC85
                                                                                                                                                                                                                                                                                            SHA1:318A2ECA8E968701A07F3865D6023B3933E5C30F
                                                                                                                                                                                                                                                                                            SHA-256:0A9F97CF2F9CA211C6986EF572C852B48098D3C6C28020229334AC788339A32D
                                                                                                                                                                                                                                                                                            SHA-512:FB756836AE30F0480ED98F32B409A81B3E0CEDA2A93267A1729497791F9CE7993BF7F72719949AB1130D442F390882CA24CD968BA6A64E47693D089BD529ABBB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...n.._.................P...........^.......p....@.................................R.%...@......@...................@....... ..6....p...H...........O%..-...................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc....H...p...H..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\RollbackTemp\TV15Install.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1199
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.047183277800649
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:J2l2X+zzDkwJ2l2MDnS2nJ2l2JS2WJ2l2kS2pJ2l2+My2+MIf19LZMOZMPZMzGEY:5+zcw+ndD4SHkfT9Vi
                                                                                                                                                                                                                                                                                            MD5:9B909DFE6EE99556CDF3BFE6328BE30C
                                                                                                                                                                                                                                                                                            SHA1:F977EBEDE1B06AB1CEB4CC446E6D1625E37D9A4B
                                                                                                                                                                                                                                                                                            SHA-256:4A37F6CDDA90195D51025589F8E34EE96BFDAD8C32B6BABFF1C1BDDA26C976C0
                                                                                                                                                                                                                                                                                            SHA-512:CFAB2D28E85C8FA1DE558078A491B571A31C70FF9694B3FEBCB8B815B60B9B7F1C23B67B0ED881036415143295CD81DCD823A797777FDC37082B2F2AABCA5405
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:2023-10-27-14-20-07 ..2023-10-27-14-20-07 TVRollbackInstallation(): Rollback installation.....2023-10-27-14-20-07 ..2023-10-27-14-20-07 RollbackDrvChanges(): Rollback all driver changes.....2023-10-27-14-20-07 RollbackDrvChanges(): No driver entries to restore...2023-10-27-14-20-07 ..2023-10-27-14-20-07 RollbackRegChanges(): Rollback all registry changes.....2023-10-27-14-20-07 RollbackRegChanges(): No registry entries to restore...2023-10-27-14-20-07 ..2023-10-27-14-20-07 RollbackFileChanges(): Rollback all file changes.....2023-10-27-14-20-07 RollbackFileChanges(): No file entries to restore...2023-10-27-14-20-07 ..2023-10-27-14-20-07 CleanUp(): Clean up.....2023-10-27-14-20-07 CleanUp(): Unload previously loaded user registry profiles.....2023-10-27-14-20-10 CleanUp(): Install restore task successful removed...2023-10-27-14-20-10 CleanUp(): Warning! Backup key could not be removed...2023-10-27-14-20-10 CleanUp(): Backup directory C:\Program Files (x86)\TeamViewer\Ro

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42543224
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997942604118609
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:b5bTkNde3NvoxYDk49MvgsV7FzV83hUcvPYRYntnwHu/olv1qR:bGedowMRFzV8xZvP+YntnwHiR
                                                                                                                                                                                                                                                                                            MD5:2E185F8A6622BC3062254F6F195ACC81
                                                                                                                                                                                                                                                                                            SHA1:B99F246AFB7749FDE563CBD37F217FE5D2A80585
                                                                                                                                                                                                                                                                                            SHA-256:F46F2978F32714C142B92569173FC68B2DC1374D988F6F041F7EAE0190C5BF9E
                                                                                                                                                                                                                                                                                            SHA-512:CF9C58DD76E40C132BB7ACC057026AD41282639CBF27EBF27C7296C52C9AAB64AED08663CE82A31A9DB6035BE6F23CCB0EA021C228556E7B94BF15A27585A3E9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L....z.W.................b...*.......3............@.................................'.....@..........................................P..@...........@...8/...........................................................................................text...]a.......b.................. ..`.rdata...............f..............@..@.data...8............z..............@....ndata...................................rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\CopyrightFULL.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3595388
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.197547640892696
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:kaGDnvcS2msm3mTukDzutu2CmnbPmHmb3vHSL3xOgufVPLQ/0HoL9mcVKq8kJYwR:ODnRGSRBVq/uarQaKj8
                                                                                                                                                                                                                                                                                            MD5:1947EA5BF7587F1EF50B65AA724D6108
                                                                                                                                                                                                                                                                                            SHA1:712FC1D598DF20E6E234A5F1410E8681E954AFFD
                                                                                                                                                                                                                                                                                            SHA-256:2E7BE879E05B2F6E3D87759F1B73C88D1F72C407BE448CD7E1A285BC5D41A737
                                                                                                                                                                                                                                                                                            SHA-512:0EAD8DEF904D6257E7F52C35F4ECB46552CD31047636E10181F7BA1C17E87B76976A6125382A9F84F930F1F350DDB1DDFF301D49AC1EDE95A474593432ACF7B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:##########....@ampproject/remapping@2.2.0....https://github.com/ampproject/remapping....License type: Apache-2.0...... Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\TeamViewer_XPSDriverFilter-PipelineConfig.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1310
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.963079132684424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:nRLN+HfIPXHfMuubDUHeLNIWfpInUH2LpjLFAON+HfIPXHfROubDUHV5yn:C/IPX/ib2CISABm/IPX/RXb26
                                                                                                                                                                                                                                                                                            MD5:E5121693356198A36982BABB96272404
                                                                                                                                                                                                                                                                                            SHA1:EFF3A59DE3B562BED53FD08C5C91FAE739109D4A
                                                                                                                                                                                                                                                                                            SHA-256:8E24B8D8D0305962542DBB21492ACA797F20D624ED4B0194105FBFE52E1CDBEB
                                                                                                                                                                                                                                                                                            SHA-512:A862949D782607961882AAA62D1CA03BF86C61E8DD902E92AE7BF784E9B225F99613D843B16AE94EBDDA2E30B5568E202C16784CE09309B92922CE7D00EF1E55
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<Filters>.. <Filter dll = "TeamViewer_XPSDriverFilter.dll".. clsid = "{40D118AB-04EA-4CFC-8C8B-85D1C7ECB046}".. name = "TeamViewer_XPSDriverFilter1">.. <Input guid = "{4d47a67c-66cc-4430-850e-daf466fe5bc4}" comment="IID_IPrintReadStream"/>.. <Output guid = "{65bb7f1b-371e-4571-8ac7-912f510c1a38}" comment="IID_IPrintWriteStream"/>.. </Filter>.. <Filter dll = "PDFRenderFilter.dll".. clsid = "{CD087E95-A362-4A50-B233-20DC89DED268}".. name = "MS XPS to PDF">.. <Input guid = "{b8cf8530-5562-47c4-ab67-b1f69ecf961e}" Comment ="IID_IXpsDocumentProvider"/>.. <Output guid = "{65bb7f1b-371e-4571-8ac7-912f510c1a38}" comment="IID_IPrintWriteStream" />.. </Filter>.. <OptionalFilterServiceProvider dll="XpsRasterService.dll"/>.. <Filter dll = "TeamViewer_XPSDriverFilter.dll".. clsid = "{40D118AB-04EA-4CFC-8C8B-85

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\TeamViewer_XPSDriverFilter-manifest.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Generic INItialization configuration [DriverRender]
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):287
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.371163047122097
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:/5KsGXMfVCzpIcPxYDXQyW59bCO2MngN+jAJh6O4BVAZVhe81W8l2y:bHfkzpha8dnCOztKh6tKe8xh
                                                                                                                                                                                                                                                                                            MD5:A578F666C0CB526085384D35C536B5D9
                                                                                                                                                                                                                                                                                            SHA1:F019631640D4BAA684CD589696CDCF1F8252F302
                                                                                                                                                                                                                                                                                            SHA-256:9C8859987D13AE53C5B206A7D59660C7754A7940185B599AC97E1E806551730F
                                                                                                                                                                                                                                                                                            SHA-512:E0FBF7054A32B5C370E98A644AEC0478CC68FE5018E7B7720574E5E656C8B61FD51E712A20289DD72B38A9560D7D8633156CCF4E4302390BC180EFF1D2983729
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:[DriverConfig]..DataFile=TeamViewer_XPSDriverFilter.gpd..PrinterDriverID={4949F9E6-DB2F-47B7-9489-56815A5847C8}..RequiredFiles=UNIRES.DLL,PDFRENDERFILTER.DLL,STDNAMES.GPD,MSXPSINC.GPD..DriverCategory=PrintFax.Printer.Virtual..UserPropertyBagScope=Queue....[DriverRender]..XpsFormat=XPS..

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\TeamViewer_XPSDriverFilter.gpd

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):66209
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.11237765266599
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:3E513+/TLYbpmS1Gx5M7ytzk9wjKS0ff8sEOxPOwhKGhBmAAGFD4iaKhvmOaoGJd:Cv8
                                                                                                                                                                                                                                                                                            MD5:B58E72E75C1CF590FA2722ECDA95F64A
                                                                                                                                                                                                                                                                                            SHA1:651B69DAADE01DBFD7CB470B24D1C3EF2369B821
                                                                                                                                                                                                                                                                                            SHA-256:9C77255FA10B116C1E5D1F8AB7D12A956455AD7610905DBD05EFD6FCE465C11F
                                                                                                                                                                                                                                                                                            SHA-512:6A44613F66B93DD671546042FBD0FBE2A4B78C78AC3127E69AD8794FC53AD45F2D889E6FB59D3DA5E302B9EC3CDB787818E3DDC503A47707B9FF16B7BBE5A265
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:*%..*% Copyright (c) TeamViewer GmbH..*%..*% All rights reserved...*%....*GPDFileVersion: "1.0"..*GPDSpecVersion: "1.0"..*GPDFileName: "TeamViewer_XPSDriverFilter.GPD"..*Include: "StdNames.gpd"..*Include: "msxpsinc.gpd"..*ModelName: "TeamViewer Printer"..*MasterUnits: PAIR(1200, 1200)..*PrinterType: PAGE..*MaxCopies: 999..*PrintSchemaPrivateNamespaceURI:"http://www.teamviewer.com/printschema/2018"....*%******************************************************************************..*% Orientation..*%******************************************************************************..*Feature: Orientation..{.. *rcNameID: =ORIENTATION_DISPLAY.. *DefaultOption: PORTRAIT.... *Option: PORTRAIT.. {.. *rcNameID: =PORTRAIT_DISPLAY.. }.... *Option: LANDSCAPE_CC270.. {.. *rcNameID: =LANDSCAPE_DISPLAY.. }..}....*%******************************************************************************..*%

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\TeamViewer_XPSDriverFilter.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1507
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.236509327317478
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:f2O7xJoF+hiEvHf+My83n8rELHfVoHfusb9ooHfhHfr7BHfVoHfusb9ooHfpHfra:uO9dhiEv/+4X1/Vo/uHo/h/PB/Vo/uHD
                                                                                                                                                                                                                                                                                            MD5:2C5FD2866B91861275917ADB4CED33E2
                                                                                                                                                                                                                                                                                            SHA1:E76DEB1717D3B1610A769571943A9C5C5A00699A
                                                                                                                                                                                                                                                                                            SHA-256:B7F148ED1BA6293F323E9834182D64E8756D414FF8A5B9B826E3EE2986E0B259
                                                                                                                                                                                                                                                                                            SHA-512:EFAAB915AD8BFA769073B4CE1FEA689FF379216D04204F8B21CFC6AA41413A94EA08E19A61613DCA29649F36E82B854861397E5E1F7C450AF7A1B656A0547267
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:;..; Copyright (c) 2022 TeamViewer GmbH..;..; All rights reserved...;..[Version]..Signature="$Windows NT$"..Class=Printer..ClassGuid={4d36e979-e325-11ce-bfc1-08002be10318}..Provider=%ManufacturerName%..CatalogFile=TeamViewer_XPSDriverFilter.cat..ClassVer=4.0..DriverVer=04/13/2022,1.2022.413.641....[DestinationDirs]..DefaultDestDir = 66000....[SourceDisksNames]..1 = ,,,\....[SourceDisksFiles.x86]..TeamViewer_XPSDriverFilter.gpd = 1..TeamViewer_XPSDriverFilter-PipelineConfig.xml = 1..TeamViewer_XPSDriverFilter.dll = 1,\x86..TeamViewer_XPSDriverFilter-manifest.ini = 1....[SourceDisksFiles.amd64]..TeamViewer_XPSDriverFilter.gpd = 1..TeamViewer_XPSDriverFilter-PipelineConfig.xml = 1..TeamViewer_XPSDriverFilter.dll = 1,\x64..TeamViewer_XPSDriverFilter-manifest.ini = 1....[Manufacturer].."TeamViewer"=TeamViewer,NTamd64.6.1....[TeamViewer].."TeamViewer Printer" = TeamViewer_XPSDriverFilter.gpd,,TeamViewer_XPS_Printer....[TeamViewer.NTamd64.6.1].."TeamViewer Printer" = TeamViewer_XPSDriverFilte

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\teamviewer_xpsdriverfilter.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12658
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.077237390641632
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:28vvoHISmpMCRsGyV2uR8OL7yKnUi8rFWQFgy50Nr7OxX01k9z3Azsx+ZPb9Vt9r:2Yo3U/4CFR+y50ZSxR9zusx+x3
                                                                                                                                                                                                                                                                                            MD5:74134E66B593D16717C8124B0DEFA42B
                                                                                                                                                                                                                                                                                            SHA1:5FA1072B57FCE09C70904464602C1FB7AD07BDAA
                                                                                                                                                                                                                                                                                            SHA-256:3D4201227D709C49B77031C8BEFFBFDB09337AD6E0A171A7E058B0E0B04320F6
                                                                                                                                                                                                                                                                                            SHA-512:B3A07AF69F7F0F0163CA275C153A2155BA69D7AE5371D3390F57D6448B9B17DBA60EAA3394344F8588E0102F6EC3DE72DE8E1AB6F94B5A03F2A6C192BBD9837E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:0.1n..*.H........1_0.1[...1.0...`.H.e......0..3..+.....7.....$0.. 0...+.....7...../.'._LDJ.z....!...220505065722Z0...+.....7.....0...0....R6.5.1.B.6.9.D.A.A.D.E.0.1.D.B.F.D.7.C.B.4.7.0.B.2.4.D.1.C.3.E.F.2.3.6.9.B.8.2.1...1..g0E..+.....7...17050...+.....7.......0!0...+........e.i......G.$...#i.!0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.1.0...0...0`..+.....7...1R0P...F.i.l.e.......>t.e.a.m.v.i.e.w.e.r._.x.p.s.d.r.i.v.e.r.f.i.l.t.e.r...g.p.d...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.9.9.2.5.B.8.8.3.5.7.E.0.9.2.0.8.C.8.1.E.C.5.4.4.A.5.C.9.5.2.5.B.F.D.0.9.4.C.4...1..o0M..+.....7...1?0=0...+.....7...0...........0!0...+........y.[.5~. ...TJ\.%...0X..+.....7...1J0H...O.S.A.t.t.r.......22.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.1.0...0...0`..+.....7...1R0P...F.i.l.e.......>t.e.a.m.v.i.e.w.e.r._.x.p.s.d.r.i.v.e.r.f.i.l.t.e.r...d.l.l...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\Printer\x64\TeamViewer_XPSDriverFilter.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):773552
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.562891536553011
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:E2qWLii0HeFTzBTqtO/zKSeAWgSd6kLsjJLPJC5Wdp24XgI7wK3l+aG7X:5qvxwdqtO/zFbWZ6WsjJzJ52Y7wK3l7i
                                                                                                                                                                                                                                                                                            MD5:D47FE8D92AF08C8FCA8E1C71DA05CEC5
                                                                                                                                                                                                                                                                                            SHA1:F53C8DEF485712748315BEFEB631453B594FC67F
                                                                                                                                                                                                                                                                                            SHA-256:698FED30F5715BAA387C89D043FB0E1C8A1C4F4C8F837510DA292A943ED778ED
                                                                                                                                                                                                                                                                                            SHA-512:DCCDC640981B68C3DDA4F949DAEED12F39C08E456588DE6BDD061CFE7BC7AEB18EC237E0358B6D6F368BC74F9B939D712363B2556BD9321C43900435BFAE6256
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................3..d.....d.....d.........................."..].....].....].&......N....].....Rich...........PE..d.....Vb.........." ................................................................G.....`............................................................. ....`...V.......I..............p.......................(.......8............ ...............................text...$........................... ..`.rdata..J.... ......................@..@.data....P.......:..................@....pdata...V...`...X..................@..@_RDATA...............j..............@..@.rsrc... ............l..............@..@.reloc...............r..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TVWebRTC.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5090616
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.771941354944089
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:s4BUSqGWyZlp3lL8O94sxLHst8sbwDw3k3OkG4Og:rUuPlVeQvxL3sbYw/4B
                                                                                                                                                                                                                                                                                            MD5:4F39058E117BFBBC8541001C6A8F039D
                                                                                                                                                                                                                                                                                            SHA1:5821C042A54F7D55972461170D3C8C5A89D65CBB
                                                                                                                                                                                                                                                                                            SHA-256:B40D19D16BB2BB17D589B2F22877E12E5E7FAA9C1680FBAEA200DE165A2047B2
                                                                                                                                                                                                                                                                                            SHA-512:AA6B087EE2773FF3D6B2A80DF967857B3A12EA6A0EEA2BC6F3BC0398ECFC7DE3878826FACDE115EF307FC7299F702E39F575360B762883832C5087A9C0136EDC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........a..2..2..2...3..2...3..2...3..2...3..2...3..2...3..2...3..2..2..2..2..2...3..2...3..2...3..2...3..2..P2..2..82..2...3..2Rich..2................PE..L......c...........!......=..(........5.......=...............................N......zN...@A........................`*I.P....*I......0K.x............~M.8/...@K.t...0wE.T....................xE......wE.@.............=.d............................text.....=.......=................. ..`.rdata...}....=..~....=.............@..@.data...$....@I......,I.............@....rsrc...x....0K.......J.............@..@.reloc..t....@K.......J.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):68979000
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.676217552171922
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1572864:w7t3zCtF4IcnHYy+nWar8eN4pTjKv8HXTepMdwsjcpL0CXGm38WHLc:w7t3zCtnos8Wrc
                                                                                                                                                                                                                                                                                            MD5:66F4AEDD14F7266A78820AAC47CA1650
                                                                                                                                                                                                                                                                                            SHA1:0B57FB3D987137364A107D19F984A352E087EBE9
                                                                                                                                                                                                                                                                                            SHA-256:F6A8825F72E806D7A02A5F13370A84257AC7E83E581879E34BA4935784803243
                                                                                                                                                                                                                                                                                            SHA-512:814752411BBC819E7179D1FF245FA9F370AE6467F0D183767024D1E12A7FEC03234F22A465D2172FD559A99997EF144768F15AD4C6C7D93C8CBAC03D9FC4F409
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......u..>1..m1..m1..mW.pm8..mc..l$..mc..l-..m..pm3..m.lr..mc..lI..m.l4..mk=@mj..m.l0..m1..m...m.l...m.l...m.l5..m^.&m3..m.l...m.lm..m1..mu..m.ls.m.rm0..m1..m0..m.l0..mRich1..m................PE..L......c.....................D>.....`k............@..........................`J...........@..................................P..<....................Z..8/...`..H.,..cr.T....................dr.......'.@...............\...........................text...S........................... ..`.rdata..n...........................@..@.data.....m......D?..\..............@....didat..D...........................@....rodata.@...........................@..@.rsrc...............................@..@.reloc..H.,..`....,..b..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Desktop.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13089592
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.694955888317387
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:196608:Vet3zCtTo7mYHyBV9Hg2fwfhASiVy8KT6VFVZ2d:Vet3zCt2yBTgMZVdKu/0
                                                                                                                                                                                                                                                                                            MD5:8F594D61E6676B31C2A8027009C2FAF7
                                                                                                                                                                                                                                                                                            SHA1:EA6C791B4FBCCC5E0795168704CC9C7BB12245C4
                                                                                                                                                                                                                                                                                            SHA-256:F414A0BF358A4CCBF40460F5BB66B0014FF5377A7C6DA1689116AF2FBC762D86
                                                                                                                                                                                                                                                                                            SHA-512:655A148A337AF27E2A2D757ADD6A7042E56EA27CB6F921D82BCCAA9C1586F59F2717318ECD6AC23DD216FCA55F4656BA56840F37AFC22B0A422E7314EC71E366
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........jR|..</..</..</.d./..</.~8...</.~?...</.W./..</`y?...</.~9...</`y8...</`y:...</`y=...</.../..</`y;...</p~9.3.</..=/u.</`y9.i.</..</..</p~8.5.</p~5...</p~./..</.../..</p~>...</Rich..</................PE..L......c.....................JA......wz...........@..........................`......3.....@.....................................<....P...f..............8/..........$(..T....................(......h...@...........................................text.............................. ..`.orpc...f.......................... ..`.rdata...B4......D4.................@..@.data...T....0...v..................@....didat.......0.......z..............@....rodata.@....@......................@..@.rsrc....f...P...h..................@..@.reloc..............................@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Note.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):583992
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.394185534545222
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Cx5VvMavmKubBsKvJo438Vss57jqWJJcVKAOGaBdQC/joyx4:c5VvMkmKemKvW43xsnf/fBCCrV4
                                                                                                                                                                                                                                                                                            MD5:32A57AE38F98057204574961A19E1BF6
                                                                                                                                                                                                                                                                                            SHA1:9B7BD3A5067E49C1C8FF67DC3BB55BD9D48B3209
                                                                                                                                                                                                                                                                                            SHA-256:106A44E1552B7C743CF843DB03867A7E36B9802A7E3E0E935BFC5FC1693C2491
                                                                                                                                                                                                                                                                                            SHA-512:DA5D3083CF3A04A5EA1F2065CF2C76E1FD6CFCCC5EBFC0BDD086EC897BEAB4D2614BC10F471003C0E6941665F3CC3EB841931919082B42C7CEC8BF4788B8C8EF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.^1..0b..0b..0b.3c..0b.5c..0bE.4c..0bE.3c..0b&..b..0bE.5cO.0b.4c..0b.1c..0b..1b..0b.9c..0b..b..0b..b..0b.2c..0bRich..0b........................PE..L..."..c............................PK............@..................................6....@.....................................(....`..@{..............8/.......+......T...........................8...@....................... ....................text...J........................... ..`.rdata..............................@..@.data...."... ......................@....didat.......P......................@....rsrc...@{...`...|..................@..@.reloc...+.......,..................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ar.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):373048
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.345058752164607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:8gtVHSTV+To6JCPChUsHZjHJzkpwleiVflN6gwTPc/Z/xj:mT1t8VcCflN6kT
                                                                                                                                                                                                                                                                                            MD5:02D3C639E7D422E1D8E6936A7F797275
                                                                                                                                                                                                                                                                                            SHA1:8BF10A2E3993230B767B6BEEA4DE03026331E30E
                                                                                                                                                                                                                                                                                            SHA-256:A02232F4E48FD48FB84CC05CC4F3B72E9C8E38C7488552D803918E1D89F35676
                                                                                                                                                                                                                                                                                            SHA-512:2E9CCF6EE75996971323065BE2D220310CFFB20728E3639BAC4B7CB9D3FC6F5C32A316B599FEA2B95218048F36E87073A187A8AFA1B5B0C7C079B73FBFBEE04F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!......................................................................@.......................................... ..@}..............8/...........................................................................................rdata..............................@..@.rsrc...@}... ...~..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..0B...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_bg.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):436024
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.286072879353572
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:GJlkXz9bF1NycbAWJDZpRx01jr0fVbY0yf/59BolUII7psM8DUnxt2hpAJujRay5:IZW48Q44Y
                                                                                                                                                                                                                                                                                            MD5:5CED8F1E52ECBE75C1F927BDEAFA5F5B
                                                                                                                                                                                                                                                                                            SHA1:D2DF205F6380533131B120A63B1B2CB1757659E5
                                                                                                                                                                                                                                                                                            SHA-256:A402D9A614777C7E6AB9C2D06B19CCD2654FEAE918B2869888E2875B41844178
                                                                                                                                                                                                                                                                                            SHA-512:6754D028EB19FC04699113806DC6D19BDB82F57F647E950433C46C220598BAA84758506E06FF3BD78B9115B80285741101C035AB56D7771B47C0A50D57E076CC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........v......................................................0o....@.......................................... ..8s...........x..8/...........................................................................................rdata..............................@..@.rsrc...8s... ...t..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..(8...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_cs.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):405816
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.956963226826557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:KvmkkALenmGnHqbaqOC/LbDusMettIgNWP6ZLKVjMaWg5iCqV9Zwx1xUv0JAEkGJ:592M6ulbDVjVUTvrp/224i+gc
                                                                                                                                                                                                                                                                                            MD5:94AC456373E7334BD829B394B294576C
                                                                                                                                                                                                                                                                                            SHA1:50AE007B9144A7DFA1FD4055D70C82242EBA9F46
                                                                                                                                                                                                                                                                                            SHA-256:3D8747A74C1F64EDD8D336374D25E8A00FD3482BEC38A9A2C79A33FAAAEA94DB
                                                                                                                                                                                                                                                                                            SHA-512:40DE928A5905FC19BBECD95EDE25A6F35B4CA22C605CA56413E0348CB7A58734A67F740A649DDF1BB53CBDA82FB2B0D947B24872AAC5845BE45DA2B221F63B54
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!......................................................... ......zF....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_da.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):399160
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7059203218097765
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:PZSx5ApUNPMfDWGZOGCY5OC6PjrncQcI7HeDzxxa+/CDf/EXfX/wXc/i3cGNee6a:BCf2Rxr6
                                                                                                                                                                                                                                                                                            MD5:A9B0F072E93EDDAF2F94D79E6F257D7A
                                                                                                                                                                                                                                                                                            SHA1:1C742850D2AB56200614E73CDDF606D163526E80
                                                                                                                                                                                                                                                                                            SHA-256:534B8F7914331B8836D2B77D538109AAA08086E40F907261A41505B68708D971
                                                                                                                                                                                                                                                                                            SHA-512:DFA151DBD3BF380DBCC8C6A0693148F4B5DE6310CD6580565C66D84DF48096F406F6BD73308820010498D9F90F79BFBB0836A96506F636C0026D5BF5B626C066
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.....................................................................@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..p....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_de.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):445752
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.689687129591618
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:SaVLPNsHDdz4ZXP7C07PwqHyCumBtUOFXyzTF6yfO6k1vofx9fuxMcKjXSSnNCxx:xwA0gSMtalfYfV
                                                                                                                                                                                                                                                                                            MD5:79FDB9E77EC703317693773DF168D01F
                                                                                                                                                                                                                                                                                            SHA1:66E90C999E96A4947C1401D48F7A9F2C755E5ECD
                                                                                                                                                                                                                                                                                            SHA-256:A35D042A05FF628A59591475B0F3EFF66AE3595E7C2F912A26D157061CF681FF
                                                                                                                                                                                                                                                                                            SHA-512:58938452CAC04A65895917AB73962C05341B249CFE3D2DF761C8F712D2A497574093C972A00C49039E8BC7266A81A566FC1EC64091E2F19CDA16596DDEF6D3AC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L...{..c...........!......................................................................@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@....{..c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..x]...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_el.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):475448
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.403197302977147
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:l/ycVlyTZk1NK/UgMLcETKdXAKpl4bINU1HF78zocrJkdd2wNZvsAXFF8YbfCUOi:tyrgQSCPNdVDMe4PcTAVJtxve0s7Q
                                                                                                                                                                                                                                                                                            MD5:9DFDA2B3BC28EA6F8A611216F4F1B91E
                                                                                                                                                                                                                                                                                            SHA1:69E6C1F445F873BA17B26E0531A7B20B9F1B3641
                                                                                                                                                                                                                                                                                            SHA-256:EE020EC63FC06A0FDCDD292F50646147C021147A591F32BF4456E1962C651616
                                                                                                                                                                                                                                                                                            SHA-512:8B9206A09BD9ECA9345B7B0BA8645630CE8B1CB69C34E91023E66CC300BB0E6EA0971DAED12C8C3E7F641396886BD83396BC7C7D6FCE14683C9EB0C5210838FF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........................................................0............@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_en.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):390456
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6932550616187703
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:NNWku3rPR4S/jI0lS0V73p4ras+oG+7ShJmk8CcysegtnyaF0hla/Bx:Dmt0G0SKvCceq4w
                                                                                                                                                                                                                                                                                            MD5:5FF9548B5D167422BAFD89BBB3BDE09E
                                                                                                                                                                                                                                                                                            SHA1:951B9297142474EC7242CB0FC9F8D67332513D21
                                                                                                                                                                                                                                                                                            SHA-256:C31985BDEB9AFC85335EFC5E37EA6EFB36B7D92C84DF5675701FD4037CDDFCB0
                                                                                                                                                                                                                                                                                            SHA-512:2A371F9FA8351BCAC4657B2D5810C48D6E007A6A8DA1CA954225B9AA87895D0FD59E2A7EF856D856B3A08B2AE2F11F340D41F5FE85E10387160E94A7CCDA53D3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!................................................................J.....@.......................................... ..8...............8/...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..(....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_es.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):444216
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.622047472184712
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:YKAAUVcbRh20035Ams5OU90QdLd1xwrzDIUJtCuy7frJunhUj/jSdFqVNBw:Hi
                                                                                                                                                                                                                                                                                            MD5:6E1899B98ABCE456B88869D641B0C040
                                                                                                                                                                                                                                                                                            SHA1:969CF182F3927DA1C105DAA1EFA90AD4A8706B12
                                                                                                                                                                                                                                                                                            SHA-256:2544C18DBE6FAD95BB0E4F2702FA25D23E489E02A3FE2C772EA8C6B5BC2C05C9
                                                                                                                                                                                                                                                                                            SHA-512:72509633E256845E999A86CB572D16B56C863DEFA570768C2C920946FCC68D5E94FE1761BDE4EC40BFCF9C589A06DA94D7A5BBD5745A1F9178423A85B3B89E44
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!................................................................D.....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...W...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_fi.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):401720
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6836122203115673
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:PJuCEKHxkRVW2ZoXSPyyJTGmwzvTdeusgLwWQ7df:53sf
                                                                                                                                                                                                                                                                                            MD5:B6079241D41F543785FCE3111F6682BC
                                                                                                                                                                                                                                                                                            SHA1:5812D1A150C8935DA63AE5B674A57CAB61158B56
                                                                                                                                                                                                                                                                                            SHA-256:4615C9CE566D9F0E568CBD31DE8780FBAD250489C053FF77988B9EC25E0F123E
                                                                                                                                                                                                                                                                                            SHA-512:5B020223183919EC23692978F809221CF32B394A9DCC43EFB3F4150EF57945474E87F3DA22D20F7587C8018D0BA382C1EBB82BB1AB263E006E12ED457E84EFB4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L.../..c...........!................................................................".....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@..../..c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_fr.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):462648
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6540109834522134
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:muFX9cTB6xYE4QmVAzZ2z6KoyelbbkEp5s6RDwnxMhNe/0xv:kUh3T8z6KoFzVwnHY
                                                                                                                                                                                                                                                                                            MD5:F2FA380EA7684EDF804CFFF832575520
                                                                                                                                                                                                                                                                                            SHA1:686D12E09DAC783FA1CCBBC3A667D2E8F9962240
                                                                                                                                                                                                                                                                                            SHA-256:F2880CEB26F1903F4EF537E504746AC622BD7A004D2BAB58DE2ED5C4534B78BF
                                                                                                                                                                                                                                                                                            SHA-512:8B190CE8687CB9ECA2491AFAB372B9C7A1EAF4C07187C228D2A2772382A4807C74806A7508BD08FA49A6BE06170612B573E1A603C55EF0EA14EDE9C6F7635252
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!................................................................R.....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_he.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):327992
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.474478772452174
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:WYVZ49QexXH1RDQQLjQOu1rpnrXVO4k5Kwittst0MNNzKH5B30XQ2st5gZPDJM6i:NX4VXVRDQQLjQOu1rFMitd8Q2sQZ4eQ
                                                                                                                                                                                                                                                                                            MD5:08C06A2E7FAE4082DD39F58DFC99A694
                                                                                                                                                                                                                                                                                            SHA1:36BC246B82F640ABB4438EF2275579E93E36D2BB
                                                                                                                                                                                                                                                                                            SHA-256:A830D5FC352A53FCCE40AFBF21DC36967763EBC91B030F954A3E42E3802E74A1
                                                                                                                                                                                                                                                                                            SHA-512:6E26BC2441FAA8788A4872BD5BB4886DEDF8BCD6AA8D33F3943E40AE61F7909AD047A25F258D91620047A9DD02EBF5FD9298CF5C38C379AE8F989E40957030FF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.................................................................&....@.......................................... ..8...............8/...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..(....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_hr.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):424248
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.753947904763123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:P6wUYAKzt3zu38ZhvlL9aLE+CSBjOfYM3mYgZZx1XifYLWb0WoTn3zSUYby153/Q:DNt3isZh9LWwSooxdVs
                                                                                                                                                                                                                                                                                            MD5:EB4E5AE3ECB7B4A4FFA4BBC318AF4B4A
                                                                                                                                                                                                                                                                                            SHA1:F5FE6A813F5340DAF9895FDE6F5BC0A8B39E92D9
                                                                                                                                                                                                                                                                                            SHA-256:0FA292CEA8C0E7413E5D75582C47C079CD4EFFC1ECA6A6885201E1DE7405C888
                                                                                                                                                                                                                                                                                            SHA-512:928AA64F421EC6081B2B212C7DDD6C9E2CE0F83F9931B7B2618CF4EE7D7F8A35B0921BF197643FB7A8B4DB03CB6679829376B864E369ACFA29025F6264E00622
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........H...............................................p............@.......................................... ...E...........J..8/...........................................................................................rdata..............................@..@.rsrc....E... ...F..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_hu.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):436024
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8330771769402943
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:g2vaDYxtVtcuehcMLhg5RTQ98xcKpYNtOqPsEUQih6vIOk/l2mPyirc745ZQR3w2:QnyT5ryXdXv0ZExs/gH8+
                                                                                                                                                                                                                                                                                            MD5:F9D1128B6633B25A48D571691F8BB009
                                                                                                                                                                                                                                                                                            SHA1:8D3FF9EFB85FD17239020049EC32D738B4ED8C91
                                                                                                                                                                                                                                                                                            SHA-256:DABC00FF9D648754A6C88843267A57E736C5BF30897B891206CCE35D09732C21
                                                                                                                                                                                                                                                                                            SHA-512:6B3408E46DE79E490D3A76826B68568759ABCBC2DC77EDC165F8A56079EFE2F342F67E0E57953760225695CCE5E1940436FEF06C342057AD35E2135AA4FAB452
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........v............................................................@.......................................... ...s...........x..8/...........................................................................................rdata..............................@..@.rsrc....s... ...t..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...8...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_id.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):407352
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6601558375540844
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:HY5QF2jme/C+SlcQQjqn1I9vDyzOo09vm++pnGWgYbIXazON/5x5:4C7ny9vc00ot
                                                                                                                                                                                                                                                                                            MD5:86D17DCB358567D25FB722E1920051E0
                                                                                                                                                                                                                                                                                            SHA1:1554EF14B7A1E9F4CA5446B4A3EAAE4821DFD287
                                                                                                                                                                                                                                                                                            SHA-256:156D232BACECB5761878CCC5D17D22AD42E64760FFDAD7BE91B906C7904C0AEE
                                                                                                                                                                                                                                                                                            SHA-512:7486B9336FB91016766D7DE0CE8C339A9FAE5916C25B8B3A492F184BC31D32D55779C63BBC225C0F230E55F5E5C5B9F65785387E8F531ABBACBAFDDEC8D99A15
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........................................................0............@.......................................... ..H...............8/...........................................................................................rdata..............................@..@.rsrc...H.... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..8....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_it.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):440632
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6293527606198106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:vRQTAUQ3aM09YXGX4Bp398RTMylu3oMRTAvKbyi1RIpgd/eMtdVPWZPAPGT528S0:ApuXXBJ9aJModi1vx8dD
                                                                                                                                                                                                                                                                                            MD5:53B3176F7B234D8468F0A0CDFC6104F4
                                                                                                                                                                                                                                                                                            SHA1:6A04F39309FCBB539C64A3457C503DD830925951
                                                                                                                                                                                                                                                                                            SHA-256:D10E3EE4B04B215607AD95B8AD2EBD792A3482B9D4AAA984B8C619284C8971EF
                                                                                                                                                                                                                                                                                            SHA-512:3A9204FF52055C70714AE63FC0DAB27DA622D51C30FA80A4550853EA924F238315967B7512CB1C90C6BAF315CC4094C5468E61505B97D963EB629E5E0373974C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!......................................................................@.......................................... .................8/...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...J...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ja.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):248632
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.535441853927395
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:V6iYjviSV5gCE9J+ZfVCQGQ8lzzHWZqZAxXak+bdhBnA2oDdO+r37VqBXJ1VQFXb:7lGadhGoB8l7/
                                                                                                                                                                                                                                                                                            MD5:448E4E282AC5BF843DA0544712D4A036
                                                                                                                                                                                                                                                                                            SHA1:545282C5CAFA4F5BD069033F27A866E3F2D6E2EE
                                                                                                                                                                                                                                                                                            SHA-256:AB9A7668E54697436259A5206103D7375F6975C43FCC08293B672609B144ADE4
                                                                                                                                                                                                                                                                                            SHA-512:89CDAEB89EDA176AC063289DC7CB6554A8893D5A12DDBFFC9ADD8787CECB73EF3EEFCE544BD4B7CC835B7D0E71ED37A45186828201F5BD3C5A80C913D2350673
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!................................................................e.....@.......................................... .................8/...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...[...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ko.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):241976
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.663112515071947
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:yAjBwzC01nycmrT0KvMe3neU2/d5BbTQvui/PVWYSjQzSdlFpWqdlsA/dxx:LwicmD/qsAJ
                                                                                                                                                                                                                                                                                            MD5:09BDF7A9B9C533454395B02B1CAD613E
                                                                                                                                                                                                                                                                                            SHA1:08793977338A76E3279E91601BCB1636254FA9EB
                                                                                                                                                                                                                                                                                            SHA-256:7D86CD7A8CC40688AE4839706A8BFBFE7E133F2295D1DCCA7252267626B8B6CA
                                                                                                                                                                                                                                                                                            SHA-512:6756E220DF30615BE2021FE5BED8D2B0378BE3E822D0B5D6F71CCE0529C448F00B14AEF7EB4B84F7FE4BFC15378AE3E60E1F99AE28F95999F65E9CB3A2289DE2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.................................................................!....@.......................................... ...|..............8/...........................................................................................rdata..............................@..@.rsrc....|... ...~..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..pA...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_lt.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):430904
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8342746931828686
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:x3OD5tPJjv9XKodQRyJ18rp2NjFgXjLZB3fUEGc2Zovll0BgxTup2jhNfzXAVWsK:Ig7pH+8Jr
                                                                                                                                                                                                                                                                                            MD5:4708EB0A5A5A42398D16EAEB41826C41
                                                                                                                                                                                                                                                                                            SHA1:F6EF8CFEBB1FBB69B067F202BE05925348D25D83
                                                                                                                                                                                                                                                                                            SHA-256:4E824B4F7445E83E529B0BF814CFC75BBC257E4A8822EA42E5AA0C0131EE97AB
                                                                                                                                                                                                                                                                                            SHA-512:1D973157756368A7619C5593AA14B6FBFF1AB205E8A0E4C9C7F11558CFC15DFECE9DB82661045F35ACAE70E76C58209407CBEDB11933D3C10DA68BB1C1BB3944
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........b............................................................@.......................................... ..@^...........d..8/...........................................................................................rdata..............................@..@.rsrc...@^... ...`..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..0#...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_nl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):431928
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.641860963842408
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:98oPhx7/EbVv8fpn5NsEUNw/rMegteH/QURrF6yWVYx9jUrptardGaT8FxaKTJvj:GoPc4Wh3knNaLDmI8K
                                                                                                                                                                                                                                                                                            MD5:A437FC7A3E198F8CEE0E6F0600BC1A08
                                                                                                                                                                                                                                                                                            SHA1:EF88E5F5B0A44E19786069538738C95BCEC8BFCE
                                                                                                                                                                                                                                                                                            SHA-256:941682035010FB8399D309752A1653070B789C82B999449CE136541AD2BB76B1
                                                                                                                                                                                                                                                                                            SHA-512:E680DB0D5F06F13F2443E62B77A903583CAD4D30224BF391A2E12F09415DF21A91A916151380453DDD3D685ABDC1BA6BAC00C43B7089BEFF72574E8AB960D756
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........f.......................................................K....@.......................................... ...b...........h..8/...........................................................................................rdata..............................@..@.rsrc....b... ...d..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...'...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_no.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):396088
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6975389965876513
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:5xWq/qVbfX/bPJGQPo1vhctT/2fhzxA9elvbN5ZQNU/J2JZw19FlyhnEn0bgzeIY:sV1sDa
                                                                                                                                                                                                                                                                                            MD5:EBA6F8755B4D9E31862D1AA7525340F2
                                                                                                                                                                                                                                                                                            SHA1:349EA5CF55D51494F5084C084A66539648C4999B
                                                                                                                                                                                                                                                                                            SHA-256:2D03AA4ADA5E63F5E4FE611DB1CF7E4199A1C287742B7DCB0AE02E20AB7FBAFF
                                                                                                                                                                                                                                                                                            SHA-512:BA8F9C6705E0B87180CAB8A12B17E589BE47CF2CB5CB3F48D4892FB1D941FFF318987FD9958050AD8617432AEF52B1B1CC616B4302B4EED57BE18A135C7A8471
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L...5..c...........!................................................................P.....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@....5..c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_pl.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):432952
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.894092482437777
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:zT46Qw21IPRJeznbx5kbZdLHyIsKlLuD4+P/tpEgqVypVE/guxT:HvtIK9uD42tsVTl
                                                                                                                                                                                                                                                                                            MD5:B0FBCFAC3AD48E9BEB4F0632502202AB
                                                                                                                                                                                                                                                                                            SHA1:67677CA033FC10555E5130E6BD956E20F2DD5BB9
                                                                                                                                                                                                                                                                                            SHA-256:B6F7967B8858B30AD1ACB8219BD51CAE1F4B0053494DD2EA7B5951A721FA81D1
                                                                                                                                                                                                                                                                                            SHA-512:99E9455DFDAB2A5BAF2B7218AC0DEAA5D0C7F1D69CFFD16711B92B22F3AAB00F8E103E71DB83A8592BBAF030F271AD77004C5C34335227A5127BA41E23869931
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........j......................................................".....@.......................................... ...f...........l..8/...........................................................................................rdata..............................@..@.rsrc....f... ...h..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...+...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_pt.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):426296
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.675035664492228
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:P3RaYpJijRlkBLlNRLOMgpELWfl9bHEVY/pxxm:ri4bR4bA
                                                                                                                                                                                                                                                                                            MD5:B8918854F9157E6ACAE43543C532BDA2
                                                                                                                                                                                                                                                                                            SHA1:A3D3C2A655B7CAC18D2F4C5A7F8881A522FD5D87
                                                                                                                                                                                                                                                                                            SHA-256:7CFBDC4C471B95E03A8F0ED875DD0AA66BFC5E6D059FF1A8380B271A103098AE
                                                                                                                                                                                                                                                                                            SHA-512:22110F57A1367957F6CFFEA75DBAA1649E8A8BBD60A05C8B38CC4AEC00505F92497FB39B43F7993CD32D47944D8056E75A978C95A85357F70BA2E8041F34B049
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........P...............................................p......l.....@.......................................... ..PL...........R..8/...........................................................................................rdata..............................@..@.rsrc...PL... ...N..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ro.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):450360
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7675024749057484
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:J+lPVGAavOri/5zxapeXmhiqT9zmZwcOHFRCC4qi3gXXjt9dNlA8lwbI14IV9dqa:Jck2
                                                                                                                                                                                                                                                                                            MD5:180EFE7BA1C0CD558FFD0FE08DC8ED72
                                                                                                                                                                                                                                                                                            SHA1:FB046D6DF8843C74E284B14AE701E894DB5DA76D
                                                                                                                                                                                                                                                                                            SHA-256:FBC289F9AD43A96890E4390E213EBD15E6AFC8C1D93D3C8A790D2C8DA330D4DB
                                                                                                                                                                                                                                                                                            SHA-512:813FA7DBE297DF39E2B5E3896845C662DA625CF38CDB419A083B41B55828BB8E176EBC2A70200033FFAB2D5A301C83F6CF1EA1B33CCB4E4ECBEED1011F093987
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.................................................................3....@.......................................... ..P...............8/...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..@o...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_ru.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):432952
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.356693802308424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:T7aE8o2d4i/INBgWOHd2y5jsgj2eaqh/6y1wOSgXLIXvQTGMi9/jxk:esXoL1KW
                                                                                                                                                                                                                                                                                            MD5:63DC901DDF9F5CA3A20A175DFB06D889
                                                                                                                                                                                                                                                                                            SHA1:C78729EFBEC2167C8945FFCDB1CF4822A9C913AD
                                                                                                                                                                                                                                                                                            SHA-256:AF3FCB5185BC6A61D15C61E99DA3EF1AA1A99CD2E975BF44B62392BF422989B7
                                                                                                                                                                                                                                                                                            SHA-512:D9C697BE2BC9CE0E270B36B64962B47727A009F24D658E383B789B47C9569A110FCBC5A7042EA8B0B948CF827550A66C2425BB5767E6D97BA5C0660859A1C295
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........j......................................................Yr....@.......................................... ..`f...........l..8/...........................................................................................rdata..............................@..@.rsrc...`f... ...h..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..P+...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sk.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):418616
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.895044183735032
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1M5V+CzkliVLjg2VjcfO5Bi7Db9vQeLF4WxQbIr3S4WG/zNktc6RYqzDaY45lPqt:Ol/VVSEPhBaDR+
                                                                                                                                                                                                                                                                                            MD5:69763182E049BD882AC4B8DA55BB1B0F
                                                                                                                                                                                                                                                                                            SHA1:E2106363DD70BCCC07DC89FE13DAE9E8BAAE6606
                                                                                                                                                                                                                                                                                            SHA-256:93F4BC88D4C7BFF02D333C1104908728245BB1945DBA3D27DC35493F3747D6B2
                                                                                                                                                                                                                                                                                            SHA-512:7E24A579C1F9EF6EFF3972526F338BF27BFD79131571AF36BE95A75AAD55E4CB005759782F9620732FCBE99A0B56E67F7BBD5A08BB1E38F477A976D71047CFC0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........2...............................................P............@.......................................... .../...........4..8/...........................................................................................rdata..............................@..@.rsrc..../... ...0..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sr.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):418616
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7562558460280995
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:RC9/izAG69tuVAEAZcMMv4ZKU+0stvzNuVzm2/S5HOGch/cnfCW5AkAqI1od3lX6:sI8ev4ZdEzUYnD6kHfXpWI0P
                                                                                                                                                                                                                                                                                            MD5:60F836C5DB48711E8F42E336F2DA7B12
                                                                                                                                                                                                                                                                                            SHA1:91CC46B4AFF1EF86EA9A32702AB9E68C99B2CC7F
                                                                                                                                                                                                                                                                                            SHA-256:DF7CD2571190CD402D1DB7403738B946751E7DACF1F19C58DC2C595AAB307FD8
                                                                                                                                                                                                                                                                                            SHA-512:41C2A9ED02166C45D0CBF7216437ED17253480046BEF9D5B36BA3BE9A6B4600CBDE2D7BB6185CBC8C16F47969CACE77E569C196C5EE5ADBB699B668673DF2AFF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........2...............................................P......a.....@.......................................... ..P/...........4..8/...........................................................................................rdata..............................@..@.rsrc...P/... ...0..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_sv.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):398648
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7390600266748577
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:AdCb1/DX8qvRbADY1E47G97IFZjhUB2G7UwhBZabm4NO51gaGPYV+tvHtVL3akMi:fbyr679Jmi87m
                                                                                                                                                                                                                                                                                            MD5:1497950E8BEEDA165D998610027B1328
                                                                                                                                                                                                                                                                                            SHA1:775AEFEDB502708D8AA97E2FEEC8AE2EBD97DA0F
                                                                                                                                                                                                                                                                                            SHA-256:6E42E63333FF47B8C3FDD24E98629F8ED25EA0682FB3EC6BABA02B20B1F066FB
                                                                                                                                                                                                                                                                                            SHA-512:4CC22F5E8E712D35988D7C0DC2FE53267E26FF5AD7FE38AE49D8B336BF48F281C29716C3589095828B2B78B88B68E05C32529B42FFC34FA1D315A9C5416532C5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L...;..c...........!................................................................}=....@.......................................... ..8...............8/...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@....;..c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..(....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_th.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):387384
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.547156384869077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:yCj4dPboG1dn8jw/O49eBhBS79p7iS1zFMniI3AeQ9skf/rxU:IcGqQI3kW
                                                                                                                                                                                                                                                                                            MD5:77FC1F261F3CABF47172CD1AF90B384E
                                                                                                                                                                                                                                                                                            SHA1:65EB01633AF7D3C66A3C50CFF6A8F81E27918F42
                                                                                                                                                                                                                                                                                            SHA-256:14701B9CCAF49E580707B1E23594BACF2493BCDE80CAD63CBE4444B7B8A9ED03
                                                                                                                                                                                                                                                                                            SHA-512:FF79E8306BC39A9139147FD57B77B8A0E58B1718341DD500B23ECDA84023D3B760C1A047FEBA84B17744F01EB5FB0FEAF116C90C83C7CEB20EB7FF4ED6FE2DF3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!................................................................{.....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...z...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_tr.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):404792
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.907542397991233
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:PHrtZ2h5ooD6RrQrxO9VE2SLcyCpNvsnn+tJHfmklPoNArCsJIS8YEEiLh0xnQwJ:cavsnYo8Olh9GAzvHz9m
                                                                                                                                                                                                                                                                                            MD5:1E6E407A46B37ED69E6BACF3474F8203
                                                                                                                                                                                                                                                                                            SHA1:287AF816D852354FB43FA7BD31CF54E0070B50FA
                                                                                                                                                                                                                                                                                            SHA-256:D69784BAB94C3AFB3A1C7CFEF90F89F6511B77B8646A7D9C505A95D2AD001C21
                                                                                                                                                                                                                                                                                            SHA-512:6C11D6B6EF6CF89BF9A45F7D5B68CE4D9F6712C6473EFEF994CCE89EC3B4095E6F330A4D3D64E8685F09EF457CDC89A8585E81475392E9CDA73350F0D1BA1420
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!......................................................... ......_<....@.......................................... .. ...............8/...........................................................................................rdata..............................@..@.rsrc... .... ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_uk.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):428856
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.378895893608721
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Q08hbhNKXsO5rygULJPKYkjgUgzHFXRL7fe/7UVitNbwyjC+ybMvi7jFWq0UqRZV:Mj7DLXlEUc
                                                                                                                                                                                                                                                                                            MD5:CDBDA843DACABC66C27C6945416E5CFF
                                                                                                                                                                                                                                                                                            SHA1:756EFDCD35F711A30820F42F5B4DCA5505AEC1E7
                                                                                                                                                                                                                                                                                            SHA-256:CA183B93226FB7B85AEAEAF3607858F59211B92B3AD362EC4675F30C5CE66C3A
                                                                                                                                                                                                                                                                                            SHA-512:A2E4BFFA844BD7BADC5687DBC37ADD4FE2DD145320380AF646C4C514421E8B076DDADF7888F81C4BFEA4E582C3DFC2744B534BE63D31261DE5654E9BEC911B61
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........Z............................................................@.......................................... ...V...........\..8/...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[..p....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_vi.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):435000
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.196500593254464
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:eBKzgvD0wmk8tkyfT2Md5s2ZMCsSWHUn6A5aC:rndaC
                                                                                                                                                                                                                                                                                            MD5:F883C53A74FAA45424179543FD7F7FA9
                                                                                                                                                                                                                                                                                            SHA1:3F79FD9271FB6E3352A9DB5784618D39639EFA28
                                                                                                                                                                                                                                                                                            SHA-256:17B2ED22B05B5CE80AF915E20ED1CAC7A6E01BDA775557FECF7DC0742A8ACFEE
                                                                                                                                                                                                                                                                                            SHA-512:BCAC48E7940809FC255808AF691C41E8D123DC6445449C46655624843BFEF000117D30F4F7D86B251DC54DA69338140BEB6585263A3F6F6550D3533EFED5518E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L...#..c...........!.........r............................................................@.......................................... ...n...........t..8/...........................................................................................rdata..............................@..@.rsrc....n... ...p..................@..@....#..c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...3...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_zhCN.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):189240
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0627097771790694
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:C5CqwN8oYnk9UjI7JD4GAXRrYtQftU++4HqfgelDrXX/rxK:3UncUjI7MRJb+4iPXs
                                                                                                                                                                                                                                                                                            MD5:75E26F8D793BB14CE5D0DF745152EF8A
                                                                                                                                                                                                                                                                                            SHA1:329D1EB51A7F8F5E93DA8BDECA007FADC7C0ED7D
                                                                                                                                                                                                                                                                                            SHA-256:CC1ED75B8051E424D0D10ED04098722D3F8BECB0DBAEBBFA22D781C4830C0CF5
                                                                                                                                                                                                                                                                                            SHA-512:94E5DB1D804AD1E80C47E3B81948EFB489D22A9C5EBC24421F7CB6857E994B8557E138B74F82E4D65DC2027269C523FA2EBD7B59E4AC4DA73C8ADD53F466AE02
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!......................................................................@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...s...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Resource_zhTW.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):190264
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.105784045632321
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:jV+Mnek/qz7J+bvCwBNMGDkyP5MGsTjQOhkz5ofG/Ou/OxXr:FecO89NDkyP5MGwQOhiZOuEr
                                                                                                                                                                                                                                                                                            MD5:B0E182AFE512DC4B66364B833D2A6523
                                                                                                                                                                                                                                                                                            SHA1:E3837F03A2A7DF6A6279FB6F650D2BF4D3D81756
                                                                                                                                                                                                                                                                                            SHA-256:09556031F2D9B7ADA6D7C3BEEDF09E0131D83EB3A8B3A2312F3F2FF41DD984DB
                                                                                                                                                                                                                                                                                            SHA-512:F44144BF8D0FFF7E325D7B36B7A2AA83953CF81A333F6CEED13EA88476D687240D6C92CE2312B4912BE664AB930158DBBE8D075C310E5242A6500E108F0B2703
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L...)..c...........!......................................................................@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@....)..c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...;...rsrc$01.....[...x...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_Service.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15162168
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.595193656430526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:196608:y6MfrqrF+h3QgGLk6/6ozDL7IBsXgDmGx0d/FGMlIG7JVVFVH7CU:HvrFiQgG76oLEig1xMFIG7b5t
                                                                                                                                                                                                                                                                                            MD5:64E9A35EE2597974D0D711C94A680ED8
                                                                                                                                                                                                                                                                                            SHA1:11CB82546A275C6988971845DA2EE9358C3B48BF
                                                                                                                                                                                                                                                                                            SHA-256:A2AD62FA493BFE3965B35E2A40F3B19D4ECC33EA1FD13A42254727D392F12062
                                                                                                                                                                                                                                                                                            SHA-512:AE2E3A6154181E16DA13FC0AA9AC224E0E1E6149138DAED97135C366BEDD5671D73D1307470BCF99721959DFE0C3AC4F2BE51606093BD44A3B118E9ACAF7F5DA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......z.h>..;>..;>..;...:..;X..;8..;l..:-..;l..:'..;...;<..;...:'..;l..:K..;...:?..;...:=..;dE,;...;>..;@..;...:...;>..;{..;...:...;...:...;...:..;...;?..;>.v;?..;...:?..;Rich>..;........PE..L......c......................P...................@.......................................@..................................h..(....`..H............,..8/.........../..T....................0..........@....................J.......................text............................... ..`.rdata....:.......:.................@..@.data................n..............@....didat.......P......................@....rsrc...H....`......................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\TeamViewer_StaticRes.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17583416
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.745574233156446
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:393216:sS/sDWTKEcyAfg6gSeUtcibNzYrkbI1MJTCkImgEghuo8:sS3krg6gSejUNzYQWXlU/
                                                                                                                                                                                                                                                                                            MD5:98E95DC742DBE4AFADF55394C3A862FF
                                                                                                                                                                                                                                                                                            SHA1:DF65EA0D88C82C6573B3AF2DBDECF70988CCCCEE
                                                                                                                                                                                                                                                                                            SHA-256:363360575570B592D1356541B811A1C0621D9656884C122CC7CC616EC2B3B694
                                                                                                                                                                                                                                                                                            SHA-512:7EEB9BF5529211BF365A541B0649389A9F4F74823F84AD57ED3D4A91CE5D88AE2C6F5B283E8D9DB0018BC24551E0EEECA4257AA88B6265FB204F4C45E934D3CC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ij..-...-...-....~,.,...-.D.*....~..,...Rich-...........PE..L......c...........!.........................................................@.......L....@.......................................... ..................8/...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.......c........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... .......rsrc$01.........#...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\WriteDump.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):704824
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.907753307290139
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:75d10da8Q9wj+uHO76bdJbOomEdbJjwV5Rhz29L:Vd10da8QIO7qOMbpwTRhq1
                                                                                                                                                                                                                                                                                            MD5:2DA110C078B43B5A9D27407069A74557
                                                                                                                                                                                                                                                                                            SHA1:0A85E12187791BDDF37EA6105528D2E342EF0381
                                                                                                                                                                                                                                                                                            SHA-256:C998E74F828BDAABBA85965695847C2E388910A669505532FBF03FA1CA154E62
                                                                                                                                                                                                                                                                                            SHA-512:57125E33E4D306CAEE0B967B927192DC0BE96B19DC33C9F6A4245540F9448DFCA0B1316D85A89A8BCD0F618BE1BB2B9A9776BDA5483777E6C0CC1B6E2DA39818
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.9m..W>..W>..W>.T?..W>.R?..W>B.S?..W>B.T?..W>.R?..W>!..>..W>.S?..W>B.R?L.W>.V?..W>..V>..W>.^?..W>..>..W>...>..W>.U?..W>Rich..W>........PE..L......c.................X...F...............p....@.................................E.....@.................................<...(.......hf..............8/.......A...T..T...................@U..........@............p...............................text....V.......X.................. ..`.rdata..._...p...`...\..............@..@.data...$:.......,..................@....rsrc...hf.......h..................@..@.reloc...A.......B...P..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\dpa-de.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (905), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15074
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.911131043830491
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:JCSoXD721RKmx0Wz0eYM2rm/0jfga+UM1FCbe6RlQfJFe6PZ08hUDcv6vA:/RHc22M1FCbhjQfJ46PZ0kUDcv6vA
                                                                                                                                                                                                                                                                                            MD5:B70A5B47D26CA9D0F9AA22E2711C1197
                                                                                                                                                                                                                                                                                            SHA1:7FB55063B5D3920F7723CDF056EF98F570A64EE9
                                                                                                                                                                                                                                                                                            SHA-256:BF2D3C9723AF4B682A50666B1D223CAC469CC8991979F5098BF3002B2BECB73D
                                                                                                                                                                                                                                                                                            SHA-512:0870B611DBE343266848767D34C0263C4FF9842E99EC29E2DC6E70B756272C8803AF7024C98DC62F5D4DB9DCBF5FA856FF507D084F9DAEF650A4E5FF31AD137D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html><html lang="en"><head>..<meta charset="utf-8">..<style>..body {.. font-family: Helvetica, sans-serif;.. font-size: 12px;..}....h1 {.. font-size: 18px;.. text-align: center;..}....h2 {.. font-size: 16px;..}....h3 {.. font-size: 16px;..}....h4 {.. font-size: 14px;..}....h5 {.. font-size: 12px;..}.....preamble-box {.. background-color: #eef1f2;.. border-radius: 5px;.. padding: 10px..}.....preamble-box h2 {.. margin: 0px;..}.....preamble-box p:last-child {.. margin: 0px;..}....</style>..</head>..<body>......<div><h1>TeamViewer<br>Auftragsverarbeitungsvertrag (AVV)</h1>.. <div>.. <div>.. <h3><strong>1. Allgemeines</strong></h3>.. <p>F.r die in jeweiligen <a href="https://www.teamviewer.com/de/dpa-annex/" target="_blank" rel="noopener noreferrer"><u>Anlage 1</u></a> dieser Vereinbarung beschriebenen Verarbeitungst.tigkeiten, bei denen TeamViewer als Auftragsverarbeiter des Kunden auftritt, vereinbaren die Parteien bis auf Weiteres die folgenden Regelungen zu

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\dpa-en.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (913), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14497
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.792057620187339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:RzqzaeWyh/ivuhYB+CY6463YNxerPNDrsalXcAPT:Nyh/Qubqfr2alXh
                                                                                                                                                                                                                                                                                            MD5:ADF0C73014D41F05A37FAD58AFEF0D5A
                                                                                                                                                                                                                                                                                            SHA1:F4E35B622C6C230885B7CD9A5EF083810A90F9AE
                                                                                                                                                                                                                                                                                            SHA-256:18EB7F34A5BA5941A31F8510F48C9644897228BA62BDB8092E603E2E34A0451C
                                                                                                                                                                                                                                                                                            SHA-512:2CD0143DDFD2BC533C688DA981D9620080A80C73B79D6F83B2E6AFC96C6A823582F07DB4459C90905CCA4699A23C9C00BC238FDCAF47B31485FEB0ED0B637020
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html><html lang="en"><head>..<meta charset="utf-8">..<style>..body {.. font-family: Helvetica, sans-serif;.. font-size: 12px;..}....h1 {.. font-size: 18px;.. text-align: center;..}....h2 {.. font-size: 16px;..}....h3 {.. font-size: 16px;..}....h4 {.. font-size: 14px;..}....h5 {.. font-size: 12px;..}.....preamble-box {.. background-color: #eef1f2;.. border-radius: 5px;.. padding: 10px..}.....preamble-box h2 {.. margin: 0px;..}.....preamble-box p:last-child {.. margin: 0px;..}....</style>..</head>..<body>......<div><h1>TeamViewer<br>Data Processing Agreement (DPA)</h1>.. <div>.. <div>.. <h3><strong>1. General</strong></h3>.. <p>For the data processing activities described in the respective <a href="https://www.teamviewer.com/en/dpa-annex/#annex-1" target="_blank" rel="noopener noreferrer"><u>Annex 1</u></a> of this agreement, where TeamViewer acts as the Customer.s Processor, the parties agree to the following provisions on the commissioned processing of pers

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\eula-de.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2661), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):114046
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.976687966962153
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:zCLcAp3ivff/Ct9O3RT2EqEsZcvcr8mCt3zwpiVFJYyJp38RhSbX49OBgtUDUhfV:znvH49GjqEsB4dhVFpUhYUlL
                                                                                                                                                                                                                                                                                            MD5:17FD6F4C05E85A48E9200C832854CBA5
                                                                                                                                                                                                                                                                                            SHA1:9768FD98BD8C633CB4C00626EC6E457682304440
                                                                                                                                                                                                                                                                                            SHA-256:302CA7E0AD293B170D3D52345B40844A8308C6FDE945E84A99EB9EC858F086FA
                                                                                                                                                                                                                                                                                            SHA-512:42091A75848A9D6BE0EE6E6CF9BB0A5D9458C0FE48C1617F27012EAB49987BB151C22D4510212FA82469F74A696532E95155DD8DDD96A36AAFFB29A8139045F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html><html lang="en"><head>..<meta charset="utf-8">..<style>..body {.. font-family: Helvetica, sans-serif;.. font-size: 12px;..}....h1 {.. font-size: 18px;.. text-align: center;..}....h2 {.. font-size: 16px;..}....h3 {.. font-size: 16px;..}....h4 {.. font-size: 14px;..}....h5 {.. font-size: 12px;..}.....preamble-box {.. background-color: #eef1f2;.. border-radius: 5px;.. padding: 10px..}.....preamble-box h2 {.. margin: 0px;..}.....preamble-box p:last-child {.. margin: 0px;..}....</style>..</head>..<body>......<div><h1>TeamViewer<br>Endbenutzer-Lizenzvereinbarung</h1><div class="preamble-box"><div>....<div>.....<h2>EULA . Pr.ambel</h2>......</div>...</div><div>....<div>.....<p>BITTE LESEN SIE DIESE TEAMVIEWER ENDBENUTZER-LIZENZVEREINBARUNG (<strong>.EULA.</strong>) SORGF.LTIG DURCH.</p>..<h3>Nutzungsbedingungen</h3>..<p>Die EULA ist ein modularer Vertrag, der die Bedingungen des Vertragsverh.ltnisses zwischen der TeamViewer Germany GmbH, Bahnhofsplatz 2, 7

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\eula-en.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2397), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):104877
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.855869617254611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:0S4NH2syNCoQWvNUHVPq6pjRrz0Rm0CuJgbRy:0SGgCh3QOrRy
                                                                                                                                                                                                                                                                                            MD5:1268136BF2D3116D74B646DA5333BB88
                                                                                                                                                                                                                                                                                            SHA1:7BC089A3FADCB1CC4CD64C5984687F1FAEAFF3AB
                                                                                                                                                                                                                                                                                            SHA-256:B9F41D44DC44A5C0C60D2EFD479C5D2243929E58C733613FA643072AD2914501
                                                                                                                                                                                                                                                                                            SHA-512:9E1BDF0F078CE400A35A11311083A5D6BF3A31269F94F93DA6C6B5FF287F1CD0E6FD6B1AE8D7668B0792A01C2DA6917672100C682A0F7FDED6A66BBDDE0BF99C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html><html lang="en"><head>..<meta charset="utf-8">..<style>..body {.. font-family: Helvetica, sans-serif;.. font-size: 12px;..}....h1 {.. font-size: 18px;.. text-align: center;..}....h2 {.. font-size: 16px;..}....h3 {.. font-size: 16px;..}....h4 {.. font-size: 14px;..}....h5 {.. font-size: 12px;..}.....preamble-box {.. background-color: #eef1f2;.. border-radius: 5px;.. padding: 10px..}.....preamble-box h2 {.. margin: 0px;..}.....preamble-box p:last-child {.. margin: 0px;..}....</style>..</head>..<body>......<div><h1>TeamViewer<br>End-User License Agreement</h1><div class="preamble-box"><div>....<div>.....<h2>EULA . Preamble</h2>......</div>...</div><div>....<div>.....<h3>Terms of Use</h3>..<p>PLEASE READ THIS TEAMVIEWER END USER LICENSE AGREEMENT (.<strong>EULA</strong>.) CAREFULLY.<br>..The EULA is a modular contract that governs and defines the terms of the contractual relationship between TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 G.ppingen, Germa

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\ManagedAggregator.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17720
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.948601485419926
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:eLiB60m2qZSf+VIYiWLzL9SbxPxh8E9VF0Ny5pgdtt9:eLE60m2x/YiWgxPxWELOt9
                                                                                                                                                                                                                                                                                            MD5:168DCF19905DC535F4FD4E3901266FAB
                                                                                                                                                                                                                                                                                            SHA1:C824D98A1D20341B7F7658CEEA98EC3158938ECE
                                                                                                                                                                                                                                                                                            SHA-256:A9D2D1A5E7DC939E4C80FF68968F364F3612F2959AC24E5B89547DE0D80229E7
                                                                                                                                                                                                                                                                                            SHA-512:2966824F75F1EAF4961CB0B4EC92CC8F943BA0765368A00743BCF753C6126F916AF08EF33452493B8236F9CC99F341814EDD310687F5B16F815ECA218C6D3C4A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..c.........." ..0..............,... ...@....... ...............................v....@..................................+..O....@..................8/...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ..0....................*.......................................0..b.......~.....~......(.....(......o.......(.......o.....0.~....(....,..(....&.~....(....,..(....&.(....&.*..........%1.0......(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......`...#Blob...........G..........3..................................................-...........................0.......f...|.f...].f.....f.....f.....f.....f...7.f.........B.....

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddIn.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):355640
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.539611801425175
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:GQdHKTWQnVeWWGx3OD/eSsgp71rEcoM3yI/N8Cte87ZQ0czH1lJw8g0mh6l4VQgb:GsQnVeWW0Z871rEcDy2hfrlf0rp5Lo
                                                                                                                                                                                                                                                                                            MD5:58BBFD58663DCD40FBDA081FDB38D18A
                                                                                                                                                                                                                                                                                            SHA1:E20DD5409B69F5CEF4FC0006A13537B5ED021EBE
                                                                                                                                                                                                                                                                                            SHA-256:A3C4164AEAC06445A7BE25DE937FC89DD925DC5542E86A506B0980F081B15677
                                                                                                                                                                                                                                                                                            SHA-512:4A8CE63911EAF6C57C9C83FCB4F151E2331D890D4C98BAC4D10C209590F6694D0AD6EC4F886176D5B5EB1B5B79D84F8889E2794FABE1A5B7580E708123CC4AC3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^..c...........!.....4...........R... ...`....@.. ....................................@.................................PR..W.......`............>..8/...`....................................................... ............... ..H............text....2... ...4.................. ..`.reloc.......`.......6..............@..B.rsrc...`............8..............@..@.................R......H.......8....f..........4....\............................................(t...*..{....*"..}....*....0...........(....o*......(+...*..(....*6..t}...(....*.....*.0..3.........o{...(|....ow.......3...t....o....(....+.s,...z.*..0.. .......s.......{....o......({...o|....*.0............3..*.,..-..*.o-...,..o-...-..*.o.....o....(....*.o-...,..*.o/...,..o/...-..*.o.....o....(....*.o/...,..*.o0...,,.o0...-..*.o1....o1......*.o.....o....(....*.o0...,..*.o2...,..o3...-..o4......o2...,.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):135480
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.547331536232609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:4yod1lCdzq/nqbNiYVUHfer00CScZOD8FK3igju2/fx9:4Fd1l0cWNh6UyOwF4v
                                                                                                                                                                                                                                                                                            MD5:3F42237A270B048A0220CA4BCC4700F4
                                                                                                                                                                                                                                                                                            SHA1:00E1E789CCF833EAD252D133B242F3B1C2A6E726
                                                                                                                                                                                                                                                                                            SHA-256:FF6FEBE93FF478D4B89F7B0AA43E87F62FF37A922E49281D29692134C6F942BE
                                                                                                                                                                                                                                                                                            SHA-512:518866F50FFED31376B1E9811A63AB06F939A58D5BBF2D77C2FBFBB89EF7E954C15125E6B573176C4BBE4350870A3ADD4E0E6FEE33497823909A44075665E9E1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................X.......................................Y................................5.....]...........Rich...........PE..L...W..c...........!.....*...........w.......@.......................................$....@............................................P...............8/......T.......T...........................`...@............@...............................text...p(.......*.................. ..`.rdata...}...@...~..................@..@.data...............................@....rsrc...P...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\outlook\TeamViewerMeetingAddinShim64.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):179512
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.231894829949134
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:2asCVpUuBFPUEmCW721GWasCtZRmBEoaDlxiwXe/NRvG90avF43EHpioG/px/:Fs+F55W7wGWalfmBn3GecFw7L
                                                                                                                                                                                                                                                                                            MD5:D15B382E004011EAFC7668061FA3D4E1
                                                                                                                                                                                                                                                                                            SHA1:DF78916C9DD3ABF29582C26DB2B528F5581C4AF4
                                                                                                                                                                                                                                                                                            SHA-256:2F9B42031879C699439B5CBF8451ECC092C6700117CF16F5FAD83B3A28A14B61
                                                                                                                                                                                                                                                                                            SHA-512:AB7B553AF84213C28B67C0764F05FBC8B2F3238A2CE1353EBA98E0A606459D33C8489E64B88799EF57BE457A641ACB3B7923C8AF204766010DE64FA12B5E5D01
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......*...n..Ln..Ln..L..Mk..L..M.L<.Ma..L<.Mg..L<.M@..L..Mc..L..Mb..Lp.$Lm..Ln..L...L..Mj..L..Mo..L..Mo..L..HLo..Ln. Lo..L..Mo..LRichn..L................PE..d...T..c.........." .....x...$............................................................`.........................................0N.......O..........X...............8/..............T...........................p...8............................................text....w.......x.................. ..`.rdata..f............|..............@..@.data....$...`.......H..............@....pdata...............\..............@..@_RDATA...............v..............@..@.rsrc...X............x..............@..@.reloc..............................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_w32.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):472376
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.9201855031792565
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:fjLPpQp64W/4oW/xSQALzXiu5dG05qjTGPdAAa:fjLPpQppy4oW/xSQs+GPd0
                                                                                                                                                                                                                                                                                            MD5:3CA9C53393CA69641AFC513F4CA6A01D
                                                                                                                                                                                                                                                                                            SHA1:9897BEE054279A9D2B89B28FF768D072499BBF4C
                                                                                                                                                                                                                                                                                            SHA-256:C6473FE199DF52D7B331FA579C10885F490E7521B2E1DAD5CDF3C9CFD769B56E
                                                                                                                                                                                                                                                                                            SHA-512:0B4BFCCF9BD0041B2732F214E20DB61DE8663461D15104CEA44535FC06EB24A34BE00A189475A6A89B4857728CFCFF8536F90C9A89FC35F409A2CD272139143E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D......................R.....R.....R................................$.........Rich...........PE..L...K..c...........!.....V..........`........p...............................`.......@....@A........................p...t..............................8/... ...;......T...........................P...@............p...............................text....T.......V.................. ..`.rdata..T_...p...`...Z..............@..@.data....$..........................@....shared.$...........................@....rsrc...............................@..@.reloc...;... ...<..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_w32.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):353080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.598258216168929
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:zAV5qCM62XyAlc1vrW2HIYaphqHoYV9WLhzxmEmzqATvjw0AOUoiCUm7W:zAV5qCM62CwcRW2HlQgHoYV9WLhz4EmC
                                                                                                                                                                                                                                                                                            MD5:000556B6E8C0C14200611D65692741AB
                                                                                                                                                                                                                                                                                            SHA1:F2771468EA1DFE77DF97155B3FCC3E924ED9F649
                                                                                                                                                                                                                                                                                            SHA-256:AFF63F09919FCCE5CE16BDC3F50C4823BC6A4D14808A3F8A2D341177AB265FBA
                                                                                                                                                                                                                                                                                            SHA-512:708D5F2AD089106888CB346AEB15C5BE61C128345D283A2F6C204C2E6B80A98EFEE7F97B48B9D2384B16337FDE94AACC983EF60889C649E429C95407B886C5DD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!..e...e...e.......j..........7...t...7...s...T...g.......}...7...=.......f...e..........z.......d...e.m.d.......d...Riche...........PE..L...M..c..........................................@..................................8....@.....................................(....@...............4..8/...P..81......T...............................@....................... ....................text............................... ..`.rdata..>C.......D..................@..@.data....#..........................@....didat.......0......................@....rsrc........@......................@..@.reloc..81...P...2..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_x64.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):605496
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6233077056612935
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:SA+ScZNiaQMFjlUvCHLjynrry/e/z6fljX2QaeRh5HkT1tQ/9BD8MVm:SA+SUNiU5KtM9O
                                                                                                                                                                                                                                                                                            MD5:987A193FD54CCC4A97870B3E64CEDF50
                                                                                                                                                                                                                                                                                            SHA1:6FEE826A80BEE942FCF3EE323A71A636466F1E8D
                                                                                                                                                                                                                                                                                            SHA-256:A3B9AE9D29CBEC102755FDD955DA63C2FEE7EC01C5836D0EF4B00CDECC80C054
                                                                                                                                                                                                                                                                                            SHA-512:132783AAC22C07D0B6C6EB6C9C4855A6BD23807A922407A2B3F3CC641978C64C6BD5D67076D558A0CF4C1E520286CFFF2CFEF3B8DCA97AD549122DDBF49C5470
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.. ...s...s...s..r...s..r...sM.r...sM.r...sM.r...s..r...s..r...s...s...s..r...s..r...s..ps...s..r...sRich...s................PE..d...S..c.........." ................p.....................................................`A............................................t...4........p..........$T......8/..........`...T...............................8............................................text............................... ..`.rdata..N...........................@..@.data...(1..........................@....pdata..$T.......V..................@..@_RDATA.......P......................@..@.shared.H....`......................@....rsrc........p......................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tv_x64.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):416568
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.397539806654306
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:xYRkV/3AfDmU09C8JTuoj6FsdDuzq9I6e4vQkhFMsohjYRp5Pwzmt:xkao6Jioj6FsdD99Y43ssoSRXPYmt
                                                                                                                                                                                                                                                                                            MD5:1F2B4ED83B34465C729CBB340A91FAB3
                                                                                                                                                                                                                                                                                            SHA1:DB018A3ECB96E83A5C06F6CF04697A9E8B64D904
                                                                                                                                                                                                                                                                                            SHA-256:E17DC5758CEF28BBCE332CE36ED8487813425909C1C306BEFC159DC84367516B
                                                                                                                                                                                                                                                                                            SHA-512:BD4E253FE4DB44ECBF9330B82EBD58EE9B66B99A418E045102694033ECDC05FB739A9A76B6E8B47F78C0FB583402D70B42EB43FA8F10452F591064BB7AA0B888
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......iu..-...-...-....f......a..=....a..%...K{../....f.. ....f..9....a..w....f......-........a..2....a..,...-.j.,....a..,...Rich-...........PE..d...U..c.........."......"...$...... ..........@..........................................`.....................................................(............0...2...,..8/...........s..T....................t..(....a..8............@......D... ....................text....!.......".................. ..`.rdata..j....@.......&..............@..@.data...44..........................@....pdata...2...0...4..................@..@.didat.......p......................@..._RDATA..............................@..@.rsrc...............................@..@.reloc............... ..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tvfiles.7z

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):39393682
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999994780901746
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:VIxbkCYIcHz7Xpcrd+LySQX3Mh2FcVaoHWtFb08sQ8UyD7nCWTFx2:V0wCTqpMILyh3M0sWtFwpfmEz2
                                                                                                                                                                                                                                                                                            MD5:9AE40A0ACE3449AC04FC0C9DEE27B788
                                                                                                                                                                                                                                                                                            SHA1:A01A132D022C130B98506E57211FC8670963C57E
                                                                                                                                                                                                                                                                                            SHA-256:4089CCBB2A143059CEB458CCFDB40DBE00FCAD49AF5886D94E51BE7B58D6FF75
                                                                                                                                                                                                                                                                                            SHA-512:08FFE3093376F182FFC8CBC730150D3A16AC596F8497C308CE1AE46C4FF1BD118CCD490690AD9DB1E8E76184E519CFC2CDE12B8BBC957360F8CF8E396F467ADB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:7z..'....8I.M.Y.....%........;jo...E...(.Y...%@j6\..Q9.__.W......Sv0......!..<g...B...~J....P...w...t.&}.g..........}"...&?..q:Y@O%*..(.2.......v......C....-<..[C..D]'.#D..k..K...f.yw.T..r.2L.....8]...-Vh'...M.W.......R.-..K.k....3..J.E.[=...n.3....y...0.....L.N".*...mS.,~..U.~X.P.C...........7.........G..B=..}.....Z.....4'...kFq.a.x@.Zq.Y.../....~..I...ld}..!...0xl.H=...kp.,..J....a.....>.b,.xhb..L.6T...A..2.v..$..%...GO...S....W..4...............[...G_..!..r.w.{.....:o....c.3..ga1..Z..H...u..RHz2N......O.0.J~.2..i.].U6...b.....uZ..d.o.g.oC.....Z?.7......D...C....F....}..".P..w..........vS^.E.h..*aH...fr.BT@.....<.<.....K...$..ib~BjU...:.p.....b.sW.*.;.(...3O.d.e6.c.g7.d.w.7.......q.8...m.?.Ay..t...a@o..3G.^.......^....M./.t....!...`..)._N.g^.aO4..........hX..meI.)A.i.Q..i..y..}.&....v..1...$.3.AhZ~'.......df..|..i..T....Z"..]..z..T.....Yr....1E.q.[.............}/.;........JL.`.5G1V..5.~8...bd.o....]4M...?z/..XTo.....jL0.ZK21....=./...

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tvfiles_printer_WithPDFSupport_x64.7z

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):364559
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999533538079261
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:sF/r31fRSYFtbAtnX98TKt1f4ymTN0fvez0bMYJlcBHALHmULTs:sFb1ftC6TKt1fWJqveobMYJlcBHuXLI
                                                                                                                                                                                                                                                                                            MD5:7D3C4D35B2FD799BDE70A93EC0D896B1
                                                                                                                                                                                                                                                                                            SHA1:165B7194C79E94DC9EFBFBB70C1C86DB0EEAA72B
                                                                                                                                                                                                                                                                                            SHA-256:9A635FB1A0360CBA6674763B010050AEBFA4F5F3986C38070DB1C531BBAB8F65
                                                                                                                                                                                                                                                                                            SHA-512:CEAC699DDE8697917E0301726B514534680B839941BCEDC34085C0F24CAC542121788F5D3E7096113985EA5DC9D44821CC530E0BB8E4A6D9148BD944A4EBEF3E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:7z..'...N/.........$.......|..[....&....FnP..p<......o..:.D.y.2...;N...$.....R%.$.+.y.4N.T...I..!...W.iX.u..>c.......>....hU.}V...!E.......>1...`.........-\?.&S....9...A.(1.O[kOK..|.a.=.`XK..%..9F.S8..|.D=.5.b.z....]....?..........SV1.Pj.W.....z....<*P....DU\..._7.Z..W..W..cL...Me..@*j.0=]I.....Y...Va.J.Lu.)B.1.@+0...)e.....[.x."!.UX.........P!../7.$..."R.....j. 3.Pxp.W...JN...5../.?G9b.C..>...=y7. ..~TV.......T.y.......{#.Hm[k.x0..WB|..=..7sY.f..t...fs...e...V!.g..6s./,n.D?..`.t..H...^jPv....>...]K./...,ej_..D,....T..)..h[##..i...'b...e......7.$.od'.5.K.K.V.G..[....CUn.Y.*...*...J.....$...y.-J^....V.,...,.\../...g....:....i.kp8%..i....Y..x.....m..Ne..........~.i..+..G:B....#`.-^.+..%gS-L..P).Zz.....8.s........Bx.... ..>h.2...2..J....~l..G.z....).b.C.^Rtd.....s-.b..3:Hb.qXG...f.0 =.^...5..q.&.z.8.g....d.76.....&..==.....[]./0.....).:7P..y.w.F4...jr#..;.....*L>z.j.`Q...6.X.J.....6..R......b.........@.....9P.._..,..Y.c#+..I.bS.(.C..F..!

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\tvfilesx64.7z

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:7-zip archive data, version 0.3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):288162
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999388031233724
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:+S2Sr+h5nl9t1h+NJ6r6HnXt35aIetZKy3rO+jB6unq3VSPqCug:j6h5nlxh+NJ3Fot6unq3j8
                                                                                                                                                                                                                                                                                            MD5:1125B77C6DD4B753951B260521C495BA
                                                                                                                                                                                                                                                                                            SHA1:73C6AC9C046C9E54F7CA77A18F17EB419313B549
                                                                                                                                                                                                                                                                                            SHA-256:4A01F6F79C385D7C34C443BA57FE432FBB816A4C0AE5B5149258FDF37AF11A48
                                                                                                                                                                                                                                                                                            SHA-512:B0FACE1DC33DD7436D7E0F746FA290124499499B7D1F05A580B3F1B0770036DCE0FF9BE55DE772BEF901934825BAE7BE4B56E874E562D067548BD4BCD47CC3AC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:7z..'....1.u^e......$.........S... .(.....H.U......6.PXGp..F.5J..E=I..2..A/@.%....P)..H..Sp..u>=C..C...N).......(..."ZZS ....W..@[_f%...$..E!..a..B...v...L.'.`.~.b..F.._Rbc2......^.s..D@.?..8,z_S.xY...............YJ0gzd...J..*.jYl......DD.. .'M...C.....h~.6.....r...K?-.m..]."........5..Q5*!b......7...^......s.....g2j.S.'.;.K.3'.s.=^b...)%2.'...~=...!...m>JmGS~D.......s...P..._...G...h...%..M......#.[.B...Y.N8..J,..H+O2.....d......R.Q..R.t.....qU.3i.[..z7...NcB>Tig.*..\K5.,.P4y....}..w.....j<..O9.....[A.-..]...L8.K..B..LT.H3.bF./.FaX...."wD..ss.N.I....7......]m,.m{.E.7b..6..R;Z..^Q....o{.+.)g.a.....C....|.,...3...).xQ..}..D. ?........ H5..4X.r...K...X..u.H].o&..nU..E..a.T.$.....f....3...Vr/._;..Cw.`+..@&d..}..-;)..d1j q.t.S...Y%}[K....]:.sP........x.F.2NU%..<.>VE..9$_KP.....H.w.7......H...lg7.."^.`K0....8.....1........8t....F...}.i..N....i....S..^.`.g..42...:..`{.V..7...V...f..,...C.m04...I.j.d...h...D9.}.hPQ......Q.N2!..K.I.*.jB9.....x.q...;.....S

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\uninstall.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):855400
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.455524115046654
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:33bkgafbYoniTTIIKnCDHYzeJQP7IRuaL:nbkDUoniTTIpCDHYzVkRv
                                                                                                                                                                                                                                                                                            MD5:05C11CD92572CF85051892C277C6DA09
                                                                                                                                                                                                                                                                                            SHA1:A266B2D2ADE3A9919F6C4EBFF8F2B03D271F0BDA
                                                                                                                                                                                                                                                                                            SHA-256:4F1637639EFB4D3A5A9AFECB1C0F3CB353A17EF79DE6042CFCECCE78EB162E00
                                                                                                                                                                                                                                                                                            SHA-512:6A1599379AC6C125171D9E705DCBFD715F96F52313773C4168F3D4D4B6B5A263FC79C728E9341393DCB3F06F388B4AE29DAACE83F55F08997C39D16F6831BF87
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L....z.W.................d...........2............@.................................e.....@.............................................@...........0...8/...........................................................................................text...{c.......d.................. ..`.rdata...............h..............@..@.data...............~..............@....ndata...0...P...........................rsrc...@...........................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TVMonitor.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1775
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.282965170818026
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:+vsh8Q2XFbsf0z6Joq7mgHwuMgHPgHxGFWlFVfXj/g:+vM4QI6JoimIMsCGFWlFZE
                                                                                                                                                                                                                                                                                            MD5:5C05880E0ED65FAC3A4DFB7B6802B898
                                                                                                                                                                                                                                                                                            SHA1:55EA8DAC7093123E26584A49012517818C0F586D
                                                                                                                                                                                                                                                                                            SHA-256:60FA2925C589AC38BAB74713E1B0BB2A205A8C825D614B971FC3426991CD86CA
                                                                                                                                                                                                                                                                                            SHA-512:5176504DE06E6F8249815F8F8472ED7C9A26003E92ECD80299DA8B611A630A1BA8179419CDF50F02B78A19CAF221D6E0AE59452B224DC55FEEF72A93CD4D147D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:; Copyright 2010 TeamViewer GmbH All rights reserved...[Version]..Signature="$WINDOWS NT$"..Class=Monitor..ClassGUID={4d36e96e-e325-11ce-bfc1-08002be10318}..Provider= TeamViewer GmbH..DriverVer=02/01/2017,1.02.0000..CatalogFile=TVMonitor.cat....[SourceDisksNames]..3426 = %SourceName%....[SourceDisksFiles]..TVMonitor.sys = 3426....[DestinationDirs]..DefaultDestDir = 10..MonitorFunction_Files_Driver = 12....[Manufacturer]..%MfgName% = Driver_Mfg,NTAMD64....[Driver_Mfg.NTAMD64]..%Driver_DeviceDesc%=Driver_DDI, *PNP09FF....[Driver_DDI.NT]..CopyFiles=MonitorFunction_Files_Driver....[Driver_DDI.NT.Services]..Addservice = MonitorFunction, %FLG_ADDREG_NOCLOBBER%, MonitorFunction_Service....[MonitorFunction_Service]..DisplayName = %MonitorFunction_SvcDesc%..ServiceType = %SERVICE_KERNEL_DRIVER%..StartType = %SERVICE_DEMAND_START%..ErrorControl = %SERVICE_ERROR_NORMAL%..ServiceBinary = %12%\TVMonitor.sys..LoadOrderGroup = Extended Base....[MonitorFunction_Files_Driver]..TVMonito

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TVMonitor.sy_

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18336
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.275348584247018
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qumQmspn15C9l0HDRRdrauc056CAyIKGNsuIeInYe+PjPtrwnc8ijtlAur9ZCsp5:qmF100Hzdrau/NAyoauQnYPLWUUHeMt
                                                                                                                                                                                                                                                                                            MD5:B7CA6668278FBAE3FBD649285F8CCC35
                                                                                                                                                                                                                                                                                            SHA1:DD5CD2FB0E6818EB56268F0D6E72D0F5AC74AEF4
                                                                                                                                                                                                                                                                                            SHA-256:78318C6A8AE65FB3AFE6BA06CF1BDA69903390E250950D3BF78895CD79AFD4D8
                                                                                                                                                                                                                                                                                            SHA-512:7305B979ABBEF7BEB4789261E9FC0EBDE00415BB00ECEEE2289CD1FCF91467CCC7C84ED77E7F5CD042243508B5FC8C3384EA59D6A1A17497781110FE5238103C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..S%.S%.S%.S%.s%.Z]I.P%.Z]O.Q%.Z]Y.W%.Z]P.R%.Z]N.R%.Z]K.R%.RichS%.................PE..d...)x.Y..........".................d`.......................................................................................................`..(....p.......@.......(...............!............................................... ...............................text............................... ..h.rdata..t.... ......................@..H.data... ....0......................@....pdata.......@......................@..HPAGE....z....P...................... ..`INIT....x....`...................... ....rsrc........p.......$..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewerVPN.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5852
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.8898985616021315
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:q2i3bD2JlgdmibjR+iAz4C7bZ7xTMPTtQ2rtu3DcNSjXKjvKY8kz7s7wfQTXvMYk:ri3WJlgdmibjR+iAUC7bQPu6o3DcNSju
                                                                                                                                                                                                                                                                                            MD5:65FA1C2E7127E7B7D42A712574BE0877
                                                                                                                                                                                                                                                                                            SHA1:2BEA89F8A0D9A867C6BB7711F51ECB7ECDB0F988
                                                                                                                                                                                                                                                                                            SHA-256:07C7CFF907E6BCC9C3B587728C055DF6DE9F5089AC1C4BAB4014A8993A5FF788
                                                                                                                                                                                                                                                                                            SHA-512:27BDC76B443DABC72FE7EA9338716B3BD4520858A2CB40BB4F4C00E1FA423F3A2FD339E305C68A81AC8474B794FE8BA5AC7DD07FDC9FBAE52D48E2AC37DB5874
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:; ****************************************************************************..; * Copyright (C) 2021 TeamViewer Germany GmbH *..; ****************************************************************************....[Version].. Signature = "$Windows NT$".. CatalogFile = teamviewervpn.cat.. ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}.. Provider = %Provider%.. Class = Net....; This version number should match the version..; number given in ..\version.m4... DriverVer = 10/08/2020,9.24.6.601....[Strings].. DeviceDescription = "TeamViewer VPN Adapter".. Provider = "TeamViewer Germany GmbH"....;----------------------------------------------------------------..; Manufacturer + Product Section (Done)..;----------------------------------------------------------------..[Manufacturer].. %Provider% = teamviewervpn, NTamd64....[teamviewervpn.NTamd64].. %DeviceDescription% = teamviewervpn.ndi, root\teamviewervpn ; Root enumera

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewer_VirtualDeviceDriver.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11362
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.226829297386891
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:7CVuem4CysSE/pWkjyKDUFWQFmkwehG2ZUnQJeX01k9z3Ay1/cY9i:WMTWRFR8zIG2teR9zt1/ti
                                                                                                                                                                                                                                                                                            MD5:802E5987532856FF421BC9D47358ACA7
                                                                                                                                                                                                                                                                                            SHA1:7E893A8869FB0AA59A666EE229AAB62FB86E0814
                                                                                                                                                                                                                                                                                            SHA-256:52112FD70A547C6F1885A9761C3051775CFAB9B65A12D83527DAAF57A1E696A7
                                                                                                                                                                                                                                                                                            SHA-512:92417D3A3940018975922440C9585BC4E7E571E7EE8AA9B29FA9612606926C3FBBAD05BA1479B86018A80AB322EB0F81CFC52F13AB93644DED5C13B743A4780D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:0.,^..*.H........,O0.,K...1.0...`.H.e......0..+..+.....7......0...0...+.....7.....z.....:C..j...q...220727152305Z0...+.....7.....0...0....R3.B.5.1.B.1.0.9.A.0.1.9.4.0.E.9.6.0.C.C.2.2.7.F.6.A.D.D.B.7.1.D.D.6.6.D.1.B.4.D...1..}0E..+.....7...17050...+.....7.......0!0...+........;Q....@.`.".j...m.M0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0f..+.....7...1X0V...O.S.A.t.t.r.......@2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.1.0...0...0h..+.....7...1Z0X...F.i.l.e.......Ft.e.a.m.v.i.e.w.e.r._.v.i.r.t.u.a.l.d.e.v.i.c.e.d.r.i.v.e.r...i.n.f...0....RA.3.B.7.7.F.D.7.3.E.8.D.4.1.9.F.0.2.1.B.5.2.0.2.B.2.F.2.E.6.6.6.1.6.D.A.6.A.7.C...1...0M..+.....7...1?0=0...+.....7...0...........0!0...+............>.A...R....f..j|0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0f..+.....7...1X0V...O.S.A.t.t.r.......@2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.1.0...0...0h..+.....7...1Z0X.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewer_VirtualDeviceDriver.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):618840
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.386929854212784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:XcDDFMusol2sm5q7Nv64O+tA3nHJEII351QHAEOoPCt:qFpl2Xo16BJEIM510OY
                                                                                                                                                                                                                                                                                            MD5:93A8FAEA83EEFE43BDEADBCE228D9B1C
                                                                                                                                                                                                                                                                                            SHA1:6580A39E0D25490F58F569222E6118C23DEE0F6D
                                                                                                                                                                                                                                                                                            SHA-256:CC6126518973FAA1329271864CFFE6187434A3D042EDE8BC3A687551FAAE5099
                                                                                                                                                                                                                                                                                            SHA-512:2C045CFA6E9109A96BE19759312415073132F986A1F9DD85223C8BDCA20AD10521065490A9B8BBD27A2C3BDF1561F35ED28444C1888A660DCD79B2677DF0E302
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Mq0\..^...^...^..b]...^..b[...^..bZ...^.[eZ...^.[e]...^.o.....^.[e[.^.^..b_...^..._...^..bY...^..e[...^..e^...^..e\...^.Rich..^.................PE..d....#.b.........." .....d..........................................................X.....`A........................................pT..h....T..<................X..."..XO..............8.......................(... ...8...............`...4Q.......................text...Lb.......d.................. ..`.rdata...............h..............@..@.data.......p...d...L..............@....pdata...X.......Z..................@..@.didat.......`......................@..._RDATA.......p......................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\TeamViewer_VirtualDeviceDriver.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2422
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.329206041713171
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:x+FhiEAG2GZIVsomMGVWtbAM62fUifVwqgPbKJn0Fjeu70Fpn0Fpa70FLe4CAo0f:x+zinG5ZIVstMXtsM62fUif1gGJ0Ku7V
                                                                                                                                                                                                                                                                                            MD5:C0FBB65A476B99B714AA70B3C3C814B0
                                                                                                                                                                                                                                                                                            SHA1:3B51B109A01940E960CC227F6ADDB71DD66D1B4D
                                                                                                                                                                                                                                                                                            SHA-256:D5CE8E9FD946EF69DE18DEC95AD489DE1E5A37C305E23D40D0814AD14C2F2EA7
                                                                                                                                                                                                                                                                                            SHA-512:D0F364744BF4E7055F164713890A032E5423B01EEB7217100C8846C2F92F82C339DD3F05A159AD9845D1216FFA351DCD995C0360C69B9B7033EF3F5909EE3F08
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:;..; TeamViewer_VirtualDeviceDriver.inf..;....[Version]..Signature="$Windows NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider=%ManufacturerName%..CatalogFile=TeamViewer_VirtualDeviceDriver.cat..DriverVer = 07/27/2022,13.39.25.986..PnpLockDown=1....[Manufacturer]..%ManufacturerName%=Standard,NTamd64....[Standard.NTamd64]..%DeviceName%=Device_Install, root\TVVirtualSmartCardReader....[SourceDisksFiles]..TeamViewer_VirtualDeviceDriver.dll=1....[SourceDisksNames]..1 = %DiskName%....; =================== UMDF Device ==================================....[Device_Install.NT]..CopyFiles=UMDriverCopy..Addreg=LogParams_AddReg....[Device_Install.NT.hw]....[Device_Install.NT.Services]..AddService=WUDFRd,0x000001fa,WUDFRD_ServiceInstall....[Device_Install.NT.CoInstallers]..AddReg=CoInstallers_AddReg ....[Device_Install.NT.Wdf]..UmdfService=TeamViewer_VirtualDeviceDriver,TeamViewer_VirtualDeviceDriver_Install..UmdfServiceOrder=TeamViewer_VirtualDeviceDriver..UmdfMethodN

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\TeamViewerVPN.inf

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5391
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.832043523407305
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:s2iQJD2WlsdGebjR+iAz4C7bZ7xpRStQ2rtu3DcNSjXKjvKY8ks7nuwfQTXv/zof:FiQQWlsdGebjR+iAUC7bpR6o3DcNSj6e
                                                                                                                                                                                                                                                                                            MD5:447FC733747DB11CD4492AE01C5652FE
                                                                                                                                                                                                                                                                                            SHA1:2A70DCD391464CB8D3736322E07E966E105D396E
                                                                                                                                                                                                                                                                                            SHA-256:A817B0E8A669D5ACAF2DDFBC95ACF2A1213B092B44DC896A0EE4A5301D06EBC3
                                                                                                                                                                                                                                                                                            SHA-512:238099DB072AF55445D421E941944ABE8A6F52A124A26CAE84C1DD52FFFAFC4DAC5586D0C7407B461CD0DB8E771E1DBB6CA34AEE84581B24347F401410B2AFE5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:; ****************************************************************************..; * Copyright (C) 2007 TeamViewer GmbH.. *..; ****************************************************************************......[Version].. Signature = "$Windows NT$".. CatalogFile = teamviewervpn.cat.. ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}.. Provider = %Provider%.. Class = Net.. DriverVer=11/27/2007,2.10.00.0000....[Strings].. DeviceDescription = "TeamViewer VPN Adapter".. Provider = "TeamViewer GmbH"....;----------------------------------------------------------------..; Manufacturer + Product Section (Done)..;----------------------------------------------------------------..[Manufacturer].. %Provider% = teamviewervpn,NTamd64....[teamviewervpn.NTamd64].. %DeviceDescription% = teamviewervpn.ndi, teamviewervpn....;---------------------------------------------------------------..; Driver Section (Don

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\teamviewervpn.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10645
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.272624114612594
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:H64PyG0o6orbfUG3afdjIafdjShjFivhE:jnrbVafdjIafdjcjFiJE
                                                                                                                                                                                                                                                                                            MD5:5CFFE65F36B60BC151486C90382F1627
                                                                                                                                                                                                                                                                                            SHA1:F2A66EAE89B4B19D4CAB2AC630536AF5EEEEF121
                                                                                                                                                                                                                                                                                            SHA-256:AA7C09A817EB54E3CC5C342454608364A679E231824F83BA5A2D0278EDCC1851
                                                                                                                                                                                                                                                                                            SHA-512:1BD48EF66F8714E7E9591043D03BD69A30881ED3D0F2463B15750A3282DF667FFB076B3A92358EECEDAE0E54485B07D702667E8FE0AF64C52BE04DB47145920B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:0.)...*.H........).0.)~...1.0...+......0.....+.....7......0...0...+.....7.....^FZ..t.K.........071228163009Z0...+.....7.....0..^0....R2.A.7.0.D.C.D.3.9.1.4.6.4.C.B.8.D.3.7.3.6.3.2.2.E.0.7.E.9.6.6.E.1.0.5.D.3.9.6.E...1..O0>..+.....7...100....O.S.A.t.t.r........2.:.5...2.,.2.:.6...0...0F..+.....7...1806...F.i.l.e.......$t.e.a.m.v.i.e.w.e.r.v.p.n...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........*p..FL..sc".~.n.]9n0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.7.C.A.9.7.9.F.2.2.A.E.3.2.A.2.6.8.5.5.1.C.A.1.9.6.2.C.D.9.5.2.F.D.E.2.3.8.6.9...1..W0>..+.....7...100....O.S.A.t.t.r........2.:.5...2.,.2.:.6...0...0F..+.....7...1806...F.i.l.e.......$t.e.a.m.v.i.e.w.e.r.v.p.n...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...........".2.hU...,.R..8i...L0..H0

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\VPN_Win7\teamviewervpn.sy_

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):35112
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.279693420486803
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:/a/ZSDKMhnknetMdlHJRXz0yjSDomtN6l5cJQGftSSXakqEqLXb9:C/ZWnkn0uTRXz00Ss1m1YvEq/9
                                                                                                                                                                                                                                                                                            MD5:F5520DBB47C60EE83024B38720ABDA24
                                                                                                                                                                                                                                                                                            SHA1:BC355C14A2B22712B91FF43CD4E046489A91CAE5
                                                                                                                                                                                                                                                                                            SHA-256:B8E555D92440BF93E3B55A66E27CEF936477EF7528F870D3B78BD3B294A05CC0
                                                                                                                                                                                                                                                                                            SHA-512:3C5BB212467D932F5EAA17A2346EF8F401A49760C9C6C89C6318A1313FCBABB1D43B1054692C01738EA6A3648CC57E06845B81BECB3069F478D5B1A7CBCB0E66
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mN... ... ... ...... ...N... ...!... ...[... ...]... ...M... ...Q... ...\... ...X... .Rich.. .........................PE..d.....`G.........."......Z..........................................................|......................................................0...<....................t..(...........0q...............................................p..(............................text....P.......R.................. ..h.rdata.......p.......V..............@..H.data...x............`..............@....pdata...............b..............@..HINIT.................f.............. ....rsrc................n..............@..B.reloc..<............r..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\teamviewervpn.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10136
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.111963563245086
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:xpkA4I/yo2JC6vyyKwnsFWQF3lrIzLMmDWqnajKs57wczb:J52lrnsFRJlrEQmDWlGs53
                                                                                                                                                                                                                                                                                            MD5:87F9F85E95F9FBE3846E145CEC886E42
                                                                                                                                                                                                                                                                                            SHA1:BAA55A0CFA3DBAAC1D082C4A2FEE1DA43DEABCF1
                                                                                                                                                                                                                                                                                            SHA-256:CC2359A2FBF7962B3DF4D88D75A878A393F8C2694465D629F67593C107F94B0C
                                                                                                                                                                                                                                                                                            SHA-512:D80DEC2C15FF05B9E6468BF5841BB024F48B0EB6822E932D65EED024B4A8FAE352AFE370E798CEE9AA2C06773E2163E849AF40B14C3B7D2C3657186F61278FBF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:0.'...*.H........'.0.'....1.0...`.H.e......0..u..+.....7.....f0..b0...+.....7.......~.?..A./:.d.)...211208152411Z0...+.....7.....0.. 0....R2.B.E.A.8.9.F.8.A.0.D.9.A.8.6.7.C.6.B.B.7.7.1.1.F.5.1.E.C.B.7.E.C.D.B.0.F.9.8.8...1..+0<..+.....7...1.0,...F.i.l.e........o.e.m.v.i.s.t.a...i.n.f...0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0E..+.....7...17050...+.....7.......0!0...+........+....g.w....~...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.9.9.D.C.6.4.0.E.9.9.5.E.4.2.7.5.6.B.D.C.2.E.5.9.3.9.A.7.0.4.1.3.D.6.5.4.A.2.3...1..=0@..+.....7...1200...O.S.A.t.t.r........2.:.6...0.,.2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$t.e.a.m.v.i.e.w.e.r.v.p.n...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........y..@..'V...pA=eJ#0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}........0...0J..+.....7....<0:.&.Q.u.a.l.i.f.i.c.a.t.i.o.n. .L.e.v.e.l.

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\teamviewervpn.sy_

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):46936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.656488161316276
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:XD0lMrZrZwFu/xdw9/oxBwNNyElQWmjI11YiWJ1hP4n2u41z2:6MT1ZyFoElQWAI11772H2
                                                                                                                                                                                                                                                                                            MD5:6317A1890582D5ABB3E3E3EE6B217411
                                                                                                                                                                                                                                                                                            SHA1:78F44D94212467FC61B98EFBDA91F2BC701E1A39
                                                                                                                                                                                                                                                                                            SHA-256:3A09C3A24EC480BA4AD466760996E0F3CED30C1499ABDA32DA6EAD9DE5D08836
                                                                                                                                                                                                                                                                                            SHA-512:6241DC81EF29736972D2E8CE3FE0C52371445CF80E5EBF22630D9F29B1953470A0F2C15A57262E400F90773EB74428AF4521C744ACFE7D202F19EBF9B7AE3E03
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........JF..+(.+(.+(.@..+(.@).+(.+).+(.@+.+(.@,.+(..^,.+(..^..+(..^*.+(.Rich.+(.........................PE..d..../La.........."......X.....................@..........................................`A....................................................<............p..T....v..XA...........R..8............................S...............P...............................text....=.......>.................. ..h.rdata.......P.......B..............@..H.data........`.......N..............@....pdata..T....p.......P..............@..HPAGE.................T.............. ..`INIT.................b.............. ..b.rsrc................n..............@..B.reloc...............t..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\TeamViewer\TVExtractTemp\x64\tvmonitor.cat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8881
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.27496797439638
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Ast9AnYe+PjPtrwnc8ijtlAur9ZCspE+TM4rwMcA0qTv0a:NAnYPLWUUHeM4cAVv0a
                                                                                                                                                                                                                                                                                            MD5:1F2380A5474583DBA929F761A760546F
                                                                                                                                                                                                                                                                                            SHA1:561248613C6F443D8A993900E2DBEBF3B718A660
                                                                                                                                                                                                                                                                                            SHA-256:143DF27418B1EAF375BED6291765E2E77166830D6216A6BFB71A075735F05DA5
                                                                                                                                                                                                                                                                                            SHA-512:4309403DF0A29C53190833AA13A6E67A4501650B77106BC62925F691DFFEDCAB184B6DF3B8BA750E0A8FD4C9B6E0919B729F5BD250413178CD7A4CE287241AED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:0."...*.H........".0."....1.0...+......0..|..+.....7.....m0..i0...+.....7......i.&...E..l....N..170512092819Z0...+.....7.....0..F0....R2.9.6.0.7.A.C.D.0.3.F.6.4.A.B.F.5.2.3.9.8.B.F.3.D.E.0.4.E.8.1.9.D.1.A.0.8.C.3.4...1..K0>..+.....7...100....F.i.l.e........t.v.m.o.n.i.t.o.r...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........)`z...J.R9........40V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R5.5.E.A.8.D.A.C.7.0.9.3.1.2.3.E.2.6.5.8.4.A.4.9.0.1.2.5.1.7.8.1.8.C.0.F.5.8.6.D...1..C0>..+.....7...100....F.i.l.e........t.v.m.o.n.i.t.o.r...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........U.p..>&XJI.%....Xm0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......0..0....+.....7......0.....O.S

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):65976
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.490731717806226
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Ym6UIhHoJHX73S9HptSp4imFRjMB1XoRYiizcAMxkE:+UIx43S9JwpueoR7tx
                                                                                                                                                                                                                                                                                            MD5:579375935D5CCB16A69EF0C01BCF0FD0
                                                                                                                                                                                                                                                                                            SHA1:3622E6D0F2BA8A83165F75710B245D97DD39E7D3
                                                                                                                                                                                                                                                                                            SHA-256:F1271F1C7BFB346944D3EE2DA0CD26652A63C7694C28C32AB65F3E5169AE364D
                                                                                                                                                                                                                                                                                            SHA-512:9FB6D7D816A760D503C4F3DBA3BFC9B7E7FF6F22A3B9681144CC55EBC2DAC0793B9B6AB20AE9DA791647AF54162C03BA08C10DE93A855DABBCEB686352F74D50
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Qe.q0..q0..q0..eO..p0..q0..r0..eO..p0..Richq0..........PE..d...{.$e.........." ...$.......................f....................................s.....`.......................................................... ..P...........H...p)...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 65976
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18225
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.989658961881044
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:wbbMveO2GCLahNzy3om0K5UiRQRe2/mCm09/lA2xaDBY25Wq8+kc5:wfOMau3f0oUiigom0PA2xaDjWq8m5
                                                                                                                                                                                                                                                                                            MD5:BAB39F333917DF860CD8AEF3B3FC31BB
                                                                                                                                                                                                                                                                                            SHA1:22772F5347A26AE65B16F4EAE2318CE626DABC17
                                                                                                                                                                                                                                                                                            SHA-256:155FCAC5F1E8083B75EF3174C1D5B61D1554E14F19C0BD59D8057296C468497B
                                                                                                                                                                                                                                                                                            SHA-512:9311570D2084364F0100319592B4EDCB6D5F1D2E7BBF9A9E7D4B98E59C21307995DD692CB3ADE8CE7D6BD3837A60C1F357DE6749BD2CD78A019A5135A959534B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..<...L..j!..@. Iu.u........qm;.7p...7.(...`..W...i....x4........s.....q.5.....\...k..e.%.wrCYt\./.U..A............$..mGs"..Qo>.e....<.v`..q9u'....`.8.;iZu.[.$T..1|Q;..`$u....b.h......H.9Q../......D).n..:...)..2....y.k(...B..~8>.o..h."....e@..[....yA......k..>.-.fB.....yJ....KlXWd..c.nU..{.x. .L91.>.O.....E..(.i.|b....}.yh.q..Hr2..F...7.....#Z.s.;..Uo....@s...D....@4....3.:.y.Y.......O.].B&..{..p.jt.L....t.B............@\^4_En^.9.!}.1JB*f....cD]....R.......M.Q.L{.5.h.dT..e .....o.A.c..F$....P?46d.z..A#...e...9.Q."..*....Azd.....~..&.xj...;-.zj.d..O.......N...Z........+....Dp..Y..V~...b+...|.n".6...N......g#ZXR._..............AL..L.@.LJ f..}p....:...b*.1;.,l..e]N.H.....go2_.+..T$j..o.C{KW.8.<N2B...6......1.A......s`3.QX../..i._....K|H...[t.k#.....r.e..Q...&....;b.\x.tu.A.=..&.|...Nf;.=1aXx.z..>.a...?.4.7..w.yC..... .._..=.0......E....:w..2..m^8....L...Cp..a.3....I.p.qv....Q...!4l..*.i.`.]..]..C..CeHn....x

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.723801985176344
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Fo5lfiiT3keVGuofIYiiftAAM+o/8E9VF0NyEGKH:a7GuogYiiuAMxkENKH
                                                                                                                                                                                                                                                                                            MD5:44C69468458548444460D437267BB501
                                                                                                                                                                                                                                                                                            SHA1:15868F9019FB64B212BEC3D2F00660005AC60D70
                                                                                                                                                                                                                                                                                            SHA-256:02EB8A56AF3ACC2F577AC37962B889C555F68683349D4A23D1585CA57642A584
                                                                                                                                                                                                                                                                                            SHA-512:FC70932FEE3E6D64D4409BA958AD0C74F2C3975AE3439E6E73014518AA45B641F2F09A0C5191DD3FF980AD768C04B010757D400891CA1F609906AB61085232AA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q..q0..q0..q0..eO~.p0..q0..p0..eO..p0..Richq0..........PE..d...s.$e.........." ...$.....4...............................................`............`.......................................................... ..p1..........H8..x)...........................................................................................rdata..............................@..@.rsrc...p1... ...2..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 25024
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10933
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.983235523916288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:DZeKk3qliBtunykspDPTQHaNpGAh+zKRTQQFAzSTSInp1E55yPfE:4KSqlGAnyHpLjN5+z6UQZugpy2fE
                                                                                                                                                                                                                                                                                            MD5:BA6BACC9D3F373D8EFE9F2DAB8B66646
                                                                                                                                                                                                                                                                                            SHA1:179A1D136251F8CB58444EB1093EB551B214B5D9
                                                                                                                                                                                                                                                                                            SHA-256:0B9F7C983F75116285A4572EBBBE27CFA713792D1C5135A694E681409AE8B8A8
                                                                                                                                                                                                                                                                                            SHA-512:17A0736EFD0C9A26DD5E189167A8464BAB6A74F818955F7D9235387672C02B952E38AEADF6858C7B364D06A1EDD339C4D64B0B3C25AABFAD09AC68A5676E4F23
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..a.......&..p.........../D.|..<...L..j!..@. Iu.u........qm;.7p...7.(...`..W...i....x4.....*.).`[+S.M.q.B{.o..6.[..<f..e.-.$d.....R.x5.)..G8....,.h.+...Ajt..z.*.etK..&./.H.l*..|..$p.F.v{........].......!{&.(...r5!.;.\N..:p..&u[0.R.... *....>.....=..#h..0.F...'.-.r..Z...@.?........C.F.....d...r3.#$.0.o^cP...*...?.\...lG.N. .T.T..=....G....s...P.-.Jv.......M...OH.+.....C..d...!S.?2..zk/lR....)..`..W....q..-e.......B...".a.V(...P.1....ur.mn..Er.ST.^...p..74_..^....A.A.......g....K....5.......S[K..lQ_...............1.z..r..,.......@.HI..=..;.....Q..y/.Q......6....G..2..C.......%G..sO.u..n..^....#...L.f...k....J.....$......c.R.......H.4k...*...<X7)t..n".).8..../...I.Xh..bw.....FLN...?...].r,..hd..........c7...."xb.....J.....O.....S.......W.|...cd.}E....QG..t.!.v..R..r\O.q.d...V..&e.%...|.......Os..L...e..3Fc.+........\.:..C.F..MhJ..C'..'.4.Z...=..:..>......Z.c.n}.E./..}..^+..J.....W..E.|....Ly..y.,....[Gj.:Z..}..5.>/9.....{0...?.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):703
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.259120582728411
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:OM5egV+uymynA5eYytM5eVEYo9IaNMDOVK8X7+CEbg6mISTwcF2AXw2IaNMzu:5eQtdyGeme6Yo9INQKg7+g6mccFe2I4
                                                                                                                                                                                                                                                                                            MD5:4EBF04FAF20DFF03F5D62D5AF5F32151
                                                                                                                                                                                                                                                                                            SHA1:7088E12344219071C118DDC11415C7A8643E52DA
                                                                                                                                                                                                                                                                                            SHA-256:C27D162C8C40C816E09A3A0093E7FCF30DF436E3266065633450595BA156ED53
                                                                                                                                                                                                                                                                                            SHA-512:B784CDCC2EC75DA2FAF00CCAFC211CB3FC874F085000BDB6BBD2E05FB1D11DD966CB04E5A1C8F4C91B0720E3CAA7A8A82C753C87546005A969D27ECE581AF163
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>..<br /><br />..<hr style='border:none; color:#909090; background-color:#B0B0B0; height: 1px; width: 99%;' />..<table style='border-collapse:collapse;border:none;'>...<tr>....<td style='border:none;padding:0px 15px 0px 8px'>.....<a href="https://www.avg.com/internet-security">......<img border=0 src="https://static.avast.com/emails/avg-mail-stamp.png" alt="AVG logo" />.....</a>....</td>....<td>.....<p style='color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helvetica"; font-size:12pt;'>......This email has been checked for viruses by AVG antivirus software.......<br><a href="https://www.avg.com/internet-security">www.avg.com</a>.....</p>....</td>...</tr>..</table>..<br />..</html>..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 703
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):520
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.52360345738809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:CU8FLQAZ4B868GwBiSRalhVb6YgZ3YzRCZqd3o4/g5swQV/ln:O34q9GlSRuhxzAIF6qtoYaQVdn
                                                                                                                                                                                                                                                                                            MD5:02DE3C5925B44C3DE07B91F7B0D5780E
                                                                                                                                                                                                                                                                                            SHA1:39DA9530494FC09EC6ECA16D17283BCA6D313615
                                                                                                                                                                                                                                                                                            SHA-256:00DF533CDF80F7CAEB24705311DF1C30F2626A6525885C2DD68D4866F1E31C65
                                                                                                                                                                                                                                                                                            SHA-512:C1416F66BC4DAD980D28681EA30C7BE9D51949D155048150C5B8C9405FBF59985574C805E46C21450B47899EEC50A3A89FE5035751A8F1CFF3522A7C3D32CCB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...............J..YR.Z..........2..Ts8U.).....i$...jS\m.o.....n.du\.#!..j.=..o.;.v.Z~:.....y..E.s}b.}......$K.:?....z....2.}.{iZ...D.[.vR9TE`.R.2.,>.$&..a._...4...a...X...'.;@ o..b...%9.R.QxKH...h..b@........z...$...U.R.pQ. .-...z..X^.#.b.>.Z..}.?.D0....t.Fe.i.wA....T%..y1,..I'.......z~...8 V!..ExbM?-h>.;m......{.W....W....{.M|.}...y.i...... *\..A.U$.^<!......)..*...\nq..........Gtwp...F..b......ASWiSTRU...d..aswClnTg.htmf......b../.8.\.:!...........N|...........H.&,.\}.b/.O .^.\.ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):79
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7007116475260196
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:r1FopJFAuWpuFGNWMXQkkizWDSL7Vv:bopJF/FMABGWOLB
                                                                                                                                                                                                                                                                                            MD5:F27E56279B0DE10CF9330DD15C36F997
                                                                                                                                                                                                                                                                                            SHA1:3AAE430D7F3248AFE29A4E70919570005BC4743A
                                                                                                                                                                                                                                                                                            SHA-256:F49A2735886EC0A1199973160B88AC88DEE576588F4C0A211ED5EBF44C566067
                                                                                                                                                                                                                                                                                            SHA-512:BBD01EAE02DACD6452A1EDB191D1AAF00F2009789676CEDBB5E50D39627AD7D86176763294C63C48A8E84BB77074363C5855AA42C4E601584748318751F6B7CC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:....-- ..This email has been checked for viruses by AVG...https://www.avg.com..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 79
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):198
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.680006825083623
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:lXy43f4pJiIzdjvDwd2xcOYPE0ZtTojrUn:libBpvs2AP3ijQn
                                                                                                                                                                                                                                                                                            MD5:4602CC2A55FECBC85F3D93B5619EC3CD
                                                                                                                                                                                                                                                                                            SHA1:F952282C49F0B21666A0CCA60A5EA7314A396D0E
                                                                                                                                                                                                                                                                                            SHA-256:BB07B0D362BDA3C8841DDBAF084A7CDEEBE89FF131E7A7A34AD02C3E392B6886
                                                                                                                                                                                                                                                                                            SHA-512:78EC697884F76E846C199BCF159646A7944D3EEEEFE51014E6C23991C1AE18FCD8A7E5D60CB6D90BA50E964DC2328537F1DC971AC8ABAA06ED823F643E0820F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.O............B.k/`{Y!.?a...S.F...i,..=.B.C.+..R.W.6.6-.am.......['..rVvT#@|..2..:0.:,.d)......ASWiSTRU...d..aswClnTg.txt.`....Z........,?C.Yy*.T.._fo..H.!bV..].x...4n..P63`......bASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):643
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.569170913404483
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:8XpOFsT2IaNMLqDuzh1OFTZuRmyG2cTZGlaxJE+jKWjolhClIlsqeCPZ1Pr3OZuV:OpOFE2IVqC3OFNB2cTZGlojRkbsqdZ5j
                                                                                                                                                                                                                                                                                            MD5:7DB7DBD7815BEBD69C5005B16F191731
                                                                                                                                                                                                                                                                                            SHA1:94D9CA774F6E0C153666E7179BEDDDC1D0771D3B
                                                                                                                                                                                                                                                                                            SHA-256:14D52B2DB6114EC914D5A43B0D8DC285911DA75044B19909C914AF874EE54A90
                                                                                                                                                                                                                                                                                            SHA-512:FF6052349BDC78D96AA1491D8EA8C764E53C9EF02EA1F2A446D90C153FF9F921FD301AFE83A6F5C65FA03EEE23A76C7A0CAB72F73E41B5BFDCED0CA2EA6ADCFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>..<BR><BR>..<TABLE width=400><HR>..<P style="FONT: 9pt/11pt verdana"><a href="https://www.avg.com/internet-security">AVG Antivirus</a>: %TYPE% message INFECTED:<br>%ATTACH%</P>..<P style="FONT: 8pt/11pt verdana">Virus Database (VPS): %VPS%<BR>Tested on: %TIMEDATE%<BR><FONT color=gray>AVG - copyright (c) 1988-2023 AVG Technologies.</FONT></P>..<TBODY></TBODY></TABLE>..<BR></html>..%INBOUND=Inbound%..%OUTBOUND=Outbound%..%CLEANED=was successfully cleaned.%..%DELETED=was deleted from the message.%..%LEFT=was (BEWARE!!!) left intact in the message.%..%MOVED=was moved out of the message.%..%MOVEDTOCHEST=was moved to the Quarantine.%..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 643
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):533
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.5979273651374974
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:eU8yWTNPDEo84woQL0nzwg2lu+iaCQ4q1pC3/YgPt2+92tn:nWxPDEVczsk+iaeq1sPDPt2Jtn
                                                                                                                                                                                                                                                                                            MD5:235420C6210C183BE9AA4A4A0FD6FC59
                                                                                                                                                                                                                                                                                            SHA1:2AB08662779F9E607274F10717F60DCBB2655E8C
                                                                                                                                                                                                                                                                                            SHA-256:8CDF3BC486D06BE7AB316D40375DEFA55D028B845190719C73F73A640F37D278
                                                                                                                                                                                                                                                                                            SHA-512:572C00377F0E20C4F767891F668B7EA13FE500FF54D5EBE31F61D43ECD579F11197BE6482C982B5E54747BDEC7235D99C8CEEE08C96F0C30A2623F66356659F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...............J..Y?u..!........5K.qL...XJ....,^....|..Jo..?.?b.8.z:.e..6&hD.N\...X.....O.~p.GH...x........x_..2..n.......,.Z.F...?...A...<....K..R...)..Z]...M.t..]....GT.T!R....Jo..T.....a......i..*.w.T.9....p.rLp.s?DI.,.jMJ{}...f..i/....+.L.E4.A...........ox."t....M1..g:e%>...h3.c.9:.6x/.~.....8.J[..[......z.....:n.....'...$V...c......b)`a<..~...,8....@.....'.....mU[.?.....R=/..E.... .."e"r....D...GG.....ASWiSTRU...d..aswInfTg.htm'.'...W..m......9.1.......n.....'.....%.1..I$..u.K5{..>..V..sASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):438
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3668932434892636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:borDAzORmcL7ZGhlWpWJE+jKWjolhClIlsqeCPZ1Pr3OZuV:borMUvZGhlWajRkbsqdZ5T2K
                                                                                                                                                                                                                                                                                            MD5:20511513A692ACE563587FD8119F022E
                                                                                                                                                                                                                                                                                            SHA1:A3A058154B7F3370AB07026BDF9C61D0487663F0
                                                                                                                                                                                                                                                                                            SHA-256:F0215CEABC6E0FA003E8079879956603C35466B7E5D998CC84789ADE5CFB9119
                                                                                                                                                                                                                                                                                            SHA-512:189EFAC592953EC4FD30263613E67ABB7412EF11AC3A5802BC8F27B01A24E593493700226F012D43999E9F53E43623A209D230741327021946D8E79D62DB2B7A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:....-- ..AVG Antivirus: %TYPE% message INFECTED:..%ATTACH%....Virus Database (VPS): %VPS%..Tested on: %TIMEDATE%..AVG - copyright (c) 1988-2023 AVG Technologies...https://www.avg.com..%INBOUND=Inbound%..%OUTBOUND=Outbound%..%CLEANED=was successfully cleaned.%..%DELETED=was deleted from the message.%..%LEFT=was (BEWARE!!!) left intact in the message.%..%MOVED=was moved out of the message.%..%MOVEDTOCHEST=was moved to the Quarantine.%..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 438
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):421
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.414363685874198
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:xohO3Z7f4Za46A3tZC4m5AD9B9GT6z0RQn:xbV4LbtZC/Y9rX0Gn
                                                                                                                                                                                                                                                                                            MD5:64BF2245A42DA9B12131F43F10BDA5B4
                                                                                                                                                                                                                                                                                            SHA1:5ADF0F64AD1EC09DBD3C857B19AEE57B6514D596
                                                                                                                                                                                                                                                                                            SHA-256:8ED3ECAF11D4D7CBD29726A94056AA82741F820E3EF150428D8E11E3B03D0692
                                                                                                                                                                                                                                                                                            SHA-512:A93EE0FCC31FFE1A7C0A9AEE65DF07A0A612307086FED5843783277FD5A857D7169F28134C9A8DAFE63DB0FAAC9388B6E32DB748375399FEAC32F760361ED219
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..............B.k/`F'.X.J.h.#.GOm..}..vOQk...s..C&..@........7.p.k...*....-.3...i..b.g.N.5l.N..........4...g........n.i....k...R..V.G..B.[...y_.....C.m.....=..y.;W../.!{.O\..ey.8|.b.(..k......r..*...m>.m_n#4...z..J=4]...(..|.v.p...H=.].i..k...%.. 8....k...fD...b....bxd.u...._..>,i.#.....N.{|....A\.4E....,.ASWiSTRU...d..aswInfTg.txt+...G...._.<lR.V..?..-Iv.0....\.]FQW....S.v...v..N5..3l...nNASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):254904
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8790354266199127
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:vu7rfd4Zth/SOkzV9nwXin9UOPe6XPeINlTQv4t3mfXFVDiYxU4xmr/Wzt:aPa0SfN
                                                                                                                                                                                                                                                                                            MD5:B388D6125EECC6618E026CEFA4260A8F
                                                                                                                                                                                                                                                                                            SHA1:70799E098B370BA965BCA98B9335DE475A001E31
                                                                                                                                                                                                                                                                                            SHA-256:10235BFFB1FF0B07FEC89C05487A476025174E5DE0AE93668AABE42647653170
                                                                                                                                                                                                                                                                                            SHA-512:69CDB5266CDC7B039AAE508E51AB68566E2557829EB308BC0BFE978CCF1C6BDFA1D590941D809F59A277BF93175B80816AA22C80C61274125BF23D85D06B52E7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.N... ... ... ....... ..!... ...$... ...#... ...%... ...!.O. ...!... ...)... ... ... ....... ...... ..."... .Rich.. .........................PE..d...z.$e.........." ...$............ ..........f.....................................0....`A.........................................;..T...D<..x....p.......`..(...H...p)......<...P5.......................6..(....4..@............0...............................text............................... ..`.rdata.......0......................@..@.data... ....P.......(..............@....pdata..(....`.......*..............@..@.rsrc........p......................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 254904
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):51636
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996565452144249
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:IOPS+lgDGceg/KDks4N4ZQKU312iiQMY+fBxDLAr+ddaA9PFJaANiDcN3fJWTO0G:3XUr4anlQZ4S9JmYN3fkTBEcIvI2
                                                                                                                                                                                                                                                                                            MD5:C9AEF65761096C4FA6F74CD284DDAA94
                                                                                                                                                                                                                                                                                            SHA1:EB0951119E18EAA537F4E28C0106ED4B79F99276
                                                                                                                                                                                                                                                                                            SHA-256:CAD6E717A49F7304868A3B6D692EFEF7A6853C57215828A7C8789087E7706EE5
                                                                                                                                                                                                                                                                                            SHA-512:8993E15970DE05B08A3FA909982228D9EAF3AE8D6159EB4397B78C7EFE2EFF9ABA5E5F294C5895601B50FD8AC4750E4553F678AED365D54B706F035DF924B472
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...B.........6.....4...$q.}.+......sv.J....o..~.p.l?HA.0..:<[...|.%.....{...........d..sIx....."..3.). U.JW.@.n.n..;..^.$..L.l.O..vL.......B.a..".eDf.0+.....g...|....-..0....U..L..*..u*......3.....;r...}gc.3#.k0.r..r...,...GVPnnZw.(?*.NUA.`C<B.?...^...1..m..u./^LF..n2.../;..0w.:)Z3`q....A.it.....0.....Z.....E:.VT.%|.....6.2..+....9..).=.U4.......S..R..I..-.YxS.+..P;...........9 .W.....0.^.LRgdy.r......6...d..i....ElF9....~.D.0.......z..p.MC{.^IP`..z~ESW...C...1n.{.Z..v.&o+].......C..f.<z...."..Q.=...t.Gf.8.Z..k.......x.)p.....Zx...!....).rNW.N]...~$...P..w..zO.'..#u.n.E7L._.mi..f0.2.Nd.Ps.r..S.Q....A...uH.".....w.~X.^...j./...V]....C....b.=......`.._.v..n..=..z.aZ.....i.$.I.T.w...'$a..t.<....n.........#.^ErC...vl..F.P...o.T..d...t..5.:$.#g.. 6.x..3...L........e..Y.Y...N#....5RM.\l..$k.I....<.....%J......2/....N....)a.".,M........t[Gh.....k:.9.......D.(..S......#.j......T.O......O..(...H........e...,^...!..H..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2099024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.550046465587105
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:EzJzK8ZB7kVE2msLu8tFW4oUjXZWn4N32lt6GsJJrIP:Ezh9gCsLu8HBXZWn4N3wtHsLm
                                                                                                                                                                                                                                                                                            MD5:29042E26983B64E3529A705DE8B62A63
                                                                                                                                                                                                                                                                                            SHA1:E848EB98DEE3D78E467FA686238DB5797077F7D2
                                                                                                                                                                                                                                                                                            SHA-256:1EA8EFE87962A33EF85A60AE98DA76AA19068D9B3B759BCA2259CFFC97EFE59D
                                                                                                                                                                                                                                                                                            SHA-512:9056198A888686F4B474C37FA1361C0D9953612B788EABF0F38165E8B023F3F3396F686163C42CA030B1F8E0FD535C4C9872075382E14B1835085A003547DCD1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W.|...|...|....G..|.......|.......|.......|.......|.......|...|..4|..n....|..n....|..n.+..|...|C..|..n....|..Rich.|..........................PE..d....dNc.........." .....x...n......G........................................@ ....... ...`.........................................0....&............ ......0..4L......P).... ......?..8................... I..(....?..8............................................text...Ew.......x.................. ..`.rdata..B............|..............@..@.data........@.......$..............@....pdata...n...0...p..................@..@.idata..Z7.......8...r..............@..@.tls................................@....00cfg..Q...........................@..@.rsrc......... .....................@..@.reloc...$.... ..&..................@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2099024
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):442680
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999577992325203
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:XCzH31THJqJNAqiXaxc8DOVX45GW+Qx9IP:X435HIABC1DOd2GW+k9k
                                                                                                                                                                                                                                                                                            MD5:06295EABC25FC508E736A2F256DEAA00
                                                                                                                                                                                                                                                                                            SHA1:92E51281210E362AE8BC6DCC6943B130881357FC
                                                                                                                                                                                                                                                                                            SHA-256:B48FE60D22AE9392A61553A1E74AC766F4E1144160C37A8C3A738A38F18DF5C4
                                                                                                                                                                                                                                                                                            SHA-512:2D64355615C4FB961C68F71150B0A27FCBF21775A6E834D0F9A065417FC85A8145606CC898C1530B83C93B4AFDE0B8A3A8DA3FDD33C1247F2AC5A56AFE7D8EF4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.P. ......&..p.........../D.|...B.........6.....4...$q.}.+......sv.J....o..~.p.l?HA.0..:<[...|.@|70..Z.....$..$..o\.<.d .F1. ..`...X2.6......*....?G&k-D.u.s.A....G.iC...y.{.o..x.$..J..Ms..&dcf...?.....;R...^w.../..S....A........y.B....N.5'.......fv.h..e..(.._...o...:...#\.........a]..~TjpB......OH...Z.KJ.i..0.#.-.Q.9.......A.!....aUxqW.g2Hz.%........R.M.F.F.A..4@........\.8%.. ...$cB#.U.f\.[4j..n..J.*.G.9...x..U."...$....j.......g[.:.....~.#....pY......X.!.5.lg2....H.h.T..B........V:.;..N~..Z.}...<.F..K...V..KDZk....G..B..dQ..A.WF....IJ........I...C...5.T.Q....+s.._!..\.Z........;`.T9.`..j..h.z....$....|..A.PHY..[^D[.......q.+....#..91.5.n...../o........&I".@]..U...`....)...e..8.._.......j.$.......j.T...$..|B...G.,..^.++.5...u."5.1f.>........0...x+M.X.....{Dj..[4..!..X5_T..m..{..N{xL.;......n"..B.0...L.`~........._...\.v..[...b....'..S..hJ ...VS...A{...O.TM9f.Z....%r.A..%.'....CgWw..#..~..l..2./rp.C.!1..<.."9.a\...I$}E.....&wp:)..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.624111172624227
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:xVRcyqFhXUAKFn:xVRaFhiF
                                                                                                                                                                                                                                                                                            MD5:4957ED73D5E5E303E351C8F8B7B53E1C
                                                                                                                                                                                                                                                                                            SHA1:E61238F49E44237C56D4D5B41AEB150160880B74
                                                                                                                                                                                                                                                                                            SHA-256:59727F7A256B7A70971F2E62B43B0A923937F85689FC3AA4AE50E4FBFBF83499
                                                                                                                                                                                                                                                                                            SHA-512:DB4854667285BB1CD8D07AB189607EC5BC489AFB2D0A5B5A3388F91CEFD012FECA689787452901E0EB1DE6E8792E69C0097C38B89BBA0D977D0B29E5E5EF2FEB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[App]..ServerURL=http://bcu.ff.avast.com..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 42
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.515978266451506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:mlll/Q0LUUtkqiTISB3YXnaSWAaDVVg4G8prFgGjYwW8mLhx4HXn:Bb+7SBpaaDIl8prFDy8mwn
                                                                                                                                                                                                                                                                                            MD5:3A0E9E1388676424A5D3F23C23A251C2
                                                                                                                                                                                                                                                                                            SHA1:719F3425FA6255561FEE23D6688A69A1FE3DCD58
                                                                                                                                                                                                                                                                                            SHA-256:49BD4673A416AB9EBB6235F51FDD9E4F09CE1F00428DB0C541C249F9929DDF23
                                                                                                                                                                                                                                                                                            SHA-512:A422103851E269482FA667FD149DF337D3863F850BE2C32B79790BFC906E4B429BDEF17EAE00C8978B76EA0E350362494953D7E394F813B43A677E5CB82E62E3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.*........-.J....G.....F.G.......c5.......%...E.....@.....p.ASWiSTRU...d..BrowserCleanup.ini%-{0a,.v.3...Y...I.X.E#..f.....}.m\.h..~...+|.09e.N~..{*({uq.MASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):31568
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.967020187106408
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:USp0wfwonXyrGJXSNb3FR6Cc31AqR9z2snIYiif3DyAM+o/8E9VF0Ny4GX:vyCJCNHor9zXIYiiGAMxkEdX
                                                                                                                                                                                                                                                                                            MD5:51952D9054DCD82D3144297D516977CB
                                                                                                                                                                                                                                                                                            SHA1:C2A2ED18E8CBA17B6C6CFCC5996A1F3487DF0D46
                                                                                                                                                                                                                                                                                            SHA-256:FF9FAB4C025647959D4E107BEFBF080C374FE21378E7205AC83F1A131A8D9820
                                                                                                                                                                                                                                                                                            SHA-512:A5EFF769E1722BB60395BB8752C55E202D852E0538E3A5C565CB6234F1FC6F66702EFB9CD995C837AEBEF6BEBF6901FFE71083E3773E933D6763662801697867
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n.y...*...*...*z}.+...*...*...*z}.+...*z}.+...*mz.+...*mz.+...*mz.*...*mz.+...*Rich...*........................PE..d.....#e.........."..................`.........@..........................................`A.........................................P..W....`..(....p.......@.. ....*..PQ...... ...0!..p............................!..8............ ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata.. ....@......................@..H.edata..W....P......................@..@INIT....D....`....... .............. ..b.rsrc........p.......$..............@..B.reloc.. ............(..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 31568
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18472
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.990337915864161
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:384:6utNZtVsQYHWB+MIKdWXPGYKnyttiX0DFTKj2/D2MO+tgN:6uDVsQ47Lv8KZKj2qMOTN
                                                                                                                                                                                                                                                                                            MD5:316F736E4CC98B22F5E93463AD5CE189
                                                                                                                                                                                                                                                                                            SHA1:241A5FB364D892D39B630BF72B1C24AEB3247597
                                                                                                                                                                                                                                                                                            SHA-256:B26474EBFEDB40579F3240ADDC934EC267DA88FA76A86EC530D6948FACBC961D
                                                                                                                                                                                                                                                                                            SHA-512:F1093D4EB1A6B1583C155BE39829535BBB7D457E6BAC3BD15915DAF2EEE0E2C9D235857D83D909DEF3AD1786AF6994B362FB619839E15DEDE882126540424856
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.P{.......&..p.........../D.|...).1...../Aq..k..Lx#..t.8..Kp...s.._.gr=N.`9....?.O.gp.0.7..yd..<.5G....P..5(...J....XO...t.@..8A..F.;d@.y.`....!2..%....,.E.....|.D..'. 3O.2.g.r/Ff/....}e.0..6....NY..s.....21.`...N'.B.&.t.X1.P.X[|.^.(@..^n..}..4A...FJ.b-..2..%.....E...P{.OO$Q...D<r/..?....-..K....)*.....o...z.f...5.KG.^.0..............b.Q..W.d.|G.3e...J0...q....t.t`..jL.+~...n8w9..a.T..I...5.a..6.><=....N..[.=3._P!..R\WTW....`X.KG.....R6...'..u.Qa.-n.|.S.em<Z...V..C.(.Y3..E[yb.*.&.eg1....^....SfbGQ....k.....t...;.}.....hP.y.H.|..D.{KZ&>.... .l...z..U....1]......LS....Eh..q.\.$\....E.@)g...p.o.D....ug...F.iMS..z.>.....Ni..C..U...Sk.....B.....$...dA.&.....&../...{S....Ei...\.....?..^}...P(...$.8..(L.O.....o|.._..C......J.9............A).................:E. .1..t...[}(....]......-.'....Bh...8.%Hd..BdQ.Q$'wS....x..v.'y.|......^.\.....7....i..V...L^......[.oFu [.>.w...3]9[..WKz.5.....}.t.K.g..#C....C.....}.5;g....Kaf$[.S.Bd.J....S.....l.q=t...s

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):240616
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.568453964893847
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:RyYbj19MQjfq8/XWMb1gBqaluvLcDxj1QW:Ry6zj/Xhb1AfLQW
                                                                                                                                                                                                                                                                                            MD5:CAAE722D9630C5A71FB33B618A5E33FF
                                                                                                                                                                                                                                                                                            SHA1:FB91850ED3BD05ADC800D2BCA90B18D1B2AEA8E7
                                                                                                                                                                                                                                                                                            SHA-256:F74D40C37DFC1A66DFD27426700FDFFF2047036732EF6BA6028E2378E1A994C8
                                                                                                                                                                                                                                                                                            SHA-512:437D49BB882F3AFF16B798B9088EA4F5A60F74A80FBE00EA1BBAC5D9C1A6C53BA7F7CE178CA297751D3B824D2F89FDD2FB4AB78B58087E9CA605817E48DD7630
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R..H.......................................................................z............Rich............................PE..d.....#e.........."............................@.........................................`A.........................................p..V.......(............0.......T...W..........P...p...............................8............................................text............................... ..h.rdata...G.......H..................@..H.data...............................@....pdata.......0......................@..HPAGE.........P...................... ..`.edata..V....p.......4..............@..@INIT....L............6.............. ..b.rsrc................L..............@..B.reloc...............P..............@..B........................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 240616
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):117540
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998234420364977
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:qWRYP02K9QquDmDelSmZz+Y2f+aG/5GwSu/700EEDc6Y1h/h0E:RG8P6lL4Y293wX00734ZWE
                                                                                                                                                                                                                                                                                            MD5:3412EF32E6889B31B53109C16A7A90F0
                                                                                                                                                                                                                                                                                            SHA1:E15CD3B67F142E46B90A2B6172500409535CF8BB
                                                                                                                                                                                                                                                                                            SHA-256:AD92F384531611214E91854FD6B5ACD7AF0C0319B4F2F4C6D134B0A757BCA0F9
                                                                                                                                                                                                                                                                                            SHA-512:31DA239A5CE36FB65A15A12CAAE5F54977C050999070266A61D79E7979219EF3FB0D97FB12A43150AF2D2305DBC51C6E94D3765C25B8711F3D048EED8ABFF62D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.........&..p.........../D.|.......`1...~ a{R..T...[..qN.U..t...f..X..Oy..kM<...2[J.O....H.7............,.4...Et.}..VM..A......_.u....S-?.x@7c..L....)..5..I...f..WU..n.....>.]]p'$b....UNC.=.d.+....K.qD.....<,...[.....w....\IC...O._..k(..MK...8...1..A{#H.r..1.6a.L.QV/..-&.M.3...(.C4.3...\.m....W@yW.j.P.+...%..A'.4b....i..=.......w~q..XSZ..... ...Wa....En.J.."....z.D..!.X.6Q.6....i..k.V9D]..Q..y........`.M..5=9@B.B..!2.)Wy....{..N..s.........C.9.).9.F...2.>..j.... x"B.o|.(.t&Y9.7....m...D.........R.....G..|.L...}.Of........bh.M.L.F.."d...[......r..k9...Xk.7T...<` 1.....&.X.:.....m..{........u?..;...Q.....'<c).........{.j4...3...H.`........Mw...)o...@4.e.!UO.*.I..l(.H.L=.qJ.P@".k...~Z.7J.-...e.^.+.f;VE.`"....2...-.r....'........w.rJO.L.r....@q8.f..R.p@$...:..!%....I...o...3N..!./....K..A..u.......?7/...,A.p.3.._I..#.....*.e6m..^X..Yr.pu.#}.,P..I.m%x.V64......VL.....&..L...,.^.6....L..q..q...l....N.,l=.9.7..H;.Lh<8..O...`...&|o.gv..f...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):951360
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.190954210183528
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:7LtU7Ll1jStHVFKYvYVliny5R61xzVxJo55zfpvHf+kQPcm:7LtU7Ll1ugY2gnphoHzfpvHf+kvm
                                                                                                                                                                                                                                                                                            MD5:BCF9BC08798C309A24E2C491717824CF
                                                                                                                                                                                                                                                                                            SHA1:23F617A09E02548FADF83CA02DD4D33B16890C08
                                                                                                                                                                                                                                                                                            SHA-256:5E2C44BBED0C7BF528B035768FD3906D5D2EAF971FFCCB8E1E104A2930118619
                                                                                                                                                                                                                                                                                            SHA-512:6741670E0F2815DDEBF746B6012722D1D8DD421F4612EFAB3849EA52FEC221AB54A0E6ADE9D97DA0A72CE1419CEDEB23C7125032FE94087C4EC04BCC5055ACB3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........s...s...s.......s.......s.......s.......s.......s...s..hr.......s.......s....A..s.......s..Rich.s..................PE..d.....#e.........."......<.....................@....................................~y..........................................................x....P..........h=......@p...`..........p...............................8............0...............................text............................... ..h.rdata...I...0...J..."..............@..H.data...,S.......(...l..............@....pdata..h=.......>..................@..HPAGE....~.... ...................... ..`INIT...."1.......2.................. ..b.rsrc........P......................@..B.reloc.......`... ..................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 951360
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):355084
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9994435049085535
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:JaAEP+Rkzt5WDyRijxXx8zXB+Winmooys8XGe+p6H5AgE9BrpUy4cU4X/N:k/PDrGyRijxXGsFNsABTrkBCybU4X1
                                                                                                                                                                                                                                                                                            MD5:B91D3BC963112167F11011D7E9FABA08
                                                                                                                                                                                                                                                                                            SHA1:B7CEB9FFA9E8BC36720EA3C8B341B8D3FFF7F7EE
                                                                                                                                                                                                                                                                                            SHA-256:BEB5BC7060A9BD4F1535BDFA6064660CC8DA42B20F93B85509DEA91353401B8F
                                                                                                                                                                                                                                                                                            SHA-512:6F503F5C6081C87AF7CED2BAB0F0CFD889B9DBA3F9FE8F4FA90757CC1680DC171A20075F2C38804918AB4C057287DECF4B354E0051F628BB9DB30DECF3C8E44C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.@........&..p.........../D.|..(....U..)..B.s.Q....L...Bf...2f..'.6...gg.D.....(.[.[...1.Ic0i^!t1. ....\.6>9"...L.yq.......)...N.....?..!...u../!k..Rz.....Q.....dO......&#$rX.....I...o..8..$.....H!$......w.T.j3.........h....ws.1%..zb..`...c...L....S.{.2.V.....q.9.Y...d.!t..l..H.G...^_...{.o.....P..C.O.N.;g..k.Cex.Q...a.....$T..A..198..t.).6|B...o..............:.eSq.L.t.n\;...v0q..M.Of...\..h:.q.L._f..j....|h6m..2F..n...6...C...k..o..X.....[...........x6s...H.....0.Z...M..ok..nL#....?A......D16t.f...G.K>...m..w.y.y.0Wh~.....5x..a|hr..e#..>.I'.q@.}...+.1h....Y5F.:%.....M...."...m.......A............0.)....6C.v...9..|.=8..Z....yv...B...9...)v.w.i...1.|.,.......T..<k.Z.].-.y.z.q.7..2I.rQ..~1..=T..!6s6.....g.p....Y...v..Y..x.8...1g.n.0T..<.7tb.B.X.6..}.v."A...=...."....4..q.g@o=P.g...`..".?.N.E~..DF/.......6R.t......C.Qp.J8....b...........)@A..8=.S.w.'#...rB.v]2b,....e..t...t.t..Q..}..j..2......W[...2..$..}O..F...X"4..so.z....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):393536
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.998324877995473
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:tSzUEoO4WaQH+nRnZI4kdveC0VEMUE10vp5jz3Bg+:tlY4fnu4kYV1UPvz
                                                                                                                                                                                                                                                                                            MD5:5681E8860E1F502D6BB3A500EC624993
                                                                                                                                                                                                                                                                                            SHA1:AC1C887605B5C83043E3D29B63B998A0A0B50D86
                                                                                                                                                                                                                                                                                            SHA-256:73941B08BCBAEB7B82F202D82AACBE8C350921626F0C8D0FCE7965549EC8C339
                                                                                                                                                                                                                                                                                            SHA-512:A5AF55A22C48816A3C03AFC14F00E57753EFF51AF6B84E879D45A71350BE67F56BE81B50C559E443BC9EF2E7DA6DF4540E24C22EDADCECDEA6AEC9C72D96C77A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X_.H91.H91.H91..K4.I91..K7.O91..K2.N91..K5.O91..K0.O91.H90.c81..L2.I91..L4.I91..L8.%91..L.I91..L3.I91.RichH91.................PE..d.....#e.........." .....D...........k....................................... .............A....................................................P.......X....... .......@]..............T........................... ...8............ ..x............................text............................... ..h.rdata....... ......................@..H.data...)W...@......................@....pdata.. ............8..............@..HPAGE............. ...V.............. ..`INIT.... ............v..............@..B.rsrc...X...........................@..B.reloc..............................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 393536
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):134312
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9987067323311365
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:jlitEIer/PtC2IlkVVhYDHF3r0kK9ezW5Ntmyrp0/ldq+Q:xYGtJV2FQZNAe4q+Q
                                                                                                                                                                                                                                                                                            MD5:B0E0A9A995CB669B495367CC028C86F1
                                                                                                                                                                                                                                                                                            SHA1:993FE661636AD429B3870D4A41260DA200A6CF0D
                                                                                                                                                                                                                                                                                            SHA-256:4F673752DACE78AE1E8EF3E9B723387206187D1086DA3E11D0BC1F105F12CB80
                                                                                                                                                                                                                                                                                            SHA-512:CAF7D08B9B8263A05C376C6B3B21652BF9D093B705054E96321D75ED8B626CF6525930658EC9C81A99370889C873BE1053D057F55285BF16881B59C5CF1B8CDB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.@........&..p.........../D.|.......`1...~ a{R..T...[..qN.U..t...f..X..Oy..kM<...2[J.O....D.G.D.@.)tv..'bse.&.....w.....E.Y..$I..K`N8..Yu..y.q..<i...C.u...../zYc.s........qS....1 e..L.W.V..-...A.A..7..Oa&V'X..A.,.....S3.U1*..'.".%.n.....&..-jj!....V.Q..@..........An.....V...\C...Q.2...q..v......o....X.22..e....0....2.x..........;...b..3_/i?...G.x..oRW..6...>d...j.......l<+....i+...2.q.2j.5.;..G.5&._(........9........."........]V...7.o./.......t.N..$=...T.|\....r.....n$i).Vr ...[....z...B4bm......Q.h..`....=).0...t\.u)..u,...Y{,.....L2c...M...o........D...C...e.0.5Dg.[".l.81......8...bp.3hj`..,S....8zT|.|...5.4...(..3aJ.... ...1P84............N.../..Vk.\.l.x.. .-.w..|.p.?....VO....?&Gm...?......u+...A..^.......+....g.%r.n.F..r.....Ku%j....'R.T2;T....$.}...T..w......Y..Y.....S....U...3z...I.8..E.1..k....ay:5.bH.....,.....,eqS...~`..;..S..A....b.3...X./r...a.d...^.......N5.W.....H.u.H~.P'.......V.{v`..K.~..*F.Z.0.*.....6.q....;\...;$u

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1361
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.135395644586466
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:8fT20oz6AMIot5LLxUFB93xyPvsjt99QHbsUv4fOk5T0No3SFf:QT3oz6Ec5xUb9EyQHbs5JD3SFf
                                                                                                                                                                                                                                                                                            MD5:B51058FEAD1AA71840B79527F5BFFD3D
                                                                                                                                                                                                                                                                                            SHA1:BC3C4D41D4CC7753BEA8E7A77FDB7CD384ADBB59
                                                                                                                                                                                                                                                                                            SHA-256:BEB8E42E9D6B4284E03304D05A81A0755200A965FC8D0A5E0AEA1E84CF805D6E
                                                                                                                                                                                                                                                                                            SHA-512:F1A8D21CCBB6436D289ECFAE65B9019278E40552A2383AAF6C1DFED98AFFE6E7BBF364D67597A131642B62446A0C40495E66A7EFCA7E6DFF72727C6FD3776407
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Boost Software License - Version 1.0 - August 17th, 2003....Permission is hereby granted, free of charge, to any person or organization..obtaining a copy of the software and accompanying documentation covered by..this license (the "Software") to use, reproduce, display, distribute,..execute, and transmit the Software, and to prepare derivative works of the..Software, and to permit third-parties to whom the Software is furnished to..do so, all subject to the following:....The copyright notices in the Software and this entire statement, including..the above license grant, this restriction and the following disclaimer,..must be included in all copies of the Software, in whole or in part, and..all derivative works of the Software, unless such copies or derivative..works are solely in the form of machine-executable object code generated by..a source language processor.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WA

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1361
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):919
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.783966233278877
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Gbuj5cbKujE3CmhkHicogA0jamkqNkfQNFdtEtcUFlZuaFWOrhn:P8H2ldg9jjL4QNntEa8MaFXrhn
                                                                                                                                                                                                                                                                                            MD5:1EA4A67EECAADE9C8B1560319FC6E0D9
                                                                                                                                                                                                                                                                                            SHA1:D6F1368F8566992610B8A51D62051D903EF952B7
                                                                                                                                                                                                                                                                                            SHA-256:60B743F24D554BEF8A25EB5A410ED06BD60B71946AC10BAB62041C0FF7F91F1D
                                                                                                                                                                                                                                                                                            SHA-512:C990835F75573E56E6E42EA2F06D41BD61825BA20AB6862216306935B8F4B8A9B219914C7147CDE2C1734CBD5B78A3FEBEC89B2631BBEB244ADC0F26130E7ECF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.Q........!...tQ.....w.Ky$....m.=..:.j7./~S.j.3.}....p.G.p&.......W..?_}5..~....P.7...SXL+.D=..{.......'..?..^....).52...-....`..........'./.9;..>T..Gj~$.)W*A..6?..-...f..#..W.[.....$..........i..t2.....f..~.i-B$?...=x)QH...t.S'.PYFiya.......A9..sIx..)[..HQ.!....h.Nn.Q.d.rc...V....?.]E...b..E..E...c.m.2.q.._f.%....lY.7.c0.\#/....}K...>i.W(.<..1x.-...rB...&.6A....m.....2...N.'u.......5..~.......... ^..?..+..=....i..d.tQ.@c...4......Q]9.........b....t...nL.NJX...Kl...q3.M...a.."...@F.@.ev.........%.Y......&....8........1sP...........hX......._f..K...N.{...X...Fp...Nb<.&..A5.oj.*d.G..o..f...a.?7.....1.9u....[(.f5U...wE..#.Yud.o:....p..$.k....9....\....7..t...<...,Z.2L7..Z.0.WZJw.....fB|.M...}...|/$>....Z?....X..\.8.K4.VB.......2...Gqi.........Y.P.}rC..rE....lASWiSTRU...d..Boost.txt...B..'..`Z.-R.".R6........).....` .ge....i[..x.f........pASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3949
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.157096605941707
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:E8xqQdQZJqWbbfwpnusz6d5y9EyQHE2xJ8rYJgNse:E2qQdGq6wpnufU2yQHE2H8rsFe
                                                                                                                                                                                                                                                                                            MD5:15F12037D9859D059C3A557798163450
                                                                                                                                                                                                                                                                                            SHA1:B3609A3D6832159913CC9B8FB128DF1383087B24
                                                                                                                                                                                                                                                                                            SHA-256:E668AF8C73A38A66A1E8951D14EC24E7582FEE5254DD6C3DAE488A416D105D5F
                                                                                                                                                                                                                                                                                            SHA-512:A976ECBE99AB8F29C8290F26DF5906326E820EB3F212928CD2B74783716BB6B7B6E75104140B2816408AF15A1DB30F4F5AB05133BAA2C2D3A6E48C6D915FA915
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Compilation Copyright (c) 1995-2019 by Wei Dai. All rights reserved...This copyright applies only to this software distribution package..as a compilation, and does not imply a copyright on any particular..file in the package.....All individual files in this compilation are placed in the public domain by..Wei Dai and other contributors.....I would like to thank the following authors for placing their works into..the public domain:....Joan Daemen - 3way.cpp..Leonard Janke - cast.cpp, seal.cpp..Steve Reid - cast.cpp..Phil Karn - des.cpp..Andrew M. Kuchling - md2.cpp, md4.cpp..Colin Plumb - md5.cpp..Seal Woods - rc6.cpp..Chris Morgan - rijndael.cpp..Paulo Baretto - rijndael.cpp, skipjack.cpp, square.cpp..Richard De Moliner - safer.cpp..Matthew Skala - twofish.cpp..Kevin Springle - camellia.cpp, shacal2.cpp, ttmac.cpp, whrlpool.cpp, ripemd.cpp..Ronny Van Keer - sha3.cpp..Aumasson, Neves, Wilcox-O'Hearn and Winnerlein - blake2.cpp, blake2b_simd.cpp, blake2s_simd.cpp..Aaram Yun - aria.cpp, a

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3949
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2051
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.894179853085759
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:pah01jlLir1CRxz60kgB+IB4zNnH8mDvvfLn:rZir1CRx+Lgw5zVcavfLn
                                                                                                                                                                                                                                                                                            MD5:5A196F86F797C7A23C9FAF166328F695
                                                                                                                                                                                                                                                                                            SHA1:5B38F57F086BC5361EB0E02583B12B67160CC3EF
                                                                                                                                                                                                                                                                                            SHA-256:DED55E2C4EB2485B82E9D631DC44291B438D8B7966CC7532050460962F18D509
                                                                                                                                                                                                                                                                                            SHA-512:2388ECFA7963E7FD1022FFAC4A7B116E2C5137649301D7ADEF24BB9B8375E40ED7A0835E5D46D5D9E92044FFA6FA3B42E2B9A24000D4689032B9E400D3DD24AC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.m........!..3.m)4a..].8+...<......4.Y..d.!.mI..<W..<[.Y......L,.Q..F$O..S$by.u..m........,...[.>..a...4s...._z..b.Z...P5.2u..w..... ....N.]eQ;.7.S.]......T(*.U..B..}.4...h..p@..71...l`..Q....!&..2......6.O...a.E......D}..K.....3.u.....(./.([.6%..V...6.{s..IW..y..+R....?S@?.~...B..*"d.8".......t.....=f.b.H.v.s..s..].....K.;....]...H.Xz(.....)....5..r3.....24LJ...!)>.J..i..Pp.bq.;.....5.Pu.D......./...}(...@.,B........V..PC.".\......P../Kh......\.....4.0.^.-O~.\t|6.o.......Pb..d....U.....(.... .mlr..,..)h.<$..@....~b...../.G......6y.P....tZl.Z.h...}.OM.c.9....0.?w.'.]....(&oN[&...[66. E.`..UW....Q.K...<..&[s0.8o...i.!..*U^05..1...y.-~b...^<4G.^.K.2.0....eV...)Lv.U..^...h. .s.0...`..~...........X..{s....{A..8..f..a......w..B...<.D.T.s.....O._p.P.~jw....=P1J{]. ..Z.....'..^..{.)........a.....d....$Q......l.....GqN\hK.S|s.Vc.b.HP*..6.....g....B=@rF.;I.......6.O...v...'t.KA.R......X.H.V......q~.p...Y.Y.W...s...o.Gxsm..Z..EE...i{U.cLI../U.H

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1122
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.127308255466628
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:QiDGVl+IrDJHcH0ynYgtoJq1hBE9wHbsUv4fOk4/+8/3oqaFN:TDa+I3J0lYEbBGwHbs5JK/3oDFN
                                                                                                                                                                                                                                                                                            MD5:C26B34F5996C7ED7F7BCE6AAF6C8A98B
                                                                                                                                                                                                                                                                                            SHA1:553E3A3EFEC9A07D9B08FCAADBCD88F2099AADA8
                                                                                                                                                                                                                                                                                            SHA-256:F854AE8AABC0404652B48A2B3BF7F21EC174C69D73F5596934C20884EB0639EF
                                                                                                                                                                                                                                                                                            SHA-512:E3C82BFE3BACB07E3A8327A01B2C9772E44BFA1A8012C0F0B363D6E3B2EE2371BC66F9C207611CD6F73D6F1FF1CEB9B2BF2C7D0864ADE256D41D533B598A804F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:# Copyright (c) Microsoft Corporation....All rights reserved.....# MIT License....Permission is hereby granted, free of charge, to any person obtaining a copy of..this software and associated documentation files (the "Software"), to deal in..the Software without restriction, including without limitation the rights to..use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies..of the Software, and to permit persons to whom the Software is furnished to do..so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TO

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1122
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):817
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.677959898778784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ScpPsLwdrG4htPGv3n3JSPjAiQZLAxlKgkZPiLoTEQlLgJ2OZeEShbPJuu6X8VhK:H3rvy33JSkiSEKNZqL9i8eESXqoBUn
                                                                                                                                                                                                                                                                                            MD5:499AA1897D66DD0C753E7604FDA3A882
                                                                                                                                                                                                                                                                                            SHA1:638FE25BFDAF04664A096D19D9D56465F6809CBD
                                                                                                                                                                                                                                                                                            SHA-256:B4A5BF7357028A7E56893B3544D33B125AB54F24F60A99D92A6BC00EEAA818C3
                                                                                                                                                                                                                                                                                            SHA-512:88BE5B46B9627491404366EF8112D4ECBC577668618069E1DE8874329E58160EF0FEA761D2DAA9FC341B49E0B04B0ECF74A5786BF45FB1325F0112AADDCC6165
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.b..............)...."..Ny'.....J......gp....<..t...A..X...X.u.....-.,3...9jJZR....m.......v..6.......Uy'.X^0.6|..X.e_uB?zq.x}t.&..j......{L......p{..ge.J/+m..hHe..f?U.d...Y.u.2Bs........2....E$j.y.\.v.....,..>..x....M.K..M..Um/.......VX..|{..g.*.U..$f...U.h.........,H.d....]...I......d...l.);.[.....R......n.m...3..f.m..X......;.|N..........X.l...9.....}...r...|.<=.o.Y0l.......5G...Ad..."....k..?&RM.\...o...6.o..C..Q..6ik....1}..y....6......z.......x.A..f..z.;..1..W...dFW...zX@d..&..)..."....a<u#.!.d..`.V.<?.:~.t[..G.p.%...4.lS.M...9.J......l.. ......B9?......g.V.2..P.A..H....{.V.GB..)t..@...Hh..Zlu.j...Q...B..@M=<1..vB$...'*..9.;......T.....+ed..".e...H...C.iASWiSTRU...d..Detours.txtx..4.\9.M.(.Uq....G.OG...mB....t.gq..pN.s...G..?.6.>.>..,.h\ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\EULA.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Non-ISO extended-ASCII text, with very long lines (2345), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):82443
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.721225358659806
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:eFTcZO7RtCH4GsEClVYB81osESnauexHLasodv6zxoLx:eFTk4Gs9YB8zESnaueh5oV6zk
                                                                                                                                                                                                                                                                                            MD5:98ED747585FDAE910038499A32CAA6B1
                                                                                                                                                                                                                                                                                            SHA1:5BFCC2D13E2E88A9E73C5146CF81655A80038B27
                                                                                                                                                                                                                                                                                            SHA-256:F65A29AE37F5222F6EA8DED3DFEE6B2C9EF368C93665C7CBA8AB124940F4C7D7
                                                                                                                                                                                                                                                                                            SHA-512:D5E54661E48DAEFB34E2731C8E331BACFE3B0B14B81108BBEBA8D353CC7E3F0DC46D6E5FF68BA3066234EB1FFC9BF0B45F02BA4EFB3E223C08771EE7A8915DFC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Version 1.13 (Revised October 1, 2020)....END USER LICENSE AGREEMENT..Please read the terms and conditions of this End User License Agreement (.Agreement.) carefully before you use the Solution (as defined below). This is a legally binding contract. By assenting electronically, or installing the Solution or using the Solution, you accept all the terms and conditions of this Agreement on behalf of yourself and any entity or individual you represent or for whose Device you acquire the Solution (collectively .you.). If you do not agree with the terms and conditions of this Agreement, do not continue the installation process, do not use the Solution and delete or destroy all copies of the Solution in your possession or control...This Agreement relates to your use of certain software (.Software.), services or hardware and related firmware, including any Updates (each, a .Solution.) in connection with which you are accepting this Agreement, and any related Documentation. In this Agreement, .

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\EULA.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 82443
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22267
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99191450392519
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:384:z3sq242S41TYDsIN8xjQhxNPRGqoXv2sWGVu45eEZB/5Io6dH8DmwL:z3sqL2DonojQhxX5E2sWGVB4aBhAo
                                                                                                                                                                                                                                                                                            MD5:6677C3F1D063995B6028E341EA427B21
                                                                                                                                                                                                                                                                                            SHA1:5859E4EDA4DD1D86B144B685F467EC5BF1126FAF
                                                                                                                                                                                                                                                                                            SHA-256:63F37C5F5857D64CEF342D33D83FDA35DD8D87DCAB13744A1D3A477207CC683F
                                                                                                                                                                                                                                                                                            SHA-512:F7C2AAA2A753ADC81B5456CE166A5828F7AEF81427EBC2287FA61F32E2D3088CE9B283118AB802F5B681B14F5A07163993200B20DD29AF3605AEBF650099CBBB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..B.......+.JG\d.....yE....{......{./4...X.....H_.X..t.@..Y.&oe..fw.......c..2,h.<..........8R.t1,uLhx...8o".&...S5.`......[...c.fK..P.....y.j{...."..L.A...] .t@...c..%.X..........nn..U..3-... ...mZ.".....<g.S6..d...v7y;.C..%.^..}...JZ.)..!*.../.........U8.?.S...,Ln9.q.0...I.,......Cvp.3.....f.....T.......H..3hh.C...."._J+B.T..J"..Q...g.).C..Yz......./.k....OWa..Z..z...P....I.J...g1].t.:.c..D.k.O0.|......~...P..{J..%;'.Y).-*.....bL....,.aS.........-V.I.....j........zD..t..s...@.p.J....u.......rn".H...7d.....!.}...7...L.n4...v9.-....ckx.jY|.e..Dt..T......v.b$.7$.I.e..h.....Xht...o..J6..#..;..-..Y_.....3 .+O..Mu/....}...Y..af...wuJq.0B.wq...A....'....\F.Q.G......}{....7.]....~........@.C.W...nC)d.M..:Y.J..r..H.V...^.;.2......x.....p.3..g/.0.\4S{.]...&G%S$.....9.M.8..R...b>..u<.Z.......(...z......`B...}.....z.UD.J.....4.s.2{p.$&.J......g#...u..a.oj..).!..o:].r...wwB.K..R.&[K....|`.E>u.Y....X...9....^2..3...a.._Y..v..g..6.7'>....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1177
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0985548747672595
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ODkugarjVJHoH0yE3gtwF7q1h69QH9sUv4pOk4/+wJ3oqmFZ:ODzRdJglQEZoQH9s5XyJ3otFZ
                                                                                                                                                                                                                                                                                            MD5:598FD6266B820D382B6F1134F56351F2
                                                                                                                                                                                                                                                                                            SHA1:91D5E0457D0B8A0B9C0A2F557E0E2DC4D7F3805F
                                                                                                                                                                                                                                                                                            SHA-256:656E11EA18F7FB862F6625469B822583F3C08E986B3A24962D74737EBF6927E6
                                                                                                                                                                                                                                                                                            SHA-512:A1DE7199FFC3ADF0A4679B47CE77CCDD6EBE7ECE123D286C58236A08B64C13C707E590FB5A12AD0A72E6A5907356F4D5754151EB7FB45A99D71CAA50912C16E5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2015 Microsoft Corporation. All rights reserved. .. ..This code is licensed under the MIT License (MIT). ....Permission is hereby granted, free of charge, to any person obtaining a copy ..of this software and associated documentation files (the "Software"), to deal ..in the Software without restriction, including without limitation the rights ..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies ..of the Software, and to permit persons to whom the Software is furnished to do ..so, subject to the following conditions: ....The above copyright notice and this permission notice shall be included in all ..copies or substantial portions of the Software. ....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OT

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1177
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):834
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.733161940513053
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:8pe0sbjGLWYxr0xI/V/Mjhe+d+OKuFIkttYuEWCexkTOw1PcuofOcVhs82a9TQ9V:8YG6TuOo+AS3DEj6kTlzOiSNNHG4nbkn
                                                                                                                                                                                                                                                                                            MD5:4705ACE3A9E7345E4EBAC67CDE759F3C
                                                                                                                                                                                                                                                                                            SHA1:76896E71411D2334BFE47F952CBEB2BDBFECF6FA
                                                                                                                                                                                                                                                                                            SHA-256:36FFCE416E227ACA3822B666C564F80141F054D2C8D12530A38BF6C8718DD3EF
                                                                                                                                                                                                                                                                                            SHA-512:55B6AD1FCF4AB22BE7094B66B3ABE664DE36E930D0E471EEE5AD2D51CBFD2D98B53D4028978D5493F58BBD83F5A9BCB911E1C6F88D08FF844DAFCF6E3D63D035
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....}.%..sD."..@W&w\g...6.XU.Vw0.......z+..q.TS.K....o..*;Z.Z..."......>9!.LP~."Y.e..y 5S.$.....?~....^:.W..K.Hl.@AC.A'..d.iWO;...C....N.>?.......L.....%....1;j[..R.V.....mg..2G.<.5.Nv...C@Nhg..".5.8.b y...2.>'..'....Wy..Q<...b...ZpK...6...D..y.......?y.{........dKPKe./2.I...?j2..V....s.z.T.P.h.+5`...rJ.R.I.d3.0K).c...0.@..%.Z{..._qm......[..o....S.OvQ7d....,..&.bp.YA.9..d.p.A.;.R.......~.b.-..\8..-.7... :....~..=c..~.}l^..{.&n.|e.6...e.^...(.....c4..#.am. 77...y.]..?.....gY.K*....9.....j.....8Za_...s...K..@.....T4.e...\..7z.um.=...K.B....H.df.S.C.$p..|%...$...4V.V.?....t.$.....-.$sp."d...-r/...y8^Zz..........(.a//....%Z_.i..M.........X3!6.{L0R.#NM.n62.C..|.3.R../+.....ASWiSTRU...d..GSL.txt?8.@.+.........T....)D.+.q..K..(_.l.n....C.?...J.,..7.`{...ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21439
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1357753042685355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:5udKkjHrElobnqrEvJ+rsMb3rl0rsqrsVLpJVrsqrsLLpJuvQjNjbSrYmriVx090:5IKkjHwlo7qwQ/3r+tCpJVtIpJDkDM0u
                                                                                                                                                                                                                                                                                            MD5:A2A0BAEA9713F129F7D433DCFC635167
                                                                                                                                                                                                                                                                                            SHA1:349E31D4F425C71D5C63E2DCF4A19F5E0EDCB57B
                                                                                                                                                                                                                                                                                            SHA-256:F155F8F66833BDC8E0479656256BFAC1D66A9EC9DF4AA56292308F522B4E3FA7
                                                                                                                                                                                                                                                                                            SHA-512:87DD90B17AED6C5AACA53BAAA3D149C07028F730CA34681842AA9C855817413345AF27A0BD27DFC64677ED6D9B2E9013B585BDA06130315CBDCCF0A27103A809
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:COPYRIGHT AND PERMISSION NOTICE (ICU 58 and later)....Copyright . 1991-2020 Unicode, Inc. All rights reserved...Distributed under the Terms of Use in https://www.unicode.org/copyright.html.....Permission is hereby granted, free of charge, to any person obtaining..a copy of the Unicode data files and any associated documentation..(the "Data Files") or Unicode software and any associated documentation..(the "Software") to deal in the Data Files or Software..without restriction, including without limitation the rights to use,..copy, modify, merge, publish, distribute, and/or sell copies of..the Data Files or Software, and to permit persons to whom the Data Files..or Software are furnished to do so, provided that either..(a) this copyright and permission notice appear with all copies..of the Data Files or Software, or..(b) this copyright and permission notice appear in associated..Documentation.....THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF..ANY KIND, EXPRESS OR

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 21439
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5243
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.960547639885036
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:c5KUQ+eLxIOwiYMOZnol0V6zyCyAXfq5/U4Usx9rkzINNF9Ffbyh/Ll0uCPnSdi0:cQzxvcoyV6zlmctw9ozI/F9Vbyh/yuCq
                                                                                                                                                                                                                                                                                            MD5:6A7696E533137138E9498C63FBEB7983
                                                                                                                                                                                                                                                                                            SHA1:0F2A38358735CD7D0C8C09D2F4D9A41DD4AA21F9
                                                                                                                                                                                                                                                                                            SHA-256:1FD936EA192C1A86CA6409A3F5FFEEA7BF9E9667C841F6E887017B6C24CB7B96
                                                                                                                                                                                                                                                                                            SHA-512:2F3F183177AECDBDF0E8AC608D0DB8149FA491A49252B071286A1DA325FBCD023AFB8297AE9257D8B0B93ADA6FD87A72AB35131BFAD3B955B7A19B3263C159F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..S.......!..GO.k$...n.|.S...."7r...(.AO.Kqx9....CI2X.X.K....T.1.E..}..c. ..R.....N#.}.....S.........r.oz0....M...U..fW....so.....k.x.yi,....].R...N..8?.H|.f.b..X.uv...p..Z..`.8...N..qI......a..k...j.'./}.U...>....J...@w.l...H.2M.....n~,...3.&Z%...xaKD.......0.K...s..q...x#"a.bx.U-1e!h@DI..w'06s.%^.]..x...X8.<t)#.^..=...z.^.B...u/.. '.h*.v......T..K.8.,.....z`h...&.....\......K.pF..|(.(...."[\.wA.E.(..ek.w..j.....].4l..{..._8..c.l...jc.f.........#.J...........Z.P......N...#.k.......g.......(.9....P.F..l.....2k.l.......6!F-.....!..?.`F.j......wu..5.........'....)..uH.l.\.....^.Qg....P.2[5E.]1n..*UH=..w.M....i...^..k.....IUMk..>.{.....9.z.>N.<x........w..F..IS...x.lw...7I...iIZD.../.V....=........LTE..p~-........N.%.1....._.wz....~%..EH.x..+..=.GZ ...P.v.dIA3...L.y>-..H{.R`.....h-1....s$...3_.......J..5R.IZ...B.s.R.L.GQ,..Q3..>.tk~.......w.8'.E.^$..[.QR.->!h.].{E..$.`./>...#......4...R.7...L..=b..2...W...W.O..3Il....c.p6..C..9

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2778
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.093429809315255
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:0NYgUd4UKwKPJTnlPiEX8QHvs6IEX3BjFt1:f2fPRsQHdBL1
                                                                                                                                                                                                                                                                                            MD5:51D2728AC2976FDF6EEB3A02CD58982E
                                                                                                                                                                                                                                                                                            SHA1:3D4AF58A6B52EE70064ABF68A2412AAC2CDDD42E
                                                                                                                                                                                                                                                                                            SHA-256:C3AED6A54154090685DF3BBCD72E7A84943A4F3D5E5491BC6446A0B2D538C493
                                                                                                                                                                                                                                                                                            SHA-512:734DAE65AFC8B551ECBF6665DD0A48DE8EFF2CB815A079A2BD7E37E19388253E39441A779403CB553D091449AE1EB858BA560726B86B2486220BC694F85CB6B3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:The JsonCpp library's source code, including accompanying documentation, ..tests and demonstration applications, are licensed under the following..conditions.......Baptiste Lepilleur and The JsonCpp Authors explicitly disclaim copyright in all ..jurisdictions which recognize such a disclaimer. In such jurisdictions, ..this software is released into the Public Domain.....In jurisdictions which do not recognize Public Domain property (e.g. Germany as of..2010), this software is Copyright (c) 2007-2010 by Baptiste Lepilleur and..The JsonCpp Authors, and is released under the terms of the MIT License (see below).....In jurisdictions which recognize Public Domain property, the user of this ..software may choose to accept it either as 1) Public Domain, 2) under the ..conditions of the MIT License (see below), or 3) under the terms of dual ..Public Domain/MIT License conditions described here, as they choose.....The MIT License is about as close to Public Domain as a license can get, and is..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2778
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1415
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8549082461408615
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JOLYbK0dmv+6CJclboRytEwBdCwOxrHi10t+nLyqkw50HOM9wXy6uaDxSw7un:wMbvRGtGyt7BYwMrHs4QeqkBuFi6ua5o
                                                                                                                                                                                                                                                                                            MD5:AA5DCAE7EE383BD4A0BE28C302C22459
                                                                                                                                                                                                                                                                                            SHA1:0C41F1848F561A586EA0E53428AF8E91D75471CB
                                                                                                                                                                                                                                                                                            SHA-256:E18DE5CB85C965FB7A8AFA58DF1BF0D6976FB8A4F0382D90744A18623B396CA4
                                                                                                                                                                                                                                                                                            SHA-512:CC39F7A70E22E8DFB448AF580AE57AEFD39B58EF7887A24E1E7FE0018CFFD1CA63B4FADF3BC7C13461EC65DACC860B8BFF677DB3D670FB6CE1700A865A7298CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........*.......b0%t... ...a.F.....GGe..w.yb5...A.C.\.*..Q..D.'E..A..~..{....0gz.......#.$...c.-..K.dK$....o..aq....>.c|X....&....k=.G.B.._.B.p........ThNkX.!.?`..L...*^.....y].s..T".]....?.m..]U..K[......(.;.m..u .|.9Mnq,..Hu.........>.tqC|1.....a.1R......Pb..=M.N.b$..k..[...[7tI[g..."....+..mTQ..].{ .k...W..e..vn._...q.~B.R#.....E..Yn3../..X..9.f.}...o.p..L.{I.G...W........@$.yJP.\. )U."\m w.4.n..;,....c..*.d.`.S...T.DR..2...\=.?.G.W.`Jn.Z...f...V~..._N..R.U.".:.)~.%.v..wOS..J..s-.w;...J0...:T.Y.{...s-..8.......2V.r....w...>.Q.....Fo..*.L.j..vT..C...c....e../k.j.X.V .?..)....<.o..N.L.....&#.w..N..xN.cy..k.3\..kv.....u6K.{..'...?..N..U.......#..AI.........R.....l....n=...6Ff...........F.mz...uvM..;[oi...h....j..]dM....Y....{....T...W....,..<gkR.......UC`"...(E..zY...*.J.:o..*.x.:Y....V.H......S.L>b....x....Vm.../GRW.....6.t..n.&.q[.@,.M.f....%.$'....*.(E.xmZ.~ .....4.o.....7.r.w.....G.B@e|+p.0n.2.......8.];N..x.)....4..D..R

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1086
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.187094111501185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1rDJHcH0ynYgtoJq1hBE9QHbsUv4fOk4/+8/3oqaFN:13J0lYEbBGQHbs5JK/3oDFN
                                                                                                                                                                                                                                                                                            MD5:513EA4BCE55C427E58B1B6D40D087D24
                                                                                                                                                                                                                                                                                            SHA1:D2F6CC5490D34DA9FD15E6EDEE4995D6EEB42892
                                                                                                                                                                                                                                                                                            SHA-256:7732FA42EBC8652EE3300A086A068F6AA5008CFA0D14948B144E4B06C82EFDA7
                                                                                                                                                                                                                                                                                            SHA-512:0C9F8D90F4CA229B5F175384D0CF348CDB8BCCC062BA5B2F97D5ABA0B9D823B0EBC2A0634041EC70E62715250A238B41B0C31CCD76AC24B8E864508D93251931
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright . 1994.2019 Lua.org, PUC-Rio.....Permission is hereby granted, free of charge, to any person obtaining a copy of..this software and associated documentation files (the "Software"), to deal in..the Software without restriction, including without limitation the rights to..use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies..of the Software, and to permit persons to whom the Software is furnished to do..so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,..OUT

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1086
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):804
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.72729539417356
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JWuK+5toKnJgWlgIizWiqZV4JLFMfy1TW4xBw/IPqQn:JWu515lgVWb49HPw/IPVn
                                                                                                                                                                                                                                                                                            MD5:439F0DCD1762EAA24802E5AC761E43A0
                                                                                                                                                                                                                                                                                            SHA1:A7871BD7E297D1981072CF7D11BB0AFD9C703A5B
                                                                                                                                                                                                                                                                                            SHA-256:E5DA676E8667A707D937A48213CD0B533A493EC662BD968949E31184B53C6250
                                                                                                                                                                                                                                                                                            SHA-512:E4C1BF4C01C62DA4CE2AAB27D88531CA7E286366FCE62369FFF61D722005E1B4D548BFA46F4021CAEADCFA8311170A124AA1A89CC0D6381941CBF38D40F35D27
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.>........!....w.f.....O....`z....%.%.@X:.k}.*....P.t..OZq&...Y..=T.@u.&Q]2y(...]...7HJP.7.@........<.g\...zm....H....... ;..b%.tuwbB...Y.-.O..V....n.jP9^...@.s...;T....M.W.d...%..`_....h..\F...S.a..9.._r._..@<.6.F.oX...X...~..nQm.a3ab...V..#.GBT...lz,....7.#...:H...`y.Y....5C.$....T...)..x..U4.X...F..,..S.b...I.i..7.9.#[..3.*....o....9.8G..D!....J....w.e..H.t..\.X..D3v(cy...e..O.s.g.9XU....+.oNE...ZR........Hv.u..''a/D5N&2..p^o].;...._.7....J.Mt1m.&..\,6"`.T.&.(.E......:.\.r=......}..v.0l(o.13.Q{!...A.a@L.l..J.Op .G..#1.z.Te....M.C.i..|T.}...:A.f~..".=.!,....O..k5... .[lT17`m..5_.%.`.....5../.}..A.....1.X?..%.......m[...2h...I..c..J...w....).a..S`v........ASWiSTRU...d..lexbor.txtk` .I........V:^.c.G..*V..) &.>..L...A..D.6V...?....Y.0:.....ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):600
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.897043737762326
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JEIZIzFOnlTICJF9sEJcm3IWbs1RMhaKfJixVBJmgGzWR:JpiFOL7yy3Iis1R1BvJm9WR
                                                                                                                                                                                                                                                                                            MD5:D774C7A88D7B41D7C73490067B54E3A4
                                                                                                                                                                                                                                                                                            SHA1:661206B3D45D9F6836915CB266F8536EF8ED39D9
                                                                                                                                                                                                                                                                                            SHA-256:6182268F7C8C37FEF81E83F722D1AC9BD1EA4307F16005A6900BC1AA473828E0
                                                                                                                                                                                                                                                                                            SHA-512:7F9BC6A96E2CD7A1B8522EDBCB72BE141A5136DDA654E0E8AB5CCF39A216B23478C64BB4FC68A71EE303237E6E9E063ADB84873BB786E235E9A039D914E7B762
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:LICENSE..-------....LZMA SDK is written and placed in the public domain by Igor Pavlov.....Some code in LZMA SDK is based on public domain code from another developers:.. 1) PPMd var.H (2001): Dmitry Shkarin.. 2) SHA-256: Wei Dai (Crypto++ library)....Anyone is free to copy, modify, publish, use, compile, sell, or distribute the ..original LZMA SDK code, either in source code form or as a compiled binary, for ..any purpose, commercial or non-commercial, and by any means.....LZMA SDK code is compatible with open source licenses, for example, you can ..include it to GNU GPL or GNU LGPL code...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 600
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):517
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.55676948921426
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Rb4igQO3XG9dbnMfstPo0Lq2fzdeIl6IiaDFLBgTsvrkuObt43Ln:Rb4VQ4XGnbMExbO2Z6IBFk5um43Ln
                                                                                                                                                                                                                                                                                            MD5:0F334613887E0B0968ADEE408EC77C9F
                                                                                                                                                                                                                                                                                            SHA1:7695F8836B27A460AAC02B7F7ABE9BA662D56336
                                                                                                                                                                                                                                                                                            SHA-256:89A6FD4ABB581642D8E8F3EB55331491C990AF424894D2BAA99AFB4355B26976
                                                                                                                                                                                                                                                                                            SHA-512:FD5AF5323DA972D612B1D1725A5C505FEDE07FC489F7C131839E280A10786E7760EC59DE3FCB3699C75AF9066C36C5D5CC817FB80798DF1CEAC07BCD7DFB28ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.X........&.Dk.....T....s.O..".>v...P..8.`.4cMc'.........zm..T?.z..`.(..!.....p....s.....R..{z.mcF.3se...\.I#W....E..`..........?i:.WN..p....I.=...X!.b9KI...6.F...@.?.V.NB.^.4.....Q......^.A.[.u........q...~29.J^W.I.....'.B...............U.Z]..#.....$..|..X.l....0...K...M...l.(........Vf..y..}.y....E...Q.tL.P/....*o..pM-K....L...x..V........u...G..~.(..,...cY.....W.....-.3..a.H8.d.jcI.5=.n....'.ASWiSTRU...d..LZMA.txtu..yA. .U...[..f...p.&"....K.K......Y......^1..B..e7...=.. ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10352
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.440603698068024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qf9fG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhR:k1u9b01DY/rGBt+dc+acR
                                                                                                                                                                                                                                                                                            MD5:97AA3AAFA51953D4AD591398B916595E
                                                                                                                                                                                                                                                                                            SHA1:A849084B5239438F44C43B52576171F660576E2F
                                                                                                                                                                                                                                                                                            SHA-256:ED72CE2B51EE58F117E5A021E2E04AF158857F40269FBC03491F0B2A99DBCC96
                                                                                                                                                                                                                                                                                            SHA-512:0B54F6B692EE9C92E0A867361B1601459CF6BCBD653B902E1DAFACF3EC445AF11023E8A5F7485E4513D351EC662BA39DFD52A9E84858128E512E68ACE970C18B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.. Apache License.. Version 2.0, January 2004.. https://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, o

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 10352
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3581
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.95207739138025
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:byrXoyGtHBzb/mj4al9wStxCa7CXuBX4juleQIkZWTFon:byz0HBzbSJ/xCakAX4weMZW8
                                                                                                                                                                                                                                                                                            MD5:2CF4EB412F65554E37391153DE649B08
                                                                                                                                                                                                                                                                                            SHA1:B07A2E70AEED152436C325E48836FA398851907C
                                                                                                                                                                                                                                                                                            SHA-256:27415E0CC93DACA89B9E30A8952804DD1D254360C138A010D1A24E6A376D2D36
                                                                                                                                                                                                                                                                                            SHA-512:2E6E29FB6E3A5830614EDED0653CF326AF68624FB168AD277B7A3670CE8500254CA60C2D7758F4FF30F558D9E26B799BBCA988CF344DB0E64CFBA9E83E1E7966
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.p(...........tf..p.~M...-.......SI..1v%.....3..Z.%....$W..........v..X...=..!\....O..q'n......Mze"....P.)..)o.5.!.y].+.Vq..........YZK!.0....`.C1.<..........D.4.....v~5o"...8&Mn ..#l....p.8k.c_....F...y.......y.E.:.C..;...../....4..JF...yX.:..........,+.7.H.6e...3M...d.*......B0...........B...$&..)...P=.).1.KX..........B.%..U..2.....T..`.G.".(.L.|=.wu._.K>..z.X...v.%....a..9.M].....KT...l......s.H....C..v.+...,....V...*Q.".m..y..&...I.t...ru.9...Y.y:A.}...|.2..!n.........#~7.......e........]..7},...%...L#...u.(..X...[.M.H..r...9......dj..O8........ L[.<:-....D:...2.2{.Y.!.@H@/8.Z...8RRJY.5_..nh..\..e?...w.......Y.@.i..?f..>JP...,.........TEj..9V..&y.. )F.$.8......Wz.&-p.ek?.R............!.s\...)Ph*{..RE2..h..j1.Q...{......+.,...h..%X,.jD+ ..Xl...*X...*...?..4\N...B6.,x~8.+.r:_..F..+BGV.6#.!.!&yl......&.v...W...-y.3.Y?.2..U...BT2.%.x..pv.....K../.R.o..Ag..P.&...Pm.z._O...q....N...0..]p2.s.E..lK..e...WF._..;.j.wg..Go.....f]RR.x..._a~.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3550
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.184894121826678
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:7tmXu4cco6bZtv3Kfv3nOO/JXRJFNMH432smA32smEtP10VwH3/BpPCsHn:QXrcco6Ntifj/JXRJF2Y3V3yrwv7n
                                                                                                                                                                                                                                                                                            MD5:347DFEF587108750FA72297199FCC986
                                                                                                                                                                                                                                                                                            SHA1:0E34D7CD8AFEB7E3A17BB25F371262A1DDC564DF
                                                                                                                                                                                                                                                                                            SHA-256:08BEBDA80B178F4B558FAED4E52930F66E855614E4DFAE15A436733B4712E041
                                                                                                                                                                                                                                                                                            SHA-512:DEFA096320296C640A94A6ABEAD06698A7682BF522DC1F216BD6A3FB70519D789B83AC061A518672987F6CF2D5FE5F7E60D1F9DCCFEC5B74C9B387ED591339EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:PCRE2 LICENCE..-------------....PCRE2 is a library of functions to support regular expressions whose syntax..and semantics are as close as possible to those of the Perl 5 language.....Releases 10.00 and above of PCRE2 are distributed under the terms of the "BSD"..licence, as specified below, with one exemption for certain binary..redistributions. The documentation for PCRE2, supplied in the "doc" directory,..is distributed under the same terms as the software itself. The data in the..testdata directory is not copyrighted and is in the public domain.....The basic library functions are written in C and are freestanding. Also..included in the distribution is a just-in-time compiler that can be used to..optimize pattern matching. This is an optional feature that can be omitted when..the library is built.......THE BASIC LIBRARY FUNCTIONS..---------------------------....Written by: Philip Hazel..Email local part: ph10..Email domain: cam.ac.uk....University of Cambridge Computing Se

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3550
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1724
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.891787702933118
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:dArE1hCJF4ynaUZcoAMHvsDZ3QV5G7nHWgMWLzjn:skyadVgsDZ3FDGWLfn
                                                                                                                                                                                                                                                                                            MD5:DC3976F36AD25CC6E1E35FA9B58C09DB
                                                                                                                                                                                                                                                                                            SHA1:3C469F4A7A18A51556EE5B5F96DB464BF89A2E30
                                                                                                                                                                                                                                                                                            SHA-256:4BC8F7FB518DB2CEF61B00C9A7682A7DDAA72D24526EC51130C9E17817B43AFE
                                                                                                                                                                                                                                                                                            SHA-512:7A9194609EA4D3FF4C4ECB1930BD532B7AC88B6F5D5C3D8BD9441BEE0F78B47418C9A780A5793126A150A8A892556A179AB8C639FCE68B7F39625522AD8932BF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........(.....]Iq.Vq....,Rx........8..._...&7....6)K...;7.Q'..w...$...GuZl.u.L...I....5..69..8C..#b...D..K...e.yLP.Cx..D,.Yh./-.2a1Q(..i..g..K../Dh4J29...u.i....FU...V...Q...&r.&R(......X.....b.Y.xv0.#......R.^.E.,y8v...0N).....1.D..M..>._..{.=6d........q..|.V.......).&.v....3{....K..>..?*y.!.j...F..).&7...B.H...R.....7...^s..x..-.mudX....n.....!`.............4..1...D..C{......+;...w.z..{{K.7;.X...\Y.l..,.A.2j..tN..85* .....7....k.[..8.O..|6;.PV.FEt..2.N..w(....]..O3.).".F.LX..}.R}>.V.....~..V..o......Xy.{..y.?.h(..P.m^........D...i,...*.S....0A'ol.z(.....%..?...q%....BUv..J.5..G34Xl. .i..u..v.@.r.wg.a.|.i.g...H.Z. !R...;T..q.P....5..."..8.....v.gZ..@.k7._.._p..<&\9.[.........X..[-....o9...=).F.....W..M.NE...b.3..j*Q.........:..4.g.6.LFTi.}....Y,....Xa...L.5.....):...!..e......}a..w8.|.N.....il;..6b...!.F\.......#@jmf....Xj.Bf......D...}...Y&.nk}.e..,r.B%..|.%.!.gg.2ue..0...[X.t...Cj*s.{@...;..L|..k.........,..2t&\3B.......B.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2751
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.171482269491816
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:+OV/rYJ//rYJWrb/fstsua7+nP2lpL3Tx432sUWzsAp3m3EYz3tYT2l5X:rV/rYJ//rYJWXca7+OHjy35zsAp3w92w
                                                                                                                                                                                                                                                                                            MD5:B2FEAA6A26C0149AF9C4FBE2D6B692B1
                                                                                                                                                                                                                                                                                            SHA1:23DF548394B0B16E6D5C733B427307288E1B359B
                                                                                                                                                                                                                                                                                            SHA-256:D7E3EAF9A5EC61DD5F4065D252A2B0130C0E300AC3AC9CB307469E2A86EBBCA7
                                                                                                                                                                                                                                                                                            SHA-512:156E4CB2A1AE146CEE9CD25258B299FDFAB716866EABBAB3E01F23A0E063E4469537C0A1E497D36F829E710211FCA7DB58608AE6BCE87CACB75C66C8A57483B3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*.. * The Apache Software License, Version 1.1.. *.. *.. * Copyright (c) 1999-2001 The Apache Software Foundation. All rights.. * reserved... *.. * Redistribution and use in source and binary forms, with or without.. * modification, are permitted provided that the following conditions.. * are met:.. *.. * 1. Redistributions of source code must retain the above copyright.. * notice, this list of conditions and the following disclaimer. .. *.. * 2. Redistributions in binary form must reproduce the above copyright.. * notice, this list of conditions and the following disclaimer in.. * the documentation and/or other materials provided with the.. * distribution... *.. * 3. The end-user documentation included with the redistribution,.. * if any, must include the following acknowledgment: .. * "This product includes software developed by the.. * Apache Software Foundation (http://www.apache.org/).".. * Alternately, this acknowledgment may appear in the softwa

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2751
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1345
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.85790324753255
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:XCvbHOz4aj3IKFcXYMGesYgF/5mzDWDWHrOOp05xl3boK7uOKeDCgEXvhxS0f+X5:SvbH4DIbGbzGD9Lzpkxh8K7aW/+vW0mJ
                                                                                                                                                                                                                                                                                            MD5:A62ED83380A0387DC3F561A1C390FCD8
                                                                                                                                                                                                                                                                                            SHA1:EAB442F526F09310DEE52091E7F807CA2A0EE84B
                                                                                                                                                                                                                                                                                            SHA-256:58F94D5F7E5B2234CD226CDF18439E30064CD76AA8926EE354B0C9CE804B78C0
                                                                                                                                                                                                                                                                                            SHA-512:40EE272E677FF1D56D4A95E3EFDC63125DF3D771B1DFB1216C7953E9725ED7E0671CBC36D293D710A3D74ADFB543CB5785F9FAB3220F50660416480C53F74493
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@............}.?...h.. x....y{nxiR..d-....,...e~2H...Vx.......aTl.2..u.. p%.......?.....U.*p.."..L.}._......N4..+.&.........?...K.a..*...).-..s.P~W..-..P.C.,j..k......w...6...wdQ;7A.'A.]..3cp:.!.mz-M^....{..f.. 7..%j.X..\$..l5j....Fe5..'.C..W...:....p.WB.]>:8...W.......<..P..QJ.p....'...H....%P.U...C.oTq,..Z.$v.5*U..@".d...vG:..O>6.5zgI.|i..9....n.0?..(.....g.p...r .Y.B.'..~d.J.k(C.D..u...jS9.|.C..#.......bm.&.B@.h....#...3A..I.^.1.U...0.]..k..K....t..p..?Z.G.....Z....g7...8.....q=...`#*.P...V%..n...=.>,9_.r.#............h..u.D.....T....m,.&._1..[)..(+....#U...S...I.H.p)u.{...k..h0....j......a...r..........N..HT//.Ic...JXs:...r..h..Q.............N.S..........#..5.e..]9..w..O.`......Q..m..m..?8X..1.h[$N...-..P....+f...t...v.....9.@"..vZU..l...[...*j!.v=~}..&f..c...n.....Q.S...I/.c).........M.....E.....$..E...X....k..2f_^,?..``...#..r.....K.Y.l....m.H.#......7.1.........0...W.-...E.k.I{.WB.ZD.n.U#..R.U.o........p.G.p...h.F....../r..\GJ...xk

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1103
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.17831518423703
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:gLgrrzJHkH0yw3gt3DQJq1hjQ9QHbsUv4fOk4q8/3oqaFz:EgrHJMlUE/jyQHbs5J8/3oDFz
                                                                                                                                                                                                                                                                                            MD5:7DF5CD81700618EF9926FEB32290D2AF
                                                                                                                                                                                                                                                                                            SHA1:4763BA7DFA7730D98B190DD8A4A2C6818D301FCB
                                                                                                                                                                                                                                                                                            SHA-256:60AE0F13E76CC2EAAA108677EEFA4CE16B647F6BBE8CF0A1AC9429D82ECA7248
                                                                                                                                                                                                                                                                                            SHA-512:92C0BBDC5155D6E218682840DDE38697327973B8F45E0C6D100705601449A6F1F8EBA74CEF8BCADF09EA945602B378BC64E81885F40965FA038D7974A71E5641
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2009, 2010, 2013-2016 by the Brotli Authors.....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in..all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, AR

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1103
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):804
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.726477356131443
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:h8wTg63/Rhcbl3jhU0ZNd7eUU93i4WbhSrkkBbwfGKOE4n:WwTg6vkbldB/ZUVXsAbwGE4n
                                                                                                                                                                                                                                                                                            MD5:BB1129159018516961C720061ECDFC4D
                                                                                                                                                                                                                                                                                            SHA1:6C3DA69A969A4EDD17B1FEF22DA10B358BFC09CE
                                                                                                                                                                                                                                                                                            SHA-256:0EB512A086DE28369627FBD017CD89233EFE216898EEA54A8D5D8F34C9710B0B
                                                                                                                                                                                                                                                                                            SHA-512:E708D30B85B012157068E54CD43BD75CB7A6E0F95D1DFE975AC6DB7D00732DD1F75B768E77678922177EADAC8AFBA938E038B660149E9C960362D3E30472C36C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.O........!....w.f....}.%..}...1U....v.9H.}.(..H.k..7J.%.U.D...R.P..I......@<.;..k.b..M.U.8.=<(....21'nE....p.....'....U....&Bw..0.8..&..kn.V.0...._.GniD|..P..M.g"....p..."..q.'.kzh.?..../kP.zif....H...}..M...Hm&...h..BU/....[.....pj.L..F.X..<.E.%....K...'....B.C...o.p.b..7..\..m...J....j.=y]=$.e.....b.{.R.._X..0c...MyA.^..X....V.o.2.a..-.....k......T.....X.6....Ay.........hV.'.n..S...j....._._>....#.'........y........=.$`...m.ra|....m....5.}..[....U.%e..bG...u..y...[....A......B.:E...Wo.{6.GO.d..K....c.s..m..J<k.s......bA..0.:t.#......Zc!....^Y...M.t8.D..].....&.G...c...U........#v./,p.:.!y...4....b.D9t...v..Y.....|Q....-|.h..q*?.!...J.?..^.......ae..ASWiSTRU...d..brotli.txt=_.w..\W;D.../"]c...Q.2..w5..g"D...w.R`......*X1$..C.q....,q.ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1349
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.214781999300611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:zIJlsAUni9obOVprYFTsJPprYFTsgY9iS432srEOkh4ROUT32s3yKtTfd13v0Txf:MfL0OVprYJ8prYJ2iS432sEo32s3LtJS
                                                                                                                                                                                                                                                                                            MD5:A5F132CDEE178B77DCAC80346CC12B62
                                                                                                                                                                                                                                                                                            SHA1:D44350C4D2332A9A30F154F896E88A3E89016825
                                                                                                                                                                                                                                                                                            SHA-256:331B34C5D939627EB370FE4250BEAEC0D0FB5EDBF687B0C3631930385026CF7C
                                                                                                                                                                                                                                                                                            SHA-512:D3E45FF903524667E40FD06870C957EFF349E44EEF22A2D9E9E01DB9FF806DCFB3082AD5BF974B864944A6C4B2D7D9910D67E440A5BDB50BE23600115537588F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview: Copyright 2003-2005 Colin Percival.. Copyright 2012-2018 Matthew Endsley.. Copyright 2018-2020 Emanuel Kom.nek.... Redistribution and use in source and binary forms, with or without.. modification, are permitted providing that the following conditions .. are met:.. 1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR.. IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.. WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.. ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY.. DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL.. DAMAGES (INCLUDING, BUT NOT LIMITED T

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1349
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):857
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.730941400621132
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:SznO/g0bmkJPgf6mvtAW/NHkZrp1NppOWURBSnnWXc+9ndn:2n2VKSECjpOjQnadn
                                                                                                                                                                                                                                                                                            MD5:BF6123A57989419FF0253A843CEB025F
                                                                                                                                                                                                                                                                                            SHA1:FC544616C5F109366A1C3EC212BC0926762DEDBB
                                                                                                                                                                                                                                                                                            SHA-256:A02EEE4DA9187EBE05ABA15F8E63FCD55040C257E411B1E94E9F1C70A0545670
                                                                                                                                                                                                                                                                                            SHA-512:D518082F6A63480C140694C65F532285D01A40613788EA3C95BC41EBC9D8884454433B74F264218CBD3757D4EE56C92C4F2D0B52FF103DBA0098A042C56541A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.E..................kK...8..s.[e.....;..a.......8m..F..@WoNa.....jkA?....hk.nhanP.%...D.<...F0... .....7.OV.7....<-%.......r.....e]...P...W.7/...xB...X<.f..WH.w....v..%...=.7.&.".TPa*.Lk"...y.VM...Y.7.Ce.7j..h.....o.....zX.5.0.p.....b$...V3*z.....M#....+._...6C.q.L.^....U....P...vtSi.&[.a.W.K.....t..."...R....Hl.n:>..#.B......T.E....D......NK5...=:8..L/~"...].E.=(.;......m...U...(.........i....G.vP..0i.....v....\.S,...T........G.6..]J.'..U.....W......#.......8..uhz..I..I`$9....\./S..?%....b'..V..hMb.zP.....T(4.M....0..$~.....E..._.<_....Q9.7.Y.S\...!.vm|?...;.g..@....Pu..(\.|..T..=z....A[.....a.IV.X.Hl...y.;@ ,<x<..N..kS..a..M.d...........J ........~.K.P...5.:B.(.....!|C..BP..t...)..Cv...bt...I..3....ou......5.ASWiSTRU...d..bsdiff.txt....[....a.5...7....<.:.....]>R;.b#..x~\rp,D`#.D.AP[.wT..*...ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1936
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.230203854704142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:koO3qOV/rYJP6+HzumHPmic432sVosr32s3p/tP1OtwH6L:klnV/rYJiUumO03rr3zoKI
                                                                                                                                                                                                                                                                                            MD5:9087D9182E280D5A124E844FCF52AF82
                                                                                                                                                                                                                                                                                            SHA1:058D1D953744A7ACE99B86C97238A3083DDE120B
                                                                                                                                                                                                                                                                                            SHA-256:5ECA2C8028DEE3A4728012BC60A763F69205325D0EB75B344CB7E10A788FAA96
                                                                                                                                                                                                                                                                                            SHA-512:18758D28733AA9DB4257DB7A18176A8459265021F6CC60E48EE6BBCA422411D798BC597A683AFEFCE0045C2B025E65577F6ED085FA8C9ACB10B3E23464DA6DFB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..--------------------------------------------------------------------------....This program, "bzip2", the associated library "libbzip2", and all..documentation, are copyright (C) 1996-2019 Julian R Seward. All..rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. The origin of this software must not be misrepresented; you must .. not claim that you wrote the original software. If you use this .. software in a product, an acknowledgment in the product .. documentation would be appreciated but is not required.....3. Altered source versions must be plainly marked as such, and must.. not be misrepresented as being the original software.....4. The name of the author may not be used to endorse or promote .. products derived from t

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1936
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1128
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.838520211015458
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:OBUr7gOjoL0JBUpu/AHtP79CiwNRoEYdj4aTRNtKu0Tn:OBfCBUpGAHZh6ahun
                                                                                                                                                                                                                                                                                            MD5:01105457609F2F5BA8AD751C95A55BA9
                                                                                                                                                                                                                                                                                            SHA1:6C08C86F7A520B4D17DF6C64298D75161426469F
                                                                                                                                                                                                                                                                                            SHA-256:45730251AA151039421B5CF2B2A45E04A1468C3510591103407507314E7C51AE
                                                                                                                                                                                                                                                                                            SHA-512:A9410F8C2C9461908F0FD5B7366C5B4DB804D270FAD6389C0192E202793E1351A68C858AA6F004F8C194495B69666C07228399D9A842F2AE0180F40A78AF466A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@................`.....74)..$.W..N...E.v.(......}.p`..[.....nr,....[6pkcM.b..'.x..|D.k.....N..R..2...%....O..F~...O....Ib.7[_....2?...E......I.j."r.....P.3..b...c_..w...?!.@h.=.hqd....].,.:..\...Z..[...f^ol{?..[t.$..3.h..F..=......M3vd...;.....b....A.0.;.C..y$........Q)f..#i...*..h....XA$.C*.......n......8...^p..";...Z..m..2?.L...4h..gq-..i.......Z.......*.%..Nb...l)@.....5.k....rx...:..[1}..w.^H....L.I..BI.....u....G....{a...&S..ga....AXg...M0.y..<.<...d...R"|.m..........n%......o.6....4.f....%.#.g......-...Q.E...>.|TR...4..@S{`.....>....`.....gk{.I.tFeJj..<...X..5^..B..5...;...PL..J..v...o...=......v....).....)".toi..?...3......@.w."...1.@t..U.u.Jyu.%#>..d..m.~.2..\.]^.B..qY..x..;.;.?"%....3]......l.~.,X.c....8.{.#\....+ ......7..R....._..inpLZ0..i...vw.....j...\....^..<....,....E.Q.f.>.....z.}...|l......_(....nd?.}........hB.f9....@...4.z. 3.e;;.<.....iP.Q.f..>.) ....v......:..8q..k..tQ..do.........k*...I.S.Y.z.~.Q......*.'K..?.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):673
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.41061690497559
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:okOG62Rr3US4esl8sbUsgq6L49Ugmq6NM4obx9D1uqXR1qRfq7HFM2VPXI5YtJyz:RMgnbi67q6kdmq6ZodDjXHpV3yz
                                                                                                                                                                                                                                                                                            MD5:128B02BA4177D31EF91600882BB0BABA
                                                                                                                                                                                                                                                                                            SHA1:6B98F098FA3F1CAB58B9610B0AF9C9545D5010E2
                                                                                                                                                                                                                                                                                            SHA-256:B87AC954A37F855F6F7199A3154E2E84623558DF980E8AFCCB94C5C93BD4CBA3
                                                                                                                                                                                                                                                                                            SHA-512:77B2FB5862BD1D999CD9549319FFE492ED20AA63659003BFB48C2426242984F97B6666BA9AFBB0CB7D71A46F4F5F7E883E31C248F9B9EEC339E3D4D7FFA66A0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright 1998 by the Massachusetts Institute of Technology... ..Permission to use, copy, modify, and distribute this software and its..documentation for any purpose and without fee is hereby granted, provided that..the above copyright notice appear in all copies and that both that copyright..notice and this permission notice appear in supporting documentation, and that..the name of M.I.T. not be used in advertising or publicity pertaining to..distribution of the software without specific, written prior permission...M.I.T. makes no representations about the suitability of this software for any..purpose. It is provided "as is" without express or implied warranty...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 673
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):513
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.5405396036401715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:p8V+wCQZHQ7c/FR30B56gcUcIfx5VePzcDrdpoxn:eV+kZw0306rv4VGzsen
                                                                                                                                                                                                                                                                                            MD5:D3BC72FE10A34A26249BB21A982BA991
                                                                                                                                                                                                                                                                                            SHA1:547AF91CF3877655E2B1BF5A290CF7E9BC46B681
                                                                                                                                                                                                                                                                                            SHA-256:FE7D081126C22423F65EB53D257E00D6529A9B3596C139181DE2E81138C56DD1
                                                                                                                                                                                                                                                                                            SHA-512:F5161ED48F6D411D0E97E42BDD9BB6037BA485C1B8AE61C704A22928C818093DBE1EDFD8F97A36356FD11CA0FD6EE2BCAF45E040D8C654C871DB60F9EC8B1C0D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f......,.......cAZV....1..J..S..R.....F.%h....C.....vs.).C.n...W.^..:.........&z..,UC.!.|...u......M.L....?>s<....?.....pL.E....~.5.ax#Dq....pK(.....a.......bEP:.\9JYa\8... s..j.0%..-...4u..,...x.k.|.E&.Y..Rq..q_.q...Qs..;..?K..<S..U..a.P....A.5q.G.....{'<..r...02#..EZ..Al.....t...._[......o.t...P...:.G.J.......5...>..K.F.f./*+OsK{7..0.<.?4%1....CN..Ja,..C....S.G{r....ASWiSTRU...d..c-ares.txtR.J....;M....\......B).n;...koJ.g.D*~..{'.2S.e.Y.;.T$~.@%..$.sASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1110
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.166860791847204
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:atK2lr8Cb7rmq6c9QHbsUv4fOk47OXdKo3txqyoTr9DLFiw:Z2lr5mteQHbs5JaOtb3txlCr93Fiw
                                                                                                                                                                                                                                                                                            MD5:8915CDA79ECB12328CCB33113DC85ECC
                                                                                                                                                                                                                                                                                            SHA1:127E0111A102FB3F6AF9AD82D0620F4C4AC2C164
                                                                                                                                                                                                                                                                                            SHA-256:7C3794F6AA18B133DC86045D00F3D5894682084692A959CE521982EED4554F37
                                                                                                                                                                                                                                                                                            SHA-512:30ACF8EB04E4063478C8CE0879C838DD9F9083EFB6E239393F4727CEA279A171AC4C597F3F1BF855210EED3091ACFB50D9D31851CF6A147774F3BF246D6F4D59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:COPYRIGHT AND PERMISSION NOTICE....Copyright (c) 1996 - 2020, Daniel Stenberg, <daniel@haxx.se>, and many..contributors, see the THANKS file.....All rights reserved.....Permission to use, copy, modify, and distribute this software for any purpose..with or without fee is hereby granted, provided that the above copyright..notice and this permission notice appear in all copies.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN..NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,..DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR..OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE..OR OTHER DEALINGS IN THE SOFTWARE.....Except as contained in this notice, the name of a copyright holder shall not..be used in advertising or otherwise to promote th

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1110
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):824
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.742028716867125
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ktEGGB/Xe8ekIeXLAFdBzymbjXd9ETp2ELkQEAF8Tr5JI4zkzwyD/uB1rIYY7yLn:8EGGsuZEvBzZx9E8MkdRT/I4YzZgL3n
                                                                                                                                                                                                                                                                                            MD5:E3DFF3FA4A758AF7AB010463553A9F7F
                                                                                                                                                                                                                                                                                            SHA1:38F005AB5CBE87415FC367B0B94261F212495B46
                                                                                                                                                                                                                                                                                            SHA-256:F54E21ED524B64078BBD66717D6922107FAB77261A4B210CBC80867FCC5C0CDE
                                                                                                                                                                                                                                                                                            SHA-512:752ECD638E93938E214F19F496CEDEC4DCAE7F4F6004CA3770A773D49C603D33E8B8B96886A23C5E2CD65F663BBC8B0FD66EB231C95955C4D35DAA4767C428B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.V........!..GO.k$...n.|.S...."7r...(.AO.<.B..a.heHV..t.....27..,.*..O...[..a..V.....7.B..`(I.*...o.+mD..C......R].......h.H..._...N>Q....a%.......A.Q.. n.*K@....+..v~<.....-..'d..3:X./..H..]..z..F....#.`.I..)....M~0.....70..j.w.v......VN...\]...ul....s?z6...6.<...C.=<.....}...(.^B.MX'y.e........jZ7J........2".|.-......-.vi.Z........0....."...u..c,%.h...j.....M..3...l..N..<..R.....c...X?..3@"|../..Yj..r..`XJ..+..^..Y.Q..YU<d..L....W.e...j...8..."CGe..,..e.c5.v...[y.......p....i....<,..4....(..d]-..D......%.."n./j.Xx.%^.....g.?{?3..kn.6N..n...\.....>..>.I.].e...P1.@..{..8Qa....YcR.F..M.c.8E....#;iD.& o.:......l...|~w.......<.\.g.^..U}.CR.{+R...n.e.a..hp.U#w..V...o..9m......Q.Hd..'..7..C.P..ASWiSTRU...d..cURL.txtA?...^e6....*..O. G./d...W..~..o./...D#..5P.8].Q..<.w.S....#ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1691
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.208095677978678
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:XwHciQuOrrYJyrYJubjChmPU943ZAw30EKmk3tmTHy:gHTurrYJyrYJubjChFq3L30hUTS
                                                                                                                                                                                                                                                                                            MD5:4434D135A9D9631E1741CE7254375A0F
                                                                                                                                                                                                                                                                                            SHA1:E2D2DD3FA7A0F0F7814118AF8C03094FC325D333
                                                                                                                                                                                                                                                                                            SHA-256:2E69C36A7EAA4FA153426EAB635C607EA0356CBC7A68A70F42A49E8AB8EB8106
                                                                                                                                                                                                                                                                                            SHA-512:9C59379E08895138E88B588F0EE3C4AB0938E8FD6906AB041484C6ED90DA38C7EF9DF7843002ABE5249B359DAC56C9C064F9119E58EEB1FD34BB2B7A35194450
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:// Copyright (c) 2008-2020 Marshall A. Greenblatt. Portions Copyright (c)..// 2006-2009 Google Inc. All rights reserved...//..// Redistribution and use in source and binary forms, with or without..// modification, are permitted provided that the following conditions are..// met:..//..// * Redistributions of source code must retain the above copyright..// notice, this list of conditions and the following disclaimer...// * Redistributions in binary form must reproduce the above..// copyright notice, this list of conditions and the following disclaimer..// in the documentation and/or other materials provided with the..// distribution...// * Neither the name of Google Inc. nor the name Chromium Embedded..// Framework nor the names of its contributors may be used to endorse..// or promote products derived from this software without specific prior..// written permission...//..// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS..// "AS IS" AND ANY EXPRESS OR IMPLIE

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1691
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1000
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.808011528818833
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:uPIb/qcZFujhPvQoAcnY1GZN0xPewdQA7n:TqcW3UcDZ+6Qn
                                                                                                                                                                                                                                                                                            MD5:629184B8F6BC55DF587C1B1B8FA9B011
                                                                                                                                                                                                                                                                                            SHA1:873454D65A22B4349C69D3049970AA9CA52941B5
                                                                                                                                                                                                                                                                                            SHA-256:4FA465CEE617BF4A6BFCB6A36097820221F96A064C6CB5AF06146C1CDC6BBC74
                                                                                                                                                                                                                                                                                            SHA-512:E638CC38AF83D4A102665AAF33F45D8C630F792E20DDA2398B3D756C169C76499ED8498B0E7E60BA75FB34A9683F1841461FE897FCEF7C8351790EAD0C0E2EEB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@............|.o6^,4....:.b..{...._j"....o.n...~.H....\.K.....b..s.x..e@L..p.......N..!(..I#J..Z..P;....j....S...P#.%k..m.X.m....V..\:.1u..F.....B...mIn...d[.F.55.V.Y...F%.....0..[....?..6B..Y;..#.j..$).Y..T..._....7..=?d.>.?.i..F[..0.R..vf.z2.........]6C.u.....]9.....Tq..T...[Q..a.........9.........(......._@..8..n.s...=...&U...?X.$+......b.....l..8.nN.....m..AZA0Q...&.}.E...Q.6.~..)..XG{...5>1[.6g.....u.-.........;....d.a2..v]...O.1m....I..H7.....~..M..x.5.....vVzVm.C......x.W...D.g.E.Y..~..,..:.Z.3h9.D?...PS.(JS./.;.6.+C..kfH@X.j2..vz....:.n.kG_...r.....\.;;...zPVHC.1...v7.*H.x.q..z.....[..}v`....I......xa.....A!.N..hz5....fW....1zuF]u)s*.QD.{Lg...(..{...h..z|./Zx..l.aq..............f<..KN.>...6#W.W.........UVJ.....9...}0J...ti.|.."...2.T6W........A9.$.P.I...2...:.y...<lLN....V(.&.A.....Y.......c..CU...#...VC!0&..*.S.........:j... .|r..ASWiSTRU...d..cef.txtSs..,O...w.K.or.@..cL.....4.+.bw..p.....h$.....>.B..1...S3..ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1283
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.260449399642617
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:bOW+uAYBbfdfmq6o9ibcNc6vqPRmAXZF3e4Oeik3CPpzj5uBG0:5+ubBAtqibUtvqAApF3e4OeP6uo0
                                                                                                                                                                                                                                                                                            MD5:7EEE1933E27BFD222F8ECD48D463C30B
                                                                                                                                                                                                                                                                                            SHA1:506DD04AC3DB8729ABFFD4132294D017B8B1FBA6
                                                                                                                                                                                                                                                                                            SHA-256:E9BFBF4CD2BB60EA2982DC50DEE92466A81A42DE9B40E65C4EE17298646C7BCE
                                                                                                                                                                                                                                                                                            SHA-512:279D059DFA2C81C371000B865FE49389FA911BEBF4C4F7E83379598E3E109852B14A185F1BD970DC94AD53A804D7554A4547DBE7BD7902781DAA8DA1898F7885
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:dnscrypt-proxy is covered by the following license :..../*.. * Copyright (c) 2011-2012 Frank Denis <j at pureftpd dot org>.. *.. * Permission to use, copy, modify, and distribute this software for any.. * purpose with or without fee is hereby granted, provided that the above.. * copyright notice and this permission notice appear in all copies... *.. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF.. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE... */....====....This license applies to all parts of dnscrypt-proxy that are not externally..maintained libraries.....The externally mai

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1283
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):895
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.755723573922053
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:bVYfE0haPaGrbapmMqkXj0BnPtTvCkNm3iO3mG1LlA4n:bifb0vrbTMUBn1zCam3GG1LlA4n
                                                                                                                                                                                                                                                                                            MD5:D5898165BA53EACB1BDC28912B512D47
                                                                                                                                                                                                                                                                                            SHA1:D8A06D478DD3F33A294FA7F99B8C42E7321BCB95
                                                                                                                                                                                                                                                                                            SHA-256:67D9984E582F013668D265E29F30C0557CE4ABFE272F9ED7EDF5D6F76C73A3C6
                                                                                                                                                                                                                                                                                            SHA-512:568DE4E6A11164C9DB76207888262A098D273C3B23A52D66FEDB2E8CB061281462E348AD64BC9BB6D2174D3312A41888BF518B574A9AF374A2F4DB142BF92BF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........2...........o...6k..........T.@..8.(w.i....h;)...Y.....`....~2.......A..;b..mv(7...W.....K.G.!f`+c...{.h..mLb=...@.[V ..t..ZB.t..@..Z6..<.r....>........-.#...i.*.K.....*w...K.4=......JZ].R`..s..Lc...+.C<}1c..?.j.9....J[..=.6.O.1...o...v5R........[..PMV....1.yR....^....<.7.....pn..A3.U&...(.A..n..=..i..8.?......xN.......7..."..E...3..-........c.....@...p..-$...P...........{..U.}.3....tar0.......Ut..+.g.....|.h..(T............y;......+....}......U?.-"D..#..1.....o2...H........Y.7....,7&....f......*.-...........7b...#.*..t7zX.?v...xNJ2jS.R.}z.....N`....q...u.m.=J.#.|.........JY..|...o!.*\.w....q...$<.e+.J..~%....Y.oM..Ao.E.....7.b<...5"..(.:%?J(s.$5...x.6-[..sS$].}............^.-....RGRU0Q.$..s..O....8F...4>...\.w.ASWiSTRU...d..dnscrypt-proxy.txtS.d.eC..`..}"C..n...9.dH.%.u...h ...]7e.w....jM]..D..}.p<.....ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1517
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.136931786038229
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:3VvUnzn+bOVhrYFTtu+JPhrYFTcZ2Xf3Bi69VoU432sZEOSPWWRO232s+yxtafyO:3VOVhrYJfhrYJ1foo+U432sAL32s+Et+
                                                                                                                                                                                                                                                                                            MD5:4CDDB654FE704264C203B4D9C7C832C0
                                                                                                                                                                                                                                                                                            SHA1:9D236E8F305B4BC8C486DE24549A706A3957C210
                                                                                                                                                                                                                                                                                            SHA-256:634788199F33637E3CC36C61E5272F72CCBDAB87BE0C07EAAAF487C5F4F1CE82
                                                                                                                                                                                                                                                                                            SHA-512:1933696744C8A95BC6C82EF0D19E99F1D4291F6E0AAF8570E45BD74065EC076EA9B3E4B030EBC8DF52903F4F98AEF6A9727D3370834EFB9187E4CE24AB9A0180
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2015, Intel Corporation ....All rights reserved. ....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met: ....* Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer. ....* Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the.. distribution. ....* Neither the name of the Intel Corporation nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written permission. ......THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY..EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE..IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURPOSE ARE DISCLAIMED. IN

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1517
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):948
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.7431779058914625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:FlYeif3WN+j3lARufJ3X6bdc+G3f8FZybV4IOUn:FI3WN+b2Gkd/IKZI4Gn
                                                                                                                                                                                                                                                                                            MD5:B4EF5FE10D7E04FF5DE80CE70AFFEA70
                                                                                                                                                                                                                                                                                            SHA1:D1D4FDA4D0A446A02E035016BCAF75F26D11071F
                                                                                                                                                                                                                                                                                            SHA-256:24FA900269E64645C52FA661947E02482F110D9FC51E91FF6653B71AD705CF28
                                                                                                                                                                                                                                                                                            SHA-512:A12E29937F0BF4CF56A6F01B8840626D2EF6B5E779F6F626B82A67D4391328D13824C02A157CF4C3821A3BCDD071F28183D9DC36A96228CAC06FD0C79F92BB57
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....}.%..sD...-+.......r..qu..G..*G.....S..S.5....s:.t.@.D...58....'r2.. ...i.).7.L...c0...!.7K..X.|Tv.&..c.K...].5.Zn..?.+...T[...H.......P.p......k....S.~......L...+w}..d....RVh.[..K..k..i.[.p.O.Y.cW....).R..[x.#. ...t8..N]..yG.i>w..~..Z.v:..Sip.~.............f.x.c^Y..y.2....."|w.&3..v.CS....#mA<.w..W....k..4..H....A.p..... ...B..-...b.T..V.G.....d.tE.P.k...w.Z....D.k.D7..."...^.......".....'..k.. ...x9..1VO..Q._....LC..a._..F.$..B.........w.I).{iQ.'.2..h.T..ii....y?}24....4v.R....'2EK......../...".U.J......:....G..G....@.By....K..y....O...B....K8.Zxc:.B..x....s....IX.....>..X......Y..!.m.u'....U..Z.d'.=..$....`..aGt....'v.L.N.....G.b...q.....]..Q.......W<.^7m...l...z6@eO..<..M.8.....$w..aF9..]../.Z.N..J..T~...W^ ..g.^O".2.u...V......\+]3....F...1#.S....=W..'L..*r..h..ASWiSTRU...d..intel_asm.txtL .v.B.........^.=K.=}..s....xk.eB]$~....=..p...t./.%x...H..ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1100
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.168516987759519
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ybmrzJHkH0yw3gt3DQJq1hjQ9QHbsUv4fOk4/+8/3oqaFz:xHJMlUE/jyQHbs5JK/3oDFz
                                                                                                                                                                                                                                                                                            MD5:928FFCBE179CA1FAA2D4A2747CCAB1B7
                                                                                                                                                                                                                                                                                            SHA1:0978FA6A4BB455F6237ECA37956D179B7512FC1F
                                                                                                                                                                                                                                                                                            SHA-256:C8D3B9240B998223DAF58EA16BF2856CAA5CDBCB75E93D4FD20C548033D885E2
                                                                                                                                                                                                                                                                                            SHA-512:627AF0D12924E508694E977823FD6D705700EEC590E9EDD432605078B007143CEE5C70391143AE259CFF9287DB89FC3E613198C4C586236D71E2DE70CBC6D0CC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2009-2020 Petri Lehtinen <petri@digip.org>....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sell..copies of the Software, and to permit persons to whom the Software is..furnished to do so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in..all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISI

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1100
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):808
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.768900480791838
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:DoOeBjCm7U2pGprX3L6mAf3YC/lH3qlOSf3Bhh1VXWSPaRMNrmglH/O1G4QI91pK:DoVTU2pYX7kf3XdalZJ19XPwc7/O1DSn
                                                                                                                                                                                                                                                                                            MD5:1DCBF89FC403857326209976E73B1B0B
                                                                                                                                                                                                                                                                                            SHA1:C6445A6667AB9CDD08AF5BB8D899C79A7F1DAFA8
                                                                                                                                                                                                                                                                                            SHA-256:79C6769925E8F4082D345A10C5E28EC86E44205A9BC55045FFA63BA530F8743E
                                                                                                                                                                                                                                                                                            SHA-512:708A7C9FFB4C5418E203361AFBA4F8C2B0E4D4C788B8263AEA614651B71FCA7BC73DB49D98F7B663D906969F739906B4ACBDF399ECE376612BAC7C3C7122FCAF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.L........!....w.f....}.%..}...^f...{.A........j..H...k.r"^..Z...G........iZ%`-9P.4.P...*......'h.y4Ah./...,m}.P5..<.'H.r...M...l.....fb..c4.7....u.EN]...X...|H.f..".f.d....gs+.>.).~.&_\.Ws..-a.E.....wn............j...".....:....25af.,.])+].m1.'ev....d..oR5O.i...f6Q\t...8...n+....6....<\..h'.......k.....D[w./.G[.r^wc........@.....#.....5.8q]@qP.K.I......T>.\}g!....#9......v..................!. ...T0N...<..,/D9... ...m.3]S..."....M*#.31.....P.H2.<..V..F....W....Bn#..#Gf0.{1....b....[2...N|.ce.....[....F...:......m.J......0.e.._.v.p../.\c.;..7..Vz....xjg...e......<.i..U?.YnX..f.........1..=.L.....O.C(...Xj]..g..<P.?....u...O....J.@9Y%k8.T."......,ASWiSTRU...d..jansson.txt.P..OB-c.....F..N.....+f.6.xkz.)'Yx...V#....X...zY.X4....r.ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1086
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.187094111501185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1rDJHcH0ynYgtoJq1hBE9QHbsUv4fOk4/+8/3oqaFN:13J0lYEbBGQHbs5JK/3oDFN
                                                                                                                                                                                                                                                                                            MD5:513EA4BCE55C427E58B1B6D40D087D24
                                                                                                                                                                                                                                                                                            SHA1:D2F6CC5490D34DA9FD15E6EDEE4995D6EEB42892
                                                                                                                                                                                                                                                                                            SHA-256:7732FA42EBC8652EE3300A086A068F6AA5008CFA0D14948B144E4B06C82EFDA7
                                                                                                                                                                                                                                                                                            SHA-512:0C9F8D90F4CA229B5F175384D0CF348CDB8BCCC062BA5B2F97D5ABA0B9D823B0EBC2A0634041EC70E62715250A238B41B0C31CCD76AC24B8E864508D93251931
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright . 1994.2019 Lua.org, PUC-Rio.....Permission is hereby granted, free of charge, to any person obtaining a copy of..this software and associated documentation files (the "Software"), to deal in..the Software without restriction, including without limitation the rights to..use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies..of the Software, and to permit persons to whom the Software is furnished to do..so, subject to the following conditions:....The above copyright notice and this permission notice shall be included in all..copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR..IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,..FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE..AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER..LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,..OUT

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1086
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):804
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.72729539417356
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JWuK+5toKnJgWlgIizWiqZV4JLFMfy1TW4xBw/IPqQn:JWu515lgVWb49HPw/IPVn
                                                                                                                                                                                                                                                                                            MD5:439F0DCD1762EAA24802E5AC761E43A0
                                                                                                                                                                                                                                                                                            SHA1:A7871BD7E297D1981072CF7D11BB0AFD9C703A5B
                                                                                                                                                                                                                                                                                            SHA-256:E5DA676E8667A707D937A48213CD0B533A493EC662BD968949E31184B53C6250
                                                                                                                                                                                                                                                                                            SHA-512:E4C1BF4C01C62DA4CE2AAB27D88531CA7E286366FCE62369FFF61D722005E1B4D548BFA46F4021CAEADCFA8311170A124AA1A89CC0D6381941CBF38D40F35D27
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.>........!....w.f.....O....`z....%.%.@X:.k}.*....P.t..OZq&...Y..=T.@u.&Q]2y(...]...7HJP.7.@........<.g\...zm....H....... ;..b%.tuwbB...Y.-.O..V....n.jP9^...@.s...;T....M.W.d...%..`_....h..\F...S.a..9.._r._..@<.6.F.oX...X...~..nQm.a3ab...V..#.GBT...lz,....7.#...:H...`y.Y....5C.$....T...)..x..U4.X...F..,..S.b...I.i..7.9.#[..3.*....o....9.8G..D!....J....w.e..H.t..\.X..D3v(cy...e..O.s.g.9XU....+.oNE...ZR........Hv.u..''a/D5N&2..p^o].;...._.7....J.Mt1m.&..\,6"`.T.&.(.E......:.\.r=......}..v.0l(o.13.Q{!...A.a@L.l..J.Op .G..#1.z.Te....M.C.i..|T.}...:A.f~..".=.!,....O..k5... .[lT17`m..5_.%.`.....5../.}..A.....1.X?..%.......m[...2h...I..c..J...w....).a..S`v........ASWiSTRU...d..lexbor.txtk` .I........V:^.c.G..*V..) &.>..L...A..D.6V...?....Y.0:.....ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5479
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.847855772001339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Q9IzL5TPtwjzgkC3OOobgrRoy1mcy8dElpFoLMt6DQWJbz1HYK:GIzL5rOjzgH3OhUr7rMQMt6MWRR
                                                                                                                                                                                                                                                                                            MD5:9C08C5872A3314661E37289D53A846E4
                                                                                                                                                                                                                                                                                            SHA1:DDAD81444C937F22E749AB9518058682953B1CDB
                                                                                                                                                                                                                                                                                            SHA-256:0AD3BFEE8BE10E5519949E7AF492E36BC349376B75FBEB412229A5967E3E9434
                                                                                                                                                                                                                                                                                            SHA-512:DDA85F29349E7222A6487F91E42E798C6D93A091FB01ED08D7CAFF5B906A2732788FEA763D3E8FD10084361AF8531BA2059E2410E845390C937AFF659CD0FA36
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:COPYRIGHT NOTICE, DISCLAIMER, and LICENSE..=========================================....PNG Reference Library License version 2..---------------------------------------.... * Copyright (c) 1995-2019 The PNG Reference Library Authors... * Copyright (c) 2018-2019 Cosmin Truta... * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson... * Copyright (c) 1996-1997 Andreas Dilger... * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.....The software is supplied "as is", without warranty of any kind,..express or implied, including, without limitation, the warranties..of merchantability, fitness for a particular purpose, title, and..non-infringement. In no event shall the Copyright owners, or..anyone distributing the software, be liable for any damages or..other liability, whether in contract, tort or otherwise, arising..from, out of, or in connection with the software, or the use or..other dealings in the software, even if advised of the possibility..of such damage.....Perm

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 5479
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2033
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.897747846436097
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Y321O1/oVynmo1oqfWVeA4mtoBtv3OkZZfDOxuVY2p6n:YGbqfo548oBtfOkZVSfnn
                                                                                                                                                                                                                                                                                            MD5:E3DF150FB542ECEDB2F7CA549B446D4F
                                                                                                                                                                                                                                                                                            SHA1:FD0B29928A09095938494B6695645676F4913562
                                                                                                                                                                                                                                                                                            SHA-256:77862E3DCF8823CF6A0F933A06E76209BB2C6A313C9E32EDC761A5158F641841
                                                                                                                                                                                                                                                                                            SHA-512:9A5B19558902F8000C40D55E14403A43F0A956D6254CAD888DE22E56239DE62ECC9037FE8251C98BC141DC670E83545AA0D718371A8FAC7D68164777B3E628CF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.g........!..GO.k$....RIz.;l..O..b....2By.+.H-TV.(....!3...|.n.M.Q0h.~.VO]T6..L.!.;.|.m..I@.;v=..>....K.]..q.t'..?u.......v.@#..9v/.........3.....O......<.^\Y...D..Jr:.y..o.8f.lw.w..L^.....3CY9...0.C.~3...#|R...+..g>....V..z....O....:....C.....2EV&..&..kQ.........u.j4..{E..l.;Y..H..^.T..y..;........AVLF..,....\.....8c'p9N.W0.P.$mN:5........j.....U.L..C>..!."....#.#..~.|.l......W.Z9....F!...".7.V..*V.[\p......H..;.$..m...'..7}....F..5.0.....g..D....~.......q.M.-...8.R..._....{.c.}....J.....V.;p`\#..%z. Aw.q..].. ..Q....[.G:s...J...{dp..6C.A..c..kp-'...5.Nc....+._.&0G.o.]....|...N...=K..%g...f.B..;..........-..]k......8.a.85.E...>...............w@.Y.&@@.!....A...T....u5.I.=..5u.6p...&U5l.......O.Q....2.z9X/..c.......G.X.|or#..>I.D....7..1..Y..0.uB@.....g..s p.>.4.,x........>.....h....:.)A.9o..k.%..'OKQ.........'.n%.].6(`....mJ......k.....F.f......6.EN{^.A.t.s$GI....u..t...GP.q....f.I...T........{....B.....l.....u..w..[F>..A.....j.....A.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3378
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.342079876936178
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:k+/URV/rYJM/rYJYCSw3gOQigk3yCBlDprgif1TeK:GZrsUrsYCSw3g+gk3yChUW1Tp
                                                                                                                                                                                                                                                                                            MD5:D6913685A013829414179D17903310AF
                                                                                                                                                                                                                                                                                            SHA1:D665DF4878AE79173751D5A8A4346C1E2567F232
                                                                                                                                                                                                                                                                                            SHA-256:8DD48E57572D33854A835BA6BB045D9A01321BAE43377934FC08CE642992206B
                                                                                                                                                                                                                                                                                            SHA-512:228FA37C918F781F3151B7CEBFAA2575C70E515193ADCAE66A25C5DE0035199BA935E677C1DF1B2ACF6951B43AD4E253A5277CCD72AFF9BC60CF6F1BBF444EAA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Libevent is available for use under the following license, commonly known..as the 3-clause (or "modified") BSD license:....==============================..Copyright (c) 2000-2007 Niels Provos <provos@citi.umich.edu>..Copyright (c) 2007-2012 Niels Provos and Nick Mathewson....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:..1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution...3. The name of the author may not be used to endorse or promote products.. derived from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR..IMPLIED WA

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3378
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1665
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8928917489898485
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:v8/aXibSzd4uVwZgVX6GfPtgwew9DbfS4Dn:KaXiQdPw2VX6S1go9nK8n
                                                                                                                                                                                                                                                                                            MD5:9CC2DF2AA68162367D3B0D0B8EA6E8C7
                                                                                                                                                                                                                                                                                            SHA1:81E8B8EA0947FF97435A641E3A2FDF177D7AD549
                                                                                                                                                                                                                                                                                            SHA-256:C5E882BDB2510DE2695E68E49D007EEC03B03174AFFD80FDA96348E144BFBD58
                                                                                                                                                                                                                                                                                            SHA-512:FB24C3B717138582D9520455EF1BD699EA7AD19A36668F59863991A66A220B3CD9740E65BC5B070025BA4B7D251CCF2775D8BD5C34CA57891623EE8B66F2950B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.2........&.HFr.....,.c..pL.#......J?.9Aj....`N......L&Nz)%...m..g.G...m..).].......{n..Sv.\..]e.......K.@.H....]....-.$...JT.BX.lOn.1..+&...MW.fU.......Q..Us....y[..+]x...._.3.&-F;..w....A..Z..c.d.&X..m.M.:...i...(:.c,1......T.......?8.)J9..e.d.....3.....c >,.U.b.....@..(@qY....{(U.:...c!..N..B.3.....(E.H6..IS....[)...........ybF.........V|..g.Y.......$.E&...?.h.......i..`.z...E...X....\.Q.....|x.>.O/(.~.....'.:..$.<z..<.H.......a...%J..2=...M@..4...EN.Y.".<........._} ..v....c.u.l...x...v...'\..pUD_.iH...b...E.....#.......0...Q}.HR..O..6.].I...N.W.)..Tv.'`.=...f~.=_t.y...q0..|.....xW...G..j....]....9Dh.@......*.]..U.W.\!>WQDf._.....#H.5O8...`C[p$...8...M..mop.....u3..+P!v.B.4...Q...3..&I.E........i....IYHZg..4....|:iRHO..p..|*..e..w....K.0....=Lk.ZF...(.Y..?.`jY.5.bVF..@U.u..ek.H...T.......-..*......-"m......3....42v.D\.=...Rc/.d7.7:; "..T.$c._L.\.W.K...P..;.+.wRl...^t..L.Wo3._..G..G+0.....P...da..-...:.....iI.@....XQ.H..."......A6!x...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):841
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.078971696278001
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:CIoP+uAYBICfdfmq6o9ibcNc6vqPRmAXZF3el:CH+ubKCAtqibUtvqAApF3el
                                                                                                                                                                                                                                                                                            MD5:DCD04D4748467021571F4A01F797DDAE
                                                                                                                                                                                                                                                                                            SHA1:C59D498FA113B09406389F8828DDE6407F5A651D
                                                                                                                                                                                                                                                                                            SHA-256:7B8C5DBC64E5CE65C94D31B5690A0E30FF83222BBBBB859DF2A56B9DFEF14326
                                                                                                                                                                                                                                                                                            SHA-512:7AE6A19FDDA606F467C15E97BA08620838961BF64D9C5B6843CD877A23F0697BDE8874842B12E3C317E18B4F8609531BB05414D5ED4EC68337CE8E1C73AAE64E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*.. * ISC License.. *.. * Copyright (c) 2013-2016.. * Frank Denis <j at pureftpd dot org>.. *.. * Permission to use, copy, modify, and/or distribute this software for any.. * purpose with or without fee is hereby granted, provided that the above.. * copyright notice and this permission notice appear in all copies... *.. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES.. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF.. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR.. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES.. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN.. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF.. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE... */..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 841
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):652
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.643801318424077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:wKhbPsxiYjh4F6+++IGfeaLY7EDv0pso2LEwMGYI3M39MlTpqtzt1klcLn:wdxjuA+++uM0GXDYIQ9GpAztmcLn
                                                                                                                                                                                                                                                                                            MD5:90DB2A950D62129A19031626667597AF
                                                                                                                                                                                                                                                                                            SHA1:E0515BD4A1DB842FF244FC98F51AB79F412F27A6
                                                                                                                                                                                                                                                                                            SHA-256:ED81088BD2C5457A62F683281F7C8A5C19A845583C4A0E8BBC320C7CAFFA1C25
                                                                                                                                                                                                                                                                                            SHA-512:53EA8D905DFDFD0B2DDB849CDA507DB80C65DADD09572F1463282B6C81EA291CEB017B8F25385562D787897DEEAA618F9518FBA448517273342C503C3CE37BE3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.I..........}.?...Q0=.........#.9..T..jm CV._.6B".A..*.:...F.mFb..=.'^R..e..B<...]G;..V>.....Wy....'....:a.e.E.b..F........@.=....MPJo..n.......Y.;I.....e..1..v+./...&..I.......i.:R.A......C4..../..^..A..'.P.B}h:...0..].a.<..@...K.-...+..jZ;eZ....O......NA.(#{.'.....F.Ad...'..1..u:}.Z..dN.m.|9..r..e..8=.c..y..S.dcU....@.a-q..gs.......&gP.Q.K...4....F.)..%<...r..*Z.(Z.r....nc.3#!....>P...YK.\.>{.u.T...P.d...<iRa.&o..}.`*r$...-}v.....5.P.E...r.&.8D?.....j^.u7...E.e... v......aV.....THs..oS...N.3"h...~p.............&40......4ASWiSTRU...d..libsodium.txt..D.@.n..4..O...o..'.a^...??.1D..V;.q.K.*i...,cG.......q.KOF.ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1539
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.159830532727548
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:NRL3UnemvooObOAFT7JiFTzwQorBTPS9p432s4OkpKWZ32si/yxtTR10TnDZloy:vqIOAJoJzqPgp432sUH32sQEt910Poy
                                                                                                                                                                                                                                                                                            MD5:FE680362852389FE7A16C47AAE27BC92
                                                                                                                                                                                                                                                                                            SHA1:377EA1B96CABE859AF78BB561CA4171544AB0152
                                                                                                                                                                                                                                                                                            SHA-256:E89251CDAAF385D93F74B819412217E47A7A06CD65115A1F87EEDDA0DFFB2947
                                                                                                                                                                                                                                                                                            SHA-512:8BB0E1AE7FC66E12581B43C0823E82011EC88D714EB244A840A46272D9C04163893217B6AE6C42D07EF72C88EA154950282EF09F0AEF2DD44A3E42DE709135EF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2015-2016, Apple Inc. All rights reserved.....Redistribution and use in source and binary forms, with or without modification,..are permitted provided that the following conditions are met: ....1. Redistributions of source code must retain the above copyright notice,.. this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright notice,.. this list of conditions and the following disclaimer in the documentation.. and/or other materials provided with the distribution.....3. Neither the name of the copyright holder(s) nor the names of any contributors.. may be used to endorse or promote products derived from this software without.. specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY..EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES..OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1539
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):962
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.792360927857915
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:so/4KXtQbWpPNZ8Y08AwFjp1Jj/ZLW3I0oQn:so/4wtYDYxFT/50Pn
                                                                                                                                                                                                                                                                                            MD5:76A82FD58B462CAE93DFFCA9CB31F0CE
                                                                                                                                                                                                                                                                                            SHA1:B0323433F2FA9B5E102E7767C555ECD2674E60B8
                                                                                                                                                                                                                                                                                            SHA-256:E71F7967A192FB5388B5B4016D44C149D1CF95C1152337EC9D6457AA048FBB6F
                                                                                                                                                                                                                                                                                            SHA-512:794C1800C6555D4B9E936B919B5A5C8C3F86874809AF9641A796A48B6BFD14C5FE9EB41950A2BA4C79BD57887297B2E1E42E87FE4DBAE8CE08ADBA9834F79AD0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....}.%..sD.'M`.)Y.?..........S..M..|..d.......w. 0.....V..F...._O+.[y.m...|...d...;.[..e`.h....7...B..m...lJ`.ANr......$.(..S.A....TT..]....g|`....4y..{.[......i.C..e.9..?n>.$...*~e.}.K".u.........ZM.....~AY...........6K..#I.d..6.ta.6.](..x.{...M9...B..". ....../........n..s.O-.."s.=.y...4..+<..[..B...........\.bK.%Q"...S!'..p...c..a,!uD..8C?........8@.lcl;1..:.3...!./ou.....2.(..j2#.....5l..?|.......35...+C......|....T4y.(...d..;.P.....6t..M_....v.5.oUwM.(..V.BA.S.n.+..^.. .6...?.F)$.=.6.q..?.....n..9.}..L...w.....k%..+.....3;h..k......L.rV"...-...m.V.H'.i....|....*......^...E..>....D.....c..8W..4E.jh.rd../".~.3@Dz.+-;.l.....B..T;"..t.F.$f.K.q.,F3....q..l...b..mt..c..H..[.8n....;!.P.9.0..pj._.4G..k...jp. ....%...EM.v}.K..q.^_..u...:{.#I_H...[.Bm.3..7"....G..$...D....(..x.......s..: .K.:....t..ASWiSTRU...d..lzfse.txt{....q..W..:... ..C.I..Am...|....B....*.....u....&.2...{C..4.ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11558
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.476140734205082
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ff9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:9Ou9b01DY/rGBt+dc+aclkT8SH+
                                                                                                                                                                                                                                                                                            MD5:D229DA563DA18FE5D58CD95A6467D584
                                                                                                                                                                                                                                                                                            SHA1:B314C7EBB7D599944981908B7F3ED33A30E78F3A
                                                                                                                                                                                                                                                                                            SHA-256:1EB85FC97224598DAD1852B5D6483BBCF0AA8608790DCC657A5A2A761AE9C8C6
                                                                                                                                                                                                                                                                                            SHA-512:E2F81CB44129E1BC58941E7B3DB1FFBA40357889BACE4FD65FD254D0BE1BB757625BDF36BF46D555EB3CA4B130DCD1C05225CAEC28D8472DCCF52A63DBD6E185
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview: Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or (

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 11558
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3942
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.950415117456542
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:oXYXIphYJa3YGoZ9PHwdvDkNZa3rj3/R1iVUUB9XwDbxn:oGUhfz6w9DkNZ4jKVUUBpwDbh
                                                                                                                                                                                                                                                                                            MD5:4F7A7878E1448A553347CE2E803F8EB6
                                                                                                                                                                                                                                                                                            SHA1:25B3EBF2A5C6E3F557FECF62CBAD568D08D4AE63
                                                                                                                                                                                                                                                                                            SHA-256:916F11E7A9F3165EEB6714CC97319A4BC872A93A399B41C8FA6967AAD78B58CE
                                                                                                                                                                                                                                                                                            SHA-512:4735495BA01DF247C0C70C2237FFB1AA9D9104411F0D615DCC7324FC933CBAACEB41A51CD2C082DCDD84C624F3DAAAAF368B1FC3AEC577D0EFD8F05EDFAF62A8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.&-........n.A8.L....k.._..."-O.I..P..!..v....c.4...r.i.;..t.....?.8.....C.....Tu./..M.4.6qx...6...9....l~..H..H..x..x.@..=..F.8W.....i.....#z.9H.w. PXl...&..T.Z%.B...H..[....x...`......$.P.kZ.L..vpa....|.=....v.M.1.3...o[...,...i...)......krs..]&..@M.6}..2.....HGT...s/.%{%..u.z}.re*....S.'r.d..].|p....D{.o8*......^...sW%W....<|.yZR.D:].h.B..d...~I.......F.]..h....Y.R..6`..ts!.T........WN....s.\.......h.d3Z..5.dL...(...>...LG......@..}{...A..7...S..Q..9.40.g4A............Tj4.....S.............2.S.^u..kD..k.:..P...)W...sP.X+J.0.z*.Q.C.G.a.......*.q.Kg1.:.X.7..v..Y...>......H7...C..S.:.<.B=..'*..........a~*..._..)kzc..\.{..L.E.%-W.<.**.2:I.1.E.^.....EAj^9.].ou.U..KC.N#..T}..X\.=!=...J...C.D7.FO;.o...fS."{.z.....yH.7...E...(OE..x.P..Yr......)E0......]AI.O0..'...T.#n.r....a..5MK..[..,=..DR..I.z...v.D.%..`...N.........z}~..?`..%...KN......81.~.v...k.}8$Q...U.27P.6..7.j.... ....*NF..-.k<....>.6e...W.e.....=..1......p..i"6.......8.5...H{.G

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11560
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.476377058372447
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qf9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:kOu9b01DY/rGBt+dc+aclkT8SH+
                                                                                                                                                                                                                                                                                            MD5:D273D63619C9AEAF15CDAF76422C4F87
                                                                                                                                                                                                                                                                                            SHA1:47B573E3824CD5E02A1A3AE99E2735B49E0256E4
                                                                                                                                                                                                                                                                                            SHA-256:3DDF9BE5C28FE27DAD143A5DC76EEA25222AD1DD68934A047064E56ED2FA40C5
                                                                                                                                                                                                                                                                                            SHA-512:4CC5A12BFE984C0A50BF7943E2D70A948D520EF423677C77629707AACE3A95AA378D205DE929105D644680679E70EF2449479B360AD44896B75BAFED66613272
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.. Apache License.. Version 2.0, January 2004.. http://www.apache.org/licenses/.... TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.... 1. Definitions..... "License" shall mean the terms and conditions for use, reproduction,.. and distribution as defined by Sections 1 through 9 of this document..... "Licensor" shall mean the copyright owner or entity authorized by.. the copyright owner that is granting the License..... "Legal Entity" shall mean the union of the acting entity and all.. other entities that control, are controlled by, or are under common.. control with that entity. For the purposes of this definition,.. "control" means (i) the power, direct or indirect, to cause the.. direction or management of such entity, whether by contract or.. otherwise, or (ii) ownership of fifty percent (50%) or more of the.. outstanding shares, or

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 11560
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3943
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9493386616990955
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:UQdOFWaamfsCHYA5qx5KRVCEcDPft4Qg91YZA1v9o4In:jpDC5AORlWFBy+gv9o4a
                                                                                                                                                                                                                                                                                            MD5:BCD4D25A12D1BF4506AEC8E1B52A0B93
                                                                                                                                                                                                                                                                                            SHA1:71BB347DBEEAE7909F6ED1EBEB7C6BD67612B5AD
                                                                                                                                                                                                                                                                                            SHA-256:96DD354B2EC7C08CB4EEAAE9CBA93772BA08D91CDEE65304165669946FC132AA
                                                                                                                                                                                                                                                                                            SHA-512:41E01C6B9DB562315411EFADB12917F71DA39D4789431A286E6D75A4B16CAABE907CCBBC46E86A01344E67D3A1EECA01C55CD088E26F6CD55993AE751539EA68
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.(-...........tf..p.~M...-.......SI..1v%.....3..Z.%....$W....&.6.{.....^UF|......2>...."t..s..[..}x. ....z2.Mb..d9.R..n^h...N..1`J.-y8Eu...1.......)..y..),s.~DW..k"..w.....LH..~=P$.9.0x....t.9.]..*./8......h.h..]....Z.W^/.N.g[qC.Lw....&.6......b.3........SF.g]j...e.5..*...H.K....e.3.V..s..G..q.B..&i.1.....1.:....t;....p..`u!.06..zl...o.... ..#l...c..kXQ08Q..........3..I...2......<W.....R.$!e..JD.)....3....I3(l./"<..._>g$^...o....J".qL0.rp..'.'......6.G...K7..N..DcQj..f..<YH...[,."...Q.I.S.....X.x*...GJ...?r..g;k<.>......2.v.h.J.d....7.Yt$..H...z.....6.?.B.3.;..JC^.39.YO5K....p'.o4.+...v.......%.....|G..]....lq.f...S.....]./t.U+P.0;.|...:..#%......... .1.XW[..-.>..}..? ....U.F.^G!.E.u..../.C./m.1+.^...15.S..z.k.U....k./i..5.._.........L.%....mf...(g.9...o.c..p)t.>".U..G...9k.dy....../..>8}...H...O...).N.A.o..i...)F/H.d.i0y}e..../c..,&...Ye.S<b.h.K.[S.....).H..{{...zx..r).2....>.h|.9u>x....|.Q.t....v@...."....fS ..0ta.j.......

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):918
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4686465575903975
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:fMZlSWsTby3FOxpV7FP96yPXAbUEDEG92iQYWA3FnFiNehGTBMlx/OIUsMCh82lO:Zby3oHvYxAUdQvdaGGasHO
                                                                                                                                                                                                                                                                                            MD5:C58EFEA00B9A80527A4EB1EDF3B48D42
                                                                                                                                                                                                                                                                                            SHA1:7A9460DEF676DEC00AFFDA16ABA1E93F0FB26F74
                                                                                                                                                                                                                                                                                            SHA-256:A9C42B959825BCE9B7C72A7B0797A41580CB21F407B73E08168FB1ED1DB438C4
                                                                                                                                                                                                                                                                                            SHA-512:6CBCC440792E05C8B73755ACB329E2961A1991B730FC468D7483B1C005BDC664271237DE634C3A1969967F8FEEA03B36EE8D2DD58E94DC61F553C4D728FF9D2E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2011 Petteri Aimonen <jpa at nanopb.mail.kapsi.fi>....This software is provided 'as-is', without any express or ..implied warranty. In no event will the authors be held liable ..for any damages arising from the use of this software.....Permission is granted to anyone to use this software for any ..purpose, including commercial applications, and to alter it and ..redistribute it freely, subject to the following restrictions:....1. The origin of this software must not be misrepresented; you .. must not claim that you wrote the original software. If you use .. this software in a product, an acknowledgment in the product .. documentation would be appreciated but is not required.....2. Altered source versions must be plainly marked as such, and .. must not be misrepresented as being the original software.....3. This notice may not be removed or altered from any source .. distribution...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 918
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):656
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.62410118543212
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ZtiXJt6WTRq0QKbZ36FuQ1IxW5jpvMMIuocvkr+LLBTHsHCSY3V7Fd1dn:Zti5YUrBfQ1IxbMIunbtTHsHne9Fd1dn
                                                                                                                                                                                                                                                                                            MD5:3360847CC65089558DA4E9C411A60643
                                                                                                                                                                                                                                                                                            SHA1:889D2E7BE9646A7A616FC164ADD4E2652A351805
                                                                                                                                                                                                                                                                                            SHA-256:8F848AF42DC1D4AFD2E916891E92B92F49C2C974735FD0CDD8D8A6931735AC01
                                                                                                                                                                                                                                                                                            SHA-512:57AC93085E650DA047C991993272671D9D63241EC1D83553A70B4E7DB6471C3578FD52D916DB87A1B158F7AD9B7267612E7C9A379DFE847EFB120A2A9623F8C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....}.%..sM.]..WL.t.t *...#...L............p...o}........W._(......9...f.m3.\....i..<'.i..^.)..1.......F...kV....#....x..q...k.3....qf.@.'.&..t$.z...P.........uO..G[t.~.8..< .^.d....w...f9.qN../=.0........dOb..Bu.../....EF._/.Qj...6V....O$i...O..;.Zt91.....v.....n..u.....\....~..<.Q9...?..)..\a..B.RNbK.Z.ZY...i.~...al.8..u.l..7.1.v._.EL..........}=.@F.W..D.7...2.<.~.R.6....C.A.Ws."..Oc[+.+.~....Up\@.\P...d..m..\iv..r.....a.Qx.`....!..t...{.. .b...U...t..b.<.,.x.....5l...GV.c./k.gwE...f..-...F).lL.V...ASWiSTRU...d..nanopb.txt .N.h./!.K..T..v..t...e,...I.57N..b.?.........jz.I.U.%..I..ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1181
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.222493399843199
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:9zkIrNJHYHPyPP3j6Jq1k9QHvsUrt8Ok4S+dmo3rqwFG:9lhJw6PvjR8QHvs6IE33rxFG
                                                                                                                                                                                                                                                                                            MD5:AE3F3D4FD356269CB456DF973156650F
                                                                                                                                                                                                                                                                                            SHA1:4F58EC889575F422DFE25FE14F22EEB5D009A4C9
                                                                                                                                                                                                                                                                                            SHA-256:D0A9C5D1E40D1179F0669BD93E079A518B3067FAD240410804170F05D1BA04B6
                                                                                                                                                                                                                                                                                            SHA-512:AC1C0E7D7020F7AE091BB53E4B5D1AFA8E9A669BBED4F7A418B8CB9975EACE1C8C6EAA840F1248EA4F607F87BA8765D61EA0F05FC0E586EE21275633C8F1C3C8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..The MIT License....Copyright (c) 2012, 2014, 2015, 2016 Tatsuhiro Tsujikawa..Copyright (c) 2012, 2014, 2015, 2016 nghttp2 contributors....Permission is hereby granted, free of charge, to any person obtaining..a copy of this software and associated documentation files (the.."Software"), to deal in the Software without restriction, including..without limitation the rights to use, copy, modify, merge, publish,..distribute, sublicense, and/or sell copies of the Software, and to..permit persons to whom the Software is furnished to do so, subject to..the following conditions:....The above copyright notice and this permission notice shall be..included in all copies or substantial portions of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,..EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF..MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND..NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE..LIABLE FOR ANY CLAIM, DAMAG

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1181
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):827
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.731641157682099
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:EAhx1hjcGxCMwfRD+GzehAWeISYidbsZlCOlUx4RaIVt+SD2HaKbMtO+dbVLavSn:EAT1dcGbwfRDzACIwdb2nt8bBNiVNln
                                                                                                                                                                                                                                                                                            MD5:5D0A560CEF1AAEA6AEEDB3F345F399BC
                                                                                                                                                                                                                                                                                            SHA1:FD86323EAF3EFAF7CF38473AFE1FDC25DF527DC6
                                                                                                                                                                                                                                                                                            SHA-256:7F412F61DC6B40386A569D012773E0766C6B875461971052E02687936BCD8262
                                                                                                                                                                                                                                                                                            SHA-512:2EE12016210E92FD840325FBAE5A17B94C4153F20AF4D63584C796216E656D3EEBC2C5CB7EB5A17582A31A1770FF32232727137E64C8083295D141BD63F9B417
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@................NJ..2.~.~E"..F..Y..H(.?t...~.>O..=D..?m&...>......h.U......[..?LDOD....A.@...7Q.....E..\.....].......-.}...u..H.........m._:A..a".~.Q[..].2../|..F....{>y.....Y......`...../;...cfr.s.7}..ax......Bd.$.0.{6....B.<.NZ...\...Y..`A.O..y.P.KAY........7.(....yX.p.....fK3L.Q......~...4........i..=.w.l.'.l].3^../......Y.6..&8.B[wF...z......+.D.X.TM...cY0.>..+.....o..|....\.92.D..J..E...4..-r7{...%.z...._.......f:z4'.Xd.K....sy_......An.W........n..&_..-_#x.*...;.....9..T.;u.@....=.I.O..Db.9z.t....+t..M.d.I.F..?g..u...".P....r..Q.=....P....g.0i.7...ayaM.W..7....Y.I...Gz.d..J......`..q4Gvv......g.......n |..................V..">..h.....:..z.j..9....!....CW@O... A..-..a`......ASWiSTRU...d..nghttp2.txt.x.D...GH.*.H..\....M.i...2.+......>5....RSt5J.`.b.3.F....T..ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1764
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1400808744788815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qO3rYJUrYJk1C4wD7439x3wEWmJC3t2zTHcLkC:n3rYJUrYJk1CnM3b3wQigzTot
                                                                                                                                                                                                                                                                                            MD5:CE79A5E699943B3A132C0DEBA1777AC6
                                                                                                                                                                                                                                                                                            SHA1:57919D5BF210193D05BA496A870832582F475559
                                                                                                                                                                                                                                                                                            SHA-256:F4DF8B2457697851385D9EBB93267832C1DFA24E0E61881952F6B0C452663DC9
                                                                                                                                                                                                                                                                                            SHA-512:82CDA6F61E3DFF94228D3EEFE4E1F65DC483ACA9C8597E482C1D6584D2F70AB7327AF6461080447649DC4986B9932025DBCAE5C078A2DBCCA82C3A985D118F4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright 2008 Google Inc. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:.... * Redistributions of source code must retain the above copyright..notice, this list of conditions and the following disclaimer... * Redistributions in binary form must reproduce the above..copyright notice, this list of conditions and the following disclaimer..in the documentation and/or other materials provided with the..distribution... * Neither the name of Google Inc. nor the names of its..contributors may be used to endorse or promote products derived from..this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR..A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL TH

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1764
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1086
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8121504271262125
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:tY0vincpFMEt+dOnjpovh4tsXr2GwA4TbMJo75nNn:tYIincwEnpEhwsXr2TA4fMJW5Nn
                                                                                                                                                                                                                                                                                            MD5:15D612EAD1F38437330054B116882DB3
                                                                                                                                                                                                                                                                                            SHA1:77D45D9F39B0E2CC6A4044E5A0FE573311991378
                                                                                                                                                                                                                                                                                            SHA-256:0D197D620E5A0D9FBC8982FC7525C6469CF33884108887FFF438BFC0A147DCBC
                                                                                                                                                                                                                                                                                            SHA-512:64E9C3B0993ECCFE0E1233D3495FC0728A17A9187F823686159CA1F4B50E2343A10045787A6A526050F15694C82714438AD870F46B4994F74415E1A7F39DA585
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....c......q..?...%....y1..H^$+.B.q.z.+..M..va.n$...&..!.3:|o....U....c..K..A.a.../K...svz.B....3..o3Y..4.6.......Eq..0.yf.....$.`....._........W....T...QX@ ..i:@...h.K.<.$......R.&...j....lCO...........*K......VJ ^....9s..l[.f..].l....W...U.5`R..0....1..~.,.F_.^.`.U..Z2..j.F.X........s...:.#.7.G.lQ.....Z..%+..4.......%..1..+.J.(D[a.;'.1.J.S..f(.....S/..z..%.......=D.L...2..,._#.@.$N.........y.:-...."....2W.C.F.....pkssQ...B...1..\.J..@.Fc.....I....*8..2...T...K....V.Q4._l=......G|..zZ..S..4nh.....b.......Kr....f}..;.q.}lH.T.|Q...(..y.P........^+...I..D...z...!....[...?..w..k$eD.._n.g...RR...........R_).w.a.o_8.2,8u.t..C..X_.X.\......?.......4...w.q'b..v..?.h(....B..J...x.'.D..g.~..IR..Y..U....FfLq...5yP?,......|)S..a.....o......5.[..=(.$.....m...S...m6}Pl.y...)..>..T"`....c...C..R....m...i..V...i.h.....u.5.......8...NyxF}e^.^...1..K.._.*...$....&9m...z.$<.......[.....^i."d<.+..x..3....../.D...r.@..C.V......2..ASWiSTRU...d

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2142
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.227364363048355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3wzPQupRigg/HuMugHPJTnlP92Ew8QHvs2IExOojvM:APeTP9V3QHSoo
                                                                                                                                                                                                                                                                                            MD5:AE1FCFD0AA84B946BB9FC04BA39DAFCF
                                                                                                                                                                                                                                                                                            SHA1:E1391AB3BCDBDD0FB6E9169FFA1D72C1650F839E
                                                                                                                                                                                                                                                                                            SHA-256:E9C108AFA89F5F9EF50484BB1C64A8D07D0C0BFCE171DF01840702CEEAEC1E34
                                                                                                                                                                                                                                                                                            SHA-512:BB9635487DEF64130A10EC3CD4106E5018CE17D9B979124D9F6674AB1FC7FA549C32C0602AEAD88CFA78F6900ADA5A1776995FE4B864B466D6DFBF1CB53D942E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:pugixml 1.10 - an XML processing library....Copyright (C) 2006-2019, by Arseny Kapoulkine (arseny.kapoulkine@gmail.com)..Report bugs and download new versions at https://pugixml.org/....This is the distribution of pugixml, which is a C++ XML processing library,..which consists of a DOM-like interface with rich traversal/modification..capabilities, an extremely fast XML parser which constructs the DOM tree from..an XML file/buffer, and an XPath 1.0 implementation for complex data-driven..tree queries. Full Unicode support is also available, with Unicode interface..variants and conversions between different Unicode encodings (which happen..automatically during parsing/saving).....The distribution contains the following folders:.....docs/ - documentation....docs/samples - pugixml usage examples....docs/quickstart.html - quick start guide....docs/manual.html - complete manual.....scripts/ - project files for IDE/build systems.....src/ - header and source files.....readme.txt - this file...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2142
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1310
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.847486331311308
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:SI6S2ZrmvdEGbTi2x2LM0A13cOvst6zeJyWSyZLZqHNI8DHwdKRZisVFSELn:D2ZrAi2p0mt26qJtPqtOWisLSELn
                                                                                                                                                                                                                                                                                            MD5:4B6FDA039658DC9E2263A0A9BE381343
                                                                                                                                                                                                                                                                                            SHA1:ACD8AB58E0A99AA42B38DFDBAB7857380B0E1A00
                                                                                                                                                                                                                                                                                            SHA-256:9023FFA01BDA51F2E1B30435C996A1D4C6C79B33B0FB69F8461DE7275A37DA22
                                                                                                                                                                                                                                                                                            SHA-512:5AB742AF41508C9646F653404398203C9C668A762315F94B2E3C26CFC742DBD4E7026E2B6485DB2800D69D9C89D261F0F63B3AC23A072FED9D49CB20286C75C5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.^........8.I.,...>A8W...z..ZS.kb)nQ.....J....a.U.R..|....Q.......]...7.....(...d..t[''=dM{.P.%.T&?lO.dZ...lu._..0h'.Mv.k..C1.%`h.5P;~7 1p$...>..d..T...X,>. N.)..I.Y..H.}.W.._..!...jo..Mp..IF...2..}.a.^.8..0h;..".W[#1E.P^....RU........mG.^xg....H.c.z2........B......w..s!...Nb.IcZ.ot.21y`.....KP...Cs./.5..G...$..O..).>...&#..T.o......a(2..........m..G....^I.....d..W..d..>K.7...x..&}..x.z.D....V.....S..n].......;Do...1.e.*..7.U.p.g.k|..TY..m...........c....q..Y....E....%.*.j?..(...>^..q;e.M...}..Q.k..0;.AR.`........<.. z:T..7b.Z...#..$....e.;B...H.h.....&e}pA...,...B.....\...D.....y.8O.MN..u..n..S....R..L*!c.....O8Sm..oE......q..I.d.=..`.l..3..<.**V.M%.S..u%U...%..1M.E.J...,..vY..9.(f.Aq.....tXb..e......F.t.P.*X.?...h(......t9;,U..............7AJ..m.}$....g..F.m.<.u.....,........H.ee.>GZ../..7.w3.s.x..r..Jn4v^.M9...GJ"..|Vpj...O.Y.<Mc.A....?(?....n.A..7w1Q.,8.....P.O...OM..n..7.&....x......j.*..3.......S..W......'0......].Q

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (739), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5044
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.161532014342918
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:wt8WCogOrYJnrYJzph/3f3z9IT32YdPs0QHnoqPsvQHnoJ:wuogOrsnrsFh/3f3BKPQHnYQHnS
                                                                                                                                                                                                                                                                                            MD5:CFF54E417A17B4B77465198254970CD2
                                                                                                                                                                                                                                                                                            SHA1:A2922AC9CAF1914313D4117DD30F4F1DE71C5E14
                                                                                                                                                                                                                                                                                            SHA-256:60AB263D1868282CB8262199EDF648C21E45B729A78C6768BC9C27214A673DA0
                                                                                                                                                                                                                                                                                            SHA-512:A8CBF26C8BABCF722623A709D5810BAFF798448A969000C36BFB7570D6AD388220066973783D7E162C1968FC42D0418A1C7AE15F51EEA2EF2A2E843FDD9CDDFB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Tencent is pleased to support the open source community by making RapidJSON available. .. ..Copyright (C) 2015 THL A29 Limited, a Tencent company, and Milo Yip. All rights reserved.....If you have downloaded a copy of the RapidJSON binary from Tencent, please note that the RapidJSON binary is licensed under the MIT License...If you have downloaded a copy of the RapidJSON source code from Tencent, please note that RapidJSON source code is licensed under the MIT License, except for the third-party components listed below which are subject to different license terms. Your integration of RapidJSON into your own projects may require compliance with the MIT License, as well as the other licenses applicable to the third-party components included within RapidJSON...A copy of the MIT License is included in this file.....Other dependencies and licenses:....Open Source Software Licensed Under the BSD License:..--------------------------------------------------------------------....The msinttype

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 5044
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1731
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.891690247707698
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:BGMIUYs8dtUsBao/JeIf9EwJXBAhX7jKv8qO8djtliujLoCLIHsgeP36uM+dqKdM:z0Z45nK7vjviuj1gsZP3epNt7QuZn
                                                                                                                                                                                                                                                                                            MD5:DB6AD9299FF050234514515A80E251AC
                                                                                                                                                                                                                                                                                            SHA1:B8B2126C6712473DF20315E28EEBA8F247699B00
                                                                                                                                                                                                                                                                                            SHA-256:57EE598FFC3B0BC155A1017E34308FE3E966F4E314907DA03C761E34A6F3F6BE
                                                                                                                                                                                                                                                                                            SHA-512:765ECDF12A737D9B9B4F04930D30EB4DC50EA0EA9871BE110429A6F181643F7102F203C79943B00D112E087778829232326034A04D1F58F5903569C02724768B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........*.I.L...c,.#../[.../..u..h.........2..@S......9...4........|G..+.:....?Du.;....OLQ....v..w=S/..(r.>..x.*.......!OA..........U...>.%..?..+%^xV..b......f"dEK....a..Cg....P.\^.....I.{u.ncy..../...'.1...J:.Mg...Tb.x....."$........UhKw..pqf..?..S.H.>._..v...-.._.[.pa.......g.V......x.42.F....'.-.N...q<Q..(\..B..n/H.n6.i.... :..u.H.....t.G.M.._...+..!...XS1Z..,.S.....Y.P...n...u.h.. ..&:@...+..{/m........W;e..k..T.R..\.*..|.>.z...4%.X7.S(z...h+...ip..B.......`1h...:C..*.2D....z.c....~Z.}$.v...f.:....5By....C....[)>.<0hi.j..7....3yQ..^...v.4.fQ.-. c..v..8l.{.b....d.Cx.{....Y..._.s.,g....t.q.O....-...g....Cd..R...r....6..Jj..4F9.2.D.........u...>.$.^..pN.\....}izo...s.....kr^.K.<!..5.].~.....p..R..X.. k..p.,{$..C".qL.O+..+...._.|.P.....|L_^...;5...\..pa..n.JM....Bp_..q..&....%.b..I...l..y.^M|........ZCm.D6...+H..jZD..n...].&.....G.k.PkB..^..F...w.... .l..[...N/.)..@..0....`...-W...Nn.,b.T# =.D.(.Q.8.....F.Y2...<.....23..,.....y........V

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1531
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.4419575401333775
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:13QpHr1jvO2UPPLUolMKrIeCENv/MAXSpexdDWNQtX1eUOfmCo/pm:13MLUgcr/tUAGodDWN2wPo/pm
                                                                                                                                                                                                                                                                                            MD5:BDC36270610932FF0C405F7DBEC4F1AA
                                                                                                                                                                                                                                                                                            SHA1:36EF609B122CCDE100FA096A4703F3433AF6E2D1
                                                                                                                                                                                                                                                                                            SHA-256:8C109E1D8394FD4557D916D75EF61FB406319106CBEAB77736D7C666BEFD1AB6
                                                                                                                                                                                                                                                                                            SHA-512:83F1346CBC0D4E49B0E4CC338FA12813661EAFB00ACBA39D350E28C54C86D6D19317545DDDAE562763E6794E5268731CF4D1D8F24DB42A0CF8D9AB9165970BEB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:SQLite Is Public Domain....All of the code and documentation in SQLite has been dedicated to the public..domain by the authors. All code authors, and representatives of the companies..they work for, have signed affidavits dedicating their contributions to the..public domain and originals of those signed affidavits are stored in a firesafe..at the main offices of Hwaci. Anyone is free to copy, modify, publish, use,..compile, sell, or distribute the original SQLite code, either in source code..form or as a compiled binary, for any purpose, commercial or non-commercial,..and by any means.....The previous paragraph applies to the deliverable code and documentation in..SQLite - those parts of the SQLite library that you actually bundle and ship..with a larger application. Some scripts used as part of the build process (for..example the "configure" scripts generated by autoconf) might fall under other..open-source licenses. Nothing from these build scripts ever reaches the final..deliverable

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1531
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):907
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.756583329248812
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:UhQTgtHTOVyhTrMfdj47WPKlVgyj4txYbIn:UdRT6yCcWUVYY8n
                                                                                                                                                                                                                                                                                            MD5:BE31CAA92FDC60C9D640A480B662B711
                                                                                                                                                                                                                                                                                            SHA1:F30FDDFDFA9CAEEF40589402B250E73D56CA8B45
                                                                                                                                                                                                                                                                                            SHA-256:884D31C6E574DF2EB0503F79A11E5CE1AE2C1530C8D692E4AA5AD66E789BF141
                                                                                                                                                                                                                                                                                            SHA-512:7DE87F96A34F2B3BAFFE42C5AFC2CDEF52FD83E12A265692CE8CBC36B557ABC86AD22A98D77BC42CA7A5A76264C3F2110595EC07D545520FB2D12B72A9A809A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........).E.`....fq.T...... ....0.~..x....S.. ..5T~...`........... h_Ve.......j.m.5.9...E...V...@.m.......RZ.....3."...t...l..j..V.P......k.z68`f...x:..{@SQ7&+..........!..3a6...6...k#........|.4p.P@S.........8..m.8P.?j*...o.H).[.9..@WI.....*S*.. .Y.^S....\z....{z....}..A.!....>...M.v....i{.".....,.K..o.b.~x;J..z\p.......Ts.Z..L..:......zP..L..N. S....p.q..c....9j..m.U.<nIc....r.m.ik.j.ba..YE..,!k...Hp..x....2.....}..Y.jz...........5.-{...}.iI8.......b......K!i...Y.lL+2..X.'. V..k....d.bnV..wG........>...5..n..W............7..5..,.!2._...R1.s /....0g..k..CTF..v.tG..4|.........g...3?.....)...N2-...`..^.+.z....*..T'>dS1..h...ph..i.........ACJ.^...dm?.z......5'...m}..a0...[..P<..E..1.'.F.%..c......v.!E:.......;..sQO...4U..."@..b`...5....3.A=......4..P^.....ASWiSTRU...d..sqlite.txty.S2^4.......[..g..V~..|..Ze..L|...w.....$.0Pi.B:.).5$........oASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2018
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.650059556899331
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:f/bAgaA8eXpb02xgCgFTF2XBtzK818fSmS0zDENYXjwUAXoExeaAFdxrJLXXvPhK:fcghvgJORNw40qUA4U0hkqC/
                                                                                                                                                                                                                                                                                            MD5:7CF65040F98BAF1BA15F488D76F31E6A
                                                                                                                                                                                                                                                                                            SHA1:C9E9E12D8D124BDC38B63A1C832BF36890DDF046
                                                                                                                                                                                                                                                                                            SHA-256:64578D53633622B31D19024184265F01D045B637DA98FBD15CA81E39ACFBA63F
                                                                                                                                                                                                                                                                                            SHA-512:4FFB42AD75204DA6A288AA2D748754EAB2A94386C33C9981AB1EDB6F848E02FBE4590BAAFD81F5349A4C09BB913AEDD7F57D49C43D96B8AD6E63C0E44D0A8CA1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview: ****** ***** ****** UnRAR - free utility for RAR archives.. ** ** ** ** ** ** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. ****** ******* ****** License for use and distribution of.. ** ** ** ** ** ** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. ** ** ** ** ** ** FREE portable version.. ~~~~~~~~~~~~~~~~~~~~~.... The source code of UnRAR utility is freeware. This means:.... 1. All copyrights to RAR and the utility UnRAR are exclusively.. owned by the author - Alexander Roshal..... 2. UnRAR source code may be used in any software to handle.. RAR archives without limitations free of charge, but cannot be.. used to develop RAR (WinRAR) compatible archiver and to.. re-create RAR compression algorithm, which is proprietary... Distribution of modified UnRAR source code in separate form.. or as a part of other software is permitted, provided that.. full text of this paragraph, sta

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2018
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1054
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.7640338320087645
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:5OeXNoWYbA6UYI+inlWPbz5WDg5LYjwrYCjiPgDKc8n:b9BYs6xqAPb3nYCGIcn
                                                                                                                                                                                                                                                                                            MD5:F42C947BD1988D1A8D9B8B297F8E8ECC
                                                                                                                                                                                                                                                                                            SHA1:130CE8771AE6FF9F2A9435DA57E13FFE4ABC5CA9
                                                                                                                                                                                                                                                                                            SHA-256:0B086859865CF457336BAAD49A45584336DC65A4105B4F4B8CF2DD0A305CE8AD
                                                                                                                                                                                                                                                                                            SHA-512:5F08937DB02F85E744E8A953C0F61D6E25756285C8429C5DD5D336DDF2335AF5837D61A556C982B5965536CAF8F7E47513D7129343D0F252F9709ACEADCE77B3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...............5...{..&.z.p...X...O..B........p..t......V.R...:.9..\.@..Z..@t..{...rM...n`.s.Y.....V...{*7..2.LI..bw.<-...<.o.+Q3.K....DD....../.V......].w.&..S..F..2.i..;....2.x...PJ.-41=.*Xu...... |:..m..~./.#..\#J.....T..?...n......~..2.`..h....QE.I{X.?dR.....1_D.m.cp.-.tJ[J.m....D>h...|.c..s.&.Y........"...S..'_..f..).._..........f.n.l;....P....Y.Ac....y.z...jl.uZ....L.Z....~.[..D......e._..oia"...H..~3...q:..T......s.'G..;d)....a.V....h.K.....B.~.......CD.(Fr)T.M..tx_2..i..%U3.q.=H#D.YmU.%....ReG.....q.-..+[.A.s2. ../......5..'.X.%...H.Y.|R(.a....4.w..W.....#..?.....C (.....pZ.....{....8...c..[.....V.I<;F.X..86:e.f:Oc.K....=Q>7......h.e....FW.,#.R.ue......R...d..'o7....h)..U....c.....~g......_.?=.....G.f.&..r...cz...@......;....n.#x..M.?..@*..E...r5._...u..Fr,.]V6mw...T.k..?.!.fe.)....;.b.........w.7e.>m...d4.X...D..U.j...F....6..0..@..&.r....9..2......Xe..;Q.s.F.E..D.4./..G..XZ.r.......|5{ASWiSTRU...d..unrar.txtN-.......6.a...U.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2466
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.867091674937462
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qzuljEek9y8HE7gJRg4D8yGQp5mTWWSewav3HfK/vy:WuljEbrjg4DN9p5myhY3Hi3y
                                                                                                                                                                                                                                                                                            MD5:7C3860FFBB2E3DF660F4762E02A28A4E
                                                                                                                                                                                                                                                                                            SHA1:9A689135294896040420EAD4E5A05038D0CE8CBC
                                                                                                                                                                                                                                                                                            SHA-256:803B8B5AA4151030221B3C3F71A645DA6241938421E49901444A79E5CCA75FA8
                                                                                                                                                                                                                                                                                            SHA-512:393E4077221420B1A1D73CB1D89AD264B65E36DDE03271959699260E8305FF8715AB1A7535C356F2BF961F316CCB1EF1FF6E13DA1708E7B53A9B6E12AD7066D0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview: wxWindows Library Licence, Version 3.1.. ======================================....Copyright (c) 1998-2005 Julian Smart, Robert Roebling et al....Everyone is permitted to copy and distribute verbatim copies..of this licence document, but changing it is not allowed..... WXWINDOWS LIBRARY LICENCE.. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION....This library is free software; you can redistribute it and/or modify it..under the terms of the GNU Library General Public Licence as published by..the Free Software Foundation; either version 2 of the Licence, or (at your..option) any later version.....This library is distributed in the hope that it will be useful, but WITHOUT..ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or..FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public..Licence for more details.....You should have received a copy of the GNU Library General Public Licence..along wit

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2466
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1239
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.803295579687392
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:lQ6bR4Q5y5OmlTEFqXSnfXYOt6lHtjRBoCXakfC1Bp/d4C/2wPTbd1LA3n:l9bR4Q5yDlNXKVuNjRBoCXN6/dbLZ1L8
                                                                                                                                                                                                                                                                                            MD5:74651406853D3D05920D3BE5F4DF94C0
                                                                                                                                                                                                                                                                                            SHA1:5F9E880696201CC1E80FEB205A60DEC98B8F987C
                                                                                                                                                                                                                                                                                            SHA-256:1A72FEA7B40C2E82BA82F31884909D88E0EA74B593F17CA43536B3CE276F27D3
                                                                                                                                                                                                                                                                                            SHA-512:EBBDA7A286BA6D0763389330677573214139C117C5E21DF74E49F21383D540BEAD8CB65301FC237700242EA60E292CF058C96FB4022729A68EBBB15AD46921B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...........l..........(R..B.<X.@....z.......u..X....O....*.zi.8ql>.d8..]._.....E..:......~.....fXo....|.k....:.>..hhnE...."....z.@...oNWDz...p.!.S....1aO;....q.X'..C.M.|.q.q.#..!....2^i....5.#.'..%....-......04...D..7.{.).}.#.|Y...q..m..@..Q..q....u.a.g.:..{...y..R........_&@.d..:.V.1.W..k.:...$=...)\..8H..W.O....5..?.7#.....q.C;p<.x=.63..)5" .L.....t..w...<|..^..*..E.V.-..#!\0..*.t*...!.yZSe.S....m............a..5..O.....xD=.:..j................j_.D.5T.8Y.y..".H..)..,"f..e.w.>?L.......6']Z..(^.kx....[...]..s9....]h.4....W...d.H^]nQ..K...%%...$...;s#....rN..!...4.f...Y.G.t.^.ZO....y!..h....J..g..;..A.k2.......F..0.S&.c.:.F.ta.Sv4.|......$..`s....n..Gt.#}7...Z.I...j.~.F'h...2....K...I5#7...u...K ).C.Am..hn .......z...........`gx........f.".5..u..2^..=......7.7k"..v.....i.....@6{hj.5Nt.\j...b..iD}..yd.c..T...KY.H.....<v.z.pV..Dh.CZ89L=,..Yr......y...j.qs.MhX..8..&....].I>.A.....3 .KB*.}#{.M.i.Nl...kx...r. ....e......"....4$.....=./

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2070
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.039420272178635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:31D0frKHMHbJpOVRrYJERrYJgqgvePjkm432sWWz32s3E8z3tIHXa:31D0KQ18VRrYJERrYJev+G37z3zpK3a
                                                                                                                                                                                                                                                                                            MD5:A3E6629906286395714E96DC4AC8EDF4
                                                                                                                                                                                                                                                                                            SHA1:E1FAF4917A367E29BE497AFC8CA14BB7B4493EFE
                                                                                                                                                                                                                                                                                            SHA-256:BDD96967D9B60683A91E086651EC03EED0D4BA142B37993111A0B1A608F8A05D
                                                                                                                                                                                                                                                                                            SHA-512:C9BE16142C2D45B9E81B2E33840B58837EABF94B3659CBCE65E18D1501AC85CFA35FA087A467CBD55D633F1DFE370E61ABEDA2ED1E6DB4E8B65826B7C41A4CCB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/**.. ****************************************************************************.. * <P> XML.c - implementation file for basic XML parser written in ANSI C++.. * for portability. It works by using recursion and a node tree for breaking.. * down the elements of an XML document. </P>.. *.. * @version V2.23.. * @author Frank Vanden Berghen.. *.. * BSD license:.. * Copyright (c) 2002, Frank Vanden Berghen.. * All rights reserved... * Redistribution and use in source and binary forms, with or without.. * modification, are permitted provided that the following conditions are met:.. *.. * * Redistributions of source code must retain the above copyright.. * notice, this list of conditions and the following disclaimer... * * Redistributions in binary form must reproduce the above copyright.. * notice, this list of conditions and the following disclaimer in the.. * documentation and/or other materials provided with the distribution... * * Neither the nam

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2070
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1103
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.807900837701113
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:yy27EFCktle869YeqP+QyL6p+GknZ3+XOO6RNRJprav/LOTEVkJrO0Zn:egFCm89Ye0+5Op+fZ3+XOO6VOvTOTEqr
                                                                                                                                                                                                                                                                                            MD5:7514C11A77555F7F1EC3626A99A0C8D0
                                                                                                                                                                                                                                                                                            SHA1:AE7A486B4210D56D96DC4AD56C0D5939186F2D7B
                                                                                                                                                                                                                                                                                            SHA-256:C3F406AA8090EC72AAED3E220A0CE211F586166612E71ACB9768232FB70C658F
                                                                                                                                                                                                                                                                                            SHA-512:E2271B03675EBB3AD7EF144F6933B7D99C61B96C95189A8AAA8BCB70D73834E8E4A36C9390057B9FF1E4595F2A9C269447FDA29111E787FCD4FB99ADFAE20181
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...............`...0.Y"1O0.p....A..."c.?.....mI.^......Qo.y...I.8....,+xp+..&.jF.i...?.Q.!.....g?....?...Ii.,...;...].a....a..._..?...LO..Y.qA.F5...v.f._...y^.w...x........}........Je"9.e.G..J..0...4.....;.k&.x...DPI]...Q..i...._^.od}5...... .'3...P.....!....O...G@m.....D.WG.I.I.....B.bR`..s.:!..L...J.w..../1.5..4...2.4..a/e...M...pS#.....z.B;Q!\rX.E.....X.......k......&....=Zs.K.j.jm.] N../...........j&.}...TT#.9I%.5qK&..c......>..0'HXM....6.n..'N1.4.f#OV..$uz+E.,..M......>.].HM.j..v;...%..f....z.f..f...Qp(.P.kN9...3q...i.q.3_. ..J..R......t.g....~@...@..>.....U.......dZ.M..........K......."....)H..l.C..~.)_..15.o..?e.!{.k.....`.....p..qg.....".K..5..g.....bP. ..p..t\Q.......t.<lN.`...%. 9..!..~."6gu...uh.>....f_<+Kr...e...;ft.]N..W......t4..7.p..}b...D.1...3/.u.......E[.I..I.D..+.D.V|...,p......|z..f.!.....*0......4...aTUX..v.G..jG.SNOj....i!.*#...R.....=X/.GC......O.....}....\.4.Bi.Nd.L...@....p....B.s../....A..tr..w.....\.YvM..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2276
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2877240270854875
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:adHmZ6MOOrfJwrfJzkB432sVoR32s3EiP3tQHbH+yCpXNygHKzZ:anVOrfJwrfJzku3S3zVSiyCpXT6Z
                                                                                                                                                                                                                                                                                            MD5:06CDEE91812DDFAF4CF3916F7A5309C4
                                                                                                                                                                                                                                                                                            SHA1:00397115D379F863279D13E823D33ED9C8B51BE4
                                                                                                                                                                                                                                                                                            SHA-256:7A9555C822ED30FCBF6832004EDAC893BA10BBCDB8E12D9A3662DDF1B52BD6E7
                                                                                                                                                                                                                                                                                            SHA-512:CF22A889618B15FD40DD82809C2C8F5003FD40236798D8738FD3C56CF0F27B52E4157F834E5339BF12388DEDB96EAB1DC3E9D01968E1A4AA155E60CEA9C96694
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:xxHash Library..Copyright (c) 2012-2020 Yann Collet..All rights reserved.....BSD 2-Clause License (https://www.opensource.org/licenses/bsd-license.php)....Redistribution and use in source and binary forms, with or without modification,..are permitted provided that the following conditions are met:....* Redistributions of source code must retain the above copyright notice, this.. list of conditions and the following disclaimer.....* Redistributions in binary form must reproduce the above copyright notice, this.. list of conditions and the following disclaimer in the documentation and/or.. other materials provided with the distribution.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE..DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR..ANY DIRECT, INDIRECT, INCIDENTAL, SPE

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2276
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1270
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8266736976063385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:lCEkVKCFImDaqPKH8S8LVKp4lDgdO1JQXsOM9tb0XWumFa6SBngo17Ffyn:3PElPKcS8xcjdO1JtOM910HmE1Bgo17+
                                                                                                                                                                                                                                                                                            MD5:EB7AA60DA8D6DAF96892D9E97D654BDE
                                                                                                                                                                                                                                                                                            SHA1:69A381785874BE5A47B56B612EFFA14C0E70348A
                                                                                                                                                                                                                                                                                            SHA-256:0CD70FF8649144B8527DAB9F3D79B122492AAD85D3115FE9757385747D41466C
                                                                                                                                                                                                                                                                                            SHA-512:EA3D7A6042F4D26FBE31FFC12BF03DB6FD780642648A2AA1596066014B087CAF96DF2712847F54463DB2F1124DD079E350B9CE8EE4E83C98BE29C0F3DEEF11AC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........<a..s3.j..u.:.p.).&M..`.Ck.Y..7.].A......!.hYH.n...5.q.Q]......f".F8.....=.1<.<.8D.d.'.=....~...0$Tq.`.P....,.@......X...Y.<........|v.]U.]^:..Cwj./B.m..a..../P.x....I..>.?..j.,ZB.O..<....,.tEb).,V.o&..Nn..F.L.cK..].-.]....'gO.C....v.......o....f.4..x..E...;.)..L}..2...Wnv.u....._....j&W...n..d.......&..n.Qxp.L.w..e-[...qD..Y..).=...'..6...Am.b.u'$nTu...x...^.%...../g.i..."....^.e..D..xw.M..I.Y....A...'...b%h.........&&N.4.1....e...S.h.5~..9..cC..^%[A... N"..0.%...N.y.L{\.1.u..<..V=....C..j.V..y...J.u.$[.w./.m...F.}....\..tG.]..T.Yb)..&.p'.ec.LO..V....x.@J2..k...2R~.d.3De...........i......a..&M..t.N_.Zcw.2....u|.Ky...z.....`$d.\=..........d..!....y...#..D$*..'.-.N.CH@Nk>eb.=U.B.R.aQ.....l\;(UG.|.M...w.Q9^...W..~.F....C./...R...x.,T...1..)...$.!(.....m...!..24.:......<G.kua.......e...d.15V..b@6..%/..+Z...@R..R....U@.i.gM..>LB).U..).H;..J..V....Y(.0.=0p.{Z..........{..T..E..l...h..y..0u.4....g....z.TL.-...g_u.y.....X6.R]Gl.<.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1519
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.187635019028982
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:U3UnemvobbOOrPFTVJyFTzc6pGBTPC9B432sVvEOkDs89ROg32s3yxiTftr8A3t/:SOOrPJ2JzHiPQB432sVoR32s3EiP3tQS
                                                                                                                                                                                                                                                                                            MD5:4BF27A810F9A1F9E7C76B029B3B457CC
                                                                                                                                                                                                                                                                                            SHA1:8EDFF1174E110DE6AEC218A8D9AC56DBEA27A1E9
                                                                                                                                                                                                                                                                                            SHA-256:1E5A5EAE04B378D12F93A3ACF56DFDCAC7005BDD67FE22D71C855F4E994E9928
                                                                                                                                                                                                                                                                                            SHA-512:D818FE6F1905F46445FDBED9EA63751441FDD69651AC532AAE946181FC28DA8D2AAC98146FB507D3DF9720B24DCD2F05A20735F32E113503253FD85DEFA2870E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (c) 2007-2016. The YARA Authors. All Rights Reserved.....Redistribution and use in source and binary forms, with or without modification,..are permitted provided that the following conditions are met:....1. Redistributions of source code must retain the above copyright notice, this..list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright notice,..this list of conditions and the following disclaimer in the documentation and/or..other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its contributors..may be used to endorse or promote products derived from this software without..specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND..ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED..WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE..DISCLAIMED. IN

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1519
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.76068717158091
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:bvx9CW8kyqLiaNXu7CGwF15Knvt88CymX+zCn:bvaoyqLnN1GwF1oa8h2n
                                                                                                                                                                                                                                                                                            MD5:DC7B25376A7166AD4BADD282C7FE87C1
                                                                                                                                                                                                                                                                                            SHA1:30C32DE5889AE0A3131377C9C2A56E6F0F8E6676
                                                                                                                                                                                                                                                                                            SHA-256:CD0814F4933508E4BA13D09B60B0ACB2C20B34B3BDC2B349A40231A8170BD001
                                                                                                                                                                                                                                                                                            SHA-512:85F899680C8F1DA28754A459E120F37D88A82FEA22DB3E319F3A6C2ADD288BA87696C4E31F281A11ED800E8EB9A3397CCBF23D9E62239CC16377341D391C17B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....}.%..}..]r)N..G.9.W...(...<.....0B.9.....f{....K9f.I....t.N.`...)>V...r)k.F0.>{X..$.f..H...MI....(.~.x.-.d.....Z........B.$'.~.a..L......{...Yy<..q...n...l...t_'.I7S....o.o...\.\...Em.%q... .\D.....%..yQj*Z.0..R?h./.jP.1Unk.bGk.....t..+F.wb0.....[.........,.yc,.#......5.+.m.4....8...-.sS.P.......$...)`..d..(P........#$..od8.......<@Z.a.+..w........"..u.h.......w..:f.E.#....V.F./Y.it.. M.,....9.s9.F@.....p.h..1A.~.W.c7...'....$y..;E....aY.R.A.........C...<t$rM..+.}[.Y....(..i....4.[.u]{......(...........7+....[........b6..b....HN5.l.PWb..>5....X.n..jB..&..b.g$...Q......S.Y...._.h.wn....~.M........T.sF.....98Z..G>h..;wS......:0...YIP..q..}...f....}..]..*Ak..W..L0.\Y.f.".1VS..7.v;.{....a./....c...\...Fv..xhY.M1....+@H.+;..Q_.....#.h.....~OH..gIZ...)..3...G...I...VAh..{=..E0..#~M*v..qH.ASWiSTRU...d..yara.txtV.0{...h..|.B..o.....k.......`#..,.\.^.hW.-Lb..7.x..h.EQcO.}ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):982
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.552277493291723
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Ngx475SWsEZ9iWfTKh7FP96yPX0bUEDEGUAH2iQYkFMVFnFRp5GHZBMeTx/OEMxr:GxkMosv8xAbAHdQN2Tp5GHvdDSY8PJh
                                                                                                                                                                                                                                                                                            MD5:8041053262BC492837749777C930A791
                                                                                                                                                                                                                                                                                            SHA1:E8CBE20136C6D1627D40932DC4398D2053BE5228
                                                                                                                                                                                                                                                                                            SHA-256:D988D5362EA432D8C8AD9F05AF876BA9409EB1EBAD8C34B899FC9CC8C7EA5311
                                                                                                                                                                                                                                                                                            SHA-512:0F321A821B1AB36A5E60A5D5E94DC26564A2CB03347B54279B5530F7B50AB3105D537637F338553DFC4EF800D28BE103AB0CA50F77DA3B4627FB6D7C558BD3EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:Copyright (C) 1995-2016 Jean-loup Gailly and Mark Adler....This software is provided 'as-is', without any express or implied..warranty. In no event will the authors be held liable for any damages..arising from the use of this software.....Permission is granted to anyone to use this software for any purpose,..including commercial applications, and to alter it and redistribute it..freely, subject to the following restrictions:....1. The origin of this software must not be misrepresented; you must not.. claim that you wrote the original software. If you use this software.. in a product, an acknowledgment in the product documentation would be.. appreciated but is not required...2. Altered source versions must be plainly marked as such, and must not be.. misrepresented as being the original software...3. This notice may not be removed or altered from any source distribution.....Jean-loup Gailly Mark Adler..jloup@gzip.org madler@alumni.caltech.edu..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 982
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):685
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.6812378634480565
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Z8gXqx+UWuG3lXm0ifnANPiuwe2RTx7zeWCLcCDboHqB7p6JCyJz2jzISn:Z8Bxyua8vnANVwe237CWCLc1W6rzgZn
                                                                                                                                                                                                                                                                                            MD5:889A3A461D6BF876DCAA9F79357D05E9
                                                                                                                                                                                                                                                                                            SHA1:60203C10122DAE2F9E81693C71E215741B71BA9B
                                                                                                                                                                                                                                                                                            SHA-256:635551824EA32D75C9A91CD4B718C2249616AD1B2C482A227C1EF141B0878DD8
                                                                                                                                                                                                                                                                                            SHA-512:ECBAA107D19B360BB3ED756C496E8830D43163C8D714E7544B3F8F63AB83031F4FCCB912A32DA80D967466BDCD6E194A1B3B66A9A0A9481CEBE56CAA1806223E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........!....w.f....p/]..m6P....+....k.K..Z.&.T.<...-"6.gf........-....v....Tb..aS0..9.c..Y. xh.=9..a..\.f.If,hc.....u.Ma.n.%~*.(.H.D.......Np...}.?<..............;.J...........:.b0.^ef.X+..........\.$...B....Y}.....Y....e.0.."f.T.W!:.Z&..D..~.uVB.6Vfb..RT(U~....4a.....1.).P.F.!_........_E..U....y..W,.w8.g(.........D.kW.w|..D6....s..R.g....K..P..N.|1iCL2..._....p..Y.;..)..!P....Y....w wuh".x...o....`xN2%..&.i-.......%.ajb1qV.`'zL!._..&....`KGK2.F..|...>G.......%g^(...[.........wTsW.J/\..<.x^..m...bq.K.$....].v..._. z#R......%..........=..S.ASWiSTRU...d..zlib.txt.~BV....&..Q...!.Y..`.7.IG..V.MA.f.<e+B.\?....O.c...p=..!....ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10856384
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.478730129709163
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:Tt/4+wgQTQ4YW5xuxOG9eyIfJ3q2LTBTtBkLRloOoH:TtBIFF5AxOG9ey+J3qVa7H
                                                                                                                                                                                                                                                                                            MD5:D194FB1EC36F1A2D3D73074E3818C3D4
                                                                                                                                                                                                                                                                                            SHA1:4711140FF84712120A1D1D676A88E9B068998E3D
                                                                                                                                                                                                                                                                                            SHA-256:A26BC8A3A7CE022CAFB6500B68BCEA5F21BD154ECD921AADD21DA0DC020398CB
                                                                                                                                                                                                                                                                                            SHA-512:311F77DA8A63B363483A26D8DC32FCC10AF17D415A5B98E410451853D2D1098E167CAA391EE41ED1B78D8A9F31657B62DACAB2391941C5CF2082CE68CD1E9CAA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$..........6...e...e...e..ce..e#..d...e^..e...e^..d..e^..d...e^..d..e`..d..e8..d...e)..d...e^..d..e...d..e)..d...e)..d...e...d..e...d...e...d...e)..d..e...e..e...d..e...d...e...e...e..ge...e...d...eRich...e................PE..d.....$e.........."....$.\j...;......ZN........@.........................................`.................................................\................@...X..H~..x)......x....0|......................1|.(.....o.@............pj..O..h........................text....Zj......\j................. ..`.rdata..<u"..pj..v"..`j.............@..@.data....H.......,.................@....pdata...X...@...Z..................@..@.didat..H............\..............@....rsrc................`..............@..@.reloc..x............f..............@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 10856384
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2961547
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999937001664216
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:3F1crmW/RGoo7/zLgJSYgD3XvM6SujZeSRJKp23sA6Dpqa2pm7KVd1AxRo5nL5yg:V1Mmhoo770JvgDH/jZxRN8AHDpmWV3AU
                                                                                                                                                                                                                                                                                            MD5:07BD331DFD7783A48CB067995B5139B9
                                                                                                                                                                                                                                                                                            SHA1:D817537C5F876F09CE4AEF3BD7FF84718B5BCB07
                                                                                                                                                                                                                                                                                            SHA-256:8F39C6A21F44879AB38EE78FF5460314835D74A15E2C5EE568A4B8CEA166A145
                                                                                                                                                                                                                                                                                            SHA-512:F01EF758D9704798F913410E51E9C12A677DEF01AB9743A8174BB3937BD776DFAD0363F144048C3AE42FC64CB1988A3EF5D03939A7B3B3E92D7BE50BBC632413
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:].............&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.|....C.7.B.t.B8..._..&.4:)....*..#{/!..+[..B.(.....B..vhf.4....w..;D.2d..V.H..n....q.`l.2.N..?..xO}.y.2.e._.G....<..k.I.......q.?Dz....SoT..@Nx,.S....E9`x.....Y?.\.^...A..n.}.)Pc.KE.1sf.....4[."j...<.....oOj...@.B.........3.B..9T....B..X\&oW.....R.......+.........~D..|b.K@........J.....H..S..DO...U.......,.B.q CL...pY4...7.U........'.aC..%xo....B...`]..>..{....._..%......:.?.\......f.....&2..,..I..~.T..e-W.~.W.u._........j.j...>:.Y...)h....|)....h./R.@..]..YC...z.D...).S^.6...j.;....`.AMwJ..0.w.iS]r..<.FtA..?..e...|.=.D..`.`..r.7H.h.,.P*.z.&..K.<..x..yMie... Db.xI.%L.0..u@.i....+....y$ ...1.....".....<....v..j..2...... ..Sh@S..R.9eo#...^....^........]Y.k...nUH...e..Y......@H.N....Q/kG.t. :.....,I...M.2T7a......{...\E J.&..~&........8.n..Ff.az.}!...Y.p.....'..&?...R.....Oj)...X...aBo..P....@..U.|..2.\..rH.[....&.G.e...O.3e..P.>....tb=z...+U..Q..A....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3405240
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.470793573109207
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:G361CRrmB0vORXuPEoU0HFRgJ84vHvDmZyTcCaJMh6/NE:pBzXuJHl
                                                                                                                                                                                                                                                                                            MD5:3E2386D116230EEC4E3B50C770E9F31F
                                                                                                                                                                                                                                                                                            SHA1:C41AF5A359E8C2056535FBC74B2A589336D1C8F8
                                                                                                                                                                                                                                                                                            SHA-256:52DDB9085F129DDF9BA68B0CE54ADC48ED26ACE046E7E2E8D0AFA1A84AB92DB5
                                                                                                                                                                                                                                                                                            SHA-512:45ACE8BB390D231B400BBABF8C42E347617D306B40F475405D399F04CCEFCEC4EE30C9EB72E343E58B387AE0C8697E893B2609735C5E7EDD42E808E8EC32F41E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......>.Drz.*!z.*!z.*!...!y.*!... p.*!..) ~.*!..+ r.*!../ I.*!..) x.*!... x.*!s.!n.*!,.+ ~.*!n.+ x.*!../ {.*!z.*!|.*!,./ .*!... {.*!..+ m.*!z.+!..*!n.# ..*!n.* {.*!n..!{.*!z..!x.*!n.( {.*!Richz.*!........PE..d.....$e.........."....$.....J................@.............................04.....X.4...`.........................................p.).....X.).......2...... 1.H...H.3.p)....3..j..(.$.......................$.(....|!.@................"....).`....................text............................... ..`.rdata..@...........................@..@.data....s....*..D....*.............@....pdata..H.... 1.......0.............@..@.didat..X.....2......n2.............@....rsrc.........2......r2.............@..@.reloc...j....3..l...`3.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3405240
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):849502
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999810310395167
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:/h3jMKPRWKxAfuYkA1nuhmgSwd4kh6yAQCxioz4:/hTMEvxAfV5MhmgSw+khXAQ/G4
                                                                                                                                                                                                                                                                                            MD5:924786D7FDF10101D9052EBD9E703FBA
                                                                                                                                                                                                                                                                                            SHA1:F2F7104F7B00B3BAA6EF811E9538969946DB1B47
                                                                                                                                                                                                                                                                                            SHA-256:29C71610B19EE1C3B1402E78F5B3513C0BDC4F7BCADF3CE9E887C141FBFBC3DA
                                                                                                                                                                                                                                                                                            SHA-512:60751131120F58C5B40DCAAA2F10FB7A60987E0CA19330FBBD063E5196F3EB2DA3A3BADB902B07E4A3788217D909A83E73FC9A3277BFF777BE37BA90F4FC0002
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...3......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV...#.F.y.@.;6..c...!.?|?....>..........v.....\..7x.[.X|;....N...E].}...7M....)..t...../ .A<.O%n..%d.....O..k./C..ZN...V.E......M...#..1."...*r.1.._.5=:...../%J.9..F#^..v...c....Y...~9;9'i..o..j../.{$:..m.IBp.$#....l.G.)...J..J...'..z...=.%..r..*....Kv.....U....*X.$Z.........P...^._...>&...j_.cc.U.."...ek}.Y.78..J.`.............y..G...%.=..._..m'.`..Lk..Q......a.b.^.w'...*"...ei....6r..ZX^.n.....H*.(...W<a.Z;N.....'.".S..,.P..-...Gp.E....R..:.......Jx.......KW..#..Ua..35[...?7...c.R.3L5.....BJ+.2..t&A....q...v ?.rW..~....@......Lu.3CE.UEE.E.ZN...y...G/v..}.#y?.^...+..^....,.....V.....qj=E.G.->W..m.C..M..4.........j...Tfz.K....~....3j.).h.o....H.f....s"|..#.E.R...W....R.Do[.....O....xH.I...9.."b..a....6.#45...].v.Sq/"..(.=g.x..S^?......Q@...@...s..i..K ^.j.s....:.g.F.e.].kH..a.(....>$E.&...@.Oz9........x..J..Py..T}..c}..Q+....../F5...G.y.y,..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3192760
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.472872966079275
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:5CAvQEjGFFU2AW5cgnWx0oB4D8thFuA+07yTcN0ESme1BU:Tx2cWdoBIU
                                                                                                                                                                                                                                                                                            MD5:9E35E7DA080B13984FA95EB1023BF608
                                                                                                                                                                                                                                                                                            SHA1:A8C7B6D1D4F4C969205AA999CF4194995676EBB7
                                                                                                                                                                                                                                                                                            SHA-256:D32E8E5997F494DB4EC2247B6FCE7AE9F02A6D46AA6C8DD3D61E3854FC11A605
                                                                                                                                                                                                                                                                                            SHA-512:975E14AEE60E151DBA57BE83D34AB132D5B0487ED305D3499A2CA76DEEC44A58F5C3C0AB03C48623C029538ACA1F1DCA66529174FC68A37486FDEF70F28426FE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$........=..\.\.\.."...\..".\..".\..".\..".\.q..\.q..\..).\.#.\.$p..\.`).\.\.\..).\.`).\.q..\.\.[.#.B\.#.\.#...\.\t..\.#.\.Rich.\.........................PE..d...".$e.........."....$.....6.................@..............................1.....SF1...`..........................................>&......>&......p/.........T_..H.0.p)....0..h..Hn!......................o!.(.......@...............H0...9&.@....................text............................... ..`.rdata..............................@..@.data....v....'..F...b'.............@....pdata..T_.......`....-.............@..@.didat.......`/......./.............@....rsrc........p/......./.............@..@.reloc...h....0..j...$0.............@..B................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3192760
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):809519
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999804844087394
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:jnEIkrnLpqEjljZO4b7EB554LBVUmnXuH/HBNz0zccHit40bXAyZZfB7fBPpbWij:jnEIiUyVZqBj64qAXwzJHi+0bXAQzqxG
                                                                                                                                                                                                                                                                                            MD5:FE5BAF9F4CF1D137BA9A05713D4AE733
                                                                                                                                                                                                                                                                                            SHA1:2A9D088EEB9B6A7BD43BACE797F40C49BF2A85DC
                                                                                                                                                                                                                                                                                            SHA-256:1F646E77B98B83705271F6E12C6965CFA14FA789BE14D930FBA30A148AB99604
                                                                                                                                                                                                                                                                                            SHA-512:E679AC7089F8556FECA87AB7D2714555CA17365B0D6E3D63D41B9296EEEF20F1B1059442CD8D54A51A90D5FFC2CF36DF149B274FEE4DF6AE12252B4C47DE1CED
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...0......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg.B+..?.<.D4...-..H.8..|.g7...@c./..*>.....)..z7O.,.T.Z4...%.?.m..8...`H._.P.+c...;(....L..;........B...?.....$..R ..E.3..N....N?<Z.lcN.%.=.x.)...Zj.Wv.....9.i.l....i...J..v4X......!...Q...y...%y.....+t.7n&...u....F..7.]r....r....K....o.E..V..........}.........\..t .....Y%.,...q.9.E.M..J%l...7`-S+P2...1..A.K%...%.=-..F...s,..c...=)..i.[. ..0..M..TPU.n<D.....,90.:>2.%....#.FO...}..{v...W.......+<...-....C.ZM..2r9......_.;R!..u....K.j..O.T..(...PJ_.}.'T7r.....m..4..5..c.p.RP.....)\.@."[WQ.....e......8U.N.....1.t...?.j..T..dE.'W..U...[.........ZL~....1...:".f.....m.2.j..6....<.?B.....n...`..5C..3...\.x^.]t..,..B<..P.*.....P.u..,.UDPG....1z..'......J..Y...r:.6.!p.#thP.w/.4......1..3Nt%..r..D|.m..[Vz.p...x.......?.Au5.m$$$`Y.f&..-.3.u#:B;./.l..I.~....%.....25. .ox.m4I......pq.p.......ST.h......J..[D.]..!..G'./.h....K%~..._^j :..4.(.(.!......].ubB......7..pt.\

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3363256
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.587306692815455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:jCXdTQ0oQz8e3KjnHgsCIHC47gJ84v5J+BTcNy0dS+sTua4XJIV4LJIV49GXF:SXmeITHvTCoOoPXF
                                                                                                                                                                                                                                                                                            MD5:5113FE55CA8F04DA822CAB1229C7DE28
                                                                                                                                                                                                                                                                                            SHA1:E891E702115F29AE9BFDADAB3C9A2F373F11A989
                                                                                                                                                                                                                                                                                            SHA-256:5088FB0258865B86C9B7DAF802CDC8F4EDE0D96A827BC3F7D872A9DEE4E54C71
                                                                                                                                                                                                                                                                                            SHA-512:AEC839B849292BF72A25AD86847FAF93DE44D7DE42EF6E65B8C7058B24C3CF4AECB2FD7A065C6BA46A2D26502CFC76FF8C949457C5581E44F056B7F667910D2E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........[.k.:.8.:.8.:.8DD}8.:.8DD.9.:.8DD.9.:.8DD.9.:.8DD.9.:.83H.9.:.83H.9.:.8.B.8.:.8"O.9.:.8.E.9.:.8.O.9.:.8.O.9.:.8"O.9.:.83H.9.:.8.:.8-?.8.E.90:.8.E.9.:.8.E.8.:.8.:.8.:.8.E.9.:.8Rich.:.8........................PE..d.....$e.........."....$.....x.................@..............................3......'4...`..........................................N&......O&.0....0/.......-.._..H(3.p)...03..b..(.!.......................!.(.......@................'...I&.`....................text.............................. ..`.rdata..............................@..@.data....`...P'..>...2'.............@....pdata..._....-..`...p-.............@..@.didat..0.... /.....................@....rsrc........0/.....................@..@.reloc...b...03..d....2.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3363256
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):906436
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9997468574937765
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:VX6AJjFiBkgcBiqFUMJ1AqSHcnePyWZpEq4s:VXLjIBkpBRlJ1AqSHhLpE+
                                                                                                                                                                                                                                                                                            MD5:4B56A5DA20200F1AA99EB4E78174960C
                                                                                                                                                                                                                                                                                            SHA1:B42AD99D7896A33FE4C3CCE460EA5611D155890E
                                                                                                                                                                                                                                                                                            SHA-256:4633721132969AB07C61C43008FA4E0B73AA08CB4AE5EE6D90458E5882FD220C
                                                                                                                                                                                                                                                                                            SHA-512:C04BF3135ABC9860EF9023330154C9D786200FD3FE6912899C4D3B84B42E1A7C1AFABB27480CC819676FC6B5F76FF38F4E784299175E99902CC0D9FF588D88A1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..Q3......&..p.........../D.|......e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg.)w.e.;Q5S.....M..?l;.C@......!.Eg[..~.B.^M..+.....R.0..Y!5......5...s_*.....@4_.....U..h.@.Y......Is.pK.r8.u..z\,NZwa.6o..(4%~.Wy.&F.@!!z...m.s.?_..N.$....8q..[,_&Y.A....'[$.......t^.... $\=..\D.f.m.....}kr.%..=..l...1...f.....I..Z.7*.....oG..N...2..:..<..jo...-........i.V.TP...\D"........Om.;d.5G..S>..j(.P....h..tmd.,K5d..O]+.........J.."...X...o....e...&..`..3.q.4..%8B{F+c...0<.`t...b).H!}.P...2.e..?`d...`a...<._..Du...z<...~..r.3..1.~a...c..D_Q.E.G.z......".....i.y............?C..nK..&^rV.U.S..].+..j.......]X=.w....b...].D.m..+l.C,...Z...^....e.S......~..G.E......+..6..9Yp!.o.8.._..:....tE..."..Xv....-..{\C.dT....14.7........j2F.Yn.....]..-....q.q.U..8..R.....h..u.).`....e#Ra..,..7......m..C..q|CQ.+...<.y.....s$2.... A._....<i&.{...Z!.R.J.I...rd2....3GA.rt.P.... .*.3.Y..20.v.....2+...YH....~..u........l.....P....tn...C*..L`.q.!.....T=....Gb.5...w>

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):128952
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.155552056864603
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:3y2kRhImKsbZ1M/mu+DNdt9Nd39Ndt9NdtLjqoJSu6rspBoSijUz5:3yxLKkX8eqoJSuPpBoSc
                                                                                                                                                                                                                                                                                            MD5:C7976445AAE38AE295158DCFDE8F04F2
                                                                                                                                                                                                                                                                                            SHA1:62C9421261C3FC03EE9DAC5C78C1638E471CA1D5
                                                                                                                                                                                                                                                                                            SHA-256:4B41024C27A42F4191326526DC82F0B00C54A4F29E6E53571B3335A3572FD63C
                                                                                                                                                                                                                                                                                            SHA-512:4A141D23943DF2230917C0EBF90E36473D8B69656172DA127163E9E2C9F68FE64C8258BB8DFA9781F676B7BF79EA26829B2F1A3C6F4BA800094E2C145A10A507
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........<._.R._.R._.R.....^.R...Q.[.R...V.V.R...W.B.R...S.W.R...W.^.R.V...O.R.K.S.].R...S.P.R._.S.:.R.K.[.z.R.K.R.^.R.K...^.R._..].R.K.P.^.R.Rich_.R.................PE..d.....$e.........." ...$.....................................................0............`A........................................`...T...........................H...p)... .......f.......................g..(....e..@............0...............................text............................... ..`.rdata.......0......................@..@.data...@...........................@....pdata..............................@..@.aswRegi............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 128952
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53086
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996788542551828
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:iN6MfA7spnSa6wXOqsQbi+17e0UTBtG8GBNvDSGlNLoDlR7NsRDllei5/pWoXUqZ:g6twnx+OG+oPsDvlAldNsRDzn/IoXLXJ
                                                                                                                                                                                                                                                                                            MD5:5A7AFA51A1333E27266DA16A403FECCB
                                                                                                                                                                                                                                                                                            SHA1:DBEF83709658D175F60E59B2F3F7A809CA5D3A04
                                                                                                                                                                                                                                                                                            SHA-256:8EE6B11C265CF3A043AF172B821227AF1BD7C52077FE5C7CEE931227F401F1E4
                                                                                                                                                                                                                                                                                            SHA-512:64D56836F0869E7BF62FB0B6A6EE7128E6EA9FE2D7C5CEC3FCF5024334C65CDA1D10DF981C333D7D4B8B5FB2839880E2F3D293462493C72B2F75A578EBB74D4F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....|8..[.p......m.Uo.d...\......8?,......'.@o....-................I.....[S&.:.../..%...d&....L;'.`...|.CmBf3g...d_#...*.H..v....^.1W..'Q..+.C.n.=.}..O.V.......8....7.M,.!..4Z...x...Koe.*:..W.O:...~U+.Ru...p.bn(e....Q....}.......$}..f..T.?.5.O.=.Q..u..m5..]..$.S^....#./....n..q.1....0..<.#......TiW._..!Q...$...B.E.y.A.1.Zf.1.%.B..K.:f..._..E.>+N...;%>.8.@..2l].z.s/.rrj......(..0..~.......qL:.]d,...&.X.:.....m..._...n=.p5.*....u.,.@9...d...)s].../...5.d,.H......=X4.99.f.].W.*.GV0..p..J....D@8..T......O/...z%..k.....$.p.....z7....qQ.5og..0..._..at......N..?t...Y..)..+.SW8..I..."h1..L=1AC..E.n..U$.*......U...>..Wr`.q.A1.........).......f......P ...0(..Y..qy.....^.Y..^...U..C.D.$.&Q.j...`F....'...@..y#qG.>.....J1..b.....K.i......`X(x.^w._%..=*.s).bd..@.j.K.>.$..K....}Z.S..8.XU....rU.&....i...Bu.K?R...l~.......W..........`... o.....h..|.C..Mc......Y...C

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):209856
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.350528927944843
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:mak5kT4ksExHzx/okraCUdohJpTMqYid:makST4kssHdVT8old1d
                                                                                                                                                                                                                                                                                            MD5:B702BAB807290757B219BEB5E9209807
                                                                                                                                                                                                                                                                                            SHA1:69C933FC0A616D44B21F300092924F3090EDD015
                                                                                                                                                                                                                                                                                            SHA-256:D8845D5E04EB3ED64CA4090CD30F582313BB23A43004ADBBFD7F7153A3FBCC7E
                                                                                                                                                                                                                                                                                            SHA-512:DAE269166CCFB91ABCC1492560C86FBFF1D9606605091842B2B1C444CDCCA7E8D14F0B48C46E9656A459E538E79266F891836F262E5ABF7B0138C0AE92917024
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7zC.Y)C.Y)C.Y)..Z(I.Y)..\(..Y)..](W.Y).](S.Y).Z(I.Y).\(..Y)..X(E.Y)J..)@.Y)C.X)..Y)..\(B.Y)W.P(H.Y)W..)B.Y)C..)A.Y)W.[(B.Y)RichC.Y)................PE..d...|.$e.........."....$.....d.......T.........@.............................`.......x....`.....................................................d....@..........d...H...x)...P..................................(...@...@............... ............................text.............................. ..`.rdata..............................@..@.data....'..........................@....pdata..d...........................@..@_RDATA..\....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 209856
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96242
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998121171375881
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:ny8RkC47kCqCNX00zvIUABQB1gZlGyp+dblcq/UXX846psjdWwokdfd635LpnqN8:yzLqCU548Cbf8n8RpsjJo7JdnB
                                                                                                                                                                                                                                                                                            MD5:82566060BFD73BD782E1828FD6AC43A6
                                                                                                                                                                                                                                                                                            SHA1:9D869B62B998C1B0654960FA8C91ED0A4B34E9B1
                                                                                                                                                                                                                                                                                            SHA-256:1E58448257D4A304FA66C2C93D21476BAED472791D7F71B4013F141D7A4F0636
                                                                                                                                                                                                                                                                                            SHA-512:7732C1DDFC7780EC9E6669213B5A736C1269DCB4653E393348396FFA002FA19A10FF1F83BC45E9DF29F09F9B88FD44EA9383E470DBAA1135F1CE8C7F1F61C5A2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..3.......&..p.........../D.|.........Dv..........z...K.x..q.....W<[..I;.N..T...s......~...Ox.m.[.6.)...&.m'.......W...W.)..z..l.!...H... .............a.V..L........Dg...-.4s.....BP...W.......5w\;$j.3.t.q...-.}7.R..m.-_.^}:.t....,6........k.,..A...>.....".....$N.....@...i...&.9..P..J.....1.&6..i...#z.lo.FAm[..(l.....83.*.`L.G..l..9o.z7J..{?Ry.@............0.$....cT..._.X...@wTW..>..2F....,R.)..t.@x&!=...1.....C0SZ..?p..N..6......N...1..N......1b|[.B/...|.`.m..B/0..-......;.M...!..d.U.*w.AX..&8f.=#`.....<H..W......?k..b..o...I.v..h|,.Fa..>.....'...._\....-e..)......)"|.......el.NJD.t...X.\.o.lS..Q../.... .......a.c.O.d.,r:...s3X.+j.~2).-.."...~.......3/..P?aob).j.$t/...|>...m}...s.H|*.4...V.f....q..<...4....v5o.v.......G.!..*X2...K....{....~...V*/5....A1.1....:HrM.a0H..4X..'..l.j..K...].....u`...8..t ...d.X..^xK,....|.).&&.H1;........u.&...B.................g..(w...;..rig.._.q\.#.s.{).|Dk.|..33.G.'...WU..S..b[....!..(.0.).,....U6U....z

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):662542
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.979329958318988
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:uxf4fCa15wBOQvPEDMAK+ywEJUVWoCQvOGZj4+vPnenTpHjoj716T:Qf4fCgqBHPml3zTVOQWG5V3neTtjNT
                                                                                                                                                                                                                                                                                            MD5:EAD968E4266725709FC170EBD749F760
                                                                                                                                                                                                                                                                                            SHA1:BF99C488BEACEFF8ECF7734BF1A9FB481D3EC434
                                                                                                                                                                                                                                                                                            SHA-256:5F0799AA26C5EE902F26875C02BF0CA3CC884E0A2722DFAD89624659E03C4B9C
                                                                                                                                                                                                                                                                                            SHA-512:CFA46409BF381E4C52E35C9F2369B9B4F377EC68C62609829992B9BD46E440C66643A8B457A98834336D1CE3C7828FBEB9C2CCB4B9DDFB75AD2B74D77702DF6F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx...i.n.q..e}..w...z..Fc!.&!p.w..!..4.R...G.....G....^.......;...aQ.H.LRC.. @C.........@..@o.._w..._.T..u..dfe}.}..d.}.9u.2....2.......g#..c.....-.<8.\V+..O'....X...,q..cY...W...W.w..$.g.....a..z....6...yS.v;...T\...........O*. =/.;+..x*[.i.#....%#..W./M..kd;X.4.r.....%NHe.1d..y.WzL.....Jo.......F.YN.zV..<..2....f.G...~........g#...v..Nyg...N...f.5..M.:.....8..a..7.fC..|..@.X.x.Z.X.Z4[8...."..=O.c..o!Z.`............x....(...s#.g.u.Tg....>.....y...a...F..k..../..Z.{.K.. ...`.#...[..&.2L.Q..bF... ...i...|e.......H.8.&.4H.s.a.=|......o..}.... .y.d.....OK.h.M..yo.....#.</q.>#1..4.B.x..G..z$...U..Do{........h}..X!..TU>.2.....Q..WaC..Md........qg.{<....Q..8.....Z.^.(..d.G.....R.I...r.r.X....,.Z....%=..K..H.....@.{...x.<[s...Z...u.&....k7.u....j....7.....Y.<.T..}.O.{.3.e....v.x....yKw.:.t/.H/.3........./.[..8..V[Z.@...W.... ...z...Kx..n................_*O

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 662542
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):667582
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999700962754988
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:EgMjDiRI02TQvcDh4kPbBeIlUyPxdjq9LZ2LL5jcToKXXDMse1y:3RIWc94WHlJq9LZ2vpczXDPt
                                                                                                                                                                                                                                                                                            MD5:33D455A7DCDD0CAD4EAD32D0001F6E4C
                                                                                                                                                                                                                                                                                            SHA1:11C823B2EF1EF851BE874EE81D546B2F498DE739
                                                                                                                                                                                                                                                                                            SHA-256:594E0694A72D1F125104AB33574855B19509DAB30ADAEFC74444B555388DB348
                                                                                                                                                                                                                                                                                            SHA-512:72D3686AEEFE3EE7D2BE2D066E60D81CCA0D2BB4BE18120C440F216878181F1C592228FE4374F4EC4C2BB4E4F0694C5392757ABA7FA6B3E0CB18DFEF1BB1B095
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........D...z'...P....../.~....%d.. .W$..qF....t....F..m..]....".G...><....QtC......H..=>p...;r.....W26S.....u..Rb.../.."R.y.jiX.hH...z.E.$~....y........P....3.u.0Z'..........L...;<h...\.l....X6..t.....l,... ...jP.p-P.K.KO.|z.O|....$..v5}.....^.\..2=....y.a..;.,.l.?._.l..,.9_.b.`...e...H:..W.../2....!..+V3g..a...A........#.....N..*..t......U@.v6/.@....?a.g..O..>....,...fv...../..2Z..|U.>........)..J..;...y..U.7c.^s..H.......\u)....z...[l+#......&Z(>..|ty.+Ui+)h...y.=..G9.P.h'8UrN.........O.e(c......4..u/...33`.....5.D...$.DD......#*X.7*J.;J.y..VEQQ.>..\r..............%.._.......v..o....vs...b.Z<?.\4M.|.#>E..3...].Fg....8$.K.m....>.v$.#0.=>7..........^..^......I..}.l:..?w.H..#.d.....`...;.}..u.......T'..`.!.a}..8..4+..Z.}.u...U.(.E...5..g..q.i..`y.mB.<.......-....Cii....s.d.<...&=...Xk%"S.OIO.S...@.<6Jj.:..qV...B.Z...wc.P.V.6...o...EA..(.-...;~...$p...qT]l.lA.SE.$....... .....jS-.@mvw.s|..r.."H3.+.".$mw.\.i.i.G.JW.....@...&`;.5?..D,M....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1024 x 768, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):660251
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978870431576906
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:mxf40/atS/tbc34HmvY4HzLykAr3jRyov+gZH4NRWdQpHR+9:4f4ftS/tbcoQ5TwnRlvNZH4NQd8Y9
                                                                                                                                                                                                                                                                                            MD5:D681F59276007A55650501CA31715F8E
                                                                                                                                                                                                                                                                                            SHA1:5156EDE5FFBD33946DCC2B23B2C1D53E8E7BF702
                                                                                                                                                                                                                                                                                            SHA-256:F800F6F5E01405B463ED0CF798029354C405FA54C0D8DA59CDCF38A2CE9D73AB
                                                                                                                                                                                                                                                                                            SHA-512:C1BE5415B87FE1C97DD1315035034815C1CB4EB08F71C2E0E9141EAE7628D25045829330207FE4CD745E3E42BDB77CFF7DB09CF0E2E982665B59A7493F026D6B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx...i.n.q..e}..w...z..Fc!.&!p.w..!..4.R...G.....G....^.......;...aQ.H.LRC.. @C.........@..@o.._w..._.T..u..dfe}.}..d.}.9u.2....2.......g#..c.....-.<8.\V+..O'....X...,q..cY...W...W.w..$.g.....a..z....6...yS.v;...T\...........O*. =/.;+..x*[.i.#....%#..W./M..kd;X.4.r.....%NHe.1d..y.WzL.....Jo.......F.YN.zV..<..2....f.G...~........g#...v..Nyg...N...f.5..M.:.....8..a..7.fC..|..@.X.x.Z.X.Z4[8...."..=O.c..o!Z.`............x....(...s#.g.u.Tg....>.....y...a...F..k..../..Z.{.K.. ...`.#...[..&.2L.Q..bF... ...i...|e.......H.8.&.4H.s.a.=|......o..}.... .y.d.....OK.h.M..yo.....#.</q.>#1..4.B.x..G..z$...U..Do{........h}..X!..TU>.2.....Q..WaC..Md........qg.{<....Q..8.....Z.^.(..d.G.....R.I...r.r.X....,.Z....%=..K..H.....@.{...x.<[s...Z...u.&....k7.u....j....7.....Y.<.T..}.O.{.3.e....v.x....yKw.:.t/.H/.3........./.[..8..V[Z.@...W.... ...z...Kx..n................_*O

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 660251
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):665251
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999715173226048
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:xbQy/AN73CI1tJeBlexAeU/ImpCqVfu5fOcdqDEz9BJSP94OaAwByQIA0:xQv2BgYAmpBFu5fO7Iz9BJSP96t+
                                                                                                                                                                                                                                                                                            MD5:1AADF75A3021F20E42EEAF0CAA59CDED
                                                                                                                                                                                                                                                                                            SHA1:5380A78633F72C620AEAE4C16EFF3089F9658198
                                                                                                                                                                                                                                                                                            SHA-256:422E045D242B14A4B2165DDA10595BE32E9150DE6F5FC379FEBD11AE5960B440
                                                                                                                                                                                                                                                                                            SHA-512:8FFEA80B2CA4264CE97D9CDB932376697582BAA52EE1CF29122481062F69B70978702CA488DA46F335E65E28535BC76B35B17DAFB47217F88A18DC217366B15C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........D...z'...P....../.~....%d.. .W$..qF....t....F..m..]....".G...><....QtC.....TY(._..N.'....R. ........).0....=..._....&.6AU. ...8.....v7l../}#?w....&{H..l....l^.n2..........X..G's..9I.Kp..s...........s......q..G...H...:.M.r..sO.a..@#...z).. K..387......O.......F.pC._xc.....^..i..E.."....\.#...s.pi|3.A.a.3....\.....5......#.~..e.}..?........K..ux...Zt^...6...Za...v..)%n./....).#.+.[I.9z.b..!.._M..I.....p@3.pq'W'......tkh./../1...s+..gX.1...oF0js........D)t....vI.x.E._87.Y..6 [302.....1he..._.mw..p...(+..0.Co....x...f.A...w..a.J._G.Y..(.[.h...K.v[j.....`X....9hP.3N...~.EG/.._.5....G.\yU^.....:.^ti.g....o.S........9...)..P.|.3y..g?f..[.b..!...Q.@.s..7....%....[mm`/a+...n....;.........L.,.;.8..U....+.......C..s<ld..<...9...k...2.].Q......q.X.iK..O.U..Q..|..?...F[..Wu7o.{|-......~I.&..iu.....=#K....n&...%...i.... ..)]`.....nzC.dm,fY...qfv:R....X..9..-{S Wt.S....>U{.....Q...=./(/f.Uh.....'b*8.#......h{..Mw.:3k....A.......cj.`78b.Gl

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Installation Database, Subject: Windows Automated Installation Kit, Author: Microsoft Corporation, Keywords: Installer, Comments: Windows Automated Installation Kit, Create Time/Date: Mon Jul 13 17:30:20 2009, Name of Creating Application: Windows Installer XML v2.0.3620.0 (candle/light), Security: 2, Template: AMD64;1033, Last Saved By: AMD64;1033, Revision Number: {31E8F586-4EF7-4500-844D-BA8756474FF1}2.0.0.0;{31E8F586-4EF7-4500-844D-BA8756474FF1}2.0.0.0;{0EAF84C7-F60C-4C9A-8299-19F213BE10CB}, Number of Pages: 200, Number of Characters: 0
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3584
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.499314150224037
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:rk5aZ2EfIXYCBz/tnB39JJ0ZD7+9Jb0hWJPSy4enin6CG:rCaZ2EDGB39JJ0ZD7+9Jb04JaGCG
                                                                                                                                                                                                                                                                                            MD5:EC82D1081D31554E75D7E72B30D31D78
                                                                                                                                                                                                                                                                                            SHA1:FF5615640CDA8CEC9FB0AD3FB8A4E441BCC8E398
                                                                                                                                                                                                                                                                                            SHA-256:0823905CE46355FE514ED547D5C639AF39B2B3D28A5BCABD1846997C7A4208B7
                                                                                                                                                                                                                                                                                            SHA-512:2F36323DB92F1C1D4E3B8F18F8258830A6200BC7061EAAEADCD0A655E30276592376FA4C4F706F497D5FCD00A1E5C5649E20407D3860910A184CCBE4B36547B9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3584
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):706
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.666975126982223
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:BLLQrZzEnHcmpB1cpaD1hQkKRfoa7/tUUpdusM1OTew3w+EkMC33j+Un:yNzscmhckRhQkEAaBxprTaw3wLkDHCUn
                                                                                                                                                                                                                                                                                            MD5:0431E11DD55E2C55BAB27EB6F1C754FD
                                                                                                                                                                                                                                                                                            SHA1:974D59D458874FE8CB0E7C82C861E239055667EF
                                                                                                                                                                                                                                                                                            SHA-256:DBBC078F082A1FEC94AB80CCF1990307F525492999A855E7E34B5BC456424673
                                                                                                                                                                                                                                                                                            SHA-512:11E7F66066348C838712A750063948D845528E4ABC05A1D703F95DDAA7B4D6C2A6AC01891D5741C8F1E88335749FFEE5D5C40FA422DFA83561820B92A2C02C0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........h3...0w`...*@..v'....*.....`.p.5..b..x...b..M#?^.&....C.......~bF.=.a{.B....W..N....2.....'0..:...kk.&./;s....#.......".7A..9.w.`.......XE..n..-|7.....\.e.%.9.=......}..*Qtq.. E.7.d..7..`D.8...I...f1..1h....M...1....R.7e..)...."2..... sCu..+>?6?.f..u.E..rH.5.#G|.>.3~..q .8..}...d)c.....o...2.<$./.7...$n..18$#9+:l`.S.d-..I..Q.$.c...+.%.E..!FH#o..A".n.......}5?.t..m.#U.j..&..az.a74v....B...p....S.d{"O0.z.;..a.y..4 .?S.....(il;.B9..v.3.4e1.wu'..-.[.K.7".Av..pu.."l...n..).......$&w.D.....<...s.....9.oH..9y.P.HP..........eY.@....&`..F"...... d7q].f..4..2P.....Q.cASWiSTRU...d..waikamd64.mstq.]G.....#|G.9.cy:.....ir.).*.E...4i>A./.-..%Q.gRYJ.;...SU..l.ASWSig2B

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3109712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.61926858778699
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:kkSDJENEpiv4omjT6M+o+eKDP5OvvPvhfsXmqgZcM1mHyCz3tklxJOqlB8KTyfpK:GQviL+3zDivPJUWJZ2yCDJK
                                                                                                                                                                                                                                                                                            MD5:6BE3312340BEB58DF3C490F717EC4B36
                                                                                                                                                                                                                                                                                            SHA1:1E45F5D386260D8A232E7C990802DB2C3C2FA233
                                                                                                                                                                                                                                                                                            SHA-256:19BB793140D369FDC1E94E79AAD0AFE90A442EEAA4945B978232B86254B38642
                                                                                                                                                                                                                                                                                            SHA-512:A1AA942BBFD3773F7EC1CE027F6F9A7296711BF27F96EB4A5398BD9FB510FE95FF9BD00F41D767B3982A2FD1BD1442368241E6E336C1249A030C31E6535D30E5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........d..d..d...\..d.....d.....d.....d.....d.....d.....d.....d..d.1e.....d.....d.....d...0..d..dX..d.....d.Rich.d.........................PE..d....._c.........." .....V..................................................../......./...`.........................................`$&.......,......p/..........d...J/.P)..../.\#..0.!.T.....................!.(.....!.8............p...............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...P....0-.......-.............@....pdata...d.......f....-.............@..@.rsrc........p/......./.............@..@.reloc..\#..../..$...&/.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3109712
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):878415
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99978269741791
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:CjbQ8lj2VSdprKMWKfv8LOivwVD0GEJc6URQ4:X7wd9KMWqv8L4VI26r4
                                                                                                                                                                                                                                                                                            MD5:C0E0E936B7EC75D560E87BB53D5D1A03
                                                                                                                                                                                                                                                                                            SHA1:9C44DAC4D8424D1B57FBD3FEF1063CD676F0A8B6
                                                                                                                                                                                                                                                                                            SHA-256:7EB757B8AEE06D33CE1E862E1578E9C4DDD61B5DE9AEE0148DA42100076CB9B2
                                                                                                                                                                                                                                                                                            SHA-512:4353D997FE84F54CF101E2335A3EC55D1D3465298959F09BE6281F70FE62B23531AE460777235E3B1CF231D8B1715577AEFAF01697A10AAB1CEADBA1E06A27B4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.Ps/......&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../....I.9SY3..R.. ..Yd...E..].'.dI......"&..O@`]....h......,...l.h..s.......5.K5*.C.9_..;.=...p^Hy&.....q.{q.q.GV4.f8>.d.fv..z....?.<a......O^..V.Q.1.....DF.M...}^(."Q.M.eZZ..P.h......s4..t.?.....=).o 5.H.dq.\..R'h.bu.#..R..].}).:..dR.$.. ..2....G.g.u..<b..?...51.1$......*.a....P...H.....D..N.D~..\.:..p.:>....p}..B.a.\......R.............%...8c53.<KsK.l.H.........I.....X..~...1..]r%.........;.R^W..19#.Qw.s^.z.:sp..J........JJ......LA..D=...J..H"...V,.<.r.....D..T{........a.....08X.......#..~.eN...H..P5'...US....]...}......77...8.P:.....D.z..m<{<.......:u'..CH..Q.....0....AG.Y.M...d9.@.......3X=..j.\;.;S..H......-IzB..K.....y!..<H<;...8.....3..z......9...y..J,Nw....&....gd$...+.......r.cI....CM3i"........1..uz+.|>.z<XYEy3K..f.q...J.....j.G.....6E........-.M4...w.[L..f....~./,c....vf..2o..8.p^G.P..?.$.06..z...q..2.....x....U0^6|.r.............;...rE\

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9693520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.426830026542257
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:dFRdW4EP46lE2JrXttMOcNBQM12tINR0qX46TQYpCePAcr1gm9QzN3ZEPtorGaRV:C9pXS/pCedkzN3ZZKItfIBSksjrX
                                                                                                                                                                                                                                                                                            MD5:2242FCC9038B6751388EA5C3D3FE7C4D
                                                                                                                                                                                                                                                                                            SHA1:7BEE974F4573D2E718E6B3274B59B054ED89D847
                                                                                                                                                                                                                                                                                            SHA-256:BF6DDC8DA511CB35E7390D35072DB0C4A1D1D4504ADC1D669482D0F826831646
                                                                                                                                                                                                                                                                                            SHA-512:FE9C31BDB5A029268BCADFC260408BF39565ED7C20957EF5EE87C8B094F80757038E2A4AC6654FBBEA0E1BC68ED576FD94D2697D1811D5D6DC96F1CDDA80F8D2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........Sh].=;].=;].=;T.;I.=;;..;\.=;..9:U.=;..>:Y.=;..8:G.=;..<:[.=;..9:>.=;..<:_.=;I.::\.=;I.9:V.=;I.;:\.=;I.<:B.=;].<;..=;..8:..=;..=:\.=;...;\.=;]..;\.=;..?:\.=;Rich].=;........PE..d....._c.........." .....vJ...L......LC..................................................`.........................................0zw.......X....... ...............P)......$.....i.T.....................i.(.....i.8.............J..3...........................text....uJ......vJ................. ..`.rdata....@...J...@..zJ.............@..@.data....?..........................@....pdata...............D..............@..@minATL.......p.....................@..@.rsrc... ..........................@..@.reloc..$..........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 9693520
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2430541
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9999306652742375
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:+B/fUH/oPMM3G6Q0mVcalBVc2u+bB0mrZCFN+IGJ3moFqftrwWm6vUS:+B/8fWTmVtlfc2u+10mr8JcmMIcKT
                                                                                                                                                                                                                                                                                            MD5:18924971B37AE24EABCE74D1AC9CCA08
                                                                                                                                                                                                                                                                                            SHA1:61C91716CA0DD8F8754E2C0AD2DF3EC5AB475246
                                                                                                                                                                                                                                                                                            SHA-256:C118686F41E6E99CA4E222C581F73F0601DAC096ABD8E052E30E50383B75AEC1
                                                                                                                                                                                                                                                                                            SHA-512:F3CE73C1369417B3E49026FA0AC1F29A0AA4A34F98F37AFB01EBE5009A0A23314A228B5AF8244E1FE16B3DA94345163157DA17A043F5733C02E37C9DD2C196DF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]....P.......&..p.........../D.|..:...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...aqn...B...2.....O..>.Q.|d>....e....NE...R..C...[....+p;..<UZ.....d..nWn.Z.Ry\.....K~...+.N.=..G.]..ga.p.J;."...K..d.....5.WT.i........0]...(.8.*4....z&Y*;.9.9s............g.j........Rwe.V.Rm....0-P.H..,..Lf...(......`.....5..(....I..t@.......J..k...,.C.!...".S.p.>....]k..."...n.Q;.D......w.k...C..uR.^03...,.P....f..Joxo.<K.1...nA.O.\.?y.....v/.?..L5P....2...9.........kC.uG.."'.S.').N~.3..I.........\.F"{+...+Z...!E6...q..x3....L.. ].H5ac...e..u.............E\.O.|X.......D..Y.#......yXF....z..cg...7....$..jA....*....7Y..Kp'h!<...L.....L..c/......Z......G.uF\...\j..b.0-...m.@.z).Q._S^'*.%#...G.....@._C.T.C2..p...(.{>=0.;..Y6....9T..mTq..f..k...g.w.F...s..W..l....S..z%.>/..&>.Tk..)>1.....]=.e.@....y...;#.Wp|....8L.Ca2......g..3v..iN;....B"X.|....V......<*.....0:.....PT....MX..Y..........e.U...:.. ....{C.b..R.F.#.......)...kR.7....Z...(..6..F...[..~

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\TuneupSmartScan.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12379576
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.357813210301676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:eP0mbe0QMdMWy/kwuo2xd0pCUBHKIgVeqShxOsVc:ePd6MdnyXCMHjgVew+c
                                                                                                                                                                                                                                                                                            MD5:A706E9A78E57F0E313F957DD52D13E8F
                                                                                                                                                                                                                                                                                            SHA1:1FA2965493F3FE91937C1060BC60C42D98D4F2A8
                                                                                                                                                                                                                                                                                            SHA-256:F0FBF0FB1A99249FD1C76D686DA586666C9E56F37B3C39DF19A1C5BBDF104969
                                                                                                                                                                                                                                                                                            SHA-512:89EC73E1040B56CC784633CD9D45C7459C1F607BAD8FC07AED421A53E9A6BB04C6AEFA280C8305E7266F2A5CF2DC9FC6EB861E25BA930DAC9E964798F6C073F5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......2!..v@..v@..v@...80.n@...4..|@...>^.z@...>..~@...>..t@...>..~@...2..t@...5..w@......p@.. 5...@...2..w@...2..w@.. 5..r@...>..D@.. 5..r@..b?..z@...2..|@...2..O@..v@...E..b?..>B..b?..w@..b?\.w@..v@4.u@..b?..w@..Richv@..................PE..d...[.$e.........." ...$.dr...K......$Z............................................`....`A........................................0o..8...hr..........h.!..`......H...p)...0..T.............................(.....v.@.............r.p&...b..@....................text....br......dr................. ..`.rdata..X.....r......hr.............@..@.data...0....@...`..................@....pdata.......`.......z..............@..@.didat..............................@....rsrc...h.!.......!.................@..@.reloc..T....0.......$..............@..B................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\TuneupSmartScan.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 12379576
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3187337
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999944257334364
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:98304:sLkPDcEA104zl7HsEE2itAllZrjpV4U1CRjb7dUp6HZ9:sgcEE2tAlldjJ1aj919
                                                                                                                                                                                                                                                                                            MD5:46D3CD1BEEB6580B331BFF89B831767A
                                                                                                                                                                                                                                                                                            SHA1:1FCC1C06646B2CFC7207444BE4A7DB7591D099D0
                                                                                                                                                                                                                                                                                            SHA-256:253BCA96EC434DB9C299191E7461A6C78C63411B2EC44976A79D419311CF9F3F
                                                                                                                                                                                                                                                                                            SHA-512:D13C6647DCE0C97E39C2070BC622079DC4588D68045E5931F333E551C100A447F71AB510EAB452600EF51E7B8217B984399009C07F5ED2F151D6A3049D1A5DC9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]............&..p.........../D.|...C..I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f~...0.5_...0.....E...o. ....J...R...3b...hO.V...$.....-.D..[y].rql.g..1U...y.}..d...)2...a..f>J......4?.9+...u....b.a.<m..<..uw.F........m.dOY.!.T;....DtK.Y.6.wX....'...(*.....]9]DB.....+n=zD{....h.kh.....P...I.*...O.k....&`e......WR..Ys..l.7....?EB.......&..3..j..tDv..3....g..N?....9L.........M%6-..<.Vm,$.?6..62.m.`..`.T.E......./.W...<?.oHKo.:d^..t...}.!w.o?/.P.........vI...2.d.~I....-WI....H.....4|..+.......e...Z..D.2....u.U.ki....x&m....._+s.D.+<[l..je.'J.A....W9..Q%..J...,`^ :V......G.....yT...".C.uc,.LZ.w]..Z.O...I.h..6W.. ...y..k..gj...t..'P'C..+.z$9.v.s.#..F....:1.....G?..U`......7>......_M,/F....?..&e_.W9X..3.<b..4..H...|.\ .[.%..Pe.O#.TC...y.s...\.m.]E.$..'...:..}J.....G.".N.0.j.h~.....R.;QP..k..F0/.]...Y.3.).B..P..1)......2..D... ..\Q...q.M.b..Z..m....P.w2...7.K.C....V6`I. .}r..|@.f......E...0.., X..ftj....4}2F(z.....0.R.....h8m.G.|.;xB..F..<

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):823744
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.533018968121505
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:SdeqEqchc7Qtbi/hhlTSKh0lhSMXlrZjary:SdeqUmhl8lj
                                                                                                                                                                                                                                                                                            MD5:BECA0E85251BB4EFD8939B911082A427
                                                                                                                                                                                                                                                                                            SHA1:CCBFA3A2C375CBAFB980F378DE75800F2F89D31F
                                                                                                                                                                                                                                                                                            SHA-256:897A6625F53416639615DC9F7F641E81512F450DBDDF120A67C6E291E0922D2C
                                                                                                                                                                                                                                                                                            SHA-512:2B37DBAE11CF991B3185E13A52601968D7BA3CF0C738A031CECB93FD3EFCF90258A4BC6E5F76F6E7996F5663129F021973B3AA1C7039758AC533C16BDF6E6785
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........u.@C...C...C....j!.A....j..K....j..A....j..E....f..A....f..A...JlO.W....a..B....j..g....a..@...Wk..H....f..M...C...?...Wk......Wk..B...Wk#.B...C.K.@...Wk..B...RichC...................PE..d...;.$e.........." ...$.............................................................O....`A.........................................p..D...Tr..........P....0...a..Hh..x)...........^......................._..(...0...@...................$k.......................text.............................. ..`.rdata..............................@..@.data....s.......X..................@....pdata...a...0...b..................@..@.didat...............V..............@....rsrc...P............X..............@..@.reloc...............`..............@..B................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 823744
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):282832
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999278684922969
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:n6liX3o5XNwczPBQTFBlqPsZXFAZEr9Thc8GwW:nEiX3YXNvSpgsycGwW
                                                                                                                                                                                                                                                                                            MD5:EC26AB53738BBE91A96CA2862F270274
                                                                                                                                                                                                                                                                                            SHA1:F9A4CBAF77A1982F31436E43A8FA606146182591
                                                                                                                                                                                                                                                                                            SHA-256:2AC77D4D29FD85647D6AFB6AAAE5BC2755193798FA5164548BB4F52920741ECE
                                                                                                                                                                                                                                                                                            SHA-512:54F3F6DAC9985F56872FA385A90A2149BB858F06B870354F7E8F9C2776484F92B2C1A31E41CEC8386DE2199EA8764F74B5F71044001EBEDD9DAD7FE7B9277BEB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...ap....Y..#.G^..%.b.h..V......q ..'.8..P8..+Z.4.-.g!vt *.K..C....0.&..B;.1.......D...`km.J....bh.....I....h.W...4x..v..LDZ..;v5..O....c..K..A.\1.IWHz.A...&../...u.e.c.@9.\V.."..=\M.Vcx..^s.UQ.6e..Akb+.n....2.....5H.yN...J..s}JD..2.l.....j.&B$N......+..5..."..xKD$...^.~..l@^.......G.r..`|.N....Y.X..4.VF/..D.$<=u....8fh..*..O..#..K$..V#-_..l..RV3uPA..E.&.(M.g.`.=.Z.....Q\.G4:=.^=..D.g>U.G.....Px.m..=....0...7.;.?c]..".c..~.XF..../...M.T~..).5S..(o W..A..7C....,....<.$PX...9.wE.R.E...Rn......z?...j..i....Q..F.W.;=rm..sM...JbR.Eak.pY...f..r..D{t.3^+..H.K.....r^..d0H....<V`......a...X..{B.aj._....p..:.e..C....b.S.S6..'.......z.%...K.(l.QER.........A:Q.@o3........apu..J..w......Dd..%..Q%H. .........9.F........%....=...+.....MnP....AWY7j....q.4....,nl..=t%.B.|.g2..N.....Z.o\..0..!..Q(..2....X..5/8....^...4}.1..,...:t..Pp.;......}@..*3..\.[...j%j2(....,<.......;..GP

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 398784
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):63223
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997050641623053
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:uXnmPYVpZ6qsvqOkuz8dOCPvDvy52fLJZ97k6Aku+5HbdH:u3mQVpZtOxZOvLfLBklEHRH
                                                                                                                                                                                                                                                                                            MD5:F2268424C8B3702BDC947CE18CABAF8C
                                                                                                                                                                                                                                                                                            SHA1:F8014688FEC0BACD2DA127BA438B18A961450474
                                                                                                                                                                                                                                                                                            SHA-256:F9F60A16A0C236278D94272BFD679A602BCE8A7D0E0BF9EF2190943B3044C9EF
                                                                                                                                                                                                                                                                                            SHA-512:61A3E1E83C68230FE3DDCBE5BA67170FDBBD15B355BC1C7D9402C0204FB8F880A661F6EAB1EDEF99E04DFF4B8AAE70B1D275CD1F6DCDD8994B4CC9938099C3D2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../......W?...v.h2C.9:..m(.Q.).......Dx.h.c..6.W.^u%....T...........A.SD.9T\.W.{.:9.@........T.9)t/E.Ggz....[...f.}."-.T......./[.|....L...k.0.&..........d.5*Z.3yq.B...A.H+.P.j......?...aU...X..B54.Bp-)G.......b&v}R7.?n+9........Pp."..hP.z.X8ZF.|~ur4r'}%..l..o.2x.TS..)....>..X.w....If2.".....tT{..l.w.`"^XLA...\.?..of^...P..&.g...z.Kp..k..?#...kD.$....=\@z.xZ..9%..X..h.'..s.=1..vp.u..3.j.+..*.O/...l@g...1g.....M..t.w.q$.82.T[O<.H.c@.....u ..N...k9.sU.?...>7.........?.Q<4k.A..%.q..}xCBb.`ei-..f..C.m..7@.([..$C...\F'..=......&.....qaQ....+.%[P.{<?;.!...h...;jb........\2I.E(....c..&/..`%z+..4#..$..6.J.(.g.do.`~.{.....)P{....L)1n.e~.W.X.P..b0...%....W.G.kh.{$...F..y...T&.pb...-.4..<2`..JT2B|.#.....wL7).Y}M.$p...P=..i2..4....E?..~...;..>..i.]......c.I.....Q.>~O..........H..t....i^.._,..S..q.)V...=..y......p*^>......#Ym..&v9...(.$..W..}s.=~....J3.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21143992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.470360148949278
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:196608:b9pyb/y/PLKRuFX9QI3J1qVrATrSLRq2HlcGX:Bpyb/Gxl9QI3J1qVIrSLRqOlpX
                                                                                                                                                                                                                                                                                            MD5:36C16E7F159E474D040E395A6419129D
                                                                                                                                                                                                                                                                                            SHA1:AE62046FFBAA5E5F3DC89A930C02A19632868E9D
                                                                                                                                                                                                                                                                                            SHA-256:DE46178038638C98E05271A4BD6D421038F2D9A3B8B4C77157FF966991223AA5
                                                                                                                                                                                                                                                                                            SHA-512:25C40FCA167B1418843DA33894D0F4A3A550654847C652747C6A0EC51C10566C3179E1CEE6F2009539A3771123C845DD399ABE9AC4FC5D7CB1F1C3E9E6D75400
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$........4<..UR.UR.UR.-..UR.f!W.UR..+..UR..+V.UR..+Q.UR..+S.UR.} W.UR.l'T.UR..+W.UR.%;W.UR.%;V.UR.. S.UR.l'Q.UR.l'V.UR.*S.UR.. V.ZUR.} V.UR.. W.UR.US..\R.l'S.UR.*[..QR.*R.UR.*..UR.U..UR.*P.UR.Rich.UR.........PE..d.....$e.........." ...$.t...pw.....@..........e............................. E......HC...`A.........................................=..H...X>..L.....B.......:.....HxB.p)....B......Z.......................[..(...0...@...............p@...........................text...=r.......t.................. ..`.rdata..4.J.......J..x..............@..@.data...X{!..........h..............@....pdata........:......t7.............@..@.didat........A......\?.............@....rsrc.........B......d?.............@..@.reloc........B.......?.............@..B................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 21143992
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5559932
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9999679447808365
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:98304:0cXFZcJ2iQ8yM3f7WPmzm+OCXB+nesI7scIGD+0fOtyTk913r:0cDcHb3f7lFknMw++QOtyTkj7
                                                                                                                                                                                                                                                                                            MD5:B812F7EE3A2D1A3B8686FE1F5F9BB288
                                                                                                                                                                                                                                                                                            SHA1:E0FEBE7AF451D374183F09473B6399F33A10C932
                                                                                                                                                                                                                                                                                            SHA-256:B2CA8D887E51F8ADF6C2BBC5A3475C594214D231EA926579C33981DDBDD68BBD
                                                                                                                                                                                                                                                                                            SHA-512:CF1DA619CE1A65DA7101B44647CBEFAB8967DA1BD07674F5B52ED163D502F8213ABBAB5718CB7FD1852C1C039929A9BBADA0ED31AE29E57E9CB6A92F50C3AE70
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]......B......&..p.........../D.|...C..I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.?...m.)\=....~..Uy..~j../.}-g...\...sn......Oh.9.Xz.~...^.....],;....(@..W;....#.7H).6XX...9In:....^..(..:S.l.........1.w.3.8.5H7..l.Z.....^.DY.O....)W.y..n..z...1]....3......--..1."d$..O!/......<#?.Jz..t......E.d..*..;.fG..s..."y..N..:t...WN[....p...7.T.....7P....t....E..~...C..&...dJ..Ga.)q..S(.jw.4..eL.".4..B....#a.n..t.FA"@;v...wdr...p........~.'......eVty...K.V.....".hC.1OUL..[.N.u...p.H...F.Wa.....&......X.U.3.p..bf._.)w..K..t....i..P.....M......8i.#l+.i....C*fo..{e.T.....3.....Ye.M8&v...h.N5]..w."..7.w......X^..cS.fu...!.4%.^:2...O8.T..r.....Jp}.....V..5...U...l..u....fap....r8...Y!../.oQ.v..;.X..|......).2.Q&.Md..,|.^..;...w&....X^...O...>GU.....5..WZ05|..y.O.D..V:...4..h[....a$.}X..l...9....l.AFR..."..F.kE5.E.N`........[..|t.lH...A....=....c..Q.,c9...:..J........?.....Cl..\|S..{UW....-.....dj..J.M...'..BK...c1..v..k.O.............OQ

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3794880
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.467685155525637
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:b/IECbRIG02AJMXJLS+1GaH3BVoRwcEAEFWOZyU0MAgJ84vzDv7ZyTcCASR+SF+g:1Cb6mJNVT2OZMVb
                                                                                                                                                                                                                                                                                            MD5:09922977F2E1BE6BB0A1FFB7AC0292B7
                                                                                                                                                                                                                                                                                            SHA1:B3FF43C6D448E9E75BB35F656F08680F6BE04237
                                                                                                                                                                                                                                                                                            SHA-256:4EFFF93843799F05F62D7F7A6B0C700B7A50192C92DA14DA71F8022554AD2156
                                                                                                                                                                                                                                                                                            SHA-512:1E0AB063A55AF03CB0EFE68EEA4496108E7CEACB14D5B725F5C024B4FE0B5B8F15E02AED06B31AF4F782C753D203D0F114932CF6791FA96EF73F6109FDCCC835
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......\7..V...V...V...$...V..(W..V..(...V..(...V..(..tV...$...V...$..:V....9..V...#...V...V...V..N#...V...#...V...$...V...V...W...)...W...)...V...)U..V...V=..V...)...V..Rich.V..........................PE..d.....$e.........." ...$.4#....................d..............................:......):...`A........................................0.0.......0.......9..A...08.....H.9.x)...@:.D[...Z+......................[+.(....Y+.@............P#..............................text....3#......4#................. ..`.rdata..>j...P#..l...8#.............@..@.data... e....0.......0.............@....pdata.......08......x7.............@..@_RDATA..\.....9.......9.............@..@.rsrc....A....9..B... 9.............@..@.reloc..D[...@:..\...b9.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3794880
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1029868
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999820992481819
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:IsRd8OFqavySNF5dOFFMvs3R0D7DUj5tYrVOJhVOtLryFfS:nv/IaZWFqJTUFCmVO9f
                                                                                                                                                                                                                                                                                            MD5:520736AEBCB4EF48C6F6F416D32188A4
                                                                                                                                                                                                                                                                                            SHA1:4FDB4DEA74FC2A44C79AB2E087E8F9B42F57E006
                                                                                                                                                                                                                                                                                            SHA-256:649371418801E44E7351DE2C9AE066AEE5F263F16D08A3A87B308B1C6D200871
                                                                                                                                                                                                                                                                                            SHA-512:CD6765FB91741408FDB51F953F35F08FE1A46556F62F84F41504DCA9E651E8393C462944B5054DF0158F2DDDC0C1F536F63DE2BC4EAB1DB5775694C3EA6656D4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...9......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV...R....n...g.7..Lra K-....!/g..6..8....Tw.f......&...:.........%I.4m#....p.. .............6......x...E.F.G........y=.......r..n.s.[.......m...m..%..(C.Q.V_.......Gk...._.....I......TH...T..!.*.3._[.g....G.].2-.$5..L.Q..~.~.Q..4I...g.B1.:DE...w......8..N.W.}.H........y.6Rq#....g....|Q.q..d.sv..R..a..?.l|..O~.........c...^.s.yJ.....0..\..b...P.\V_.z.a:....Jwd<...#yH$x..7..e/,l....<&.....J.]......tb...N..5Ys%..U...g..<...F...D .s..*}2........X.rY...R.dM.q....U.Z..2..Z%..*.x..4...h%p..L.3yD.6..2..9.l..=.W.Z.N.6/~.....s..y..l..J.4.............x..Fh.(.yNy.R..J.U......(.i.'7.aY..j.T.%p._.i....j..Qg....}...u({!...;...p.t.-..7..k2....u....!...X....Y...=..+7q....H....<.8,..aPP.Z......[9u*4U..........EE.....$(.v......W.?....e.MA..X.!.4`ZN......Mb...$....OgXw.;...C../l[..)..2*..>..{n~T1r.<j.&.)N..#.7....}..../f.x..l.......R.">W.d.S.}...K..K.?........

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1232320
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3701051735668734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:BN6i0OGylEHhJHJ+A2u3atsVBBxh+xlPqKkRma9a:BN6JOGylEPpr2mh+XPHk
                                                                                                                                                                                                                                                                                            MD5:2B41818C2DAEBBF4B9F6D67697EC533A
                                                                                                                                                                                                                                                                                            SHA1:FF0A0D26D1F0EC34B3B72CB97B28C48B46B6E7D9
                                                                                                                                                                                                                                                                                            SHA-256:B983CA7C5247B45351D326C701742E653CB4CEB9D963C9650B102695B60B6E46
                                                                                                                                                                                                                                                                                            SHA-512:D23BFBEDF67815078310855FB07AD9A18AB964E8E0BBB9DF4180DD8A7EA74FCDAAEAB01BF46DC24B16D0E00BC863111DE836EF64A5020ADD0BCDC8B9AAD6BBA0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........m.............Cr_.....Cr......Cr......Cr......%y.......t1.....y......Cr......y.......s......4~..........1....s..c....s.......s].......5......s......Rich............PE..d...>.$e.........." ...$.V...f......p................................................V....`A................................................,...........H.... ......H...x)......................................(.......@............p......t... ....................text...{T.......V.................. ..`.rdata.......p.......Z..............@..@.data........ ......................@....pdata....... ......................@..@.didat..............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1232320
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):415716
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999548620900032
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:VbJG5kW3IBUX4PEOal5z5M3pejbpiXL+1:TG5T39X4PENl5zqZejbpKw
                                                                                                                                                                                                                                                                                            MD5:41182BC7BC6E808BC59B1FF458FE657A
                                                                                                                                                                                                                                                                                            SHA1:59B2E095D4625BA5188FD2511FDF5488114230DA
                                                                                                                                                                                                                                                                                            SHA-256:699951F18E6DD09AB8393F17ACB323146EC130184743224AB705A5BE8F9ECD8C
                                                                                                                                                                                                                                                                                            SHA-512:5C6155A057AF5667C45EF1321EB9151E798B11BAE29F73DE5C577D43323DC526F9EF6A35F9D40A6342D539AFB276AB4BADAA76179284CDBE6B99610B561828CA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../....P^e.....j.....3.=..\V~.>.`.G.N......$.+...Tp.......{.Z....H.!i.y..[...G..O.v0ay+..h..t......i.1.....MSg...k.{......Br~H2.l.?o.A.I..Md.}..P..Pd.B..^Q.{.W...6...q..... ..{d.TZfEn..L...h.2..0~nwA.u..x.}..VP.m.g........F.S....nQ...z..[....Q.,d..H..Gqz..u.'....9.......c....*\..&.......1.qZw.....W6...m.....#;%,c.y./..5..`.?Z..9<..ca.M..D._.5#..q~.S.E."W.@..|~.]7.Z3xF.M:.N......#.x...G......$...&..,`*&..v..7@E.W..y.n0*54a..bL....,K..w.....{...@o.Gn...~.../53..Yc..GO ;...-..{.j..Q.U.O..oU..Z...|l..e..b.>W...|...=.rm}..o.B..5S.E.RK.L........Y..k.._O..F\.+.i!A1#.m..2~..)#l:..'..#..P...v../..=;D.F...w.T..8....1....o.x..........Y.;..Nq.a..).ou...<w:...>JW;..s......../..... .qIoa..27.........Mg.}/.....@.^q9....k.9^..X...^...3)Yq......Q...]...jV=B..)K.Z....Yy......N.Y..i#..VYc...I..&..?.i{......N......%.<....]N.".^z....'..U..r`.....L.*.HP>Y.{..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\asulaunch.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):70536
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.475499489951965
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:AY1z389crNXJx2d2g1u3uNeI+082ZryzB+4ESzBcEpYinAMxY7No8YiieAMxkEt0:Av9cjwsoeWg+4LzB17Hxuh7Bxh0
                                                                                                                                                                                                                                                                                            MD5:3AC75A137D4A1B681CC4969E5FD2A18B
                                                                                                                                                                                                                                                                                            SHA1:458551243A4B272EF346F1030D536E158F8FF38E
                                                                                                                                                                                                                                                                                            SHA-256:C9A4CF9140603F3B4DB2A947A049167952C09436DF5D9F0CEDCCD6DEADC7B975
                                                                                                                                                                                                                                                                                            SHA-512:31D92C9799288564BD86D683474BF95973B27FD5C3EFF4783F7B10E82676C3CA1DAA46A0CDADD86ADA89F6E17E5FE1B660E487B6D3AA102D24729405EAC6FEA5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........o....z...z...z.Lp....z.Lp~...z.Lpy...z.Lp{...z.;|y...z.;|~...z..v...z.;|{...z.Lp....z..q{...z...{...z..qs...z..qz...z..q....z......z..qx...z.Rich..z.................PE..d.....$e.........."....$.b...f.......B.........@..........................................`.................................................d...................P........Q......4...@...........................(.......@............................................text...+a.......b.................. ..`.rdata...;.......<...f..............@..@.data...@...........................@....pdata..P...........................@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\asulaunch.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 70536
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28142
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.992414319342014
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:384:gyPWOTbmYr08EiXGkgzcqHBKPKdpxEEUuFHubTJHwMO16qufq:gyPWOXmYr08tXfgzclPKdpHFOCMCj
                                                                                                                                                                                                                                                                                            MD5:93AB637B876178591562CFD0C3619836
                                                                                                                                                                                                                                                                                            SHA1:E550C800D1F7F96D5778579F7C6AB759B01A88AD
                                                                                                                                                                                                                                                                                            SHA-256:42467E03F35D532BB3EBBDB695DC86FCC1E7196597DDDB2A12ED83DFCCB18372
                                                                                                                                                                                                                                                                                            SHA-512:7B95ECCE3B8F1D24E13B2911F7AED50D05545AA58A819CD70A304560B152C8D8762C045911396209DE7EC50DBDBE22CC62D6CFD90C5B17C5AB42C50AF859B121
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../..3X5.^....o.#..A|L...5.~...mpL......Q....Y_{..S..?.T..-...Ht...#v..a.aU.m+;...q.Hj:M.!.#.......tq.........z[."0.......z.Mx.,....,A9.].%..#.....C....=..9.@....p}....{.XVH........(.Wct$.@.{...y.....(....e.<...8...i_6......4$...I0..Z.<...ZU..<.,..$.'....r..he....d..IOHbcf......n..Y........C.n..;XKO.n}....2......7......:..6......2.....A-.....(S.K..+0iT.:&3...t. >lsC...n..Ai.......F..l...........`..)..b.mz#....S........#q.w.6.V....V<.fk........`,.....N%.0n......N;b..+R.4^F..d..p.CI..T..$.....#..`*p...5.]TiH.r..}{.!Y.'...(<.IC)Z..Xu....k..#u.}....1!.rlTI...!..V.S{.....;.g.z.;...2...e....f...>._.8......Y.n.a5..z._Af...{/.........i.......2r....B...L......G..R.:.fJ.[!..9%..J.......N....$b..r.0.>...a..B?....:...).%3....7(G.v+...1..x......>...@ .>..4.J.M.J...&)R.Eu.4r...;.t.{..M......5/:I^+.....cY...]...{.bH.w.4.)..p.j..$...D_a..l..1...r`G\#[..5..$_.x......

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11689920
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.470677857619575
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:GobftHr2CeWDi1x7ZFEoJ5GHlfrCqY58c5e2YOxzwl0EgULDO:pDh9eWDmxVfwleqYac8j6EgUe
                                                                                                                                                                                                                                                                                            MD5:5E1DA68F067ACA8FFA29506267651DB2
                                                                                                                                                                                                                                                                                            SHA1:B2E7B99000B1F0C51FF61B47E2BF87180793E4A1
                                                                                                                                                                                                                                                                                            SHA-256:DA7E7D4BD007661D75063C25C1D5E369ACA3AFF8B57EC92F56FE98A52A5DA166
                                                                                                                                                                                                                                                                                            SHA-512:2C35C86D62B1F305B62EB7EDD3C475B2C52F2310DEBD4F358E53618D7B95FBFEA30DD72C2F6C06EA0A6719E760DA0B8ACD806305E599022C4AFCBCFFEB949E36
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................b.......r.....................h...........!.....!........................h..........y.....y...........h.....h......................p.............Rich...........................PE..d.....$e.........." ...$..x...:......zR......................................p......&^....`A.........................................B..8....V..`....P...+...P..p...H6..x)....................................(...@.}.@.............x..*...#.......................text.....x.......x................. ..`.rdata...m#...x..n#...x.............@..@.data...X....0......................@....pdata..p....P.......6..............@..@.didat..@....@....... ..............@....rsrc....+...P...,...$..............@..@.reloc...............P..............@..B................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 11689920
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3302843
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999940604103449
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:UeOhJuG7QAwhoz03sPj6nE+qIZ2pAU9fwsFSOAHO8dSgr1MXOdrLVkWjb9UMhB:v60QN1z03se5kTqsFSvHNdSgrsYmYJBz
                                                                                                                                                                                                                                                                                            MD5:0990D814BDF6275EB643EF734770F6C6
                                                                                                                                                                                                                                                                                            SHA1:AA6E6484DB07EC5F787498A1707B3B9023D57870
                                                                                                                                                                                                                                                                                            SHA-256:55E6DF44642C83EB7964E1836B0CF6604EB173F3291DC57D3B7B9240EE7B7A11
                                                                                                                                                                                                                                                                                            SHA-512:FED5916650EAD3E32DFD5E99596120FAFA7A73BDEE5EC8EC3AECE4F7CF54604D1F71E019D5DC8EB587B08ED41C7A640AC26469FB7E1285E83CE08059BF75BEE5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]....._.......&..p.........../D.|...D9...B..y.i...-......;OB.....`......>...s_9.Lz.I..W..?.K<.......b...9..>....Xp..c...C.7Y..C.....}.!.v|.g._....V...=3J....N..v*n:0..X.=....E$~....2..qj.....m/M.c$...B"..CQ........./....?.Di.r..+$...W.@....Dr\...h...hE.V}....6.x!..iJ...a6..r.N..."X..l...w.....CC4..J.}.m.A.J....)J....u..L.t|..7.Qm..2....~B.@3=.C.w..F..m..3I..M#.....`......B..A..<......F.\Uh.)..m..`.O..q&..._\....Q.....h..O....X.>..0.).G.`..DXi..,...y.9..:..B.K...e... -.~..".-^...j.s...f{n..........V...5.[&....&.j..OT..@....5....kl.........A.....}Af..I...buJ..42#............{HK./.Q....=6.b.R...tB.e.s...w.qFE.....1.}..F.JU.}&K...w.f.d.k.vI`*Wn0H..dwvI.f....Ab=.5.}D..}.s!d9......Z..#...3Lt.9_.e.$......NZ{.X...\.J......v.ku.Q.!.{.d.....^C..[~.........l.....e..U.....Ba)....K........a.f\J...?3..7........n......... !....%..6+...e..dr...C...../.P....(....#.l$J..v...8Z..j..E..W.^.......~.j.'..hU.r...a..2...+....u...:/..5.x}.........g...#....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):436152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.467531771075762
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:vxhvLrTamV2LP/hD+rs328cBcHOTsEZRTQqy23NTFUeBYa+naI/mqN5YrmcqfYKh:vxFgLnhu+rwscTvyurvIT7fYrL
                                                                                                                                                                                                                                                                                            MD5:BE99E325F51893653FFFAF6A763C7E07
                                                                                                                                                                                                                                                                                            SHA1:F83C36DC1320EA2BFF342673AA9738553A4A36DC
                                                                                                                                                                                                                                                                                            SHA-256:C81C2E92E1637344A3EA458C05372B01DA2153AD7B99956E0C82EEB45573E7E2
                                                                                                                                                                                                                                                                                            SHA-512:DCDEE8B6B785E1ED57C95140018EC5437EA78EE2368B14939DF4E3A11FF5F963AE54C876B67B6C1361A382E78E9486D6FEACDB6D6AEB7A23253B6EBB8D2B2456
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..Wr.g.r.g.r.g.{...f.g....q.g..c.z.g..d.v.g..b.S.g..f.t.g.f.f.v.g...c.s.g...f.{.g.r.f...g.f.n.B.g.f.g.s.g.f...s.g.r...p.g.f.e.s.g.Richr.g.........PE..d.....$e.........." ...$............P}.........d..........................................`A........................................P....i..............H....`...@..H~..p)...........,.......................-..(...@+..@............................................text...|........................... ..`.rdata...f.......h..................@..@.data...h....P.......0..............@....pdata...@...`...B...2..............@..@.rsrc...H............t..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 436152
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):176244
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998898316884926
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:8IFK2ju2pEYL54H8fJjXcA67NC41vy7Nq5WeTY46yHsbpcuQ0RFnW:PBL54HWXM7NLyJqA0Y4FsQ4FnW
                                                                                                                                                                                                                                                                                            MD5:14E6B4A257AD8EEBA1D41BE1C40D1AA6
                                                                                                                                                                                                                                                                                            SHA1:FE054C39F789F35C23708C9872364F5B50B37167
                                                                                                                                                                                                                                                                                            SHA-256:0A395B04E3CBEDC4B78A80078A68F391D3D3D69A58D4F5204ED8FFACC6B706A3
                                                                                                                                                                                                                                                                                            SHA-512:09500D12A8431D5C7660379134E887C78D14C051AA61F7A6BADDD734F965FD28D9235461AA1DE0E523AEE6477F545F2F8DF462DCF0FB4FC4BDEC656883315AEC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|.........Dv..........z...K.x..q.....W<[..I;.N..T...s......~...R8...)-.qZ.o...O.....3T.N...x...Z.}P.......n;..P$O*..uY......oT...t...^...x....q....7U.G$M.0V.E......g.@....`..G..s..v.b..=..Y..[...bl.LdSR(.ij.bCg..#}..4S...~;..;%m.^*.7..(.P...IrA...C.....;..O.V.....u..)...X......2P|g......$..VI.0.~6ZV.=8...}_..Gk.H\..[..F.....N.".N_`...^...Q...r.qe4xD.f|...6.z................J@.e.n<5q..7D)f.2...h#F....i&.'E....Z..&C.l ..H\..2..?.B.nl..d.../..s&........N.s.......J....Yy.+.I.A..$f.!.>..C.9xm.6....F.......J.uMI@...._0MxZ.~.F.Y.~....V..p4..[=.U..`.@..H...p....h..K....I..f....%~.ij6...GJ....c..J5W-...hK.....Q...@T.VS.. .q..el".....G....[..k...Z....^j.....:..%.B.:.IZy.avMW....!7.#.@.=..........Z.....Q......-....Co..N>./..........7.P...x....1.l..y..L.O.M.v9.J#..]...s`...Z.M.]..H.!....v..p.'.~q..Zu..G\......s..2...v..=...0.?.............A....~....*w.o...s.i.].m)C.[.r..m..i...O+p....f.&.d.......|[F_..0!..q=3...B.~n.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):488384
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.012384914147751
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:a/Whh7MLMHA3ldwhRM4cowzcRviVkHUbet5G/cj8rHkZ:a/WhVMLMHGldHPGRqVk0i98rHk
                                                                                                                                                                                                                                                                                            MD5:6060368CC480B340A4C10062649A57EA
                                                                                                                                                                                                                                                                                            SHA1:FACB999B2E356871955F8AC8FFEF703F86B43E9A
                                                                                                                                                                                                                                                                                            SHA-256:602B1DD52113321E2C826CF93DC398862C387103B57F5B6D50E3F4AF9BDAC438
                                                                                                                                                                                                                                                                                            SHA-512:1D5A10D892B885EE0E67E209DF0B5D985901607A527B2BB019B1E264A1273BB60DB157C7BBA44E953900DC6C870CAE5C9E32513297F6A7AE3AABEB716BBBC8DA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........MF.l#..l#..l#......l#.+."..l#.+.&..l#.+.'..l#.+. ..l#.\."..l#..l"..l#..l#..l#...*..l#... ..l#...#..l#......l#..l...l#...!..l#.Rich.l#.........................PE..d.....$e.........." ...$.....J.................d....................................a.....`A.................................................'..d....p..P....@..."..HJ..x)..........0...................................@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata..."...@...$..................@..@.rsrc...P....p.......:..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 488384
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):207201
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9991916666158405
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:jtL4P7iiVvc62tkKLMHZ2jl/bBI69pbw3VHl5h8nh4OLykS7:RkP73VdKIHZ2hbK6jbw5l/8OXkS7
                                                                                                                                                                                                                                                                                            MD5:62B21A878D85D814066FD95C96FA2DA7
                                                                                                                                                                                                                                                                                            SHA1:93B4F6305107175791F9576BDC274E8256FB34AB
                                                                                                                                                                                                                                                                                            SHA-256:3BCBEC2CC0C1744E8C3EDD93C2323F6EA0B954B2825C6C18C1B8F8227C6718C5
                                                                                                                                                                                                                                                                                            SHA-512:4BF2D92D4C4E2515B9AEA74D49424F04EA8108F8762107F61F41B650ADE3DD8D847DFBA114C9AD4D5575E58390D8B1794B12E0D5872C955108637FB693EF864A
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..s.......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X........RY..:..t......I8....V|..R.M../I.{.....V6|....2..ht...s\..kE....;k...k....<.GW..t.-TZ."Hg..9......l.%.?u..'.@..u.Uw.`....uK...2.tX.....%...}.W..;..X]...~...C5y....}.%4...U.+i.x.0.....|2p.....3..U.aU..8b.+..dRA.............cpY.1....q.CT....LC..*....z[..^$mP.^....#S...."..!.T.Z...<b...n..[)K..V.rNi.h^*.^.d...n..'.^'.pr...e..s8.<.S9o{ ....q..qg...:.....I....p..-.Ji.2....x.9...NRt..4@....@,P.(....F.Q..YT%....)%.nE.g..<1(.K..."..;..+..p\...n.......*..[W...'].../...yO*.@..+.7.e)...l.Ks.....O.BT....GZ.5b........h..6..,J.V....p.....E.<b...f...(<....._.T.nya..E.l.]_. ....3._...Df.. .'OQez.g..,.z%...K...e!.a..PAW!.C.5...!..O....i...2.:)(...g.....dA............o&M.....m..vI.H.....qw...R*....I.}...3.:....+;.s.....SP.$.S)....y.`....~...<...=`.M...KW).....j.On.#.....(..%.UC.w.Qs.....#9n.V.'S.n.. ..Y.7/71b.`v.Y4...:M...UE.....C.j.q]a./..l.O;.....^FW4

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):202176
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.426360945937083
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:vvQqKBZGTJtVXjmiolxRL1FOFRedB3WU/C4FE3hMWWRS8d:XQJoXjmZxR1FOS1WUI3hMW
                                                                                                                                                                                                                                                                                            MD5:2E907CD396E91B4D0341495313A94924
                                                                                                                                                                                                                                                                                            SHA1:843DD9A16AFC5B9F0505E3161DD5AD8ABACAC129
                                                                                                                                                                                                                                                                                            SHA-256:12C3152F9B0D1336415D12F976791D199666F79CA8BB8F912A6A5D5F5BE8975B
                                                                                                                                                                                                                                                                                            SHA-512:3B92EBDBB0395DCC2DBD56694EC843D237E9F4C8217BE90735BEB6501E3D8470037907FB529DF24EEA9B83A97559EB187050BF92578F8A5DE543025F56BBD570
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......Eq...............hC.....n-.....n......n......n......n.......o.......b.......................o.......o.......o/.......G......o......Rich............................PE..d.....$e.........." ...$.......................d.............................@............`A............................................l".....,.... ..P.......h%..H...x)...0......@L...............................K..@............ ...............................text...x........................... ..`.rdata..@.... ......................@..@.data...............................@....pdata..h%.......&..................@..@.rsrc...P.... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 202176
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):89102
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998019186804114
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:eSL6VDsL2Rl8xhYoCtqQ5e9uLb35/LMBUqRqAciHZ1lkaIcUmXv+uUUxUZX0SOND:e74SvNsQ49u/R5WcCZDkaIcXWuUUxEtY
                                                                                                                                                                                                                                                                                            MD5:DFEE98E8FC0F60A4050A731E9D9D0417
                                                                                                                                                                                                                                                                                            SHA1:A4148DE702EF274FDB0C22BA55542E986D85A235
                                                                                                                                                                                                                                                                                            SHA-256:940E5AE60C6E267058E7BF425984404C2D2451DE600C9312568050FABD27A8C4
                                                                                                                                                                                                                                                                                            SHA-512:E22FDC092C90AE3D8BA7AC79D5EDE84D5D689F6D867FFCF6353BC990AD07A4625BF43E50CC801C52DBDE87DD612F28F69A321BF998E5BE351E64E8514655A2FF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../..h!.^...*.6.8..7r.C..a..-..XB.Y....4T7......\K..|V.P..Ba.Gs...;.....`..O2T...6|.Q......)B.s.F".0...9TyB:v....$LW..Lu.eI...o..Z.8....e.|.....r....._A.`!.c.@.........>.MF... E..[E.."xy.......I..}.....!.ak|.`.X........B>0..b.)W(=..ptS.....L.......Gw..k........lH`.............a.p.e....9.)&.."..?.....*..D9.f..on.^$%.......p...J.9S.oW..5'.EnX...FY.<.....T....P..-B.{....@./.;.5RJ5...Ds.G.o.c..{.^......G....*G.l|..l...k.:]h..../e..In9.Pd..9..y.[#..I..^.eDE..x...D.".[|m/Qs..4\........$n.VbP\Z..f7..P.?....."}B.>.1..._..)..F.....l..q.?P..L..6E8...`..i..M.u.aG!_...<...2a..\;hV...l......,._...F.F.......K..._..d...p#..[:2p8.......w.R.>..H..R.._+.2Ki.K..z./].......}_p.......".....v...1..E.k....U4.|.........GA..4Xf}.H(.4.^...$h.....f.Uid.o....0.Lp^}..u.4...;...._.S.....3...(D..9e..zr,.,U.....g.o.....%j58.....~.......T..F2o..u@3{..a...I..5.3p...X....X:g.C...c\....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):90048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.0360667605514795
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:VWKR8asDbZVO3TtZM0+E2t/AJGIew97ux9:V18a0itJ+E8/A0P+o
                                                                                                                                                                                                                                                                                            MD5:BB2EA60064BED37F2114C4973D45DBDE
                                                                                                                                                                                                                                                                                            SHA1:A8FD7DC55315D48C561FD4897695E3CE0D3905D0
                                                                                                                                                                                                                                                                                            SHA-256:8D212DFC2600ABAFDEBE5F2944C68F2A018E94D0AD8A68B1AD3B5EBC64D63CE5
                                                                                                                                                                                                                                                                                            SHA-512:A40043177F07944398AE12A9A44F33A2B36457B5FC9ED6C7E9828D990592FF7894A4C4D06FDC9DA69BB39AF4903AA742D0E95E9C56D801D6A02CD85CCDAA56F8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.Fj8..j8..j8...J..i8..j8..D8..~G..n8..~G..g8..~G8.k8..j8P.k8..~G..k8..Richj8..........PE..d.....$e.........." ...$.............................................................i....`.................................................$...(....p....... ......H6..x)..............p...............................................@............................text............................... ..`.rdata...).......*..................@..@.data...p...........................@....pdata....... ......................@..@.detourcp!...0..."..................@..@.detourd.....`.......&..............@....rsrc........p.......(..............@..B.reloc..............................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 90048
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):35455
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.994319527941668
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:SLO4rZCSJGurAvGbGLh2jKv90b0EsEL4/tw1:SLO4JJGuc+bkYM9mNsEa+
                                                                                                                                                                                                                                                                                            MD5:9F889126892FAF54C10967BB0A4FC219
                                                                                                                                                                                                                                                                                            SHA1:4E959740C4024A403A2EE488C6A70F7B6F4F2CE7
                                                                                                                                                                                                                                                                                            SHA-256:172F6ABF0B5D50EB9BF668D254385C1105A51A0B40570D032046C885726E7009
                                                                                                                                                                                                                                                                                            SHA-512:939B5DB95AAA8BBB83F33909AF57D866E5E758F4092674D78499CD3A51E6768191A8C5DAB013EDD5D49DDAB54A4E5B9271015E4C7B1A64851C9F70E5C44332FD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.._.......&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;..Q..]...4s.S.F.t.o&...@..|.%......J...M.E....C.4.u...8A.M.!(`.Q.X.....E.8.;....f[...).l....J...a.K...(..N....@!..6..E.e........gU....d...}.F4H..f....E......3<Z.Q....#..FL.'.!...2....@...DY..hYM.b..!O..gI....${........[.+.7).....3.3I..P.......I....Oq.?D..q..UjE.....IuR.Gt.....k.".A.5..wv."v...lN.....\G.o`........1..+.i0..\.c..i.;.....x.+K.@..,. ....;n......".....?.O.|u.b.8>.u...P65.M>.R...l....tj#(.+....S..a..Ol:.........=bN.V.n.DPV.F.h.... =....(.L..C.M.....K...!..<..o.-..x.?..gL'o%...~...........a..q.~H.U..N.Xy5.>.A...D...X.L.3.)...h.:..i...%..:K+}CU..T.....VE......-O.2PaT..1n......+.n...#.tRq.d;..3/.....{m..Na.Q.g...T.......9.P..Vf..7.[)VQ...!...GoV9..?W.....+B..>..,w7?6.|.{....:...2N.=.B...c.=....;.......7..Y.L.A..hQ..G....PV.E=.U...=._....3..u..Br.....9.6..$.f..s.h..-.......\55.sC.)>^.......`....WH.....vP...9b..>.D.....R=.3^G.......V~ J..$......

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):801216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.557465028217831
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:vTOz9azyrj8S7oRaWz2Wh0lhSMXleECzB:biKyrj8S0RaVjOEQ
                                                                                                                                                                                                                                                                                            MD5:FD0C3F74A1FB12BB6C9E60C9397BEA06
                                                                                                                                                                                                                                                                                            SHA1:972E5ED343DA5417F61DA67FD59C8B915B6E2F77
                                                                                                                                                                                                                                                                                            SHA-256:3A05B925B821F196A363B720AE433BD36F1F26D12C35E2A7BA27334B92924B41
                                                                                                                                                                                                                                                                                            SHA-512:16E90E3B1613FE3EF1B4AC8368AF86890D2673ADC4E24B6B4B4F85AC3FAE96A1E59D98152AB46BEF4FC8F82B37FD86459F201E8F422A375F100DE6C4684828FC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........,.[.M...M...M...3...M...3...M...3...M...3...M...3...M..m8...M...5t..M...M...M..|?...M...M...O...2...L...2...M...2...M...Mp..M...2...M..Rich.M..................PE..d.....$e.........." ...$............0................................................n....`A.........................................\......x].......p..........._..H...x)...........).......................*..(....(..@............................................text............................... ..`.rdata..............................@..@.data...$........*...r..............@....pdata..._.......`..................@..@.rsrc........p......................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 801216
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):288333
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9993478043517
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:cGP2tSYKtTVRXbMg713Qp68h1DiOw5pMoogMRYsCUh8D8W6Q:teVKthRXt12h1+BpM6KnCesXl
                                                                                                                                                                                                                                                                                            MD5:E11F55F3790F31F18B0567B32A443531
                                                                                                                                                                                                                                                                                            SHA1:93AFCD25279998E02B00838F3A9029112A751156
                                                                                                                                                                                                                                                                                            SHA-256:6AE5172A29A9F30D5C20B8F0C45FA89B320F9A15C1E65FE91003E4AD47B66CA4
                                                                                                                                                                                                                                                                                            SHA-512:C0B7F28EDBDFFA51BF9CE1568CDB372405A5C1E10883CD2E607F83A89D74BB055EE4073CFFD53CE624C1F2D95323B232717E8B9E231C82C05A3ABCE782E0763B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..9.......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X........z..n.A......Az9.....#....Z...Ps..].>.q.w..}...r.C......?.?f..P...s..U!......f.....=X.......>...w...R.l.`E.}q{..R......'=S'.5.No..4A...(.Y...L...Z$......(<>}.g3....%nA%?62../...j....e.Y$*..&..Q..../.E...C@,.7.|;..>7dGLYZ..{U|4CJ.v..%..a<HU.........h... ,.y..8P......`B{..H.+.Uo...%].-r..-.a..D.&... ./..@....T~..."]..|.. ...Q[...=..d.y.?..V6?V.....$...*^2.......*..t..Xq..nl.n.....*..)..MG8....3s.aF....=.6.'...".....|...-.H..q..@.c.M..D.....'...g...1C....DB5.a.......m.....}..-a...|..U..XJ.Z.e...O.[.yX.D)....q.O.Y>.&BomU.;.T...:O..8..[....2....[....J+W....%5*.'..K.......t.R..C.t...r>0...Y.X.*H....#y....g....U......n./D.^..N.V..L/.!...7.]..J.B..B.7..%W..T.r'.B..J..%..x"../o7>i2.....\fa..hM.!O}...&.1.....q..%h.(.>.....0*..n(....$(.v/.........j....n^.5;M..Y. .xR.....$-..Wm>K.M..X.-..o%.....rI..I.%}.{D........a..*4....m.5.\..W~...uiW[.'C......9.5.....,<

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9136568
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.512511552550919
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:OtTf2yUO8fwn9U0BqwTTvjq2Qgp5oce3s7924z:O9afwn9z8uT+jgpWYDz
                                                                                                                                                                                                                                                                                            MD5:049B61B65C25C6DA23BEC475DB6D3BB8
                                                                                                                                                                                                                                                                                            SHA1:922ECE8C6F428FED254EB38FB2E8EB66AA503BB7
                                                                                                                                                                                                                                                                                            SHA-256:0CFA7BECF350836E4BC6837F82BAE837F35FC7C2143591E9662CCC2991FE8FBF
                                                                                                                                                                                                                                                                                            SHA-512:29BBD77869F93CE73A07B8B414F47A86CBE9F1C29E357C4E144EC3BDB16805ECF84C10DE8108BC0A0DE6EB42E390898891BBC02966412686F419A310899755BD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.........$U..J...J...J.R...J.R.N...J.R.I..J.R.K...J.%.L...J.l.N...J.4.N...J...J...J.4.O...J.%.I...J.%.N..J......J...O..J...K...J.R.O..J.%.K..J...K...J...C..J...J...J......J.......J...H...J.Rich..J.........................PE..d...s.$e.........."....$..f..0%.....p..........@.....................................t....`..........................................}}......~}.........(.......$&..H@..p)...........hp......................ip.(...0.i.@.............f.@....}}.@....................text.....f.......f................. ..`.rdata..x.....f.......f.............@..@.data.........}.......}.............@....pdata..$&.......(...V..............@..@.didat..............~..............@....rsrc...(...........................@..@.reloc..............................@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 9136568
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2688816
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999932002222833
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:plm7BCNPUxzA457eSoAzwZJS0N41v+oZ+Fxi6aawwbD7QtQYa1nKnoDEqd2rup:qgNGNBZsJS441moV6aaRbfQtixKZmcu
                                                                                                                                                                                                                                                                                            MD5:BB17FA95BEF78B092BF8BE23C4DC0928
                                                                                                                                                                                                                                                                                            SHA1:B9BC9BB663DCB7E7329A46A7DD70B081D2F3C890
                                                                                                                                                                                                                                                                                            SHA-256:0C977F205C781FFB6CFEAE1EACEE988808824D28A07EF8B8F082D39278FBB1E3
                                                                                                                                                                                                                                                                                            SHA-512:D87425EF92C42AECC4716FDF726FE4B0F032A3982511084F3C980B65B12F729F6858F0CE0D860F70F742DB5874A7BAFD2A50568CADDE63A89FB8FF23A88A5BD2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:].....i.......&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f....r|[]....=or.Ozw......k...x....n.......J.'.\i......k..ud.`F.....39.}z'd.].....d..^V.....9..>Ys....l...+..w.^...M4$.=P....y.......qJ.U.<l.g..xs...i.N.....!..|......Y.........Ad..m...c.Ujil...).5...A.W....r.B... $....e..%...7$v....L...k,...:..%O9.2..49M.......P$..iE..`...@..4V......."(.h.^...)...0$DKk.0....Q..-..a.*...J........i....a...{..e.n.b.C.....$5^...jD}.R.A.2]y7e.4T.....<..F .....#....o...u...3.Np.P.?..W.....z......m...\..-.....k.1Br.SG.L.i.e.C...G~[*3.....o.;}v..e@..7>.h...B.u........b,..>9H......._.._..g..U......(.DS.J......1Zb...P...H.\...z...5..pK..-J.;)7...m=.R.....f.......MA.A.?\.....&.`..P.:.......... .i.G...?.......SA.(.l..c......W........5._,.......XB...J......&y.Ex".)$E....H.G........@..=..Et!.`^.....'.I{|?@@#.F....Ge.4t~..h..ek..{su....`......[...S.]3.#(...]J....%D........... ..R|..th../..VC.[..P2Z..{.R....*.y...h.'....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):964536
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.877780331459086
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:0uLx+yUhQ4WUFo449Dch0lhSMXlJnb4VLF:0uLx+5f3Fo449dm
                                                                                                                                                                                                                                                                                            MD5:2A55A260A6B1128AC61A33B471EA5D2C
                                                                                                                                                                                                                                                                                            SHA1:565B077790BE9021CFCBDED66A7A8AFBDF5ACA6B
                                                                                                                                                                                                                                                                                            SHA-256:1DC5B84AA79F51509F64897BA83B1C08C8AC9CA4C1D2CC4BAFCE532913947909
                                                                                                                                                                                                                                                                                            SHA-512:26D475A3495305E0C22C82C18E9F53DD9704EA5BE0A701BAB9EAB7999E5288713F9C0AB07AD896E38FDC4F4512A4A352D609DC4885F0F5B98072786293CD9B29
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........s....@...@...@...@...@...A...@...A...@...A...@j..A...@j..A...@..@...@...A...@...A...@{..A...@{..A...@j..A...@...@...@...A..@...A...@...@...@...@...@...A...@Rich...@........................PE..d.....$e.........." ...$.Z...H......`....................................................`A................................................`...........X....`..pV..H...p)......................................(... p..@............p......d...`....................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P....@......."..............@....pdata..pV...`...X... ..............@..@.didat..0............x..............@....rsrc...X............z..............@..@.reloc..............................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 964536
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):270982
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999356257251998
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:MbIvzuEx8BXwMNAnOv6NPtvwvmRwO0q6jNh8pliow:PLuE+BXhNV8PMTqI
                                                                                                                                                                                                                                                                                            MD5:8853A30AC5335ABEECE5428532AF0EBF
                                                                                                                                                                                                                                                                                            SHA1:9CAD1A595E2A0DD821747686D6AF36ED6BF04348
                                                                                                                                                                                                                                                                                            SHA-256:6342AF4E5D453914E8BDE79451A18ACD31A4773517595BE41653A34A5B289B2A
                                                                                                                                                                                                                                                                                            SHA-512:3C5E48C9CEB5190D8DC59FEC83E1B817750054FFF57EE7C7517A4CA1CFCA3E52A8A5778C96F05162DFE847FB8D914B1D2EFDE48E3D29D0EE2A6E3E076F86ED7E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.......qW.\f....{..E....&.........z..C .C.....yRh...So.c.6.5+..v.NE|....L.(~,...........e.9..SrI$.c...P.fJc._.qa;|.=.}.)..5.#....O.w...(g......R.MD.F.k?....$...|-oJL.u_. ^..sa.#.."..#..$. .$..a..tH..nz]=q.a.wL....2..N...P.G..<.k.....kY...fMQ..6....u...S...x.@.......N..4..kK-..=.{.,.....M.D....6.q...*..h9..FH.O./..R..uk....0hV7_....Td...8]j.X.........E....4......Q+...Z.8q.....>...^.:t ^$... ^.r{.;.K!.v.0!..QT....x....9..X..._.ii].7o..T..<.l.......B.1..*..........;.1./..[\4.[.+C.eV.=..!.^..0.uK&.gY.4$`..n.#1..#.E..6mq.L...zK'.=!.....;$.#.7....gf%........K.mX..........v-.H...7.R.........j.i....l..../..;(.C....9.L\(.lK...b.3......u.;.+....zg}..l.:.........|.x..z.z....j.k.&._<.0.ILQ0:k.]e.MGfcy.A....:z...v......7n..m.G..~5...& ...V..B,.....v._t|..[....2..*..@^s.I.XX..I8Vb..LE..[1.....Im...,..j..]...i.../........5O...v....-+'..L.<[t......C..nT......(.H/2F-.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):492480
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.797322464979677
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:tgMLZHAzld2w45AzX95dFph0lhSMXl+W30ERW:WMLZHuldSAzX9Dh0lhSMXl0ERW
                                                                                                                                                                                                                                                                                            MD5:E3EC647384B451F263BD8D65D534043E
                                                                                                                                                                                                                                                                                            SHA1:2AFC60F69D3634A1B5571F8994B8D56AC362236D
                                                                                                                                                                                                                                                                                            SHA-256:9B4ACCD7833B93B5A04924ABE7FED1937E7F51C88C67E91AF45DF5856CB70F1D
                                                                                                                                                                                                                                                                                            SHA-512:7821B94606C89DB8E203873C8E28126341BB28D1B906D2701B42EF8763FAFEDEB655214915345AD1438DFE5F41C2DCEC135743AA7B14F6B4B20976EB560ACFAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........m._O...O...O....rm.K....r..E....r..K....r..b....r..I...O...C...Ft..\....~..C...O..._....y..N...[s..2...[s..N...[so.N...O...M...[s..N...RichO...........................PE..d.....$e.........."....$.....\......@t.........@.....................................W....`.....................................................T............P..`0..HZ..x)......\....|.......................}..(....{..@............0...............................text............................... ..`.rdata..N....0....... ..............@..@.data........ ......................@....pdata..`0...P...2..................@..@.rsrc................N..............@..@.reloc..\............V..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 492480
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):190499
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999017904669886
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:QE/1b3C9JMIslTq1TeFcLbJCDCSwWqipcy9jShdPkaDV+38ISgVuZ3nLSYSLfCBx:QO1W9JNslTqUF4DS9qiGydShaaDE38IA
                                                                                                                                                                                                                                                                                            MD5:2919A5D4104F35E9A79DC59F5279EECC
                                                                                                                                                                                                                                                                                            SHA1:F9A4BD5E09BE90EF0D1C63EE1123514C58EF2518
                                                                                                                                                                                                                                                                                            SHA-256:4E45CF94EB4EFA8E8DFE3C039FFDD21D37020BDD88A23E02FCA9AC29630D49E5
                                                                                                                                                                                                                                                                                            SHA-512:A1E0532DDEA550B33E6281F8CFF1095FA57FDFFC576E5B6DECF5440DCCC830DA9CC9430EB9C70F21D0425743C220A8691640C1C24658ADD51BF53EB77610A174
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../.....[e...g4.&.H.xX._?xr.. 0ri*..[<SY..f...,K.x.d..&..r1.x.B.O..y....d....rU..M...g..L.Zk....$..$.~..`....3.....%.K..2....U.Ha.#..Z...U.O.Xb..<0....e.#a....d...1 6TT...~.A...2...E...... ..).g....w..:@X..g.p.t.sK...m..k.;}.,.!w...q*.y.|y..1:..5_C.#.YXe.a...9.K?.M^.}.hpU.{.e..!.K1K....o#I..6.......fO.Hq......vfq......Mi..f.Y.7..=..G.b?,..-....Vf.....r.T.xNI`:..?z:.k.oj.t..#kR`...=..~o.(Y...".L`T.yi....<.#.{@:.gO^L...\.|..-..s...&. .R E@F-n.v.nxu...{....#..../.j.ba...r....B......+C....3..3.F.l..?..;_o.I.Ze8.ra..|../..)...,....~..b.u.9...<8.....P..b.G.H.$......^..r...am.._..(..+.4..+....bd%}..........$.h......iq....~Z..E.$........o...J....4....h.n...@C.''5.TZ..}g....0.ntU..MO..Z..LX..E_^Y..d.63.r..P.V...sa.q}.Qr-....H (.. y..;.#._./R.c..m...x,..d..4..N...o.-n...rI$....s.;...5.v.Ex..E...g.5.f..\kB0#.P?..~../.I.y.E.M1].z.Zi...l....U...Yf...5^..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):638392
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.441390546044095
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:o76Z6ySKjx6uybTZ644MqciLMt0wdL28Qls:o76Z6ySugVbVFqciL+0wZ28N
                                                                                                                                                                                                                                                                                            MD5:9F48FBA14BA757A0D7A3A7BC7C095DAC
                                                                                                                                                                                                                                                                                            SHA1:61AC37F0EEBF1FF8EDD4EC3C90D9C484C22EE7ED
                                                                                                                                                                                                                                                                                            SHA-256:44386DF3BA7BDA4B080F54AEBCDAC788FEABE4C2BBCB91AB7AF53720B7139F49
                                                                                                                                                                                                                                                                                            SHA-512:F260DB8B0BB5127E9D9487202A447787057E33809B88C610D7DB552144C25B31BC4BF7E30E302A3FA5BD5481059429AE5047553E3720F996CCDF6A02C53EF814
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......i...-.eH-.eH-.eH...H,.eH..aI%.eH..fI/.eH..dI+.eH..fI/.eH..aI/.eH$..H?.eH..dI!.eH..`I1.eH.`I,.eH{.`I..eH9.dI&.eH-.dH..eH9.lIn.eH9.eI,.eH9..H,.eH-..H,.eH9.gI,.eHRich-.eH........................PE..d.....$e.........." ...$.................................................................`A........................................ k..X...xm..|.......8....P..(_..H...p)......4...XO.......................P..(.......@....................d.......................text.............................. ..`.rdata..b...........................@..@.data..............................@....pdata..(_...P...`... ..............@..@.didat..p...........................@....rsrc...8...........................@..@.reloc..4...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 638392
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):219513
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999117506277983
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:K8ig8+PSguee5GCtIsNRFE9oaZr2J+ZL4RraL:Mg8UsFtIsPFEJR2J+pWaL
                                                                                                                                                                                                                                                                                            MD5:5EC92A4955CB9E9BC0B6A6343CF86653
                                                                                                                                                                                                                                                                                            SHA1:EFA61C1B1D8CCCC0140B1B4B588E8732D956ADEB
                                                                                                                                                                                                                                                                                            SHA-256:4544B55514B04F1ECDCBDD6B9BC9E53B10E8815F5C473693E2F636B94A015244
                                                                                                                                                                                                                                                                                            SHA-512:1BDB91BA76F042CA06AF7A91684F0ABF98A8D20A96EB3172599326CB34A80DD51F522D17D518AAB98CCEB8AAFDE5AE2CCB163CF7CB5E00AF1897DC95BA27D4AD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N...........#.]._../..4.....@.m@..L`..]._>)..Xky+0.\>.@..i......{.Yl..r..<..1...0..]\<...Y*......C..I.....@KL...>l]7...Jm...X..3..m.\lZ94....Q.Vay.f.^5....Tz...w.....@.a..CZ..5./..u......).....B......+` .~.r.+=.....>.....?.......j.`.f..q.a.vi.m.)A%.......5..l...k.w...n.o...../V.fH {...<...5..n..q....#.<.......pX..t..-Q.i;.4......F..........$Q..v%.26.su....&.W......u.;U....?.X%...&...io....^?.q.D.;..K..$.s.. .\f.Z..[..^.T.>.X.r....7.....#,.y...4.t=.?.+..d...........LG.=..om.....X.9'.....Ro6.y..?... I."..".....,.m.!&..8...0......V.......o...N.......e(T...8.1..7..O...W.`....F..$)k.?.3...gM..-n..8..I.,.t.!......K..;.&.aa..v.i.S.e7.q....._WB.Bh. o..=F..Z.8^....p.?..._.&....j6....B1...e....s...Y.7.eQ4.Cq........".9j..D".jv.!8T.o?...]?.G'.8.....~..p.,.5X..Q.W ....M..P{..4....B....?"....v..#..Q..w....;..Mn.+.x&..b.U....eEB.. _....0x.....4.G...D....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\setup\aswa896341adfecd8a9.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2194), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18035
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.647824586371176
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Dw9+iXHcV2gJJi0YkdTJ3p+qOlG1srr7dl9D3e7A5obqAY:O+iYJiaJFOlWw/D3es5oGAY
                                                                                                                                                                                                                                                                                            MD5:637DCC5D11B6EB98BDC309EC36701DE8
                                                                                                                                                                                                                                                                                            SHA1:1ED8107B7B5EACCF4A9069BEB53CFB9C0BC88B22
                                                                                                                                                                                                                                                                                            SHA-256:CE0F73CEA417942AFE49F0F902D85EC18AC16A7ED5D3AE758AE825FFB0F7C152
                                                                                                                                                                                                                                                                                            SHA-512:BA4A0323A5EEB9DE9EAC3F8DFFE2CB38FCA840F78E2907C3F50748BCAC14696003CA25D0F7C0EB402C0D3EA0D9125CEFDC479147A1CAC16858C9C072BB3C37A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=2..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATisON=0..DohMode=3..Pinning=0..[OPM]..def_base=e

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\setup\config.def.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2194), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19781
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.654210075241176
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:D6JEiXHoV2gCJi0YjYPT4s3p+qOrTZBG1grr7dlRD3eJcmozRkEGY:CEiXJis4sFO5BWszD3emmo1km
                                                                                                                                                                                                                                                                                            MD5:DEDBBC581F705F55410EBB56AB5B15F7
                                                                                                                                                                                                                                                                                            SHA1:53F63C47F706D947083073F6318CA5711B0C99B5
                                                                                                                                                                                                                                                                                            SHA-256:DB2D0CB5DC008F905D6D6ED7F3932A19902DA7EDA146205B5D6BC8E7B8EED6DB
                                                                                                                                                                                                                                                                                            SHA-512:2CFA0158E497176B21D6DC67CDF0DBF05991992CEF8B51C798F13B33998338240313B0B4D83941F8E2114490A33B368D7459689AAE5406B38B8C2C50156DF829
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_cmp_safeprice=0..ais_cmp_safeprice_chrome=0..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\shred.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):369592
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4674339613189025
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:3itA1qHYpDToiZgWqTsWZifa5tMaFxPVT:N1ya2Wg5JFX
                                                                                                                                                                                                                                                                                            MD5:6B54A41584302F9958EFDAC3F3375B6F
                                                                                                                                                                                                                                                                                            SHA1:118E7E1966D192B7D93996305BA23285922FAAEF
                                                                                                                                                                                                                                                                                            SHA-256:44A8990DB4D8419F9AA6D65FFDB9147C790D680BEF234E624F3C0F9C759DCFA6
                                                                                                                                                                                                                                                                                            SHA-512:92B07DFC019C53DFB548D839872DE7A4361A4136EF5EE8B34745324E32D3B205EF635C569D2BC3E03BE4F5E19F5FC3CD7619BA4CD902AB0EF7F3E3D9D69798E6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......O.j..q...q...q.......q.......q.......q.......q..@....q..@....q.......q..@....q.......q......-q.......q..]....q...q..1p......&q.......q.......q...q...q.......q..Rich.q..........PE..d...t.$e.........."....$.............H.........@..........................................`.....................................................,............`..,:..Hz..p)......h...............................(.......@...............`...x........................text............................... ..`.rdata..|...........................@..@.data...8........v..................@....pdata..,:...`...<..................@..@.didat..X............j..............@....rsrc................l..............@..@.reloc..h............t..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\shred.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 369592
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):129662
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9987412912921085
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:hmOmP/LHzTfNOg1PSHMKDW3NVN5PuaWnSspSDZE0D/NByKt5:xmnLH3haH83H3mHoDZEgyKt5
                                                                                                                                                                                                                                                                                            MD5:47CAF5BE48BD24ED2D528D5BC71F2749
                                                                                                                                                                                                                                                                                            SHA1:2B7387C9365E3CFBC14CD7CD1B0F53F55DB3943C
                                                                                                                                                                                                                                                                                            SHA-256:13698AA38DBEC5495BDA33E1993962E04A6D64825B3461299D9F800BAA5F69C3
                                                                                                                                                                                                                                                                                            SHA-512:9C6E93DB865AB2D511EF06D049F0609097625ABD7A0CEDA607D2DB872CC05067788E4A4246C3F01455968E364559F9E175E6539265CD44C2561D5377C2DD4BD0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..:...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...as=.A...-v..,......Ji2.......>...........G..2.:.X...n.Z.R.-*U......+.=*.\..V.Q].......<...D1.C3. .".F%...S.".R5.z.&(+.^.{.H#..~...k...s@.Q\...Q..,)....S..'.5.....Vx...S...V..B.... .S.v...^..)..VY..Z:h.w..^....Y.}...[..}..QP.w.w.&i.{$.>...4FP.6$Y..X.Y.5..U}..P\D|..w4g;..V...Y...n,...z.:......[u.5..}.........g.C....q..#.C.r-V..Z..[=..M.e.|.7......._...0...s.iC.~.......`..<....7.Ww..f..c*.;......pA...^C........Z./...q}~.K...W.Y..`-.......Q.9....V.f..QM\.. .......}........UG...@.........PIANPQ......r..6Ps......J,.....v.......y~`..k.4.}...;Fp65...|L..("r...o...r#..H..'..2..[..y...X..^b$/&...~..$v[Q.l..Gm&+$.i.lu...T....X.$a<....&...t1l9......v-..q....1{..7.b.&.'.."...3..d....0.k...._.d..5.m........P.3.,..m.k.e..../;c\.......Nu3..A.qa2;...0..@..+..cb.q......S.....H.......K...B.Q#.<._.....v.EF..`..9.*.&..]W......._.t.b..5.....V....C#.[3...'..DW

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):378808
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.942153252095299
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:WbjLghfu0nJxARDpZLWTk2NsihXHAw8xHM:ThfjyDpoTk2U
                                                                                                                                                                                                                                                                                            MD5:BBE4B0043FAD8DA88E9AB4D34B118966
                                                                                                                                                                                                                                                                                            SHA1:BE78645B7308DC6CD86C777224819312B9B58713
                                                                                                                                                                                                                                                                                            SHA-256:7E4D0361E11C2BD879FA3EEABCF2BFD8C0C7DBFE8EA975E9E7515C8CFED940AE
                                                                                                                                                                                                                                                                                            SHA-512:875000C47C5DF6689324AEAE80802A08DB1976FE976D3ABD4AB89FBAA315ABFE53364E08279969F4648B2F95BD98EE1A8378A557F765D4406AB1F5BA31ECACE5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................w.b....w......w......w....................gyl...gyn....gym............................`.................Rich...........PE..d.....$e.........." ...$.............K....................................... ............`.............................................l.......<....@..h.......@)..H...p)......L....|.......................}..(...p{..@...............P............................text............................... ..`.rdata..P...........................@..@.data....'..........................@....pdata..@).......*..................@..@_RDATA..\....0......................@..@.rsrc...h....@......................@..@.reloc..L...........................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 378808
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):127399
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9987489568420544
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:hMb7hGpI6nlEIzmGqV93kXnG/EMzDUTMYn+iyupwQZaN9bR0x7dIu:Ow+6nqICLf3k3qEl+iy7z/8dl
                                                                                                                                                                                                                                                                                            MD5:E0784ACF2FA184FB1084DA73057FD100
                                                                                                                                                                                                                                                                                            SHA1:1673D6B669DB420506F19AD4DB68137FFE7F3521
                                                                                                                                                                                                                                                                                            SHA-256:32F6DD5A272135F2D8D02A63A5EB3A07FFB27642D507A8B684D4CFE075F9AC54
                                                                                                                                                                                                                                                                                            SHA-512:6FF99543CAEB7BBEFA65E9BB1078E026A0D9EC629CC84EA13C879B0D9B071492D7228AF621A339E0C96B31DE9AB5CEAA4D91FB62A177072A8D40E17F2756CAFE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X......-;6K.._.1.\Q...KJg.BF.G...f1....^y.Y..=r.[.....@.....M.d......N.`...Y..AY..K...u.CY.....K...."h.._....d.x.] k....dm..N.......-w.{...'..`.I;.\.u)......gN....s..w...v.<{=.._.w... .vb...@...A...d~....<(.<....5.3...M/\...z2...........CT.6.)..U6Y...E_..)..,.B.!..d.......'.w.Z.J..MD.......L..(,,..x.V.. %S..m..eWG...P..$..y..OuT..m.....%;...w.r.....o.......5K.^.Z.K~..9..I.....!..'.cF}...4....3f..s..^7......-.I.....0..|cT..d.4....2..a...h.."..7B!.*d.q5....T...My.b. 6...=\.wP..d....'....R."...]{......Y.....&../.[.. .b.~..0..t....C..@...u.)g......Y..........L..`.{.....0&..2VA....;.Y..T..&..N......j...OB=O....u._...&.h.c.+.! ah^..].ORTIr.....)..2.`.u..1....N..5y._...<s..N,.b.t.?!|v%.N...a..k.+....H=...A-.*...=.p.~..*W.d. c.%...P)...G.'E.7..6....V...n.n.Tc#.FK......}...P.M......t.....rF...I.!...'..h...,x....kN(.....s.a...4.~i.r.81...z.....*N?"..$.i...?q...&

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):599992
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.56743183204461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:B8usglpkr/kQEl1mJZetTzVSaLLLSFvQ53+gHyibmDXj53mE+N:B8usGJAvetTb/LSFvQ53+gHyibmDXl30
                                                                                                                                                                                                                                                                                            MD5:A244B2D7704277F00A5D9081DBC797FC
                                                                                                                                                                                                                                                                                            SHA1:2695B88129E58476157A55879FC470C00DA8242C
                                                                                                                                                                                                                                                                                            SHA-256:A2E62BDD0E9EBD4E4B724054150063A9A1E465399E5A046D40A4B3A30370A5DF
                                                                                                                                                                                                                                                                                            SHA-512:3F4B881E1E5C04877126EEF42EC79BAC968E80B2DE02712E5C37575C7BD3222EDBC747D6E7A6EB6DF39DFE916CA6F328952F900AF28EFAFF97B5D9158A5ACC63
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........g]..4]..4]..4...4\..4...5W..4...5Z..4...5Y..4T.`4M..4...5F..4...5\..4I..5Y..4...5_..4...5R..4]..4...4I..5q..4I..5\..4I..4\..4].d4\..4I..5\..4Rich]..4........PE..L.....$e...........!...$............p_............@e.........................@......jg....@A............................|...<...,.......h...........H...p)......Dv..$...............................(*..@...............<...4........................text...z........................... ..`.rdata..............................@..@.data...............................@....didat..,............|..............@....rsrc...h............~..............@..@.reloc..Dv.......x..................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 599992
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):165786
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99903381697399
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:CpKagD+6ridhz/+fiHPP+sqvPctTYWndcU1GVH0rhrQS1B/kqVLvHSGKVabRMzf2:CgJD+6riD2fiHPmvcnP1GVH0rf1BZ0G/
                                                                                                                                                                                                                                                                                            MD5:2CD115C8CCDD1CC8F2F8EC03AD08FDC8
                                                                                                                                                                                                                                                                                            SHA1:5D8E734FD5E13F690C765A5D6CDB505E0FDFCEEE
                                                                                                                                                                                                                                                                                            SHA-256:17CB449893E699FD868B6B9E098A4F3B1328AADED3ACD06125AAFA33812CD6D4
                                                                                                                                                                                                                                                                                            SHA-512:8696BA90AE5894D95A9BA110F1DF7D4ACB9F3C691D8C0C6CB4951745C7CF1FA5617B7BA09038D8B1C3E47A0E661B63CA8284536E149FDC9BC1394E3FF6FD7CD1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..'.......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....|)...{.....$ex7.U..q....\R....D...BK)<.f\.........S.=...>.....R.F...l...9..=..Nf..xxGk.....p...Z.orK.dtn...=...`.Uj..u....1O,.......p....+.X..C.+...\..7...l......P*`|n.(/..X....,.%.....5....TB.X8...=.f..\.-n.,....u..5..S.U.Fg.#.!..i.d.}+..Of.......k0..s.....b.g.}..j....B..x...2...B...`.`......U....`..Y.'.K..7h8....V}....._.....U......-n"...F.....AO7.|.v`.=AL.N'..6|-.3..V......|$.h...3....,.....R..t...^8Xg:.%...!....)....N........F.0...Y..@U.6.17...R.Opg..Q...*..3O...73.bId3...{...[.(.Hn....:x...H.O...c........W..E.+$B......tvo.2..}...l..E).^>N~.....CY.WB.kMB_.].g.C... .p(J.."...R.fVc....T...r!..1..C.D,.\P.p.p......F..DPV~...Z".4..72.c...^...........Pa.9S...i....A."..g .....Rs.?.+j........,..`0....K.Y.`.Z...(<....5.a...D it........|.b.v.J.#.c.....;.....$.6...0..|.g..._..]._.g....({........]O8....LpL....F...EK......).Y..%.*...I[Jw0.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3465152
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.666779106926433
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:S5k9vBVLKutRp9eJA5UnjWjUqoKVfRSkymb9Mxxrejk6yS78vuFwdpwl1GzyyJSR:S54BVLNtXcfq1fJaxxrejX12/xI
                                                                                                                                                                                                                                                                                            MD5:A8573494557626363808A70A64308345
                                                                                                                                                                                                                                                                                            SHA1:3F6E3FA2896214793E2175E742495D83B58A8569
                                                                                                                                                                                                                                                                                            SHA-256:2EEBFAC789F3856BFFE4DABEE1E105D03F0B79609D24EC5EE070C8B68311A988
                                                                                                                                                                                                                                                                                            SHA-512:37017502409BA4BA16883C15A2463CB0549692A84C814B46A83FFDE61EB9A311DE78C7EC3B5B1D4C348D428C7E17FED50FA85F862F02AAC8CA17F67B3142FABC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......'.k.c...c...c...............`.......r.......y...............w.......}...j..a.......b...c...o...5...g.......b.......~...c.......w...j...w...b...w...b...c...b...w...b...Richc...........PE..L...@.$e...........!...$.. ..........Y........!....d.........................p5.......5...@A..........................+.....<.+.......3..A..........H.4.x)...P3.`.....(.......................(.....X.(.@.............!..............................text..... ....... ................. ..`.rdata........!....... .............@..@.data.........+.......+.............@....rsrc....A....3..B...\2.............@..@.reloc..`....P3.......2.............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 3465152
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):936368
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999809555269087
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:6QW71tSNXSn6JVizQ05neQ9UBFWaQAIYOWtpu3HAD8:7WpwXExTEBIaQAIku3H7
                                                                                                                                                                                                                                                                                            MD5:18073113D142C0AF41ED9230DDBB0639
                                                                                                                                                                                                                                                                                            SHA1:10DF20CE91385C7D6C0E8AD0F09C30BD33DC8996
                                                                                                                                                                                                                                                                                            SHA-256:743510D1443C0263DD82EF082D8AD18F12EF63BDCDA68EF165230009F88A1029
                                                                                                                                                                                                                                                                                            SHA-512:B42772C4DD0D63A74C3752B6AC4D9B648E0B4BEE3078355BB154D94C28B919C1F1A9B56C21FC3BE1EC8311C87CB0974F3C084961F01FF7D81CED8C212710CF2F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...4......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...aq.l.J...2.....$.x....&...s.........*Qt.@.......GR[..<."..2.....%...J...G.....!......Z_.........M...T.....K($g.i..B...9..y....|..o.95*.$.H.X.43.?.I.....J<K.%..(.D.g.Z.M..$JYvg].c....M,.. ...~.....5P.....M...$...B.p\..,...QL.(.....Ph.=...........`I..{.......,.{q..S..i.{.MK..2va.|....m.a........S%7.N6g..k..f....B.y..0j...6....@...N..z..E0.I.L...7.....=.?.l.n)W2..`DP..Sq...p.<y..Ek.....z>............/....h.X.....n.3..W......V...."o...Nxh..%.b.;.zc.d<..O....r..x?.I...P.O..rvS.vk...a.e. .o...oo.....6..l...h.;nW..^q&s...K.i .>4Z. ..h.....o..$...Zz..0.._.....pz....!.x.B...pF.........E0.[4.c[J.s......,...M.**.XI.......D..k.4o......!v..../6...s..g...<]..s.Y.z.....k..7.......)i\..y...B(...X.f.........C.....cDU!W...ok"W.aM..C.[......\..y.Q.u).."..6Z.7.(C.g.{.....j=@.y@......._O.4..~.....6.......Q..k.U...5....b5..|......lD(...dXb..o@.,.,As...i.....t......

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):608704
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.749475325282624
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:KY65cUxcV3Ya8HKjc7IXgNOph0lhSMXle91h1eJk:xUxqYa1jc7NEh0lhSMXl8gk
                                                                                                                                                                                                                                                                                            MD5:A23D512FFC3253189766803809A65F23
                                                                                                                                                                                                                                                                                            SHA1:8F658BD3D998DD4D86E7805D289BB68924F6BB0E
                                                                                                                                                                                                                                                                                            SHA-256:983AEAA6FDA925D9D407225D50967A8C44769E20E1E3E490D9DEAA53430125CA
                                                                                                                                                                                                                                                                                            SHA-512:5A4603AD4802ABBB85B32ADA229CD06506C94B6C3CB8F82A80CE7D3275CBA269DDFF3129FFAD86B203CF48FD49A9ED310616787A2BEE9F731FABC06FC540534D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........:...[...[...[..*)...[..*)..W[..]%...[..]%...[..]%...[..]%...[..*)...[..;....[...#x..[...[...[..*)...[...[...Z...$..{[...$...[...$...[...[|..[...$...[..Rich.[..................PE..L...u.$e...........!...$.$..."......`........@............................................@A......................................... ..X...........H ..x)...0..dJ..`D.......................E..........@............@......P...@....................text....#.......$.................. ..`.rdata.......@.......(..............@..@.data...DF..........................@....didat..............................@....rsrc...X.... ......................@..@.reloc..dJ...0...L..................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 608704
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):244117
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9991895967809015
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:MBCSK8tCIbsm3mhpbLYe12w1DZWxkuSCI7EOVC8:MBCUCI5CpHUwvJjVC8
                                                                                                                                                                                                                                                                                            MD5:942A8C14D1D0212E54DC719F49D1CDCF
                                                                                                                                                                                                                                                                                            SHA1:EFCA6F4DC68FED5F0926301ADC9F98AE9767F237
                                                                                                                                                                                                                                                                                            SHA-256:7E57E95A0BA2DD17CAEB37559C0304C6A3EAF0E8E5681789C51BD1A8221E3399
                                                                                                                                                                                                                                                                                            SHA-512:1183FD71AFFFDDF55C8883D291488539B66CB4B4AE94F84E4269E23ED3D4527CE67941163AAD77DC4152B4D5A743981D41A867E1DE985F3891658DBD39FA6C09
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..I.......&..p.........../D.|..:...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...avEm...9#.ye.........<.W...>.^.N.g<e...$...u.%;......@W...Q.#EcB'...c.rs-....p.Q(...p.z....|q.-).R.Z..........j.....%.....(.\.O Y.....?=.w.C)...w=L......+.4Jc<...b..<.|.}..~UE.......\l5U...P].=^F...6..4.,O..G;..tf.'.3-.+..o.Q&.....l..Qi..@..1o...6..@L..B....(..E!.:.G.i1..1..n..R..WS.\.m.....f<.....N...<.>....S?..+.\.>%.:.../....j.(.....U....y;...;...7.|..o.^..X......6.......k..vH...x.=....?......A.L...0[+@..V...V......GHA...)-.Q.....N.2RUNh.d'..|.5.x.*|jP..y.l...+XN.]...\|*Fl..o..v.1...)..v..fW...g....h.<..j3..;.......S2.M.../."..b...S.vd...n.?/Br.6.5}..a..E.M..g......c...\.}#2Nj...1.a."..o_.%@.F.<t..qS....o..1.-...P.F......6..f...uq...e.~...7...$..I....pD.~N.\..3<...*>.yk..6...\....}.]....9.{E^.l.F%^.....B.._..3=3/(m.<Z.".%C.^.....z.3'G../ ....!0.7]..,.s..]..h5.|..X..g+./..I..n"....}x....._..#....,..I...'7....)#....6.i8..!.....wl.{;...J.\&%*

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):486848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.847470716928102
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:U6GvYq5ZrEygrAXjR/Hph0lhSMXleMxVjNhG:DGvYq5ZrEdrSJh0lhSMXlRG
                                                                                                                                                                                                                                                                                            MD5:0464FE1A8F3BC3B5DB6F802C16B8E6C2
                                                                                                                                                                                                                                                                                            SHA1:B6FA8485907DEDD71A1A61A7FF6EB8D61F2250C3
                                                                                                                                                                                                                                                                                            SHA-256:50969EA774C5BD76190FC7A70A4C7E4C495AAC677DDE286D859E8AFA67D448FE
                                                                                                                                                                                                                                                                                            SHA-512:F2FADF3B239EFBB99545C0CA846448BA9FA3445AB1ACD28E32906F66BDB7FCC8F374021031B856B82C342C0A945C6E8A2E93E428D2279D0EB6661398E3530AAE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............h.Q.h.Q.h.Q>..P.h.Q>..POh.Q>..P.h.QI.GQ.h.QI..P.h.QI..P.h.QI..P.h.Q..)Q.h.Q/..P.h.Q.h.Q.h.Q.h.Q.i.Q>..P.h.Q...P.h.Q...P.h.Q..EQ.h.Q.h-Q.h.Q...P.h.QRich.h.Q........................PE..L.....$e...........!...$............................................................!#....@A........................p...l............@..0...........HD..x)...P...3................................. ...@............................................text............................... ..`.rdata..............................@..@.data....<..........................@....rsrc...0....@......................@..@.reloc...3...P...4..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 486848
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):203363
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9991588006080425
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:j3aPOTiXnUDB9y0OYed9ounDCFVdakKC+:7aPxXUDjpOY09znDCFVGj
                                                                                                                                                                                                                                                                                            MD5:553E0BFD2275D94753E22BD809266B22
                                                                                                                                                                                                                                                                                            SHA1:108D4AF696F40EAA93A55370BBB22D50E77446D1
                                                                                                                                                                                                                                                                                            SHA-256:E56C1A2184A54BF24BF7B80881256B77915CC95DC8B55E76D0B6A29F95F679B9
                                                                                                                                                                                                                                                                                            SHA-512:E8FADAE8BBE7895195E879570497CCD6775BA48DE7B5FFEBC4912711F7DBF76EDD4A631CD7AFAFB4A76C49CB8866FF6303F82A2A4C184676D8D3390549A391AE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..m.......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...au........K.(.s...A-4.6.\..T1...m...W#.g.L......W.Gz.cq..].ma.!..........+..).&.Dq.....1N......(x..\i..{.......bM=......Q.....cb...Sc.z.f.D..*...M.|W.b....u..!v^D*J.)v#...C&B!...A.....Xn..i.......a... .]"GP.M...\.@:&!g....J{.^..U....|....r.?....Z]..Q.~.~.U.y....!.eal..?..#..!T..y.?#.JQxcw~.]..FU...c..m|I..=..=f..O....[.^.....3.. ...Ra]..V. ]U..|q.vt.%..J....5.......1.uYt9..K.Ca.X.6...._Zw..~.)......N[>.i5......b!q...4.y'.q......n..%>].}:..\y.....R.U..A.?.W...~.}X0....P.!..iz8...Zk.'a...%.G.;.......gT...7..|.....Hb....0.....h.g.-....<.....U(.E._...^.....`Y..G..d[.."..q21...Je....YC.V*...S..'.F4......0...d..9...]..tP..o....Ht=q..U(K0.....=N....`*.._...(+..p....[.0.r_.C...T.......XZ...J}.....'....D.O....9.S.&.."...^..w..5-3..x:..'.+c&.\......O...s....*#.~H...p.X....n..,.p.c..2(.U.......%....o(R..%..U.....PN"'...M..iYa.M.6l...FU....[G.F..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):383936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.66058206955698
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:VRWiDXXTVz8aWbMhMPfVmqgwLCugyxXOakI3C2qBvD5gpMflP5hEu390rkKKqKxz:nJjlTW0goqgwLC/BmS2AvD5gpIlDEw4G
                                                                                                                                                                                                                                                                                            MD5:04EA0C8C53A2EEF1DA4B4AB59B1C8FAB
                                                                                                                                                                                                                                                                                            SHA1:7E9B937FAC0E80AE4869C396432CEAFAE62CE136
                                                                                                                                                                                                                                                                                            SHA-256:F6D8EF82CB789F50B65E2C04262BE2F4E3CDC93251FA1A0985254E5008E08882
                                                                                                                                                                                                                                                                                            SHA-512:50E81586B55665360CC170A11E36E46BFBAF7EDAFCBB9EAC955B5D7635A52A50D97188FF39AF22FD424F90BDD88699E539A10D1BE64CB15883C9841200232D51
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........................s.r....s.....s.....s.....s...........................................p................Rich...................PE..L.....$e...........!...$.R...d...............p.....d.................................R....@A........................0...tg...`..|.......H...........H...x).......2................................. ...@............p..@............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...`............t..............@....rsrc...H............v..............@..@.reloc...2.......4...~..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 383936
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):157617
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9989893995147465
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:b0z3LI9CBOalY1DZeA+ZUjj30HNyN1h867uhO6LAKmLroCJk:b0NJYreA+ZBHA3hVqhOSAKG3q
                                                                                                                                                                                                                                                                                            MD5:4A468DBBB05F2EA319305136F98C120A
                                                                                                                                                                                                                                                                                            SHA1:4D542F1D40B198BFD23F0A22A6A25A02254B2045
                                                                                                                                                                                                                                                                                            SHA-256:285B535D9A1F73321D29176D99A0D9441C28F64E9605301ABEC1B37AF0502A3A
                                                                                                                                                                                                                                                                                            SHA-512:879E986627A9E0EE573800F560EC9CF289225CB541A9DB4D081EE69926E3E2D3E53085B357BF0ABA5BE899C024643357A4378A6E4B607833DEBA302C2779EE4F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.......t...&.<..}.[..TI..n..Z..CM...)..c{.Wj........vG./^[.F.....J......]...........oC.xv}H..$.$.k....o.gc.fUwa...K....k.....h.........W..]F.$..h.....K ...^..;.Nlx0..c.6.E..>.."...t...1../g(....tP.....~...E..l].....Y}..?. $..a..g.....}n.a........Q.!....l?1.Z...?......S.....k....(O...Hf...p...@Z'}-...DJ..t)Q..6T.AwCq.../Z..l.a..)).7R..*................A^fm.2asL..L,...E?=.......G"o^...B9V&...H.K..(<...&}.....?.nU9.;...@.t].t......:u.E......B.YC.U.)..4.5.3.5.}S].el...k{V.p.v..~/c).."v.^9K...i..o......j.L?M...h9qI.w....=A...%C.k..BI.'.6|Z.12M.s..:.08.,.......<LO..-. X..B7H..T.Lh...R.!.e/.-.."..1Dr2....;..&/....h..kf..$I.?....v.A...Z.]}.YD.().....%;k.$..d.....`WO.O.e.^....:...;k;..:.<..,..c.FN...g.Q.I/...b..;.!J:..r.<*?$...o.:...-N..t./a0....&Mi.p.cI...(].B.=[Vw.....]I..t.W.. 1@...j[}.=y.e.3b..u.G....x.L....x.mV...v....3H......#....A0.5}?.}...

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):388024
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.230225285025376
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:PwoAX9VGtJFW51mNplWdZVGHF29hjQu6M4+Z+KqejMYK96VLGooooEuH5VsLkHD6:4VVGtJFW51mNplWdZVGHF29h03zKq5Xw
                                                                                                                                                                                                                                                                                            MD5:59987E70E1CD9C5C28321485BE6DAD5B
                                                                                                                                                                                                                                                                                            SHA1:AFC3FE52F2D73E8A4F9BF7116CDF276688F11626
                                                                                                                                                                                                                                                                                            SHA-256:38202849409BAFF705CD8313452BC5B3F4CD60AF5A9F587886682BB3A947CD07
                                                                                                                                                                                                                                                                                            SHA-512:4909BC4080DA9BE8197664A2037FCBB4525897AACF2DA08E624E81FAA0FE6C59141F54F5C0C950D0C4A48CFE57FC6AEA323B404C2CF0344CB75F645AE40CFED4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..tO.tO.tO....tO.".N.tO.".J.tO.".K.tO.".L.tO.U.N.tO.tN.tO.tO.tO..F.tO..O.tO....tO.t..tO..M.tO.Rich.tO.........................PE..L.....$e...........!...$............0..............d......................................@A........................ ..........d.......P...........H...p)......T......................................@...............|............................text...G........................... ..`.rdata..^...........................@..@.data...............................@....rsrc...P...........................@..@.reloc..T...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 388024
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):180365
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998938027998032
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:x06sEbsFDU4Hl9IsfQ5zVUX1IQSpmQ1hvXEuYiARK5v0EocEP:x06sEbsFDU4Is1IQSNVX5NARK5v0ElC
                                                                                                                                                                                                                                                                                            MD5:7C5C21DC5F7F9F26D478297FFC5049ED
                                                                                                                                                                                                                                                                                            SHA1:84FD89660AA524181EB13292AB53FCBBB032024B
                                                                                                                                                                                                                                                                                            SHA-256:68E34D96F68DE983B72C4A44AAB6F97859496963378E5235BC6BFB18BA8898AA
                                                                                                                                                                                                                                                                                            SHA-512:72551241A7306A2476E9923DBC6F1F8DB2EE9A7FAE5A1AEE7F1E3AA27CC609A9505749DAA4CCA2A6C73A71D861F5047F7D5955965412B34CFF1A5E1C5AA4A20D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|.........Dv..........z...K.x..q.....W<[..I;.N..T...s......~...Y.p....f..g.[..D.E......_=Oq..D...cR.}Y.T.....D~....b.M$.............v^9l..../S.'D...F)....=S.......aV.C..?*#6..pN.....WW.....i.O. ......f.R`....C.BGq.{6..^...."hCd*.e..YaZ..@d.?..Y~.>/.{B.+...Ln....W.....<6......u..}.S..B.*..._8.D..$![<.n ..a.d.. 1..o.<.$3'1..C%.}...m:...\.&...}.f.2..`...{.""&a......?.)..$....`t.0.@3..j..v..>....p$.Y...6......D8|X...`.$...2.y#...w....i2a...".]..8..".K,...d..p4A.<..I.........P.P..)..*...L..x.......3.fn.l.:.......F3.P.g..]IZ^#+.v..B....3....x...m.!2.9.t..n..... b1..#D.R..}'...$r8.]..T.].t..%... .R#].n.T..,m.-......u....H.9QD...hL.1..)...F..C.....W..s.k.:.............&....n.+.0...1+/.V.........1...-.6...M...j..4G....-.].....g..%.fi#..f......(}.z......@8r@.....r`.,sJl....m..M0.m.9PR.M..=.,dF@...v..T.5=.^...,).,..&......8..+e...-....G....>Xd...F...Ci.gw:sj/..X-a'.Z.i."..Wr..^..X....h2`...o)@y.}e.m..a^.!9.v.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):171968
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.720314790977908
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:yGUeIPFqQcofwuwxgvx90tKVm4qAYz2MqUqB5kvkApmDcjK3ptx88cS:PojcozS+Hm4rYNHkAIAjK3ptx+
                                                                                                                                                                                                                                                                                            MD5:6260F3F8F099F2D44D6C9091A29CBC92
                                                                                                                                                                                                                                                                                            SHA1:1440208739AE2C9A99BF0A43F56746F7DE333B97
                                                                                                                                                                                                                                                                                            SHA-256:7E7E39F575B525EFF71CDA8F7B0BAC594B1D47A5AEFC99C139BE4B003D9DF3F7
                                                                                                                                                                                                                                                                                            SHA-512:876898FC5DEB63D26EA5CFB8DF0386A8F2C5BC7CD6C17AE048ED262DE789DA9541166C384C51D298EF4FAF0F301FBF0067C7AA42C5A62D240304267DB4F69542
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........U.f.U.f.U.f.\...[.f.....W.f...b._.f...e.V.f...c.@.f...g.Q.f.A.g.W.f..g.R.f.U.g.f.U.f.W.f.A.o.G.f.A.f.T.f.A...T.f.U...W.f.A.d.T.f.RichU.f.................PE..L.....$e...........!...$............0..............d.....................................@A........................P2..."...T..........P...........Hv..x)......4....%...............................$..@...............|............................text............................... ..`.rdata...j.......l..................@..@.data........p.......R..............@....rsrc...P............T..............@..@.reloc..4............\..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 171968
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):78031
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997251783247021
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:usNY2ndwEQM/Ar3gTtiyMDKq7TZXn2Rh7HhBbq5HXsTSyut:usNYQdpQiAr3gtq7tX2RhKHvt
                                                                                                                                                                                                                                                                                            MD5:73E0A9131E894B4798A01082A7FDBE4E
                                                                                                                                                                                                                                                                                            SHA1:0B13DFDB78F7A1AA524C922D0D5F52D4DC5DD203
                                                                                                                                                                                                                                                                                            SHA-256:952CB7F0E8C577EC794D0E5D42D4B0BCB4AEE14B67035D390E0737FE7E964720
                                                                                                                                                                                                                                                                                            SHA-512:9440BB34708CB00A2670F54876781C6C054C77CD4A398FE4D3D5802F60D2A0EE3CC4644FEAD7095315A45873880B008271C8F76408F4CB1C1984063469A98017
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....{.`.?{.:.H5..G..Wr.|aW .j;.b.".E..c..@..H.E=..H.LW..s..q......a..^.{.G.P.n.,.US....*.........F.C.@.....@..6.<4.B%.Tf....,..(........k...&.P..9K.7...4&.+.....+....h..O.....=^....u..7..........~+....4.R..H>.q.... ..h.{..@..[!&..UW.........7?.q[..=......h.=..K..}.'.L [...........)/.P'.?.=..CQ]..~\C;.h.i.1..5.=0.N.R."2....A...78....A.lk...pMH...X`c...Yl..x.............D.E.....b..c..4.$......;]+.'N3x..l.....{QN....v....obs....$.4}.(s..._..u'#N".'B.;5.-6.@.4..(..$.p2..q8H...l^.3D{..........zKiW.y.a 2.....W4.`.g..|Dx.1.L...&..H..k@8..'.T..N..h.....X.(K.....Y.lm.....!}.Q.....w_t.0...<...U.`-.K.Yq....}.*R.RD.._...WL..<+....qZ..zP.4as.....)..}M.Z.^..WU..n....o.".........>D............X..i.F`U..yz...>..S..q....i..s.m.....W..4p........3;.H..A.VW).2.1.=f-.....9.V..WZ..O%...T....7..Z....l.f..Xr#.D.n.[........_=..I..-f.I.*.[..`.ve....._L..P........{.-F..k.&v.|

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1185720
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6165531560678605
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:33zCO+IRnrodJxhl9zkcsJGpNAeF2LoJ5VIP36X1KCbRB7Kwp13gPlY78puFyRbC:mhRl9xiefQ6f77KyWlY78puFos
                                                                                                                                                                                                                                                                                            MD5:F9379B4B405B8DF6860B4169B193269D
                                                                                                                                                                                                                                                                                            SHA1:95F133C1E974685AB1198B1228930BEC49B2C7D6
                                                                                                                                                                                                                                                                                            SHA-256:0DEE50E0462473979F0EBB01733A1F05710DE86D164C1CC51100102CBBA81838
                                                                                                                                                                                                                                                                                            SHA-512:9A21E7ED0A7EEF6711C5FF78AEDFB27D38FE3B56334406CD143C75DC3AE0402CAC2696317649EA8D3612234391CA28A57A45F4046E4AC988B2132F81BFD31E2E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........K...%...%...%......%...!...%...&...%...$...%.m.&...%.m.!...%.......%.m.$...%... ...%.|. ...%...$...%.. ...%...$.i.%.|.!...%...,...%...%...%......%......%...'...%.Rich..%.........................PE..L.....$e...........!...$.............g............xd.........................0...........@A............................X...........P..`...........H...p)...`.......................................-..@...........................................text............................... ..`.rdata..............................@..@.data....U.......J..................@....didat..\....@......................@....rsrc...`....P......................@..@.reloc.......`.......$..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1185720
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):333549
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999420626243367
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:gAJwoQgAwrqIVpHGMyQU7DKmEYJ7GT8j/mdVLrJV1vg1EjaLkw0zYUMJGfQ:g4dKCIT9DKHsPqprJUKjaHbTJX
                                                                                                                                                                                                                                                                                            MD5:063F84C42FE016FD5E8CA57A1450F412
                                                                                                                                                                                                                                                                                            SHA1:6276888B7167D2CA9AE970D9DC98376E30E2840A
                                                                                                                                                                                                                                                                                            SHA-256:440A1EFA2A18FB32B1DDC1C83D6AA61D5E0E1537E31C6CC2F53D45482090748B
                                                                                                                                                                                                                                                                                            SHA-512:292F8E99CAC7C545DF23521F4BDB1732460A7269DCAD1F184FB8DF924DF63D217C7AF52E927DF89D399E934347D202149696A538953A9B48DEF2B4EE2B2ABB33
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV...'#......5}.g .......}.VA....n(.0........~B.I..H....r.(I.sO@..S."...,M0Z.....RP..w4..Qj..c...m~.Xn.@W......,.......l.9l...t*.....E_:.{...hf`.;...Q.{O.....A.Km.j<...L,.3.......@B{..U'(v...xKNR-....r.5)..........M.8 )o4..D.3....P.6?.z...\.........,S.!.V..g....LA..j..Is).......#..P..pS..J..F.,R.f.........C...~.....v.._.:...b.m.K...x......M"...-.U....:.T!e.H.J.....q....h.l!0.....x...0xD..w.q.p.eV.N.5.cB..k...4X..R..*.wH.m..:.3.....`..*..{...!?...>..9....R.6,>...v...FBz_..Q..~..._.../..f..........W....).....U.B..j....O.$.....5.T.OYE3V..7U<.X#K.p....BF.u.......Fe..n..{.aT....ZzY....H<..S..t.v.....j.E...8.*.J...T.6.z...*;.E?v...h..F.....)..:.tA)...'C..h$..X._.f..W{...;65.....7{.{.aq.6..'...;..~.._$.?wY..Y,1....^...1......[.CpbLi.7.._.....+Ov.Q..!....G.y}....A...<..[.|..@2.&_.......6.._{OM..&.}.Uc.YO.;;....e..sH..).*.@...WefXa...3.}.{.<...7.z.....`J.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):902080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.480316876083702
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:3gqgr1aI2AdDHiFQfGsJGN78P7i92b57FKtsl5ify:bmDzt7F1ey
                                                                                                                                                                                                                                                                                            MD5:B05841B2CE7675B77D59FBC92BB84F35
                                                                                                                                                                                                                                                                                            SHA1:F012A0395B037FBEB9ED6CD3919D6CEA6F8E0DA3
                                                                                                                                                                                                                                                                                            SHA-256:50503859DCCB672A615E6BCE87B23D4B9E76CAD7EC8A6039474BE31493C19A12
                                                                                                                                                                                                                                                                                            SHA-512:11C5490275078244A33025BDCE85E6D3FE140E40CF4AD3829A7FB295ED72F062280EE20141A244F86A38C3A8679E1EDE7CC3F3D2AB5A339773EEBB5366D5C1B8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$......._.T^..:...:...:.......:...>...:...9...:...;...:...9...:...>...:......:...?...:.M.?...:...>...:...?.:.:...;...:...;...:...;.B.:...3.`.:...:...:.......:.......:...8...:.Rich..:.........................PE..L.....$e...........!...$.B...d......pC.......`.......................................5....@A.........................^.......^.......@..h...........H...x)...P..(...Tr.......................s..........@............`.......Y.......................text....A.......B.................. ..`.rdata...,...`.......F..............@..@.data...T............t..............@....didat..0....0......................@....rsrc...h....@......................@..@.reloc..(....P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 902080
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):294206
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999432397475952
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:4Q7UyI+lLrAaKM90+AKzmO9Peu5JwNoktcs/9Tqfi3oczWeqX9FrENC6w:4gUn16901sx7wVcs1zocCNtaTw
                                                                                                                                                                                                                                                                                            MD5:F797376C1B049A40B6D5E2B16F011907
                                                                                                                                                                                                                                                                                            SHA1:DA6849CA5FB943D6012BC9ABEA8D293340EB207E
                                                                                                                                                                                                                                                                                            SHA-256:291F96F03FEEBD88E05DFC345D04040A645287D302A108F4F8A513C182F742CD
                                                                                                                                                                                                                                                                                            SHA-512:48E9F64CFAE511B35DB45F9D75DC2AF8AD2E3035BC3E9A36196514186801DFE20F6F082BC78A993917915DE04575F2B105BB820F322D81D88A42D2864582B3A0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV......l*2......!...W..9..~....V.h)...8...{-.K.X.?C.*....!n...B.....2.6Qqe.....R..*.$&..V..#j....... ....a/..].h1.K..'..{.s.h....+..~...2.x...p|._.,....K..d..\c..!:.3..'KFR.D_6.....i...|w....C.Y.~.#Q....In..2Q[".7...s.G.....(zi..g..a0.1..._.j{^JO...B..g......gP.n.....F.Q...^MB..D.2_.s..V.Akq...;...y.m.+3...G.....m.d..6....Qm~.N....u.I.(d?.5.?].Qx...Z.!....1..........R....E..:N&.%..E.rL....V..V.fj..sC.z....S>..-.%./!.kA......DV....5.Rg=...U)2.\.Ue.hU..V..........}-...Q.A.4...:...1...qu.Wn.&.O..e.q..liy.m.E..J.\...|{.....:..-^..{.....m....].....]..W....|.{........"."[.`.1`3.i.n.....V........~..Y...{..S.....{.Dj.W.....:S.WH.y3...h.......%.X.....K.!..>7.r.2+.w..x...........6|..?.em{.g..F...\.........v8...l.y!..VR1..../.)...).=...f...(../r.!`...oX....9.#........ 7....R+..0_...t/[g.)..[-.....z.c.....j.....8&..wwqt. ...$-...,.NGW...E..OZ.........mCh..'.r..

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):72128
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.532093648538508
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:KRvoW63e0t8dmWzGCQBx9v+xi3woukWB79xg:KRv5bGJRvOi3w94
                                                                                                                                                                                                                                                                                            MD5:9C8145D68C988273D395EFF12EC18EE2
                                                                                                                                                                                                                                                                                            SHA1:45A107779736E00A0D21135B86F8D588F472346F
                                                                                                                                                                                                                                                                                            SHA-256:9B6A21A986CF7D01245431307A9E24567AEEE75E4E9EBAD842843EB1DC36A86F
                                                                                                                                                                                                                                                                                            SHA-512:44AFC0A8F16FB47BA7C2CBF06D083B84762664C44D78C54B963243DD036393E53053035BF26AB08A8F871FEB6082C035CA17F431ADC88E7508D7F1064E370AA3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Hq..)...)...)..y[...)...)...)...V...)...V...)...V...)...)...)...V...)..Rich.)..........................PE..L...].$e...........!...$.....P...............................................@.......Z....@.....................................(...................H...x)... ..4...D...p............................................................................text............................... ..`.rdata..............................@..@.data...x...........................@....detourcH...........................@..@.detourd............................@....rsrc...............................@..B.reloc..4.... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 72128
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):30869
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.993386012103587
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:bLrvYw6jD9t/E3QSTKgwC0pAjiJvHNkEUwyLoODFhpx7BmjD:bLrvH6jX8ASTzw7dNkUio0Z7qD
                                                                                                                                                                                                                                                                                            MD5:B2B173575374280427F35CFEAFC25E78
                                                                                                                                                                                                                                                                                            SHA1:6EDD989FABE73D2705AD6D21B728B625C8023F21
                                                                                                                                                                                                                                                                                            SHA-256:CFA0F60181B24DB1BEF5BB30CDFF96D725880ABECCEEE994011A499C2EE032E5
                                                                                                                                                                                                                                                                                            SHA-512:EBEBCA67B1F914F23648D629D9AEAFFC7C3D3C306B3692DA47EAF9C98492067BED06DFA55AE507344B10CFABF42227695EC62ECAA99B1893E69D7130F361CBAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|.../._..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y...(]SI...`....?j&7;U.479'...g......g.r..y5...".....r..6.n....x.,.%D...........y.!3.'<.54....o..A..@.D..y)..../+.E.XNi.M1...{..N.VV..+.......G.>...W...o.BA.:....eox..l..~^.w.3.T\8..Y.g..@C..........W...6..VW...`-3".t.i..2.V.5.p...............%X..-.rG9...6..x.e..G8...2..lz8.|.67g.6x..~...J...ddHr...,...........?6..qG..C.....@.Q.5..oyO...3;...$v.....&..Q+..FH3&.....a.\...y4.Y.&;....er...)z....N."k.X.:....I..-K..2+...S..u.....+@8.q.#.t...+.s..t.c~(.....f.x<p$......Z.k@.....ZY.8..d.f.2.f..`.$..~...#.P4..8~.Ip.X...+U&+...`.|....,.....%...I.3..\..`..v.! ^..._y....Y.+......\<k...l.Tt??6.%*a.....8.[R~R..6..A...v8_]{r8.."....A...R.kV..Xb..:..%.`6.F..A..].e......W..p8[....E...`....1.y..1.".....=./..F....(.qY1.....%.....40..u.F.c.3.....=,..|/x.;]..0>...4{}c..N...@%..Z@b)q9...-.wZBo..h......i.L...P(.M...~..T|.R......_..c..v .;......y.....W...$.a.*....

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):40384
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.720272006415445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:dcqGQiSaLhsX9i/qYs1THqR49RJcF4F1CVWeDYiiuAMxkEN:dSQYsXE/i1TMF4F1uWeD7Xxp
                                                                                                                                                                                                                                                                                            MD5:892DAEFCAD7DA7F8B8B13072B0E33223
                                                                                                                                                                                                                                                                                            SHA1:E7E385E7CAAB1E38CC6B58FBCFA3B25ABC3FCAA9
                                                                                                                                                                                                                                                                                            SHA-256:71DBF6992917016B0A7A0A50B2C1B567F3D7784A8B60CAEB2606162F7AFF25DC
                                                                                                                                                                                                                                                                                            SHA-512:E7F6CF4C8A3A3DF12A793F7E4A78130BE9478FD5F3417D285FBE013BED1737EC1EC4E49FACEEBDEFD120CD0217FEF3522B28D952700EDF2DE7A0CC1DE1F07FBF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!..J!..J!..J...J ..J...K+..J...K"..J...K2..J...K%..J(.iJ,..J..K-..J!..J...J5..K9..J5..K ..J5..J ..J!.mJ ..J5..K ..JRich!..J........PE..L...^.$e...........!...$.D...2.......>.......`............................................@A.........................q......`r..........@...........Ht..x)..........Pe.......................f.......d..@............`..0............................text...:C.......D.................. ..`.rdata..>....`.......H..............@..@.data...T............d..............@....rsrc...@............f..............@..@.reloc...............n..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 40384
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21627
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.991644852176994
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:384:BI2SEmKOgq6bki7DbWmL2quy6XnKFRgyombFNdBcSf85Oqpw/Q7i:y9FKOagi3bnL+5XKHTzcSUrpwI7i
                                                                                                                                                                                                                                                                                            MD5:DA8AB6A1C2AECCA0CB795A634CC08F15
                                                                                                                                                                                                                                                                                            SHA1:A8C57FBEE5A3AD77F3020A0B4CE45ED9DBAC6F99
                                                                                                                                                                                                                                                                                            SHA-256:A2160878D2FE5E9A0C4F9C12366E5513B9C8BA15EFAA68CE6BE01C59BFDF22B6
                                                                                                                                                                                                                                                                                            SHA-512:78E9280AC1BAD3332B9BA20EB2B6AF44D68801943D1B12DF684D73A2A2B992F1A3E093BB3471CED55FFC38A3CC2ECCCB54D9B7B26F46E5123731FC99F3C25811
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...!.6.uc..L..BW..........*....~..4.+mW....#.{*...u..Z.t.'.r.....n...o.....]=..z..H .*.n.t-.Yn..........eK.~..m.....Pk..(..=VdN)......W..<$..........cN..eS%H...*+:O.vu...P.k....8......r.k.......S....W....).v.=...\..g.@6...G...6.H.^.k._`.[.EL.'.2i.:>..5.h.j.u._..%..A...KE...E~...?..\j.q.g...7,..u........Cip........,S.:..,..b...m..H.`.:;j\..R.B.Y....xR.~g*..]\..EO3.]...*Z...`.......i.P....K.M.....D..X..:...hs*#.Q......$..ny...4d.<"....U.=.f.D....wN..W..m...X...;U.[..7...T.I.\.xj.cw.b..?..6.'..c....(6....c.o....P.....a....?...n6!.8i=~....S...`....X9LZ]...u. (.]..$3-<.K.9A^..g......o...:......3J...........7...j,..B.%(.1.X.B.?1.h.m.....)..E..n}....Ul".J..V..d.....Q....o..5..Xus....#.)..Y./...8.Ag;...it{..Z.f&....'.K..J)...t..%.P..PA..Q.R.fuI....QN..~M........=..W..~....T0....k.w..X^.}.E.E.().O.Du.{..*?.........K>Y........BV...?.~..,.)..v.}.9[.B....h...L..6H%..h>....r.4..../...:..5S.n..[Q..<.Vw...9..zDL9....-A..m.Z...h

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):880576
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.099656226948309
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:f+F6HjdwcIEN3ej62xVEh0lhSMXl0Uh501:k6hv3kM
                                                                                                                                                                                                                                                                                            MD5:710DE7767D5E7F11F80810891D40FF16
                                                                                                                                                                                                                                                                                            SHA1:CFC838BD3E3D554D8AB738FAA39B0CC580E40C56
                                                                                                                                                                                                                                                                                            SHA-256:5F3F27B02064956F717B12DA7C871B70A161114CC97E169A3830490B149096CE
                                                                                                                                                                                                                                                                                            SHA-512:6713C89F67CD0FAB5CFECB79E53DFBB5058237CF930BA174DC2F71AECBBCD9E9ED7D7702098F5A75D7C7DFCDCC0C99DF53C4E4832A5357B7E829FFCFC63F9052
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........\,..=B.=B.=B..C..=B..CF.=B..CA.=B..CC.=B.jOF.=B.E..=B.BC.=B..CG.=B.{HG.=B.{HF.=B.jOC.=B.=C.?B.BK..=B.BB.=B.B..=B.=..=B.B@.=B.Rich.=B.........PE..L.....$e...........!...$.....n.......................................................K....@A........................ ....... ..........X...........HF..x)... ...c..@...............................0...@.......................`....................text...J........................... ..`.rdata..zO.......P..................@..@.data...H....P.......8..............@....didat..............................@....rsrc...X...........................@..@.reloc...c... ...d..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 880576
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):256945
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999200686034792
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:t9MjkejbuVx44HVv7j5epB2xR34np8Rn8cWRAd0AjlX4q:tdeHuVr1vRepQ4+R8chRX4q
                                                                                                                                                                                                                                                                                            MD5:33837FB8328DB2AD19F642A36E030A56
                                                                                                                                                                                                                                                                                            SHA1:6E8BEEE0A031EEE61080575921D3FC7D8B246F5B
                                                                                                                                                                                                                                                                                            SHA-256:5EB3D40D13C589D510A59DDB1493D340B34618E3C38D1504F4EA162843B93207
                                                                                                                                                                                                                                                                                            SHA-512:22755FE5BC00534FBABC3A3F7E1A220BA9F94F41255397B499BEDF247FA95D1F3F9E8447D71591F5A19FDCB67F4C5ACB76BCD9CD04CB2EE8A9414DCE46678209
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..o.......&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../.<1.......D.r.Tl.. .{m....??.Ye[nW..V@y|J.h.+.>.....}N.X..j".G.u....~.....Tw.d....d.qu(...b.i....o....%.hX.....2.G!.,..3kD..y{*.^.......R.....lf.Ku..8..["..............b..Er.....&aq.....%T.BuU._.S.43....%.E.v..x.%.U.8...\..X.[...w...HRK.9-....O#. $Y.2j;Q....\...C.C|/.l.r.To..i,.~.H4....Vr6....w;..=.k...%z....|...%..Q/S...Ke'...%0G72......Pq....f1...Hn.!6F.%.X.-..|...."...+$.^..Xo..?..........<..CD3...&s...mf.P8..(.......+.k.w...^...A............R..wf.iw.?.....(...H.*......9.Y9.]F.. ....:..e..F..;:.x...D.#.z.#. .y`...#>.......h.u%MUh.-....#...!W...o...93..bMG...\EBL...Z......^...YUU..I...ccy...'&dfIT......!8....EN......fV+...(.-.... ...Q...tN...K.\.j@..=...gt.....%.|.J..R..H....)Onr..',.......mnC0~........K.c}..X.E`..S^....qw......jm......h{j.f.'.~..C{.x8n*..'HK.....t..x1.6.?i.n..S....s.M.]..'..=!...jM..W.j.TB.....t..z..~..........[.....2../:]f/.

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):481216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.800879874021738
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:b9W6ioMtpDvDvir1lCBmgCph0lhSMXleu4tqjgSy:b9YvWr1lCBroh0lhSMXlxKqp
                                                                                                                                                                                                                                                                                            MD5:18CE34413CDCF1D03AB9E7C03DFB6A38
                                                                                                                                                                                                                                                                                            SHA1:1063D84FAA143A51438BFB4BDD05714741A1A10E
                                                                                                                                                                                                                                                                                            SHA-256:664779B7B3532D4236C21F6C62FAB00859CD06526BA7A4DFEB0DE0F26392DBF6
                                                                                                                                                                                                                                                                                            SHA-512:E3C4C35D71DDBA9435C5ECBE1542C7AEABF75B161626D5FB70CD74C7AC91B1B7D893811EA5DED22BD35DCC9885AC23BF326EDBE9809D22C259BF2EFA5CF7C883
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........BC..,...,...,.(.....,.(.(...,.(./...,.(.)...,.(.-...,._.(...,.N.)...,.......,._.-...,...-...,...-.=.,...)...,...%...,...,...,.......,.......,.......,.Rich..,.........................PE..L.....$e...............$.....b....................@..........................`......o.....@.........................p.......X...@...................H...x)... ...<...$.......................%.......$..@............................................text............................... ..`.rdata..............................@..@.data....5.......0..................@....rsrc...............................@..@.reloc...<... ...>..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 481216
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):174075
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998998687635661
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1OrxuMCnscm4lNZBhWh0Dhyx3Nz9JhQsaiglZlgh+Xwm0mzqH+J3m59aQLa1:1CIsczfbJoX3QZiglUmzqW259a4A
                                                                                                                                                                                                                                                                                            MD5:10A19B2BA58C341587182FAF04FF12EC
                                                                                                                                                                                                                                                                                            SHA1:F8AACEB7A01763B2F2005349B181BC8F173B1CCB
                                                                                                                                                                                                                                                                                            SHA-256:A8A2B9FB91DB6E201578DE56202E6C013816BB24234BCEBF5E7F14FFDE557B70
                                                                                                                                                                                                                                                                                            SHA-512:0E23E2C8128DE5BADA41CCD8902EFC7CBB49FEE366A9CAE5B7EC6650D47D690874210AA90E44BBC4F6653980182F61144E9C8E4B155480DA29F8C5054039390C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..W.......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...av..]Y.rE...kHP...V|.g...z<...~W.Z.....].M./l.S.....6!.....[3..9f.I.Hf.d..F...>.D5...70..Vc...b....i..f.>P..N.!../...R..Fl.%.....3..j,.).l...5H2.&...N....7..ZU....+..6uF../..,|.EJwO:..v.i....N..h/...A65 Zo.w.9...Z..2p.:}I.#J.....D.i..(Z.P..OK.$P..K?OL....?.m..b..55...7.Y...fKG{.B.t...q.]..;...s.u....OO0..@...{..q9........^.._......;.....z.t..o....i.3.l|..Q..Yl.,e...r..5.gL.k.:.X@...P..{'..._s.G...Z....P.Eq.-..7....0>L..z%.`...x..7..|;.........?:T...a.c.gW.AlR....mBW.6[.P..9H....6.>.....l..d.B{.l..z......O...h.$......1.\"1./HuP!.yNXLd.e.T... ...\.?.......Q....a..%.*e.B6.9.,...8j..../u}...,..v.t........<.o...4#..[".}...h.)..d../..'..K.{.. ..q...\3~-e....N.Ha<n..T!R.l...p...z...O.,.(...$....3..z....r.{..n~...y.X|..V4^P9.C.r;...sY..}.....4V~D}Y..(.h..........*N.-g.....|.F..B6...Jh.F..b.A./H.a.ge..*...W.t...S.....+|O..0....t........^..ji.F

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):437688
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.945457468912238
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:RqZet+1RlLovv9SOj+P2ph0lhSMXleDMblMxtR:JmlLvOj+0h0lhSMXldMxt
                                                                                                                                                                                                                                                                                            MD5:A4E2FE65713D3305B05DBACFB915FA8A
                                                                                                                                                                                                                                                                                            SHA1:B72C250A12458CA588F099A36B9CC2DBC3368515
                                                                                                                                                                                                                                                                                            SHA-256:AEEB95DCC2B3A5F250B64249EBB1E17DB5A853B8A6BF40FEFE605B14E1652748
                                                                                                                                                                                                                                                                                            SHA-512:DF991C9330F3094A138E7E38573821FE2F06FE71EFC14036AC5826ACE1F4A6BB74F525EBB760A4DFDD4B4637CC96119DC4D972AB1424AE651F2B2724D76589F5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........"u.FC..FC..FC...=.BC...=..JC...=..LC...=..mC...=..BC..FC..JC..O;..UC...1..JC..FC..JA...6..GC..R<..;C..R<..GC..R<.GC..FC..DC..R<..GC..RichFC..................PE..L.....$e...............$............0<............@..................................A....@..........................B.......B..,...................H...p).......(..........................@...........@...............D............................text............................... ..`.rdata..:...........................@..@.data....&...`.......F..............@....rsrc................T..............@..@.reloc...(.......(...\..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 437688
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):174319
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998796190014248
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:vutvtSQRL4/Nlx2+BJF/8fff8hSd+zpblQsgw7VqRTe+ZG4L49b9uUEWQH2KKa:vutkNlo+qfxd+zJlQsgw0RSWw9uUKma
                                                                                                                                                                                                                                                                                            MD5:9048D1F7F3CEB31368990FF038CBA7C4
                                                                                                                                                                                                                                                                                            SHA1:8D3AE84427D076A0B7E410F8309946E71A159911
                                                                                                                                                                                                                                                                                            SHA-256:21334E805001CB9758AACD08A467611DFFB3976FF1DB41F100DD9E07C82DD0E1
                                                                                                                                                                                                                                                                                            SHA-512:54080EDF56DE22C13079AE50DC9D1E1C06E0368E73E1D45A1E6D729E3ADF0401DD0A57ED1C64E9AFA0CEF8D49A518E98C1FAA3DBFD4B449608877231D8B58AAD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....{G..`.j....g. .V....-.o.P;.....Z..>M.)^W\\...z`.w.D.v.Qi#..FJcd.".W.JA....^...|At$J>..j..A[....6..qI;...`".i.B}......[......4fi9.4.pq.W....Z...C.7..D..Q........].8.F.....@.1..b'!n.....r._Q.J...;...d.k.#....T-..b[........3.....O.....LVG..^J.#.F.5.[Gg..l...0.h.......l...".......y.N..{..k.Tm...."...../..!...5...,..Uk..,s.K...... ...C..(..].s.E....R.7wJ...a.+...[.......g[Ml.M.[........b!._.s\..Jv5*..{7..P..9QL.S.d...^......U.Aj.e.p....O...).1@..&^..]......4\....@s..c|.$.].|.........j.c..S.Cm.....j...z...@.KE....)..K... ..p^Gc..PP[v.8....3+.Y.%A-..b..ML..S.L..f.....X|v....S...v.&..Q.qu..9%..p........._.....'U..C..>x..f@_N..g.c....U..2.6A.........".PYU.....O.;o9o..|......4.c}.......(JD.;W..[..<.B.@.h.Q......T...@.}....Pw..;.K}.@....>....G].R.-IT.n.6.u..St<bP5y]9.....LzN... ./.Ig..V..&n.,^}rC.....u.gH9.K...E.r.....B._...{.*..7>qaH.....3..9..."Nx

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):311744
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.250408328200664
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:YzSIgv+AtUv/Cm1vqDFvaBkLqP+to+4Yj1TpD0awhIDkRX9Q/QApPuOiOepTp533:YWm4daCtok1TB6RXy5t0TpHY
                                                                                                                                                                                                                                                                                            MD5:A934E9468BFC12768DB42631E932C9F2
                                                                                                                                                                                                                                                                                            SHA1:324B20C44ADAF39C9F5BED43736223156E6E3B41
                                                                                                                                                                                                                                                                                            SHA-256:512D1DBBFA92AA9E678D5BD23EE2D275B252ABBF4DD2D6F93A2CCC7A5BAA51D2
                                                                                                                                                                                                                                                                                            SHA-512:0A5E6F11E49D0D1B57210EB4B59818DC3FD36BCD298A90F8D7B6B589BCEDF1B55884774EA5CB53C6A4CC02D42FCAA7556BC89F1C0AA6AFCB8FC964D75792E0E7
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a<_F%]1.%]1.%]1..#..!]1..#5.4]1..#2.1]1..#4..]1../5.$]1../0.']1...../]1.....S]1.....<]1.,%..&]1.%]0.V]1.1"8./]1.1"1.$]1.1"..$]1.%]..']1.1"3.$]1.Rich%]1.........PE..L.....$e...........!...$.b...Z......................................................P.....@.........................@...l.......<.......h...........H...x)......H?..........................@...........@............................................text...[`.......b.................. ..`.rdata...............f..............@..@.data...............................@....rsrc...h...........................@..@.reloc..H?.......@...X..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 311744
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):110914
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998302359885493
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:p928Y65ArN3flXdaOk6cSm5RDi+8NudA8WR9Bz:uhTdaL6cSm5RDRtJ0
                                                                                                                                                                                                                                                                                            MD5:9F565D671B0A709164FFAB40CA1BFF28
                                                                                                                                                                                                                                                                                            SHA1:EC6B94E4CDE9FC4DD6DECF84FB0B5E85F856443A
                                                                                                                                                                                                                                                                                            SHA-256:0ABEDD8022C77FDAE94880C5BE32992698AAD030906EC5EE1BDD1332429A7907
                                                                                                                                                                                                                                                                                            SHA-512:B93E2BC4A683480D352A90E50B5D98C1CEE32436C3CB005BE9D7F93E8B91CFF9DD10CF44F5A8EB2493B9D1BE9AD3FE195BD3308DD349FA8544F9F12DB6FAD903
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....~...c..Fg.~2.C.P..N..."K'..W.....!....^.m.#.......X..V...d8..k..... U..d..,l.3."j..........#q.yw...B..$I5eN.H.dYJ...,.v...U.......I......T4..w......h$...z...p#......`w...'+!..W9..X.N.cl...=Q.e.....w..._Wab...M.........M.i?.<.-..3.p.7?...$.o.7..m...P...?..+.)k...<.u.z.N.........a.R5...e.iO....w4...l.....|3.......~....Q.!|.....B...U.....EW..y..X.T...........`AZ...t~..uM..y.e.q..o.8.*^...@......c.h.[Q.. ..4z.7.x&..i.V.Kr.S...{..+...x......0.k.....p..Z..fQ.K.....etRd. ......Z.PH...GlQ..X[.z....&..4.+..b3H......%].j.g...U......i-.0..z...Cu.@.4..kp<.....gM.Xs.(..S{....*.....n.h!.xi._ij.9.?......VL.mo..M.nB7...t....%.A..5nr,...F.{..'T..C\.ZV......6.u...6..:.)...P...KN~I.U9bk..HSaE1m.n.o0)..v.$..zb.Z[.8...v.b....\...J.e..2.Ai.Mj.U.^...r.x.B.B.}.A.(.b.....m..d9...xcy;.......'*_:M....Y;...cS..l..~..'.u...4...).....tP..{.z.W.67S.sd....*IF5X.8.`...rEnrFbk...WF.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\analyticsmanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 2099641 bytes, 2 files, at 0x44 +A "\analyticsmanager.dll" +A "\analyticsmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 196 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2121641
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999614389693623
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:TMjOVauA3/jNE7icAnfvYeB6ET/qqDfjcia:ojzNrYGnIeMET/qqDId
                                                                                                                                                                                                                                                                                            MD5:8C6A1B32C46ED6CC385D4384918BEDA8
                                                                                                                                                                                                                                                                                            SHA1:C37196217D13F69B00783CBC3CC5B53AB40A2D57
                                                                                                                                                                                                                                                                                            SHA-256:2087DEEC000E114B8C631DB391E270E8F4D7BB14B8FAD1143FB0843E952F4C90
                                                                                                                                                                                                                                                                                            SHA-512:8982BF336454596B8C61AA3955C85F99E50D5A7C67A3D0E3DC4230DA9E083A106B4D6D7B7EAD334DAAF815744CD4FF5EC6FC08C8B2F6DA04A41C75594EA455E6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF...... .....D............................. ..U....................a.......SW.^ .\analyticsmanager.dll.......a...SW._ .\analyticsmanager.manifest.(E.../..[...9 .....0..4.....?.ek.ina.X...:.L.....a.0Z.:..#.-;..s..0....2b...9_..)l.D..f...........}.o.s.........".M.....u.K..6..f..=..>v.=.[..d...'....+..c.8w.m...d...u.k...j..,.....O8......K......./.@.0....B...43g4.g.U~>...n..H.w.q$.I..T.j..V.`\@.Q. .P...UxG..3....|....c.k.....?..(k.+.m...U.. .=.....@.....-.R..$..o.....y'.U...z.,.g{um.o...v.M^......g.r.O.G.{........t..}...W>{..|G..'..t>q.......gt..=..........z..y$..ME./..._._..%{i8......w?...7.....]..].'x.b..{..n...K..C..^.^d$..v....r.Yo...q...W._.+.E...hs-7..cA...ww....V<B...]...7.......<...L|.....*....\....hy?~[.!........p$......=..7..Z....E>.{.+.r..%`...V?.7.v...%.+.Ry..........{......6.Nt..7......~..[..?...w....L......bw=i/....6.....V...-..s.7...._...k..!.j....~.Y]......J.$^.k.6.=....v.w...9.{.O|....V..........y{....S...oW.S.~.y.8v...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\analyticstelemetry.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 35375 bytes, 52 files, at 0x44 +A "\analyticstelemetry.manifest" +A "\context\analyticscontextconfig.luc", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57375
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8993776004131115
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:r7msbUQV8sFrDAXleKzI8RjyBo4ivXFx0lpp31tzPxE:r7msbUQ2fXleez49Hxy
                                                                                                                                                                                                                                                                                            MD5:C5543A43770BCCF5AAD50078EB72FAF2
                                                                                                                                                                                                                                                                                            SHA1:876E0256C7F1CED62E0C984F25ECA0D47B3630D7
                                                                                                                                                                                                                                                                                            SHA-256:C764EDC24E78CB8213E78D5900FDED23D47523FC022C4B13DDDBF4AA98290846
                                                                                                                                                                                                                                                                                            SHA-512:4CEC08E3B6573772BCC246845A40711B5858EA28C74C4FDE543C090E376672196D904BC419BD1367BFFB032195CC89FC06FD29B6008AABFE677A03EC7C9FD9F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF..../.......D...........4.............../....U..................Z.........SW._ .\analyticstelemetry.manifest.....Z.....SW.[ .\context\analyticscontextconfig.luc.....y.....SW.[ .\context\analyticswpssetting.luc.....z.....SW.[ .\context\analyticswsswps.luc.?.........SW.[ .\context\browserinformation.luc.0....-....SW.[ .\context\browserversion.luc......2....SW.[ .\context\contexthandler.luc......3....SW.[ .\context\externalutilityfunction.luc.....,7....SW.[ .\context\featuretrackingfeature.luc......V....SW.[ .\context\hashedmachineid.luc.O...VZ....SW.[ .\context\samrecoverable.luc......]....SW.[ .\context\sequencenumber.luc.R...._....SW.[ .\context\subscriptionexpirydate.luc.@....a....SW.[ .\context\subscriptionstatus.luc.....?f....SW.[ .\context\subscriptiontype.luc.Y...Yh....SW.[ .\context\suitestatus.luc......k....SW.[ .\context\wpssubscriptionexpirydate.luc......m....SW.[ .\context\wpssubscriptionstatus.luc.....|o....SW.[ .\context\wpssubscriptiontype.luc.....hq....SW.[ .\context\

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\balloon_safe_annotation.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3166
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.890916051269147
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                                                                                                                                            MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                                                                                                                                            SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                                                                                                                                            SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                                                                                                                                            SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\browserhost.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 1275038 bytes, 8 files, at 0x44 +A "\browserhost.exe" +A "\browserhost.manifest", flags 0x4, number 1, extra bytes 20 in head, 120 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1297038
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999535797522869
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:r/ansNyn8zf9I4N+5YLOot/YmB55E0wdWqR/+nBQOS/fRakb2vYBclTels3iTQsz:OnsP1+5SbpYKcvR/+6OSXUkmYEixRD39
                                                                                                                                                                                                                                                                                            MD5:584AB80418F1C11004F22E3FB5E24A6F
                                                                                                                                                                                                                                                                                            SHA1:89FC4A69DB3FFF3AE159482331F7E7B0C53D50BA
                                                                                                                                                                                                                                                                                            SHA-256:88183FC9E74DE5CB8C8BCA95DF3025789101527DF2FEC5C0DDE751620065AE21
                                                                                                                                                                                                                                                                                            SHA-512:0724A03036C9C0695D4B78337F702EE4AFC3BCF0B7349DE41F921EBE45124F89C5B9942FF541296E2FD9C21FA072B2D2EEF6A56FB4945C4C12E5A70643DD911F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF.....t......D............................t...U..............x.....;.......SW._ .\browserhost.exe.0*....;...SW._ .\browserhost.manifest.f.....;...SW.Z .\edge.com.mcafee.webadvisor.json.e...V.;...SW.Z .\edge.com.mcafee.webadvisor_v2.json.......;...SW.Z .\webadvisor.mcafee.chrome.extension.json.L..._.;...SW.Z .\webadvisor.mcafee.firefox.extension.json.......;...SW.Z .\webadvisor_v2.mcafee.chrome.extension.json.K...N.;...SW.Z .\webadvisor_v2.mcafee.firefox.extension.json.........[...M W].M.0..D.........p.-.<..n8..np.W.p.......2u.......2....n.bLnpr2...+...u.bYD$UDU..x.W.|.~.....w.{....R.._ p...*.]... .LfN.Ffe.H]W..-%.:..d.,.....T...c....p..1!..3P$A.N.`.....~#,...@....#.G....#|.....@........G3..0.3AG.s...:R."._Y;D.4...V...z........W....../.]...M../...c...yr..W/....,.3/..h.}...r.TK..:.#..9.=.>..K.._?..q..s...I{q.f......:{[..\.......q.>.C..h`.n.Q......c..P.W.4.>..~......k..#.Yu/.........k_;.........y..Y.'.m.R6......T..{.o.~...+...z.a.q.......-z.0..k.^.J&....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\browserplugin.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 5067637 bytes, 2 files, at 0x44 +A "\browserplugin.manifest" +A "\e10ssaffplg.xpi", flags 0x4, number 1, extra bytes 20 in head, 183 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5089637
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999222491911646
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:98304:aPLmpc3F/4L4hrRl4B5Ux1NJjSmbQtX/ngnImvh13LLfv9i1kC0k:aTmS3F4Uf5x1NdjbQtX/gnD/3LjvoKk
                                                                                                                                                                                                                                                                                            MD5:A66217E0ACD56C1106B0FFB1B4C913A0
                                                                                                                                                                                                                                                                                            SHA1:F06E7646CACC7F1589960ECA83557383182B076F
                                                                                                                                                                                                                                                                                            SHA-256:8B9A70EB79B02FC03576F87AF1F253876E2EA71E0F2A58CA55C7BF8FE4F066B6
                                                                                                                                                                                                                                                                                            SHA-512:51C78A21F2041537C34E17046A37DA56E5FCEF7C1D0F7F7E0E71D96D3E77158A4CFC559FF995E20D61D4A88E27D1D05002C556C4B3BC1D079B38CFF8C40E2FD0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....uSM.....D...........................uSM..U............................SW._ .\browserplugin.manifest.xU[.......SW.^ .\e10ssaffplg.xpi.....Z..[..............*.D..]..qwwwwwpw.P.....Apw.ww#p43VE.....`.;7...... v..H.&.. .g...k.S..c..N&l.h|.H.~.u.....F.b...S..b..R..7...S.9..7.r..IR+@.(/.....A......".......K..zUe`.....A..M(uA..$...@.It?.....aii.......e5.....Q!%..?d.1.JY...y.a......q.}.hquMqq9.d.m....PQ.$L...KL...c..._....k.?.+.l...s..c.._......G...8...S.3../,A)&..,0...M.sEX..p.........k..:.*..>..B.V.r..f?....... b....N.~.e...P........L.q..+..h..Z........'Q..@..../.`h......?+g.....o'..?m.B...>).......rUq)\j(Xj]]cg&^go.`Z..%a.....t............cm..o._...5/..I..\...v..D...\l.....[_...|...k>)..>.4...........i.s.....$.O4"..?..F..Y.X......Fo..}.....Vd.M.?......zr.x.|.........?UB..ZW.?.^<]b][_Z..Z_\\.`e..s......7.....x.\|.Y.f_......4.GG.Jt.EF..e.6..e2.0},}.1.,-~.q.......?Q.....3..,..4D.qfc`b.z..........>..............[..V.......Eb....).ai_q.........`..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\downloadscan.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 2395565 bytes, 3 files, at 0x44 +A "\downloadscan.manifest" +A "\win32\downloadscan.dll", flags 0x4, number 1, extra bytes 20 in head, 213 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2417565
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999764001251247
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:gEj4z+H4iAGg5rgl343njgATBL2EZG+/Z8FRrFyDn:9vJBer3J8vUr
                                                                                                                                                                                                                                                                                            MD5:D619BD1E0A50524FE833742F9C2B62A6
                                                                                                                                                                                                                                                                                            SHA1:3C13CEAA6F6C8303A5945249B31C605A14E863B0
                                                                                                                                                                                                                                                                                            SHA-256:740ACD01C211B91A87C7D68D317FB838EE2BC3EBC4543D4915167A0B38D18EDA
                                                                                                                                                                                                                                                                                            SHA-512:68D0E386FD33FC24481CB05DC6894B3C88DFD96EEA680A559030A234D291BF885A792539929096620ECAEB16748131FE8526E9CA068ECD0FABBC87F71855E8E2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF......$.....D.............................$..U..................C.........SW._ .\downloadscan.manifest...1.C.....SW.^ .\win32\downloadscan.dll..&9...1...SW._ .\x64\downloadscan.dll..k..D...[...L. ..."B.5.._.o{.Z.Z.r....).L]hW:...j...U.f"l./.P.ym..8..<;.].w........H..\.'=...a.tVcCfF".h.......~.~..v.C..u...''....f..y........0t./.....2....TW..[.K].s)u-^I.L..b.b-x.@.)..Z(..X.k..v.l...!.:..3sI.|.......a..+*C+,.....}.?..s.*...5.......L.....sw*WJ.].....jJ.(F...PB.3.R....]..1.....=.........l.S>.....6.aw.....o.._...3ok....z<.....9..v.6.8....O.6....0.l.F(......K.M.7/....6l......l..l.^.(=4.t"...".3}........ri.....(.G\lK.ze.....n.pPll.,..4..lwBP..R..}.B..Tls/...F.k.....:c..K..n...x....X..O..P......X.....O..B?b...4.ik.i?...i.Vn.|Fq.hGx5..I..t%N(E....]..r...U..IE....*y4UHy.%_o..`...m..KY..}ikw.8q..qq..u....l..1.O..t_*C....1..c..1lhPbj....`X\oj!.h.?z.7..~.s..y.....`.y..F..a..&U....>a........]..'.K..P..B..+J.S.Z..j...S.j...S....2..c5L.9..8...LY...c..4k..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\eventmanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 1587095 bytes, 2 files, at 0x44 +A "\eventmanager.dll" +A "\eventmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 141 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1609095
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999565988817059
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:x92zZmZUqiqjJMOSgakmNyoZ6nS0uhWrklBdoTi9:nyIBFMOSnkVS0uUrgd7
                                                                                                                                                                                                                                                                                            MD5:AD1EBB7A0F1AC27E2255AB4EB989EA76
                                                                                                                                                                                                                                                                                            SHA1:16907E09E9C0DD96655589056E384C5F56438146
                                                                                                                                                                                                                                                                                            SHA-256:CCC065FD9CAA190E633B5548189D2FE1F91C5DDEC242A73700D1466E27777F5F
                                                                                                                                                                                                                                                                                            SHA-512:2BD1BEA80BBF13D0C9F5E6CA33FEB0E4BED30793054061AF34AF4BBCA19AB19E54581AEABD9CA793B42D14282F97AC03DAD472679966680FCE33A20205D2083C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF.....7......D............................7...U..................0 F.......SW._ .\eventmanager.dll.....0 F...SW._ .\eventmanager.manifest....C.+..[........."sP$..n...^..^ ..Pj..T..f...4r>.*..."sW.)s-..... .c...&.d.....d@...iP?..$D;....%....3.4#..u........H.G..m..:...$$0..z.'.Q5nH....m/v`h..^..%P.[..!.....7.....E....P[.*..H4i~.....H.......@..].m.......G..P.... .._.q......9.q<...#...lM<p.0...>+...NS..@...V..i..c.{.;S..z.o....1*...5.w.TT.6,.%..v...k....w..Q...[[Je.*q.L.R..W&%..fru..{b-...}.n.(#.u....J.......,.'{n|....~.....m....jq.\]e..yKAQ~..."Y.........-K.&..6.I.t.h.....*..Sl......$........dN....k.{'.....j.Sr...}.mk*9..>x:....|......J0...eM.i.].=V.W........K...}.m.d...`.!_......!~.......;......:,..#p.u....#.X..S..B.N....4{Z.{M&.pk0Ti.v.........q.K..y..a...|.Z...{.#...T.].EX..7....C.u.@)../..f..zzzyg&P...!..(6B.F..od,..Z7..5...\..A$j+.F.+s...(*..2%X.......B..@=.@q..2.p.....<..D.....f...o......)a..;I.0.....Y-.....G.F7..F...'....m1.....3...q%.|

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\icon_complete.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3219
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.7127647052020425
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ek20QaOtG6FvySCYWm8yAxvU+LblYFv2tct:eQQaOwhS8m8yH+flLtct
                                                                                                                                                                                                                                                                                            MD5:4A09448B224F83F4E6D36AEC9FF4DA1E
                                                                                                                                                                                                                                                                                            SHA1:CC42250CAF610210EFF2904B1A08630A0888AB2F
                                                                                                                                                                                                                                                                                            SHA-256:911215D1ADA8D78A33F6ED9A3740A0652BE74EFA34ED22AE569D143F9B3B5040
                                                                                                                                                                                                                                                                                            SHA-512:390587FA96D17112CA7EC1ADFE2BA103FE39E980A35A2D4C7A3B6BCF4DE9E95B200DDCEE3C4B6C34899DE51F20F9635D41259558C77CF24279D26264DA953E2B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEF9F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFAF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEF7F71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEF8F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>d.8.....IDATx..kL.W.....Z(....h5>J....T,...4U...h.I..&~...`..hc......"h.. X.....m...Q....%...........'..ta.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\icon_failed.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3390
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.74331289225542
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ek2J8fBtCIc5eJXe1TDiotN45Myx7n6v9+j0ZH:e98fB8vcJqVUtx+9+j0p
                                                                                                                                                                                                                                                                                            MD5:AEE9C26A50511C3E4196C28662BCE665
                                                                                                                                                                                                                                                                                            SHA1:ADF6DA6EE3EAAD88E8EF1C9C07505AEFFDE89B57
                                                                                                                                                                                                                                                                                            SHA-256:0E2904A557F79BCE71A47BFB03E49FA9C5B54C7855017B54143EA2214501BFE6
                                                                                                                                                                                                                                                                                            SHA-512:F90AA520FD9308C502B857C4425BF6CF6E12C401EA4B538534E58655448232CF797AA9A9BA60B0932DBAFC28EE925D22BED6740DF82BB02C5C99EF851389F783
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEFDF71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFEF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFBF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEFCF71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..*.....IDATx..klTU...v..--/5.<.J...."F.aD.HQ4..(...j.P.a...?T ..F...........5..... ..jU..Q#.V(.]g...w.g.n.$.m

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\icon_laptop.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 73, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1511
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.072392857408681
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:YQ1hepWwjx82lY2T3JbVvdgqud1oUUyJ3Vnf//XPtGiLBVa470GoqF0ynT6/at8a:YuccNn2Vw7znJ3BvPtnLW5qF0yTUa6fC
                                                                                                                                                                                                                                                                                            MD5:4D3A0258CF71A406CB7669FBE3FBEB2E
                                                                                                                                                                                                                                                                                            SHA1:0811273369EADF2604DB3C53426F85FE74B785E4
                                                                                                                                                                                                                                                                                            SHA-256:C156050A5D788BAD7D8F36482072B44A23F502F23C5F9198F6EB1EB066765DEE
                                                                                                                                                                                                                                                                                            SHA-512:837A275BC63DD19F5F8553E056C5EAF257D530A54E0EC386BB28B0A515CA58929E3464612C30D9E7034ACF7473119E03B00EBAB26B220391330FEF12BC087973
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...I............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:3EBDD818F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:3EBDD819F71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFFF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDF00F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..}....UIDATx..K.Q..sj-HT...X..t.Z.P.A$...v...._.-]DAkG....#.B....dr.(..@.*......-y.......<H.......{..^.\NA|h..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\installer.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2526888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.436289639902748
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:eyuixa2DPxCkdACUFcDbZzZ3tv8eLEBfb8EeuZbFB:781+fDbZZBxNuZ3
                                                                                                                                                                                                                                                                                            MD5:38F970B5919FA4F8174F559A91003924
                                                                                                                                                                                                                                                                                            SHA1:564CEE5FA95AD4B0661E33691855A5902874EA97
                                                                                                                                                                                                                                                                                            SHA-256:1F112268AC780C3603BA62B926A7BED84FF0931D56C884AA37A12057E2DF6900
                                                                                                                                                                                                                                                                                            SHA-512:DD7FF9B89C5DAAAF503BC47511CADDA048A4FD638F440AAF8C15921FB12D4396982CB84C44EE18AF6FCF3FDD36419DE5123F541DB2C84856F1917042778E55BB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......>c!.z.O.z.O.z.O.!jL.w.O.!jJ..O.(wK.i.O.(wL.p.O..m..x.O.(wJ...O.!jK.e.O.sz..r.O.wJ.{.O.!jI.x.O.niN.x.O.!jN.a.O..lJ.p.O.z.O.{.O..lK.:.O.z.N..O.wF...O.w..{.O.z...{.O.wM.{.O.Richz.O.........PE..d...]h1e.........."................. ..........@..............................&.......&...`.................................................p...h................A....%.......%.D,......p.......................(...@...8...............0............................text.............................. ..`.rdata...R.......T..................@..@.data...DT... ...&..................@....pdata...A.......B...,..............@..@.didat...............n..............@..._RDATA...............p..............@..@.rsrc................r..............@..@.reloc..D,....%......`%.............@..B................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jquery-1.9.0.min.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):93205
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.288294476087405
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdK:fY8MaW2c+UELKUqnAdiP
                                                                                                                                                                                                                                                                                            MD5:45E7897161CD82804BD66A16670F8D1F
                                                                                                                                                                                                                                                                                            SHA1:8E2FCE3B5F804300D507E6D0C22A327A7FB7F086
                                                                                                                                                                                                                                                                                            SHA-256:402D866371F707BE1B03D85B03DB3667CCE0DAEDCBAAA599F30E0E502C1E7CDF
                                                                                                                                                                                                                                                                                            SHA-512:2737DCFBAEAAE3DA996AB2649B7BC46165AB93F9A37369FD48C1A5473F7311F4850AFE96E7AAECC057CC1D35AE2C7DC14CA0076594C02098FAD194683D83AA74
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-cs-CZ.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2374), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):74892
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8107150696128875
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:MtrgKi7KxT98/9UIBtIFbxb6EFNBRV25JWavzs87n37ebyUDfIjGl:hs91bzNx0JWGsiUDwA
                                                                                                                                                                                                                                                                                            MD5:C9C65B331403A8109A8EA3943247D09A
                                                                                                                                                                                                                                                                                            SHA1:18724C42E5342E7362D16FD1C8F6B5BB60DB2C25
                                                                                                                                                                                                                                                                                            SHA-256:C8A5DDFDF5F5A01269EC5C125355C84F80C1228C2D578FB89B795719CB9076C8
                                                                                                                                                                                                                                                                                            SHA-512:C2D53CFAF55A6B7F058C97DCB0AC2695B4B44383C268E6197222F533E4DDDBCC9600066453E5DCAA1ED21CFEBA2289842A8CF986C68D9FADBF671C2D4FE9F5CF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.c.e.n...n... .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .s.o.f.t.w.a.r.e. .I.n.t.e.l.........D...k.u.j.e.m.e. .z.a. .v.y.u.~.i.t... .b.e.z.p.e...n.o.s.t.n...h.o. .s.o.f.t.w.a.r.u. .a. .s.l.u.~.e.b. .s.p.o.l.e...n.o.s.t.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .(.d...l.e. .j.e.n. .. S.o.f.t.w.a.r.e.. ).,. .k.t.e.r... .p.o.s.k.y.t.u.j.e. .j.e.j... .s.t.o.p.r.o.c.e.n.t.n... .v.l.a.s.t.n...n... .d.c.e.Y.i.n... .s.p.o.l.e...n.o.s.t. .M.c.A.f.e.e... .T.o.t.o. .j.e. .p.r...v.n... .u.j.e.d.n...n... .m.e.z.i. .v...m.i. .a. .n.a.a... .s.p.o.l.e...n.o.s.t..... .I.n.s.t.a.l.a.c... .n.e.b.o. .p.o.u.~.i.t...m. .S.o.f.t.w.a.r.u. .v.y.j.a.d.Y.u.j.e.t.e. .s.o.u.h.l.a.s. .s. .p.o.d.m...n.k.a.m.i. .u.j.e.d.n...n...,. .p.r.o.t.o. .s.i. .j.e. .p.e...l.i.v... .p.Y.e...t...t.e... .........T.a.t.o. .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .S.o.f.t.w.a.r.e. .I.n.t.e.l. .(.d...l.e. .j.e.n. .. S.m.l.o.u.v.a.. ). .u.p.r.a.v.u.j.e. .v.a.a.e. .p.r...v.a. .k. .p.o.u.~.i.t... .S.o.f.t.w.a.r.u.,. .j.e.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-da-DK.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2582), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):91776
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.453182110932442
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:nVNCGgfhrLJT5kmiYjC8DZ9p7WmTg5MSItM7Q1cTm/diaa8mwQUIqetIHi7M6X6I:nVNCGgfhpTziY2Ol7FtD0aa8mWe9+Pe
                                                                                                                                                                                                                                                                                            MD5:3337D980215EA1E6C647FA4119A28521
                                                                                                                                                                                                                                                                                            SHA1:FBA0B5211311999DF85B23488DAD7F7254FB2F0D
                                                                                                                                                                                                                                                                                            SHA-256:C822463F38D0A8A04361A11CE0F43A865F5F5A9A3A8E16967A9EE6A057F83057
                                                                                                                                                                                                                                                                                            SHA-512:032736E1059BC26A574ED0828F20236D2899564E235E849B08F07E8B64405C4D86ECBEA494286DF21BF1C6E1F8012335112E12954BA12681D8644DD8A90A03A3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.c.e.n.s.a.f.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.,. .f.o.r.d.i. .d.u. .b.r.u.g.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .s.o.f.t.w.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".S.o.f.t.w.a.r.e.n.".).,. .d.e.r. .l.e.v.e.r.e.s. .a.f. .M.c.A.f.e.e.,. .s.o.m. .e.r. .e.t. .h.e.l.e.j.e.t. .d.a.t.t.e.r.s.e.l.s.k.a.b. .a.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.f.t.a.l.e. .m.e.l.l.e.m. .o.s. .. .i.n.s.t.a.l.l.a.t.i.o.n. .e.l.l.e.r. .o.p.r.e.t.t.e.l.s.e. .a.f. .a.d.g.a.n.g. .t.i.l. .v.o.r.e.s. .S.o.f.t.w.a.r.e. .b.e.t.y.d.e.r.,. .a.t. .d.u. .a.c.c.e.p.t.e.r.e.r. .d.i.s.s.e. .v.i.l.k...r.,. .s... .d.u. .b.e.d.e.s. .l...s.e. .d.e.m. .o.m.h.y.g.g.e.l.i.g.t... .........I. .d.e.n.n.e. .l.i.c.e.n.s.a.f.t.a.l.e. .f.r.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".A.f.t.a.l.e.n.".). .g.e.n.n.e.m.g...s. .d.i.n.e. .r.e.t.t.i.g.h.e.d.e.r. .t.i.l. .a.t. .b.r.u.g.e. .S.o.f.t.w.a.r.e.n.,. .b.e.g.r...n.s.n.i.n.g.e.r. .f.o.r. .d.e.n.n.e. .b.r.u.g.,. .v.o.r.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-de-DE.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (3216), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):104206
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.491690936146809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Sw8jufxOksgk9WB2s9JIEwSKjKmDwwy0U6QVMsaXSTLgaP3FGp:FahQVM
                                                                                                                                                                                                                                                                                            MD5:08C61EF338BE0CF2084A8118EF5279EE
                                                                                                                                                                                                                                                                                            SHA1:FBDA8C94DE2D42F0624F45972686767F06A976D7
                                                                                                                                                                                                                                                                                            SHA-256:12372C1DBBA6800D99AFF817ACB35CCF968254713E7E2ED8676D9F652F0AAFC4
                                                                                                                                                                                                                                                                                            SHA-512:015553841CE77F952358EC26AB4C4E20128820B145D89F0146EE5A7C77CD24A3D23252BA52AAE8EC299FD447EFC472C6A27D83372F3DCED4A3E54B4492244887
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g.........V.i.e.l.e.n. .D.a.n.k.,. .d.a.s.s. .S.i.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .S.o.f.t.w.a.r.e. .u.n.d. .D.i.e.n.s.t.e. .(.. S.o.f.t.w.a.r.e.. ). .n.u.t.z.e.n.,. .d.i.e. .v.o.n. .M.c.A.f.e.e.,. .e.i.n.e.r. .h.u.n.d.e.r.t.p.r.o.z.e.n.t.i.g.e.n. .T.o.c.h.t.e.r.g.e.s.e.l.l.s.c.h.a.f.t. .v.o.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.,. .b.e.r.e.i.t.g.e.s.t.e.l.l.t. .w.e.r.d.e.n... .D.i.e.s. .i.s.t. .e.i.n. .r.e.c.h.t.s.k.r...f.t.i.g.e.r. .V.e.r.t.r.a.g. .z.w.i.s.c.h.e.n. .u.n.s.. m.i.t. .d.e.r. .I.n.s.t.a.l.l.a.t.i.o.n. .o.d.e.r. .d.e.m. .Z.u.g.r.i.f.f. .a.u.f. .u.n.s.e.r.e. .S.o.f.t.w.a.r.e. .s.t.i.m.m.e.n. .S.i.e. .d.i.e.s.e.n. .B.e.d.i.n.g.u.n.g.e.n. .z.u... .L.e.s.e.n. .S.i.e. .s.i.e. .d.e.s.h.a.l.b. .b.i.t.t.e. .a.u.f.m.e.r.k.s.a.m. .d.u.r.c.h... .........D.i.e.s.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g. .(.. V.e.r.t.r.a.g.. ). .u.m.f.a.s.s.t. .I.h.r.e. .R.e.c.h.t.e. .z.u.r. .N.u.t.z.u.n.g. .d.e.r. .S.o.f.t.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-el-GR.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2776), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):103714
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.054391145636526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:7NPKnckk7Va7/ZYluLyBO/mw5rMpNVjX7MYeFz8cP:lKB5rMdX4/f
                                                                                                                                                                                                                                                                                            MD5:74C7533EE5FBED8576A4ECEC0289CA6F
                                                                                                                                                                                                                                                                                            SHA1:E2C51284C29846E591E4C8EB931C9CAC85AE3A03
                                                                                                                                                                                                                                                                                            SHA-256:9E45E75EF08C8CD2C84324BCEE4FCF0D58FE8FB8F62B0DE91424071D3D6E3B4F
                                                                                                                                                                                                                                                                                            SHA-512:B339D79ED2176C7873F0E0AE4AFBE6B06EEDC81CBC537A715364C306FA1BE7B603A317737E6C16649E5EE371FE20EAD4406853EA11F5F6C4182EEBF1925C7361
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:................ ............. ............. ..................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y............... ......................... ....... ............................. ................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. ................... ).,. ....... ............... ... .M.c.A.f.e.e.,. ....... ....................... ..................... ................... ....... .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ... ............... ................. ....... ............. ................. ............... ..... ......... ....... .......... .. ....................... ... ..................... ....... ..................... ....... ....................... ....... ..................... ..... ......... ................. ...........,. ................. ....... ....................... ..... ......... ................... ....................... ........... ............... ............... ............. ............. .....................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-en-US.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2456), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):85990
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.453033473575846
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:/F7Fw4sT8hXmsqSrobeIT6f9BMaR4EYtI7F5M:aoc
                                                                                                                                                                                                                                                                                            MD5:9B63156648366D674107FF5066A58B2A
                                                                                                                                                                                                                                                                                            SHA1:9BB9FB43B3E5501C749364E8460C14F54B92F684
                                                                                                                                                                                                                                                                                            SHA-256:11269B8E798B3A21B2CD50D03587948B25A26C63B2AC7B4ED1ADD7565F36E9E2
                                                                                                                                                                                                                                                                                            SHA-512:9C7D3DBEFA0FAC4AF910EB6D6799D1C59BA880EE0B195D3648078159F3BEFCF8DCF965530CE5482DF6E17586494C44D5555CE5E710343CEA497B8B0C4BDC16A9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t.........T.h.a.n.k. .y.o.u. .f.o.r. .u.s.i.n.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.o.f.t.w.a.r.e. .a.n.d. .s.e.r.v.i.c.e.s. .(.. S.o.f.t.w.a.r.e.. ).,. .p.r.o.v.i.d.e.d. .b.y. .M.c.A.f.e.e.,. .a. .w.h.o.l.l.y. .o.w.n.e.d. .s.u.b.s.i.d.i.a.r.y. .o.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.h.i.s. .i.s. .a. .l.e.g.a.l. .a.g.r.e.e.m.e.n.t. .b.e.t.w.e.e.n. .u.s.. i.n.s.t.a.l.l.i.n.g. .o.r. .a.c.c.e.s.s.i.n.g. .o.u.r. .S.o.f.t.w.a.r.e. .m.e.a.n.s. .y.o.u. .a.r.e. .a.g.r.e.e.i.n.g. .t.o. .t.h.e.s.e. .t.e.r.m.s.,. .s.o. .p.l.e.a.s.e. .r.e.a.d. .t.h.e.m. .c.a.r.e.f.u.l.l.y... .........T.h.i.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t. .(.. A.g.r.e.e.m.e.n.t.. ). .c.o.v.e.r.s. .y.o.u.r. .r.i.g.h.t.s. .t.o. .u.s.e. .t.h.e. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.c.t.i.o.n.s. .o.n. .t.h.a.t. .u.s.e.,. .o.u.r. .r.i.g.h.t. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .r.e.n.e.w. .a.n.d. .c.h.a.r.g.e. .y.o.u. .f.o.r. .p.a.i.d. .v.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-ES.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100834
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4280024557861886
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQQ:Jg/5R9WPzzC3cix5kzYdZ+vQNQOg
                                                                                                                                                                                                                                                                                            MD5:36491A6CFF8B60CF03726466CEEBB0E0
                                                                                                                                                                                                                                                                                            SHA1:4E1A04A03C6C61AE843DFA86ADA074F1993A8AC2
                                                                                                                                                                                                                                                                                            SHA-256:30D4ABCB6EE990052D079EE1B57F5B1FDBA0343637AE6C2844BC6543D22EE5B5
                                                                                                                                                                                                                                                                                            SHA-512:7FF7FC6C1E4389F5D2D6120B12749EF68B70B07053525A5F2120E62ABBCFC8DB2A570FCD420B467E4903A5CAA70B5F1AE9E82964F4FB925847377ED6008B61C5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-es-MX.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100834
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.428304510295199
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQ5:Jg/5R9WPzzC3cix5kzYdZ+vQNQOp
                                                                                                                                                                                                                                                                                            MD5:2ADEB2CD2B6CAA6551DB3085B39ED686
                                                                                                                                                                                                                                                                                            SHA1:06EF0FCE06CC195702C1A962282EB3F9BEFEEE89
                                                                                                                                                                                                                                                                                            SHA-256:FF9395DBE41433EBA7F33689178F78C31311B9BF4569843104DE9157D0A3643F
                                                                                                                                                                                                                                                                                            SHA-512:78187F8F4230F87BF6DF62BC341FDC843CFF8546FA44FAD94A406ADEA77C81BEA51FA2A370F5BE3ACE039F2A377EC5D7E7975576E8A77F99132B71C8EACBED02
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-fi-FI.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2621), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):90558
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4505889656177646
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:HE2oXLv8VtIG4O4mPf5lC66AlB1Fd+NlLVlbH2ZuWUh/x:Hl4gtI24cf5c6J7l8vWUhJ
                                                                                                                                                                                                                                                                                            MD5:A047978D7239FD164D0F0B4CDE70F429
                                                                                                                                                                                                                                                                                            SHA1:C7D4FA0CAFD7960E4159A90AE66492A1DB9FCED9
                                                                                                                                                                                                                                                                                            SHA-256:8FF6BCED89A9E669D247A37D4AEE43B5B3B362E70DFA3CFD3D23875350659185
                                                                                                                                                                                                                                                                                            SHA-512:F42E7B55FCC7FB8918A45E063C5EE29326221A4B483CD788EF554E63B89E4649690E5EB7497029C2DFFBD3D5688A7D31E9399B831DB67DCED3E9DAFB2B040835
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s.........K.i.i.t.o.s.,. .e.t.t... .v.a.l.i.t.s.i.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .o.h.j.e.l.m.i.s.t.o.n. .j.a. .p.a.l.v.e.l.u.t. .(.. o.h.j.e.l.m.i.s.t.o.. ).,. .j.o.t.k.a. .t.a.r.j.o.a.a. .M.c.A.f.e.e.,. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.i.n. .k.o.k.o.n.a.a.n. .o.m.i.s.t.a.m.a. .t.y.t...r.y.h.t.i..... .T...m... .o.n. .l.a.i.l.l.i.n.e.n. .s.o.p.i.m.u.s. .m.e.i.d...n. .j.a. .k...y.t.t...j...n. .v...l.i.l.l..... .A.s.e.n.t.a.m.a.l.l.a. .t.a.i. .k...y.t.t...m...l.l... .o.h.j.e.l.m.i.s.t.o.a.m.m.e. .s.i.t.o.u.d.u.t. .n...i.h.i.n. .e.h.t.o.i.h.i.n.,. .j.o.t.e.n. .o.n. .t...r.k.e.....,. .e.t.t... .l.u.e.t. .n.e. .h.u.o.l.e.l.l.i.s.e.s.t.i... .........T...m... .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s. .(.. s.o.p.i.m.u.s.. ). .p.i.t..... .s.i.s...l.l.....n. .k...y.t.t...j...n. .o.i.k.e.u.d.e.t. .o.h.j.e.l.m.i.s.t.o.n. .k...y.t.t.....n.,. .t...t... .k...y.t.t..... .k.o.s.k.e.v.a.t. .r.a.j.o.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-CA.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100074
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.456769060516734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9NeT:YwrsE2KdYmfwqjlK2BZVqCChcw0J
                                                                                                                                                                                                                                                                                            MD5:026361432441B00900C15D81EFB20A25
                                                                                                                                                                                                                                                                                            SHA1:287B1A572348C9EF3C17D716EDD54907A067DEE5
                                                                                                                                                                                                                                                                                            SHA-256:BDAB2389238BCC00D71A642842B6167110CD22C04681256FCE1F1D362F7D7523
                                                                                                                                                                                                                                                                                            SHA-512:F5C3009B1101A62BA010921A8DAC44B4D1111B35DD7D50EB33BADF2BEFCA3AFD435C34DC2C7946A9541002D4AADF8DB9B179BD37B85CF155072B5380DA68D5A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-fr-FR.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100074
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.456927512697501
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9NeC:YwrsE2KdYmfwqjlK2BZVqCChcw0E
                                                                                                                                                                                                                                                                                            MD5:859EAF023C1F76ECDACB1E4EBD72BC7D
                                                                                                                                                                                                                                                                                            SHA1:C34AC9FF223F920E751D8EA68E0F6B0E4601AB25
                                                                                                                                                                                                                                                                                            SHA-256:0B451919A76D1EDE9E6C23D08F2ADDD2FD827D280407886E15093F8315CFE857
                                                                                                                                                                                                                                                                                            SHA-512:BB60DE2FB2010D1E945B9C2E66AC989B8932D6E22A79A6752D4A91B4058C97A2260823A3B9DEA613CEFCCF604E448AFEE6A63B8F22141A938914FF594F5FDCDD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-hr-HR.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2677), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):87744
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.58798496222848
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:4D5AY14mQom+cQuoy8H5Zo3ij63ydrXxYM+gDUC5lBvt4UgmsiyePIOK:3jelDB1vg
                                                                                                                                                                                                                                                                                            MD5:F0F33F656C531A87089BEFD7FAC76A67
                                                                                                                                                                                                                                                                                            SHA1:8E340F2A43C79656B5F5FE9AFF516EDA7291C209
                                                                                                                                                                                                                                                                                            SHA-256:A025649E8AE1B5D9B8EE741DF8A0C277B25C901007829DAD897B92C3443780B9
                                                                                                                                                                                                                                                                                            SHA-512:12BC664A425F0F2D356EE933BF5D42961FB101A81F5FD7496090F5F25B412EE6AE22CD0FA834C0642ED468507B795EEE6F078756DE67D66190785955C8C73205
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.v.e.r.".).,. .k.o.j.i. .i.s.p.o.r.u...u.j.e. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .t.v.r.t.k.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s.. i.n.s.t.a.l.i.r.a.n.j.e. .i.l.i. .p.r.i.s.t.u.p. .n.a.a.e.m. .S.o.f.t.v.e.r.u. .z.n.a...i. .d.a. .s.e. .s.l.a.~.e.t.e. .s. .n.j.e.g.o.v.i.m. .u.v.j.e.t.i.m.a.,. .p.a. .v.a.s. .m.o.l.i.m.o. .d.a. .i.h. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.t.e... .........O.v.a.j. .L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".U.g.o.v.o.r.".). .o.b.u.h.v.a...a. .v.a.a.e. .p.r.a.v.o. .n.a. .k.o.r.i.a.t.e.n.j.e. .S.o.f.t.v.e.r.a.,. .o.g.r.a.n.i...e.n.j.a. .u. .n.j.e.g.o.v.o.m. .k.o.r.i.a.t.e.n.j.u.,. .n.a.a.e. .p.r.a.v.o. .n.a. .a.u.t.o.m.a.t.s.k.o. .o.b.n.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-hu-HU.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2782), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):98690
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6859429785866773
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:3+Y5qMxXdv62/0ojFC0hQY+eUbM5wbg6u+sWOvm1SeWN3CBw4bZKMoBwAbCxpI1R:zsGDmMeo
                                                                                                                                                                                                                                                                                            MD5:75C761130ED7CF86657209EA25D0AB63
                                                                                                                                                                                                                                                                                            SHA1:65A7F1061516C37E96052A58384B9E53F22500F1
                                                                                                                                                                                                                                                                                            SHA-256:960B02F8FF4F01689E61B4CE19EF3E87B4F998A0AAD5FB5919D893B81051FF35
                                                                                                                                                                                                                                                                                            SHA-512:854ADB7925CE6307A7B5288071B47389ECA2EFA01C68978A1A17FB0B2F038A24BA194C956AF7C92ACF3DEC1C87A5C5D198D8F7EC9C6431D42AE12F49A359D31C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s.........K...s.z...n.j...k.,. .h.o.g.y. .a.z. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .t.e.l.j.e.s. .t.u.l.a.j.d.o.n... .l.e...n.y.v...l.l.a.l.a.t.a.,. .a. .M.c.A.f.e.e. ...l.t.a.l. .k...n...l.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.z.o.f.t.v.e.r.t. ...s. .s.z.o.l.g...l.t.a.t...s.o.k.a.t. .(.. S.z.o.f.t.v.e.r.. ). .h.a.s.z.n...l.j.a... .E.z. .a. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .e.g.y. .k...z...t.t...n.k. .l...t.r.e.j...t.t. .j.o.g.i. .m.e.g...l.l.a.p.o.d...s. .. .a. .S.z.o.f.t.v.e.r...n.k. .t.e.l.e.p...t...s.e. .v.a.g.y. .a. .S.z.o.f.t.v.e.r...n.k.h...z. .v.a.l... .h.o.z.z...f...r...s. .a.z.t. .j.e.l.e.n.t.i.,. .h.o.g.y. ...n. .e.g.y.e.t...r.t. .a. .s.z.e.r.z.Q.d...s.b.e.n. .f.o.g.l.a.l.t. .f.e.l.t...t.e.l.e.k.k.e.l.,. .e.z...r.t. .o.l.v.a.s.s.a. .e.l. .f.i.g.y.e.l.m.e.s.e.n. .a.z.o.k.a.t... .........A.z. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .(.. S.z.e.r.z.Q.d...s.. ). .a. .S.z.o.f.t.v.e.r. .h.a.s.z.n...l.a.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-it-IT.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2974), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):103642
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.410923213664887
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:D+piF3I9T9qL1rEINLBC7LcfZJJSMqHDYCebssNKlU8rmjVHJkItVdM1Orzj8:6/c16yjdM1OY
                                                                                                                                                                                                                                                                                            MD5:266422362D4487E33FA55D1644FDD2C1
                                                                                                                                                                                                                                                                                            SHA1:73B1DFC1D22B0EA9070776B481F53FFE08E4A500
                                                                                                                                                                                                                                                                                            SHA-256:1338056263EF2CF86FF8B6926F3AC25631B85813B07BF9BD3ECBE427A25905F3
                                                                                                                                                                                                                                                                                            SHA-512:80E617FB194CF7783DFE1BB5DAEF9CE47669D7571868650998778F4CF259D79183AB991B1DA77F49297A56EDF71399047B531F40412D0C6D442F6E01F923167F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..C.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.z.i.e. .p.e.r. .a.v.e.r. .s.c.e.l.t.o. .d.i. .u.t.i.l.i.z.z.a.r.e. .i. .s.o.f.t.w.a.r.e. .e. .i. .s.e.r.v.i.z.i. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".). .f.o.r.n.i.t.i. .d.a. .M.c.A.f.e.e.,. .c.o.n.s.o.c.i.a.t.a. .i.n.t.e.r.a.m.e.n.t.e. .c.o.n.t.r.o.l.l.a.t.a. .d.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .I.l. .p.r.e.s.e.n.t.e. .d.o.c.u.m.e.n.t.o. .c.o.s.t.i.t.u.i.s.c.e. .u.n. .c.o.n.t.r.a.t.t.o. .l.e.g.a.l.e. .t.r.a. .n.o.i. .e. .l.'.u.t.e.n.t.e... .L.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .o. .l.'.a.c.c.e.s.s.o. .a.i. .n.o.s.t.r.i. .S.o.f.t.w.a.r.e. .i.m.p.l.i.c.a. .l.'.a.c.c.e.t.t.a.z.i.o.n.e. .d.i. .q.u.e.s.t.i. .t.e.r.m.i.n.i. .d.a. .p.a.r.t.e. .d.e.l.l.'.u.t.e.n.t.e.,. .c.h.e. .p.e.r.t.a.n.t.o. ... .t.e.n.u.t.o. .a. .l.e.g.g.e.r.l.i. .c.o.n. .a.t.t.e.n.z.i.o.n.e... .........I.l. .p.r.e.s.e.n.t.e. .c.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.t.o.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-ja-JP.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (1234), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):41412
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.771690240275463
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:8bY257pwJE0xJUhghf/3Gkojyef4ktbfR/KSCDpKIb5MhOZ:8E257OJE0ighfSyKtbfxapB
                                                                                                                                                                                                                                                                                            MD5:6C7F6872BA27531BC70831CC9ABB326C
                                                                                                                                                                                                                                                                                            SHA1:01ABACE1DFFF6AF1A387D8067A857AE50DA87CF0
                                                                                                                                                                                                                                                                                            SHA-256:6F18E6253EF1C7BC883BE56F135171145A86B271A76B2D8BA16AF0F6B1F6CF67
                                                                                                                                                                                                                                                                                            SHA-512:AB64DFB2688E715058CB232888D75254FE366A2C0EA4035054E69E78E7B279FE60647D15290B50678BE1022FA89AF29847C4C98416283CA8E6370604E849A19A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .n0hQM..Q.P[.O>yg0B0.0 .M.c.A.f.e.e.L0.c.OY0.0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..0.0.0.0.0.0J0.0s0.0.0.0.0...0.0.0.0.0.0.0.0...0)R(uD0_0`0M0B0.0L0h0F0T0V0D0~0Y0.0 .,gQY.}o0J0.[.ih0S_>yh0n0..k0.}P}U0.0.0.l.vj0QY.}g0Y0.0J0.[.io0.0S_>yn0.0.0.0.0.0.0.0.0.0.0.0.0.0~0_0o0]0.0k0.0.0.0.0Y0.0S0h0k0.0.0.0,gQY.}n0ag.Nk0.T.aW0_0h0.0j0U0.0~0Y0n0g0.0,gQY.}.0.0O0J0...0O0`0U0D0.0 .........S0n0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}.f...0,gQY.}.0..o0.0J0.[.in0.0.0.0.0.0.0.O(u)j.0.O(u6RP..0.0.0.0.0.0.0n0.g.Q.0.0.0.0.0~0_0o0_j...0..R.vk0.f.eJ0.0s0...Y0.0S_>yn0)j)R.0J0.0s0S_>yh0J0.[.in0..k0zv.uY0.0.S..'`n0B0.0.}.Nn0.N..k0.[Y0.0J0.[.in0.T.ak0d0D0f0....W0f0D0~0Y0.0 ....j0.0,gQY.}h0h0.0k0J0.[.ik0i.(uU0.0.0.0S_>yn0.0.0.0.0.0.0k0..Y0.0.X.f..h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.j.a.p.a.n.e.s.e./.i.n.d.e.x...h.t.m....0+T.0...Rag.Nx0n0.0.0.0L0+T~0.0f0D0~0Y0.0 ..T.Vyr.gn0ag.No0,gQY.}

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-ko-KR.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (1439), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):46328
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.585182635780428
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:iLBTRAz/+e7qDm/7QgTt2Bk6baOLFureI5mIxFRlKi3lr:iLnAz/+e+DmzQgZ2BdblJsSi3lr
                                                                                                                                                                                                                                                                                            MD5:8DC1287BCDE9634470CBC729998DB5D8
                                                                                                                                                                                                                                                                                            SHA1:3E5FFB0DD3B6750F2C53A8B57D005AA8421089C1
                                                                                                                                                                                                                                                                                            SHA-256:C81F8A65D9B1E06754BEA0AABC2BB0882A63F5D0D9C2975DF939E239297FE0AB
                                                                                                                                                                                                                                                                                            SHA-512:0EB10729587531E25BE1CCD26685CADBF7901170009AA6160EEF2BEE85C6D7BDD995A6DDC67CB17AE36FF3205B81DD02B656B139051FB74AD4479CE834BB6989
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.X. ...a. .... .....x. .M.c.A.f.e.e..... .....X.. .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......... ... ...D...(.t.X. .. ......... ).|. .....t. ...T... .....i..... .t..@. .....@. ...... ...t.X. ..... ..}...... .....X. .........|. .$.X.X.p... .a.8...X.. ...@. .t. ..}. .}..... ..X.X.. ...t...\.,. .}...D. ...X. .J... .}.<...0. ......... .........t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.(.t.X. .. .}.. ).@. ......... ..... .....,. ......... .....X. ...\. .p.t.,. .........X. . .. .....t.. .0..... ...t. ....<.\. ..}.D. .1...X.. ......... ...a.D. ...l.`. ... .... .....X. .....,. ...... .....@. ...... ...t... .....`. ... .... .....X. ...... ...\. ...X.X. ..X. .....D. ........ .t. .8...... ...X.... ........ .t. ..... ..}.D. .l.1.X.. .\. .....x. ....\. ..... ..}. .}...(...:. ...x.......8. .H..8.,. .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-nb-NO.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2743), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):84476
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4475806099732793
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKQ/s+p6jdIuRMPNGZJq7ALa/jcuqqRp5Q9:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKT
                                                                                                                                                                                                                                                                                            MD5:6CA4A7BDD113BA4CBEB11C1F6D55E878
                                                                                                                                                                                                                                                                                            SHA1:D0E7870292715E80F6EF9EF097304EB34E278F04
                                                                                                                                                                                                                                                                                            SHA-256:6938C6036427CF9573BC12E94D281F15ED80F79FF536B22765CF0DA907E5BF85
                                                                                                                                                                                                                                                                                            SHA-512:997B039644AF43927F936E36AB52CE57F95EF05C234EFD1AEC6F379597C8A6AA126F9CF85EF48A5377B9B00FC0D258AE7AFD8DA9593FA516B945DE69BAD8F0FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.s.e.n.s.a.v.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.k. .f.o.r. .a.t. .d.u. .b.r.u.k.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .p.r.o.g.r.a.m.v.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".p.r.o.g.r.a.m.m.e.t.).,. .l.e.v.e.r.t. .a.v. .M.c.A.f.e.e.,. .e.t. .h.e.l.e.i.d. .d.a.t.t.e.r.s.e.l.s.k.a.p. .a.v. .I.n.t.e.r. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.v.t.a.l.e. .m.e.l.l.o.m. .o.s.s. .. .i.n.s.t.a.l.l.a.s.j.o.n. .e.l.l.e.r. .b.r.u.k. .a.v. .v...r. .p.r.o.g.r.a.m.v.a.r.e. .b.e.t.y.r. .a.t. .d.u. .g.o.d.t.a.r. .d.i.s.s.e. .v.i.l.k...r.e.n.e.,. .s... .l.e.s. .d.e.m. .n...y.e... .........D.e.n.n.e. .l.i.s.e.n.s.a.v.t.a.l.e.n. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".a.v.t.a.l.e.n.".). .d.e.k.k.e.r. .d.i.n. .r.e.t.t. .t.i.l. ... .b.e.n.y.t.t.e. .p.r.o.g.r.a.m.v.a.r.e.n.,. .b.e.g.r.e.n.s.n.i.n.g.e.r. .p... .d.e.n.n.e. .b.r.u.k.e.n.,. .v...r. .r.e.t.t. .t.i.l. .a.u.t.o.m.a.t.i.s.k. .f.o.r.n.y.e.l.s.e. .o.g. .t.a. .b.e.t.a.l.t. .f.o.r. .b.e.t.a.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-nl-NL.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2801), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100578
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.441900782202567
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:OQ/9KbnOOfNlk/R5OVUR5Oh/RKe/HEUnOZVOsf6jzytJpjIzGeQRV22n3sT58jQO:7
                                                                                                                                                                                                                                                                                            MD5:A01868D8BDC821913012C2B8C29552F7
                                                                                                                                                                                                                                                                                            SHA1:513CA1D31EA18BAA36D6715824FA88933B6AF4B6
                                                                                                                                                                                                                                                                                            SHA-256:FFAF392F8A5F32E210B423C7EA49F991BEC91E18ADE18C3CA913AFD0F7DB91A2
                                                                                                                                                                                                                                                                                            SHA-512:ED7756573905F83071F5E154155AD3EEEED7DC6170010A42A3F6EB95F50B7D2D1E6BA969181388B7EC90083F1F9F44B926C3A1734B8416AAC604B0C009F3AE99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.a.n.k. .u. .v.o.o.r. .h.e.t. .g.e.b.r.u.i.k. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.-.s.o.f.t.w.a.r.e. .e.n. .-.d.i.e.n.s.t.e.n. .(.'.S.o.f.t.w.a.r.e.'.).,. .a.a.n.g.e.b.o.d.e.n. .d.o.o.r. .M.c.A.f.e.e.,. .e.e.n. .v.o.l.l.e.d.i.g.e. .d.o.c.h.t.e.r.o.n.d.e.r.n.e.m.i.n.g. .v.a.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.i.t. .i.s. .e.e.n. .j.u.r.i.d.i.s.c.h.e. .o.v.e.r.e.e.n.k.o.m.s.t. .t.u.s.s.e.n. .o.n.s... .D.o.o.r. .o.n.z.e. .S.o.f.t.w.a.r.e. .t.e. .i.n.s.t.a.l.l.e.r.e.n. .e.n. .t.e. .o.p.e.n.e.n.,. .g.e.e.f.t. .u. .a.a.n. .d.a.t. .u. .a.k.k.o.o.r.d. .g.a.a.t. .m.e.t. .d.e.z.e. .v.o.o.r.w.a.a.r.d.e.n... .L.e.e.s. .z.e. .d.u.s. .z.o.r.g.v.u.l.d.i.g... .........D.e.z.e. .L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.'.O.v.e.r.e.e.n.k.o.m.s.t.'.). .b.e.s.c.h.r.i.j.f.t. .u.w. .r.e.c.h.t.e.n. .o.m. .d.e. .S.o.f.t.w.a.r.e. .t.e. .g.e.b.r.u.i.k.e.n.,. .d.e. .b.e.p.e.r.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-pl-PL.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2967), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):101850
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7336966797598805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:dnEmLzXswPaPfzO8liJQIKQ42HzLMH7scwS3/80GIrKQ+QM:ayXeo
                                                                                                                                                                                                                                                                                            MD5:868618F543D0C5ABA43DE44071794B38
                                                                                                                                                                                                                                                                                            SHA1:D33519C9283B4B09FA1AF46B228D19783D9CF92E
                                                                                                                                                                                                                                                                                            SHA-256:C15649C9F86F8C7D0A4E7F6B3D047671D509786191C5FD490DC1847CB0B21360
                                                                                                                                                                                                                                                                                            SHA-512:5F7FF28FD98E0C87091BB64600C805A65F018DA307D7F4AB0C94CEC3F34E5FE26571EB73BD4BD1BC733E7AF30DCA123CC48FB4ED222EE892C92CF30200EBE5FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..U.m.o.w.a. .l.i.c.e.n.c.y.j.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.z.i...k.u.j.e.m.y. .z.a. .k.o.r.z.y.s.t.a.n.i.e. .z. .o.p.r.o.g.r.a.m.o.w.a.n.i.a. .i. .u.s.B.u.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.z.w.a.n.y.c.h. .d.a.l.e.j. .. O.p.r.o.g.r.a.m.o.w.a.n.i.e.m.. ). .o.f.e.r.o.w.a.n.y.c.h. .p.r.z.e.z. .M.c.A.f.e.e.,. .s.p...B.k... .z.a.l.e.|.n...,. .k.t...r.e.j. .w.y.B...c.z.n.y.m. .w.B.a.[.c.i.c.i.e.l.e.m. .j.e.s.t. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N.i.n.i.e.j.s.z.y. .d.o.k.u.m.e.n.t. .s.t.a.n.o.w.i. .u.m.o.w... .p.r.a.w.n... .m.i...d.z.y. .n.a.m.i. .a. .U.|.y.t.k.o.w.n.i.k.i.e.m. .. .z.a.i.n.s.t.a.l.o.w.a.n.i.e. .n.a.s.z.e.g.o. .O.p.r.o.g.r.a.m.o.w.a.n.i.a. .l.u.b. .u.z.y.s.k.a.n.i.e. .d.o. .n.i.e.g.o. .d.o.s.t...p.u. .j.e.s.t. .r...w.n.o.z.n.a.c.z.n.e. .z. .z.a.a.k.c.e.p.t.o.w.a.n.i.e.m. .n.i.n.i.e.j.s.z.y.c.h. .w.a.r.u.n.k...w.,. .w. .z.w.i...z.k.u. .z. .c.z.y.m. .p.r.o.s.i.m.y. .o. .u.w.a.|.n.e. .z.a.p.o.z.n.a.n.i.e. .s.i... .z. .t.r.e.[.c.i... .d.o.k.u.m.e.n.t.u... ...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-BR.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2603), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):91306
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.465058408699289
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:f8Wc1lp2b6cXQJ6rHcTCGXPF3zzhTOJpy0WlLyd5S+tKIbTw3ZurbNlar+wHmCYY:f7HceS+3bTrb/R6mdyd
                                                                                                                                                                                                                                                                                            MD5:8ED01AF36A96D5933FBBC78CED777F77
                                                                                                                                                                                                                                                                                            SHA1:E6509BA295633BCF387559F2CBB95CC847457469
                                                                                                                                                                                                                                                                                            SHA-256:C446AE91F85DD2779A13A70583825C5067F97DE81EDBD59D1C32879859BA5145
                                                                                                                                                                                                                                                                                            SHA-512:8C0B61DF2EE05D3DFFA95B8813828FCF30C4FDA54B973C038F01BB3BAB4DC21263DEFC6A051CCD934E491DF82BA4CEAC03CC5D3240364D8B4E867ADA6EDC6EEF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........A.g.r.a.d.e.c.e.m.o.s. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".).,. .f.o.r.n.e.c.i.d.o. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .i.n.t.e.g.r.a.l. .d.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. ... .u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .n...s.:. .a.o. .i.n.s.t.a.l.a.r. .o.u. .a.c.e.s.s.a.r. .n.o.s.s.o. .S.o.f.t.w.a.r.e.,. .s.i.g.n.i.f.i.c.a. .a. .s.u.a. .c.o.n.c.o.r.d...n.c.i.a. .c.o.m. .e.s.t.e.s. .t.e.r.m.o.s.,. .d.e. .f.o.r.m.a. .q.u.e. .v.o.c... .d.e.v.e. .l...-.l.o.s. .c.o.m. .a. .m...x.i.m.a. .a.t.e.n.....o... .........E.s.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.o.".). .c.o.b.r.e. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.....e.s. .a. .e.s.s.e. .u.s.o.,. .o. .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-pt-PT.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2536), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):96486
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4740788952855137
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:GfDawY1TqufUqhbQGb0jiATGoeQmiBKTVIsFdwb:2DetG
                                                                                                                                                                                                                                                                                            MD5:27331E6D23C62FEA0F0557F13D99D43C
                                                                                                                                                                                                                                                                                            SHA1:8D474CBFE5B8E772AA4F5AFA6A9B59F06119A55E
                                                                                                                                                                                                                                                                                            SHA-256:4F53C602976E47C1DAEC67E1300E22E9E6BBB7B511A9CD31B38880C8B6821C1E
                                                                                                                                                                                                                                                                                            SHA-512:78FE5479997BC23C9F458880DEE0B660D8FC798A44860F0657B0979D0DB67D01F544E17F50B1259DEEB8C649AC81B74CA95D5A6BC7FC374918210907CC7D8C3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........O.b.r.i.g.a.d.o. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ). .f.o.r.n.e.c.i.d.o.s. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .t.o.t.a.l.m.e.n.t.e. .d.e.t.i.d.a. .p.e.l.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .d.o.c.u.m.e.n.t.o. .c.o.n.s.i.s.t.e. .n.u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .a.m.b.a.s. .a.s. .p.a.r.t.e.s.. a.o. .i.n.s.t.a.l.a.r. .o.u. .a.o. .a.c.e.d.e.r. .a.o. .n.o.s.s.o. .S.o.f.t.w.a.r.e. .e.s.t... .a. .c.o.n.c.o.r.d.a.r. .c.o.m. .o.s. .p.r.e.s.e.n.t.e.s. .t.e.r.m.o.s.,. .p.o.r. .i.s.s.o.,. .l.e.i.a.-.o.s. .a.t.e.n.t.a.m.e.n.t.e... .........O. .p.r.e.s.e.n.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. C.o.n.t.r.a.t.o.. ). .i.n.c.l.u.i. .o.s. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-ru-RU.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2934), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):105274
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9253890058091128
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Zrlkl/OV57V/gTNKukdeCNCaM2sJCX7Zh7Ft7yvFsknxFFNZ6AJTaFkke2bnMBqF:JfRpOEZhc8LSQ0PnmE0
                                                                                                                                                                                                                                                                                            MD5:8E8679BD238881B4E328758EE9B1CD2C
                                                                                                                                                                                                                                                                                            SHA1:8B58CFA9E861D4F4423C7D9A39F0A4C5AFAEEEEB
                                                                                                                                                                                                                                                                                            SHA-256:87DF68D221DED619D5B33F572270BB4A78678ED550912286058185A7D46AD3D3
                                                                                                                                                                                                                                                                                            SHA-512:3B995444C93AF8B9FB4A566406F0E4351A45A7F8359DB773C3D54B630991C1F160B91D2BCD9F2FCA6FF3AAAA503DA2F5DB1302C5C53669B4E839F39D099E59E2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:....8.F.5.=.7.8.>.=.=.>.5. .A.>.3.;.0.H.5.=.8.5. .4.;.O. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........;.0.3.>.4.0.@.8.<. ...0.A. .7.0. .8.A.?.>.;.L.7.>.2.0.=.8.5. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .8. .A.;.C.6.1. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(."...@.>.3.@.0.<.<.=.>.5. .>.1.5.A.?.5.G.5.=.8.5.".).,. .?.@.5.4.>.A.B.0.2.;.O.5.<.K.E. .:.>.<.?.0.=.8.5.9. .M.c.A.f.e.e. .. .4.>.G.5.@.=.5.9. .:.>.<.?.0.=.8.5.9.,. .=.0.E.>.4.O.I.5.9.A.O. .2. .?.>.;.=.>.9. .A.>.1.A.B.2.5.=.=.>.A.B.8. .:.>.@.?.>.@.0.F.8.8. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ...0.=.=.K.9. .4.>.:.C.<.5.=.B. .?.@.5.4.A.B.0.2.;.O.5.B. .N.@.8.4.8.G.5.A.:.>.5. .A.>.3.;.0.H.5.=.8.5. .<.5.6.4.C. .=.0.<.8... .#.A.B.0.=.>.2.:.0. .8.;.8. .4.>.A.B.C.?. .:. .=.0.H.5.<.C. ...@.>.3.@.0.<.<.=.>.<.C. .>.1.5.A.?.5.G.5.=.8.N. .>.1.>.7.=.0.G.0.N.B. ...0.H.5. .A.>.3.;.0.A.8.5. .A. .C.A.;.>.2.8.O.<.8. .M.B.>.3.>. .A.>.3.;.0.H.5.=.8.O.,. .?.>.M.B.>.<.C. .2.=.8.<.0.B.5.;.L.=.>. .>.7.=.0.:.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-sk-SK.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2701), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):89572
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7335008776841807
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:plH9miYwq9hpeKK283X97rpcvXctx1qDQDupSMeylm5Wq0FGQueLS9FpSzvFgxSI:pPfqU7AcD1/DmDqOrS9FpkXvaGOtdr
                                                                                                                                                                                                                                                                                            MD5:57DDAB65D1D5F575977AFCAF92F9C9C1
                                                                                                                                                                                                                                                                                            SHA1:41FFD8C6FF2D41912A945BD307EF69CBEC60B1B5
                                                                                                                                                                                                                                                                                            SHA-256:AEE55641C00773BA23B26AEF0720578EFCBB7F7B2B22E328E9422083F824B1EE
                                                                                                                                                                                                                                                                                            SHA-512:1CD3CD42AA44C96DDCEB055153A6B32758E94B0DA77AC6FAC1DA12ECA4310279755FE6F7FD0F7F3E60E71C20B0E9740F218D1E5A5A932217FAF15443EAAB6D49
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........a.k.u.j.e.m.e. .v...m. .z.a. .p.o.u.~...v.a.n.i.e. .s.o.f.t.v...r.u. .a. .s.l.u.~.i.e.b. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v...r.. ).,. .p.o.s.k.y.t.o.v.a.n...c.h. .s.p.o.l.o...n.o.s.e.o.u. .M.c.A.f.e.e.,. .k.t.o.r... .j.e. .d.c...r.s.k.o.u. .s.p.o.l.o...n.o.s.e.o.u. ...p.l.n.e. .v.l.a.s.t.n.e.n.o.u. .s.p.o.l.o...n.o.s.e.o.u. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.o.t.o. .j.e. .p.r...v.n.a. .z.m.l.u.v.a. .m.e.d.z.i. .n.a.m.i. .. .i.n.a.t.a.l...c.i.o.u. .a.l.e.b.o. .p.r...s.t.u.p.o.v.a.n...m. .k. .n...a.m.u. .S.o.f.t.v...r.u. .s...h.l.a.s...t.e. .s. .t...m.i.t.o. .p.o.d.m.i.e.n.k.a.m.i.,. .t.a.k.~.e. .s.i. .i.c.h.,. .p.r.o.s...m.,. .p.o.z.o.r.n.e. .p.r.e.....t.a.j.t.e... .........T...t.o. .L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(...a.l.e.j. .l.e.n. .. Z.m.l.u.v.a.. ). .s.a. .v.z.e.a.h.u.j.e. .n.a. .v.a.a.e. .p.r...v.a. .n.a. .p.o.u.~...v.a.n.i.e. .S.o.f.t.v...r.u.,. .o.b.m.e.d.z.e.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-sr-Latn-CS.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2634), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):88356
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5780462545512095
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:1PXzqxuAlAEnb93roW/JxeTYZ9/sn7/87/FXoQEHVX/Z0S/jj:dWVkTmR12
                                                                                                                                                                                                                                                                                            MD5:449B9426C6C6CA645B6BCDB1A69122CA
                                                                                                                                                                                                                                                                                            SHA1:3CF9A6BCD1580F3F9875BF87730DA14FBA64DAD7
                                                                                                                                                                                                                                                                                            SHA-256:034F01176DFF06358C7BF32CBA0B60A671831EC3C39CE4B3C75A2051C6843DA6
                                                                                                                                                                                                                                                                                            SHA-512:4909B45B95161960665821C98E8BA99C590F8DA69E19D5FB4BD897A53565DCB7A9979F28B62C115D8FF8BC3A40E5A4DEA947C92CBE55ECDF7B148123BECB4F52
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .v.a.m. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v.e.r.. ).,. .k.o.j.i. .o.b.e.z.b.e...u.j.e. .k.o.m.p.a.n.i.j.a. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s. .. .i.n.s.t.a.l.i.r.a.n.j.e. .n.a.a.e.g. .S.o.f.t.v.e.r.a. .i.l.i. .p.r.i.s.t.u.p.a.n.j.e. .n.j.e.m.u. .z.n.a...i. .d.a. .p.r.i.h.v.a.t.a.t.e. .o.v.e. .u.s.l.o.v.e.,. .p.a. .i.h. .s.t.o.g.a. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.j.t.e... .........O.v.a.j. .U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. U.g.o.v.o.r.. ). .p.o.k.r.i.v.a. .v.a.a.a. .p.r.a.v.a. .d.a. .k.o.r.i.s.t.i.t.e. .S.o.f.t.v.e.r.,. .o.g.r.a.n.i...e.n.j.a. .t.o.g. .k.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-sv-SE.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2632), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):89704
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.503679482731326
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:dcFeHhjwanoMWVOjxKI+psB/YgpnuIbVGm8:WFCwKWsQgpM
                                                                                                                                                                                                                                                                                            MD5:0BF8549EE388824ECE877A8F57284741
                                                                                                                                                                                                                                                                                            SHA1:5DC7E108E0C92840ED5233DF96648FB79FD0D07E
                                                                                                                                                                                                                                                                                            SHA-256:C171B6CF831FF87A9DA8085AAED1345B466CDCE40F1272338DB4578FCE516D8C
                                                                                                                                                                                                                                                                                            SHA-512:02F28793B7DD26F647551F8C946325094E2372076761986C0C952EC1DE91AACD96FFD39DE550972838BA24DB533AF55D86B2271F84844424978CCD7FD2EA11E1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.c.k. .f...r. .a.t.t. .d.u. .a.n.v...n.d.e.r. .p.r.o.g.r.a.m.v.a.r.a.n. .o.c.h. .t.j...n.s.t.e.r.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. P.r.o.g.r.a.m.v.a.r.a.n.. ). .f.r...n. .M.c.A.f.e.e.,. .e.t.t. .h.e.l...g.t. .d.o.t.t.e.r.b.o.l.a.g. .t.i.l.l. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N...r. .d.u. .i.n.s.t.a.l.l.e.r.a.r. .e.l.l.e.r. .a.n.v...n.d.e.r. .P.r.o.g.r.a.m.v.a.r.a.n. .g.o.d.k...n.n.e.r. .d.u. .a.u.t.o.m.a.t.i.s.k.t. .v.i.l.l.k.o.r.e.n.,. .s... .l...s. .n.o.g.a. .i.g.e.n.o.m. .d.e.m. .f...r.s.t... .D.e.t.t.a. ...r. .e.t.t. .b.i.n.d.a.n.d.e. .j.u.r.i.d.i.s.k.t. .a.v.t.a.l. .o.s.s. .e.m.e.l.l.a.n... .........D.e.t.t.a. .L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. A.v.t.a.l.e.t.. ). .r.e.g.l.e.r.a.r. .d.i.n.a. .r...t.t.i.g.h.e.t.e.r. .i. .s.a.m.b.a.n.d. .m.e.d. .a.n.v...n.d.n.i.n.g. .a.v. .P.r.o.g.r.a.m.v.a.r.a.n.,. .e.v.e.n.t.u.e.l.l.a. .b.e.g.r...n.s.n.i.n.g.a.r. .i. .a.n.v...n.d.n.i.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-tr-TR.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (2527), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):89572
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.762382319609866
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:U4WLetFwU8STnnWH0I9fkl7+JaRtbJHGdnC2vJfPI9n9AkllkhZBYziG/xJd8oSc:UjLetFwbSTnnWH0IdkN+JaRt0dnC2xIp
                                                                                                                                                                                                                                                                                            MD5:1B4DD315A275F8BFED163420DA8FBEE4
                                                                                                                                                                                                                                                                                            SHA1:A6CDDB33749AE857176B15008F1E50AED603045B
                                                                                                                                                                                                                                                                                            SHA-256:61C8CEA6AB8E5461CC240EEF016BDEB16E62BC6B7744DA9E80B51B1123BD6237
                                                                                                                                                                                                                                                                                            SHA-512:30632B6DC06B57F0092CEBFCC7687C7E005B85A1E55804CC235ADEB0D057C80C39675F89DD41F092071213FC32CAA5132F82F92AD6F3EA33FEE7425963589B99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.. 1.n. .y...z.d.e. .y...z. .i._.t.i.r.a.k.i. .o.l.a.n. .M.c.A.f.e.e. .t.a.r.a.f.1.n.d.a.n. .s.a...l.a.n.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .y.a.z.1.l.1.m.1. .v.e. .h.i.z.m.e.t.l.e.r.i.n.i. .(.. Y.a.z.1.l.1.m.. ). .k.u.l.l.a.n.d.1...1.n.1.z. .i...i.n. .t.e._.e.k.k...r. .e.d.e.r.i.z... .Y.a.z.1.l.1.m.1.m.1.z.1.n. .k.u.r.m.a.n.1.z. .v.e.y.a. .Y.a.z.1.l.1.m.1.m.1.z.a. .e.r.i._.i.m. .s.a...l.a.m.a.n.1.z. .a.r.a.m.1.z.d.a.k.i. .b.u. .y.a.s.a.l. .s...z.l.e._.m.e.n.i.n. .i.l.g.i.l.i. .h...k...m.l.e.r.i.n.i. .k.a.b.u.l. .e.t.t.i...i.n.i.z. .a.n.l.a.m.1.n.a. .g.e.l.e.c.e...i.n.d.e.n.,. .l...t.f.e.n. .b.u.n.l.a.r.1. .d.i.k.k.a.t.l.i.c.e. .o.k.u.y.u.n... .........0._.b.u. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i. .(.. S...z.l.e._.m.e.. ). .Y.a.z.1.l.1.m.1.n. .k.u.l.l.a.n.1.l.m.a.s.1.n.a. .i.l.i._.k.i.n. .h.a.k.l.a.r.1.n.1.z.1.,. .s...z. .k.o.n.u.s.u. .k.u.l.l.a.n.1.m.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-CN.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (873), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.793318949139549
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:dGlhiqpYn3S6kZ5pZsM1SDo9P0VSpjzjW+EpgLDR5CCaGdYO7:dWDuIVZsM19DjzjW+EpgLN5qvO7
                                                                                                                                                                                                                                                                                            MD5:359E8741BF5310BFBFC926B2739899AD
                                                                                                                                                                                                                                                                                            SHA1:E3ECADA8CC71A3B8CCC6AD203D40EECFDEFA712E
                                                                                                                                                                                                                                                                                            SHA-256:A24E29E3AAB9D673AB3B3584189440579CBA3E4659755FBCE8DEEB168A1F2721
                                                                                                                                                                                                                                                                                            SHA-512:C7672DD79E7960924F11A16ED363FA571ED793F57DF3DCEEBB7115C8FFA5CEA74DC78DA5F1CE49FCBAC72EE54888A0D8B6928FB521D8A1212C2E5EA862B15312
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS...........a"..`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. ..vhQD.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. .o..N.T.g.R... o..N. ...0 ../f.`.N.b.NKN...v.l._OS.....[..b....b.N.v. o..N. ..sSh.:y.`.T.a..Nag>k...Vdk...N.~.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS..... OS... ...m.v.`.O(u. o..N. .vCg)R.0.O(uP.6R.0.b.N.R.~..v^1\. o..N. .v.N9.Hr,g.b.R...T.`6e9..vCg)R...N.S.`.T.a....N...Q.b.NKN...S...N.u.v.NUO.N...0 .,gOS...S+T.b.N.v...y.X.fI{D..Rag>k.v...c .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.s.i.m.p.l.i.f.i.e.d./.i.n.d.e.x...h.t.m.).....Nag>k._.....v^qQ.T.g.b..(u.N.`.v,g.l._OS...0 ..V.[/.0W:Syr.[.vag>kMO.NOS...v.g.T.Nag.0 ..........Y.g.`*g.n .1.8. ..\...l.g.`.v6r.k.b.v.b.N...N.N._{.HQ.c.S,gOS..v^.Nh..`.{.t. o..N. ...v.T.a...`.N._.O(u. o..N. .b.T.b.N.c.O.`.v*N.N.Oo`.0 .........1......c.S,gOS...T.O9e .. .US.Q. .c.S. .c...b.[.. o..N. ..sSh.:y.`.eag.N.T.a.S,g

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\eula-zh-TW.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (904), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27300
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.852766523087007
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:RLcNdFNy9pQbexWBTeP5s8FmxoFfEgQSPsxFHMOKQZgTmLL/ytmq/d:Rcf6w3BKx/hagQSPsxtKjTmk
                                                                                                                                                                                                                                                                                            MD5:EC47749751D4472B0CE985A60609B1D6
                                                                                                                                                                                                                                                                                            SHA1:9F391EC407FA4F1FD4984E7B2235C8639F81E8E9
                                                                                                                                                                                                                                                                                            SHA-256:1A821698AF829C6B15A5CD0130E84141D9CBB10ED21D692390DA3491F9AC3B53
                                                                                                                                                                                                                                                                                            SHA-512:70A0F745D2275B101FE234265BFA706234F72AE31EEF2CA28027E8C38CD64273DD93D1694B07CAA71DF1443A1F710F4F1259A7BC231DF6E749EBA717C354821D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}.........a...`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .hs.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......g.R...0...0...0 .../f.`...b.PKN...v.l._.T.} .. ..[..bX[.S.b.P.v.0...0..sSh.:y.`.T.a...N.h>k...Vdk..N0}.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}...0.T.}.0...m..`.O(u.0...0.v.k)R.0.O(uP.6R.0.b.P..R.~..&N1\.0...0.v.N..Hr,g.b.R...T.`6e...v.k)R...N.S.`.T.a..N..N...zl.b.PKN...S.."u.u.v.NUO-rp..0 ..b.P.].S.b.b.P.v...y.kr..fI{D..R.h>k.v#.P} .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.t.r.a.d.i.t.i.o.n.a.l./.i.n.d.e.x...h.t.m.)......N.h>k._.....&NqQ.T.i.bi.(u.e.`.v,g.l._.T.}.0 ..W.[/.0W@Syr.[.v.h>kMO.e.T.}.v.g._.N.h.0 ..........Y.g.`*g.n .1.8. .rk...l.g.`.v6r.k.b.vw..N...N.P._..HQ.c.S,g.T.}&N.Nh..`.{.t.0...0...v.T.a...`.N..AQ1..O(u.0...0.b.T.b.P.c.O.`.v.P.N....0 .........1......c.S,g.T.}.T.O9e .. ..c.N.0.c.S.0.c...b.[..0...0..sSh.:y.`!q.h

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2553
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.574169144997834
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3HNBDTz+QdnA/jlE7Nijs371IguQgUlKKGgDlpfkPlC0RbglexOX0wJUGl3nuEIb:3th+y0+7Nks3pIg3lKelpfUlC0lglOOY
                                                                                                                                                                                                                                                                                            MD5:94D48A00A5CD08BCBF7C00FE867AC6C8
                                                                                                                                                                                                                                                                                            SHA1:0E716AB1E0CE58E4A41A2E76609E2CFA5A286903
                                                                                                                                                                                                                                                                                            SHA-256:DCFCCD54723678E4A046D91CFAB4E47A9153F867BF71C02418329E675378C23F
                                                                                                                                                                                                                                                                                            SHA-512:72D934B757AEB52F78BAFBBE40AE651ED767654E19F79979291800956EAB6B63DAB989B015D20BB1C44343A57911B9E6F072FA3361949FAEBA3E1D0AD44617CD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. smlouva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "P.e.etl(a) jsem si licen.n. smlouvu a souhlas.m s n..",.. //{0} - Company name.. THANK_YOU: "D.kujeme, .e jste si vybrali aplikaci {0}.",.. INSTALL: "Nainstalovat",.. CANCEL: "Zru.it",.. RETRY: "Zkusit znovu",.. //{0} - Product name.. PROGRESS_TITLE: "Aplikace {0} poskytuje rady ohledn. va.. bezpe.nosti kdekoli na internetu.",.. PROGRESS_SUBTITLE: "Prob.h. instalace...",.. COMPLETE_TITLE: "V.born.! Aplikace byla nainstalov.na a bude v.m poskytovat rady ohledn. bezpe.nosti na internetu.",.. COMPLETE_SUBTITLE: "V.e je p.ipraveno.",.. COMPLETE_LAUNCH: "Otev..t prohl..e.",.. ERROR_OS_REQUIREMENTS: "V instalaci nelze pokra.ovat, proto.e opera.n. syst.m nespl.uje minim.ln. po.adavky na syst.m. Aktualizujte ho a zkuste to znovu.",.. ERROR_BROWSER_REQUIREMENTS: "V instalaci nelze pokra.ovat, proto.e prohl..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2347
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.333935106455295
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:37b55gOog4oPO9iEY+0f0t9IcvuZ1Mv9gfdmBnoaljshJdoJ+vOZZOsOhRss1ozx:37jG4f0vI6y1K9gf4lszQ/sfKzMVsLB
                                                                                                                                                                                                                                                                                            MD5:31CD59D443F62894AA7845B16B52D230
                                                                                                                                                                                                                                                                                            SHA1:445862B005673F3D8579E735B9E2BADF12B8A9C1
                                                                                                                                                                                                                                                                                            SHA-256:A136CF17026B7D5C3F7B686095697697AD937F11B7DAD300793BD6A04FAE8484
                                                                                                                                                                                                                                                                                            SHA-512:6D8E4428868C025CC5ECD489DB9AA670B83D6F039A76AE989DE6C96A94ED54BE6C9BD588748094D4327FD66E2777D53BB0A6ED7EF4164D34753D3923FD1C1CDF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licensaftale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har l.st og er indforst.et med licensaftalen",.. //{0} - Company name.. THANK_YOU: "Tak, fordi du valgte {0}",.. INSTALL: "Installer",.. CANCEL: "Annuller",.. RETRY: "Pr.v igen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhedsr.dgiver, uanset hvor du f.rdes p. nettet.",.. PROGRESS_SUBTITLE: "Installerer ...",.. COMPLETE_TITLE: "Fint. Vi har installeret din personlige onliner.dgiver.",.. COMPLETE_SUBTITLE: "Klar til start",.. COMPLETE_LAUNCH: ".bn browseren",.. ERROR_OS_REQUIREMENTS: "Installationen kan ikke forts.tte, da operativsystemet ikke lever op til minimumssystemkravene. Opdater, og pr.v igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen kan ikke forts.tte, da browseren ikke lever op til minimumssystemkravene. Opdater browseren, og pr.v igen.",.. ERROR_VERSION: "Der er allerede installeret e

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2600
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.247421187490919
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3BYBnLb7UozPrEqx8LL+79IAbBblfBWE6ToivxPEbgHIhygeCovzxkI+o5EREm2p:3BwbkLv+5Ik5lfgq8xAgj/Jvzyi2m5
                                                                                                                                                                                                                                                                                            MD5:CB1508DCE3D340F7510181A0D8C8795C
                                                                                                                                                                                                                                                                                            SHA1:E07A00782D22DE00EBDB8922E39F8AE94B2620FF
                                                                                                                                                                                                                                                                                            SHA-256:768CE90BC1ABF7C4B4DE06AF052EAA469B96A2A15A96BC2C93517A233C24B8B8
                                                                                                                                                                                                                                                                                            SHA-512:1BF169C5492BD29D5D39B42890AD0A657CEC69ECE0D8EA37265912402548F0E0A5A0A51BDB2B8DC39F825B4E4BAA4B4DBDA42EA4A341E01B2605578D04BAB30A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lizenzvertrag",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ich habe den Lizenzvertrag gelesen und stimme ihm zu",.. //{0} - Company name.. THANK_YOU: "Vielen Dank f.r Ihren Download von {0}",.. INSTALL: "Installieren",.. CANCEL: "Abbrechen",.. RETRY: "Erneut versuchen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ist Ihr pers.nlicher Sicherheitsberater f.r das Internet.",.. PROGRESS_SUBTITLE: "Installation l.uft...",.. COMPLETE_TITLE: "Sehr gut. Ihr pers.nlicher Online-Berater wurde installiert.",.. COMPLETE_SUBTITLE: "Fertig",.. COMPLETE_LAUNCH: "Browser .ffnen",.. ERROR_OS_REQUIREMENTS: "Ihre Installation kann nicht fortgesetzt werden, da Ihr Betriebssystem nicht den Mindestsystemanforderungen entspricht. Aktualisieren Sie es, und versuchen Sie es erneut.",.. ERROR_BROWSER_REQUIREMENTS: "Ihre Installation kann nicht fortgesetzt werden, da Ihr Browser nicht den Mindestsystemanforderungen entspr

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3909
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.959626330234211
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:3x8Ii5SdfTMcIa1KgRfSVl7C8mrs/0wzEjMBGrmRUgV:3V3dfTMcv1Kg5Wluc0wzMy2mRUgV
                                                                                                                                                                                                                                                                                            MD5:35188F8291A1F6C53385FEB578A4DCE8
                                                                                                                                                                                                                                                                                            SHA1:1C3617998E95B54DA45D2A568B2CA898041E7BE1
                                                                                                                                                                                                                                                                                            SHA-256:E48BFD5A8A23739E0442BE5B85232450736349D01E201317DCC35C6D9836997E
                                                                                                                                                                                                                                                                                            SHA-512:028FEA1DBEC413C387484D81B8362B6241882A0026DE85554A20D308730CB82C9996776E6432C1D68D4E36EA6CAA7BC99A0AFB5637EB0475370E7578659F18E9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "........ ...... ......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "....... ... .......... .. ........ ...... ......",.. //{0} - Company name.. THANK_YOU: "............ ... ......... .. {0}",.. INSTALL: "...........",.. CANCEL: ".......",.. RETRY: ".........",.. //{0} - Product name.. PROGRESS_TITLE: ".. {0} ..... . .......... ... ......... ......... ... ........... ......... ............ ... Internet.",.. PROGRESS_SUBTITLE: "..............",.. COMPLETE_TITLE: "......! ............. ... ......... ... ........ ... Internet.",.. COMPLETE_SUBTITLE: "..... .......",.. COMPLETE_LAUNCH: "....... ............ ..........",.. ERROR

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2294
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.267826119993783
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3TmE5KPHEAvhhIDX6uSBf15aN+conkQt5SfEZhozWZIMJJZh4mLh6s:33pAphIzqfE+c63ZhozqxJZh5P
                                                                                                                                                                                                                                                                                            MD5:826DA40012B9ED67DEC5628564F13E37
                                                                                                                                                                                                                                                                                            SHA1:7394CF9C5690D48F9B98F7EC2B787AAEAB4343F6
                                                                                                                                                                                                                                                                                            SHA-256:99F7D7328C393F9B9EDE0920965F3450D28EAB68FC84A5E9C85D96BE066D54FE
                                                                                                                                                                                                                                                                                            SHA-512:14A2F8C1ED483780B9CE2DD42728EE540AF3C3E6DD3CFAC9D270E4EB40E1DE5833FE0CF5418D39444A490320D8B04BB0EE72C6F4C764B6BA69021C340829EBEF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "License Agreement",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "I have read and agree to the License Agreement",.. //{0} - Company name.. THANK_YOU: "Thank you for choosing {0}",.. INSTALL: "Install",.. CANCEL: "Cancel",.. RETRY: "Try Again",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is your personal safety advisor wherever you go online.",.. PROGRESS_SUBTITLE: "Installing...",.. COMPLETE_TITLE: "Great! We've installed your personal online advisor.",.. COMPLETE_SUBTITLE: "Ready to go",.. COMPLETE_LAUNCH: "Open my browser",.. ERROR_OS_REQUIREMENTS: "Your installation cannot continue because your operating system does not meet the minimum system requirements. Please update it and try again.",.. ERROR_BROWSER_REQUIREMENTS: "Your installation cannot continue because your browser does not meet our minimum system requirements. Please update your browser and try again.",.. ERROR_VERSION: "You already hav

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2408
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.23107103371674
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3Cx17WnI7bV3mE7NISJvjOfQ2e5loiPLtjCE6zs/vmzuIoJoPl3/fA:3CxB1F337NISUfa5loiRv6AnmzuLJoPm
                                                                                                                                                                                                                                                                                            MD5:38170910D2B12FC46D35AAC5B865B4C8
                                                                                                                                                                                                                                                                                            SHA1:B428448B240FC63E756E4A5AF50B70F603027C5F
                                                                                                                                                                                                                                                                                            SHA-256:13D67914092413B6101892F3749A2026FB02812226C7E26230B642EDC14F51DE
                                                                                                                                                                                                                                                                                            SHA-512:BD1511DC9161290E17B3625FC75307E2A37CF7037B04ACF9E23B369FE17A0D6EDECD296D60B6F630DA6BE23ADAEC5379884AA7E57A5B7FE35B33E0FCEBCE6D4B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Acuerdo de licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Acuerdo de licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por haber elegido {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Vuelva a intentarlo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es su asesor de seguridad personal para la navegaci.n online.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: ".Genial! Hemos instalado su asesor online personal.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "La instalaci.n no puede continuar porque el sistema operativo no cumple los requisitos m.nimos necesarios del sistema. Actual.celo y vuelva a intentarlo.",.. ERROR_BROWSER_REQUIREMENTS: "La instalaci.n no puede continuar porque el navegador no cumple los requisitos m.nimos necesarios del sistema. Actualice el navegador y

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2426
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.244880336393164
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3Cx17JnI7bVAEc+JJNISJvjOfQ2e5loiPLtjCE6aH/vmzuIoJoPl33glUT:3CxBOFNc2JNISUfa5loiRv6aHnmzuLJW
                                                                                                                                                                                                                                                                                            MD5:565FA3F4435A6879B7192319001F21C7
                                                                                                                                                                                                                                                                                            SHA1:1B79C7DFB1A35D9575C548D3350A7522DAEB4EC6
                                                                                                                                                                                                                                                                                            SHA-256:DE331BFE0312F4A0B5DB40AAB8FADC385CE051D43ED60A470CF9B35954C88308
                                                                                                                                                                                                                                                                                            SHA-512:5C380CEA1FA5B70588DF5D08E87B4C4B95D524B08E71B31EC7BB2829ABB148FE7680BA698663EF8FFE10E1E5B7967F44EE7D2749C8C1612CC1B3F4CF69CC5069
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Acuerdo de licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Acuerdo de licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por elegir {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Vuelva a intentarlo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es su asesor de seguridad personal para la navegaci.n en l.nea.",.. PROGRESS_SUBTITLE: "Instalando.",.. COMPLETE_TITLE: ".Excelente! Hemos instalado su asesor de seguridad personal en l.nea.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "La instalaci.n no puede continuar porque el sistema operativo no cumple los requisitos m.nimos necesarios del sistema. Actual.celo y vuelva a intentarlo.",.. ERROR_BROWSER_REQUIREMENTS: "La instalaci.n no puede continuar porque el navegador no cumple los requisitos m.nimos necesarios del sistema. Actualice

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2464
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.32809919710467
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:346H/PfLPVPEajg9IYxDT8i2LKxp8iElfSAnTi7D3/btDM57L6Tsq3sGozCAJIvb:3txsGUIYxHvxZIfLnT03DC5vlqc1zC6E
                                                                                                                                                                                                                                                                                            MD5:FC172CAEBECD16B5ACA6A31132898868
                                                                                                                                                                                                                                                                                            SHA1:6959FDE12BDB2B64DDE80572548E0A2C181BB201
                                                                                                                                                                                                                                                                                            SHA-256:F9874A51A7DDAACACEC7A53221D9FE1495C67C11B9B60C731C782597A2040285
                                                                                                                                                                                                                                                                                            SHA-512:2947B934B0F75A08750077981742569F04EEB5DB691F42941AD5A517E1EB27C414C319FF62A2FF05B9FEAB93A2963C77B85D0D04533E6156ED41A2281F9DC8BF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "K.ytt.oikeussopimus",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Olen lukenut k.ytt.oikeussopimuksen ja hyv.ksyn sen.",.. //{0} - Company name.. THANK_YOU: "Kiitos, ett. valintasi on {0}",.. INSTALL: "Asenna",.. CANCEL: "Peruuta",.. RETRY: "Yrit. uudelleen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} on henkil.kohtainen turvallisuusavustajasi, kun k.yt.t verkkoa.",.. PROGRESS_SUBTITLE: "Asennetaan.",.. COMPLETE_TITLE: "Hienoa! Henkil.kohtainen verkkoavustajasi on asennettu.",.. COMPLETE_SUBTITLE: "Valmis k.ytett.v.ksi",.. COMPLETE_LAUNCH: "K.ynnist. selain",.. ERROR_OS_REQUIREMENTS: "Asennusta ei voi jatkaa, koska k.ytt.j.rjestelm.si ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. k.ytt.j.rjestelm. ja yrit. uudelleen.",.. ERROR_BROWSER_REQUIREMENTS: "Asennusta ei voi jatkaa, koska selaimesi ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. selain ja yr

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2783
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.254933022383819
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3XYTQm7+XFcEqEmfX8IEKOIgkPgPjynfHzz8zq5n3k+HGjKm9bQErQz4YxkLzEt+:3XFVZxmfX8IX/gwfHz4zotKtrgxwzUhe
                                                                                                                                                                                                                                                                                            MD5:64816D7F2A328E11F770E32F7A50484E
                                                                                                                                                                                                                                                                                            SHA1:383930CB275A9AF6DB080DA6B09842B76FF440F4
                                                                                                                                                                                                                                                                                            SHA-256:DBCD2341621B62D12ACF04701BFC42F1D4EB646439F9D7D242605CC036AF51FC
                                                                                                                                                                                                                                                                                            SHA-512:2BB37692C8381066FA2F0CEE734CD58207DE8FEE0E0EB68947A286EAE74D403D516981A057F1068E83606EC1BDEB671AB7A3639FC8238D1A7B14E918899413EF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrat de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et approuv. le contrat de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installation",.. CANCEL: "Annuler",.. RETRY: "R.essayez",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit. lorsque vous naviguez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Tr.s bien! Nous avons install. votre conseiller personnel en mati.re de s.curit. en ligne.",.. COMPLETE_SUBTITLE: "Pr.t au lancement",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Il est impossible de poursuivre l'installation, car votre syst.me d'exploitation ne satisfait pas . la configuration minimale requise. Veuillez le mettre . jour et essayer de nouveau.",.. ERROR_BROWSER_REQUIREMENTS: "Il est impossible de poursuivre l'installatio

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2672
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.272326001804358
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3skZTOo+8CFRhEq5wkQ8I5yb7npX3uyb6FpYE3Kfjvz75B8g5DVdNABqbkyETa4h:3skOdRqM/Q8I5W7duW64sKfjvz1mmzXg
                                                                                                                                                                                                                                                                                            MD5:D88A9443942F187F9A59D334F5B1A765
                                                                                                                                                                                                                                                                                            SHA1:647DE934D2426375D3E311E5FADDD97C4D093FD1
                                                                                                                                                                                                                                                                                            SHA-256:975A1B714BC14BED3636A6756C581898DEC03AF3B0A6D996D777B03B1BEEF88F
                                                                                                                                                                                                                                                                                            SHA-512:8E198C8EDFA388CA54970FEBB395F8CCAA83BF10EEA49B3D21027F36B7E96EF0F8452255F090C06DD8209E1648BC0502B2A44740971CA83E12651EEC42DF6343
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Accord de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et j'accepte l'accord de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installer",.. CANCEL: "Annuler",.. RETRY: "R.essayer",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit. o. que vous vous trouviez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Tr.s bien. Nous avons install. votre conseiller en ligne personnel.",.. COMPLETE_SUBTITLE: "Pr.t",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Votre installation ne peut pas se poursuivre car votre syst.me d'exploitation ne correspond pas . la configuration syst.me minimale requise. Mettez-le . jour et essayez . nouveau.",.. ERROR_BROWSER_REQUIREMENTS: "Votre installation ne peut pas se poursuivre car votre navigateur ne correspond pas .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2472
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.35142214273438
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:353pQsd9EjihC7lRIZYwfChm7gg7oG9RMGbm6O6IgXvzU6MIIJC52jd+yVfr:3bdYjQgrIBfvMg7JruJgfzU6MIGC52xP
                                                                                                                                                                                                                                                                                            MD5:F5A4C7E4887A85968564F17531A199F6
                                                                                                                                                                                                                                                                                            SHA1:14AFA8A3089E9FDF56104ECD055CAA301DCCE892
                                                                                                                                                                                                                                                                                            SHA-256:CA1DA36A8E26CC5C4283E1B0FCFC4DE98A79A5FE9C847F52E74C70FC2982BEC6
                                                                                                                                                                                                                                                                                            SHA-512:B921A83071EBEBBD71234B3015AD01708CF8B6530721707CDDB8AB8572EFC3FD6E7DCA46A653F0AE63B076DEB305450FCAD1477F54D1C0FFC21896121FD7978B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencni ugovor",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao/la sam i prihva.am Licencni ugovor",.. //{0} - Company name.. THANK_YOU: "Zahvaljujemo .to ste odabrali tvrtku {0}",.. INSTALL: "Instaliraj",.. CANCEL: "Odustani",.. RETRY: "Poku.ajte ponovno",.. //{0} - Product name.. PROGRESS_TITLE: "{0} va. je osobni savjetnik o sigurnosti neovisno o tome gdje se nalazite na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Sjajno! Instalirali smo va.eg osobnog savjetnika na mre.i.",.. COMPLETE_SUBTITLE: "Spremno za rad",.. COMPLETE_LAUNCH: "Otvori moj preglednik",.. ERROR_OS_REQUIREMENTS: "Instalaciju nije mogu.e nastaviti jer va. operacijski sustav ne ispunjava minimalne preduvjete sustava. A.urirajte ga i poku.ajte ponovno.",.. ERROR_BROWSER_REQUIREMENTS: "Instalaciju nije mogu.e nastaviti jer va. preglednik ne ispunjava minimalne preduvjete sustava. A.urirajte p

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2712
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.522969234769431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3tLzMpIEAIQIsOGfHgoZciWDBMK+Q4L8NPpTWzn9jIaLe7eZm:3dy1AIQIafrCiMBMK48NPpazndBe7eZm
                                                                                                                                                                                                                                                                                            MD5:EAF7ABF3740F41E8D05C8F0788D794F2
                                                                                                                                                                                                                                                                                            SHA1:5C7B54D31137ADB73E49F7C8976A4B20A65AF544
                                                                                                                                                                                                                                                                                            SHA-256:D744D6F90475CF2C7CC66B8B9DBC5049DB3E4720086EB672A812F3F40BA6395D
                                                                                                                                                                                                                                                                                            SHA-512:0EF015D69A409BA85E7F0C69C3615C73DBFEE4A4185EBD88D369890CD826E7F5472DFCFB5F7C90318C092D0B3FF5B14022B0052B1C4A0EFAB63E04636989DF8E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencmeg.llapod.s",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Elolvastam .s elfogadom a Licencmeg.llapod.st",.. //{0} - Company name.. THANK_YOU: "K.sz.nj.k, hogy a(z) {0} mellett d.nt.tt",.. INSTALL: "Telep.t.s",.. CANCEL: "M.gse",.. RETRY: "Pr.b.lkozzon .jra",.. //{0} - Product name.. PROGRESS_TITLE: "{0} az .n szem.lyi tan.csad.ja, aki mindenhova .nnel tart az interneten.",.. PROGRESS_SUBTITLE: "Telep.t.s...",.. COMPLETE_TITLE: "Rendben. Szem.lyi tan.csad.j.nak telep.t.se sikeresen befejez.d.tt.",.. COMPLETE_SUBTITLE: "Haszn.latra k.sz",.. COMPLETE_LAUNCH: "B.ng.sz. megnyit.sa",.. ERROR_OS_REQUIREMENTS: "A telep.t.s nem folytat.dhat, mivel az oper.ci.s rendszer nem felel meg a minim.lis rendszerk.vetelm.nyeknek. Hajtsa v.gre a friss.t.st, majd pr.b.lkozzon .jra.",.. ERROR_BROWSER_REQUIREMENTS: "A telep.t.s nem folytat.dhat, mivel a b.ng.sz. n

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2394
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2754976493804335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3UWhiWDdQoGoIt/EqRw0+KIbpxLWpuKf/XG+E6lGN5/5wZplY8547w6ZzE+IR1uZ:3dqrt820KInL9KfO+Evf5y0jZzNG1u0w
                                                                                                                                                                                                                                                                                            MD5:B55990CF0154A46C757DBB34AAD702E6
                                                                                                                                                                                                                                                                                            SHA1:EDF6DF5FE52A8FDFBE9DB8A5CC71E258E3DE85D3
                                                                                                                                                                                                                                                                                            SHA-256:0C12592901FE41369B4E112E6E8E758EA477F111C0C32557C7E0036275C1E2EA
                                                                                                                                                                                                                                                                                            SHA-512:7B97219B654E9D6E81F9477317A043420BCCA2E3B5424D408783ED9013AE8FF8B0A7A6773C9E794AE75086492234AA460993684D573538F9B91B8A253E8706B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contratto di licenza",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ho letto e accetto il contratto di licenza",.. //{0} - Company name.. THANK_YOU: "Grazie per aver scelto {0}",.. INSTALL: "Installa",.. CANCEL: "Annulla",.. RETRY: "Riprova",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . il tuo consulente sulla sicurezza personale quando sei online.",.. PROGRESS_SUBTITLE: "Installazione in corso...",.. COMPLETE_TITLE: "Perfetto! Abbiamo installato il tuo consulente sulla sicurezza online personale.",.. COMPLETE_SUBTITLE: "Pronto all'uso",.. COMPLETE_LAUNCH: "Apri browser",.. ERROR_OS_REQUIREMENTS: "L'installazione non pu. proseguire poich. il sistema operativo non soddisfa i requisiti minimi di sistema. Aggiornalo e riprova.",.. ERROR_BROWSER_REQUIREMENTS: "L'installazione non pu. proseguire poich. il browser non soddisfa i requisiti minimi di sistema. Aggiorna il browser e riprova.",.. ERROR_VE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3042
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.662814560469893
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3wGDxx6nDARECJhlFV0Inu4+nc4sf79U6MwMiWBmxjGlmDr2hvuskl2KzYzKIKv4:3wwT6c62zFV0InOnKf726pEm2mqvSZz4
                                                                                                                                                                                                                                                                                            MD5:12CB76F3C6DA72199F124488CEB0C739
                                                                                                                                                                                                                                                                                            SHA1:BCDC554FE579D2CE9B887D28F8CBD70D12AF1110
                                                                                                                                                                                                                                                                                            SHA-256:DBF88A45B56D90B823AE70F42AB6C523B12AC98A85FDD7097FE7D45D1DC2F37A
                                                                                                                                                                                                                                                                                            SHA-512:AD0067E9040F0E8D7DB7DCD77901F29866E49B07243F42961C96FCF173D7725663445F8E0C6DF298D4F2C8C0ACE00A0E56F8443D5B162C92CB222A7A5C1A7D00
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "......................",.. //{0} - Company name.. THANK_YOU: "{0} ...................",.. INSTALL: "......",.. CANCEL: ".....",.. RETRY: "...",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ...................................",.. PROGRESS_SUBTITLE: "..............",.. COMPLETE_TITLE: "....... ........... ...................",.. COMPLETE_SUBTITLE: "........",.. COMPLETE_LAUNCH: "........",.. ERROR_OS_REQUIREMENTS: "....................... ....................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2602
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.836230399985154
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3SvoaWNG4EaECInqhq5fqYb26FugHU98U5MmilHU5n9HU5MKzpNKI6iUIX2z0O7s:3S84Fa9Inqhq5fLjFF0WU5Mmi5U5nRUr
                                                                                                                                                                                                                                                                                            MD5:D23965E41B4539E4CC497222F6684919
                                                                                                                                                                                                                                                                                            SHA1:3E44F89D44431C401194CE7177B318C75178AC2A
                                                                                                                                                                                                                                                                                            SHA-256:DC67EFA7C9947B1D3E0420834F18C897AE03167CEB0C66C4EAF00DAC9372F0D1
                                                                                                                                                                                                                                                                                            SHA-512:B37045ABF2E217F6B3F280A887C01FCDF5C87D41DF73FAAFF9B8C48C93A257EF6D291199C4E4E4C7F0D44CFE04B83D47F9432A651EA98C546F1A6F47AA61C23E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "... ..",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "... ... .. .. ......",.. //{0} - Company name.. THANK_YOU: "{0} ... ... ... ......",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: ".. ..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}. .. .... .. .. .. ... .......",.. PROGRESS_SUBTITLE: ".. ....",.. COMPLETE_TITLE: "....! .. ... .... .......",.. COMPLETE_SUBTITLE: "... ... .....",.. COMPLETE_LAUNCH: ". .... ..",.. ERROR_OS_REQUIREMENTS: "..... .. ... ... .... .... ... ... . ..... ..... ...... .. .......",.. ERROR_BROWSER_REQUIREMENTS: "..... .. ... ... .... ...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2387
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.326526728309049
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3795VOotrOcpVDEY4IRw0/9IcBVFDqFafj8Kae0QJhGd/i+GFPxWj0ssjzr9cIUq:37R7pVgzCw0VIaVFuFaf3l5QAfjzrKZq
                                                                                                                                                                                                                                                                                            MD5:FE4AD063455C03EE27B5F750D61E95B9
                                                                                                                                                                                                                                                                                            SHA1:7DEACAC98FD52F7502861449F357665F54579C5F
                                                                                                                                                                                                                                                                                            SHA-256:FB963C4BB34D1A5EB6B9C7815653467905AC018B37A3D7A0A9C025340A1715E7
                                                                                                                                                                                                                                                                                            SHA-512:F97A4ACD8AF732661E6E978A6E7FC8D6D8DBFFD09AF92F9C72198140CA62B32374BD8ECE49FDBBD10D32BB66366BD8A60226D5FC1E7883528B136C2A7B14136F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisensavtale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har lest og godtar lisensavtalen",.. //{0} - Company name.. THANK_YOU: "Takk for at du har valgt {0}",.. INSTALL: "Installer",.. CANCEL: "Avbryt",.. RETRY: "Pr.v p. nytt",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhetsr.dgiver n.r du er p. Internett.",.. PROGRESS_SUBTITLE: "Installerer..",.. COMPLETE_TITLE: "Flott! Vi har installert din personlige Internett-r.dgiver.",.. COMPLETE_SUBTITLE: "Klar til . sette i gang",.. COMPLETE_LAUNCH: ".pne nettleseren min",.. ERROR_OS_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi operativsystemet ikke oppfyller minimum systemkrav. Oppdater det og pr.v p. nytt.",.. ERROR_BROWSER_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi nettleseren ikke oppfyller minimum systemkrav. Oppdater nettleseren og pr.v p. nytt.",.. ERROR_VERSION: "Det ser ut til at d

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2494
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.226284665023455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3HZ/GOx7kopP4IeGyEY/n40AcTI3k7JWxXDk7JdIXrf24+0nB7v7lRbY2ID6XVUt:3Hb+nAqjAkI3WcxXDWPIXrfwkBD9i6Xe
                                                                                                                                                                                                                                                                                            MD5:BF5949895F41B4F6D08E49698DC4E9D3
                                                                                                                                                                                                                                                                                            SHA1:066B405A8A2868483F97113B0B60B1AC676E842F
                                                                                                                                                                                                                                                                                            SHA-256:8C555EB343D4C728ACE8BCBEB5A352C07B3E00C83147D169EF6B9DFD9CD23040
                                                                                                                                                                                                                                                                                            SHA-512:61C40CD80955E7CA5D103276F62B6ECBAC7C60A5078B7877D7D1033F12D55131AA9A257A829CAED139FECD01E2B01CB86075C5206790AC2C58CACD22F99E2864
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licentieovereenkomst",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ik heb de Licentieovereenkomst gelezen en ga ermee akkoord",.. //{0} - Company name.. THANK_YOU: "Hartelijk dank dat u hebt gekozen voor {0}",.. INSTALL: "Installeren",.. CANCEL: "Annuleren",.. RETRY: "Opnieuw proberen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is uw persoonlijke veiligheidsadviseur waar u ook online gaat.",.. PROGRESS_SUBTITLE: "Installeren...",.. COMPLETE_TITLE: "Fantastisch! We hebben uw persoonlijke online adviseur ge.nstalleerd.",.. COMPLETE_SUBTITLE: "U bent klaar om te beginnen",.. COMPLETE_LAUNCH: "Open mijn browser",.. ERROR_OS_REQUIREMENTS: "Uw installatie kan niet worden voortgezet omdat uw besturingssysteem niet voldoet aan de minimale systeemvereisten. Werk het bij en probeer het opnieuw.",.. ERROR_BROWSER_REQUIREMENTS: "Uw installatie kan niet worden voortgezet omdat uw browser niet voldoet aan onze mi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2589
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.548786014317691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:31Mp2pQa6EiVoNIGz2wizAsferOrW6IjW1FRHZZ8z0h0hXigYDzgzI77cclvNd:3r+0iVQI5wJsf8GW6IjqfHZchygYDzg8
                                                                                                                                                                                                                                                                                            MD5:6A16DAB3523E7AF305B26FBA217E860E
                                                                                                                                                                                                                                                                                            SHA1:29517855BEB19D32519143173BB22D135F6B98FB
                                                                                                                                                                                                                                                                                            SHA-256:30F0DBE88BE90649F4FAE6DCB106F4DE959C820F2DB1C5BE21AC35EABDA75175
                                                                                                                                                                                                                                                                                            SHA-512:2199F9FC519A9F8DC6D721A2F40611750AF8360C9AD28C407234A07E208674F37F676D4741F2C1836D5CBEF7AD3D5BE11031B3BDE37B03DC0D0F6055DB8DD3E7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Umowa licencyjna",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Potwierdzam znajomo.. warunk.w umowy licencyjnej i akceptuj. je.",.. //{0} - Company name.. THANK_YOU: "Dzi.kujemy za wybranie firmy {0}",.. INSTALL: "Zainstaluj",.. CANCEL: "Anuluj",.. RETRY: "Spr.buj ponownie",.. //{0} - Product name.. PROGRESS_TITLE: "Program {0} to Tw.j osobisty doradca bezpiecze.stwa online.",.. PROGRESS_SUBTITLE: "Instalowanie...",.. COMPLETE_TITLE: ".wietnie. Tw.j osobisty doradca bezpiecze.stwa online zosta. zainstalowany.",.. COMPLETE_SUBTITLE: "Gotowe",.. COMPLETE_LAUNCH: "Otw.rz przegl.dark.",.. ERROR_OS_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, poniewa. system operacyjny nie spe.nia minimalnych wymaga. systemowych. Zaktualizuj system i spr.buj ponownie.",.. ERROR_BROWSER_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, poniewa. przegl.darka nie spe.nia minimalnych wymaga. systemow

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2414
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2988087990745925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:30pLnIOYwREtajaI1BKraNfZwe6GcIe+LLCEHxg5aozFVI1rJqPDJ:3VI68jaIjNf9F3Hwbz3aJqP1
                                                                                                                                                                                                                                                                                            MD5:849C3799B0C8971570831E4F711B3346
                                                                                                                                                                                                                                                                                            SHA1:CDBF413BCE5DAACBFE84E373A1540DC5B011A106
                                                                                                                                                                                                                                                                                            SHA-256:87D05712716ECD8E6105FFE67D6F3CBAE37F587C20F5969BDC4CB272659A06A7
                                                                                                                                                                                                                                                                                            SHA-512:29D895F2F8246E6EB6C843ABABF524182E880724E192CA10C24548ECB26429076D21F3C816C22480265F7792E9595C03E554AEE6F075AAF7E12AEA6DF73243F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Li e concordo com o Contrato de Licen.a",.. //{0} - Company name.. THANK_YOU: "Obrigado por escolher {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar novamente",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . o seu assessor de seguran.a personalizado onde quer que voc. navegue.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: "Excelente! O seu assessor online personalizado foi instalado.",.. COMPLETE_SUBTITLE: "Pronto para come.ar",.. COMPLETE_LAUNCH: "Abrir meu navegador",.. ERROR_OS_REQUIREMENTS: "A instala..o n.o pode continuar. Seu sistema operacional n.o atende aos requisitos m.nimos do sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "A instala..o n.o pode continuar. Seu navegador n.o atende aos requisitos m.nimos do sistema. Atualize o navegador e tente novamente.",.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2407
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2886589358625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:30pgnIuAGE6y4IvQdKVvNfwSe6GfIhq+L1w9V5eEHp4aUzFy5JI1rJqPlE08g:3uhX6y4IvQdUlfKF3PHHp4DziaJqPlE0
                                                                                                                                                                                                                                                                                            MD5:398278D642159E254CC2E2E93E1179A9
                                                                                                                                                                                                                                                                                            SHA1:CA3D1F07A7BEA2F5543C06850D4D2BA8933DCF96
                                                                                                                                                                                                                                                                                            SHA-256:F002B5EB3EF95D1885943AE117C0126B7C0A1AE8717FBC6CEC6E71738A6B11FB
                                                                                                                                                                                                                                                                                            SHA-512:D51964FC93B16B112094E3C796096B821B5D5392D7E26BFD2527279290D1D84472AA32BB34533D14C5E89570BA257DFB82DB78C0170552A24C0222FB54D818B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Li e concordo com o Contrato de Licen.a",.. //{0} - Company name.. THANK_YOU: "Obrigado por escolher a {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar Novamente",.. //{0} - Product name.. PROGRESS_TITLE: "O {0} . o seu assistente de seguran.a pessoal quando navega online.",.. PROGRESS_SUBTITLE: "A instalar...",.. COMPLETE_TITLE: ".timo! Instal.mos o seu assistente pessoal online.",.. COMPLETE_SUBTITLE: "Pronto a utilizar",.. COMPLETE_LAUNCH: "Abrir o meu browser",.. ERROR_OS_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu sistema operativo n.o cumpre os requisitos m.nimos do sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu browser n.o cumpre os nossos requisitos m.nimos do sistema. Atualize o seu browser e ten

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3518
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.982461398239248
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:3UVaCuKa+4I4QashQrsyfb6yJBvr8/zsPoSBRr:3UVMKaN91jb6yg/z2oSBRr
                                                                                                                                                                                                                                                                                            MD5:0D30587749530D65A88D73D59CCD1E5A
                                                                                                                                                                                                                                                                                            SHA1:9EE32D2B5EF0CEFE8D4FDB3EC212D8543BC3BE37
                                                                                                                                                                                                                                                                                            SHA-256:4D49FCE39B3D237AD4C06CDDEEB3A18E1E24AEAD20F1B29E130D2C6A0F9E6664
                                                                                                                                                                                                                                                                                            SHA-512:FD37F80A531EC3F24FD904EE1C95AFC2E6BC07D3FBC10C450AF5E768FCC61C2ED7EE9B6D13F8953A33BE2C88E841EB2389C7E8E741A198E4BC46F4E605B8CC86
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "............ ..........",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".... ......... . ....... ....... ............. ..........",.. //{0} - Company name.. THANK_YOU: ".......... ... .. ..... {0}",.. INSTALL: "..........",.. CANCEL: "......",.. RETRY: "......... .......",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . ... ...... ........ .. ........ ............ . ..........",.. PROGRESS_SUBTITLE: "............",.. COMPLETE_TITLE: ".......! ...... ........ .. ........ ............ ...........",.. COMPLETE_SUBTITLE: "... ......",.. COMPLETE_LAUNCH: "....... .......",.. ERROR_OS_REQUIREMENTS: "......... .......... ..........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2503
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.602740783934961
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3KUCaDVRZIB0HHEFYdVXIBJSoAcJSjAKf+EPnAn9kwk8Aw7JmERmPezlU8IPJicX:3K94Bu0HkFoXImoArjAKf+EPnAnewk8c
                                                                                                                                                                                                                                                                                            MD5:C54E3998BC66508564C96E1293B8DF95
                                                                                                                                                                                                                                                                                            SHA1:99EEF5395A784B94F8AF841165A5AC88AFC0F7B5
                                                                                                                                                                                                                                                                                            SHA-256:3AD5819098C6B95BBA65144A4FFDE14FF3DB1BEE95934B7F56C51EDCEF1E0E81
                                                                                                                                                                                                                                                                                            SHA-512:5888B2C5E34D39A9C876DB7F7C53B0059A5A9D9CD15F8F678601049940BFA0467B490A926812AC92EE28EA74425070D2A5A45A9C4472316FA334202FB3B7EC85
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. zmluva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pre..tal(-a) som si licen.n. zmluvu a s.hlas.m s .ou",.. //{0} - Company name.. THANK_YOU: ".akujeme, .e ste si zvolili {0}",.. INSTALL: "In.talova.",.. CANCEL: "Zru.i.",.. RETRY: "Sk.si. znova",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je v.. osobn. bezpe.nostn. poradca pri va.ich potulk.ch internetom.",.. PROGRESS_SUBTITLE: "In.taluje sa...",.. COMPLETE_TITLE: "Skvel.! Osobn. poradca online je nain.talovan..",.. COMPLETE_SUBTITLE: "Hotovo",.. COMPLETE_LAUNCH: "Otvori. prehliada.",.. ERROR_OS_REQUIREMENTS: "V in.tal.cii nie je mo.n. pokra.ova., preto.e opera.n. syst.m nesp..a minim.lne syst.mov. po.iadavky. Aktualizujte ho a sk.ste to znova.",.. ERROR_BROWSER_REQUIREMENTS: "V in.tal.cii nie je mo.n. pokra.ova., preto.e prehliada. nesp..a minim.lne syst.mov. po.iadavky. Aktuali

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2366
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3706965599670475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3iWxpQUZMEji4CqYBIInphvGEfD/cTdRCcegQ6DRjRSGnzUwMIIJLQ5omWpB5gj:3ikbTjBrGIAH7fD/cpUdiRcGnzUwMIAe
                                                                                                                                                                                                                                                                                            MD5:9A4E59CB63A401DD5E47D83064EC040C
                                                                                                                                                                                                                                                                                            SHA1:5668CFE91E01BE9871C15E878D6F09338FFAADC5
                                                                                                                                                                                                                                                                                            SHA-256:C0CCAA5684770250AB97DACFE88BF4C5FCBAFDCCBB8444208B3C659B10C09A51
                                                                                                                                                                                                                                                                                            SHA-512:D49CF85D1CEB390C6BF955FD81371EBC95A642F2119A25F6A70B8B543BEBE01C30E3A46823926617041AD34C8191385B5583BC9AAB2D64BCB5915F2166B40768
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Ugovor o licenciranju",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao/la sam i saglasan/na sam sa ugovorom o licenciranju",.. //{0} - Company name.. THANK_YOU: "Hvala vam .to ste odabrali {0}",.. INSTALL: "Instaliraj",.. CANCEL: "Otka.i",.. RETRY: "Poku.ajte ponovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va. li.ni savetnik kada god ste na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Odli.no! Instalirali smo va. li.ni savetnik na mre.i.",.. COMPLETE_SUBTITLE: "Spremno je",.. COMPLETE_LAUNCH: "Otvori pregleda.",.. ERROR_OS_REQUIREMENTS: "Instalacija ne mo.e da se nastavi zato .to sistem ne ispunjava minimalne zahteve. A.urirajte i poku.ajte ponovo.",.. ERROR_BROWSER_REQUIREMENTS: "Instalacija ne mo.e da se nastavi zato .to pregleda. ne ispunjava minimalne zahteve sistema. A.urirajte pregleda. i poku.ajte ponovo.",.. ERROR_VERSION: "Ve. imat

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2265
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.377389451873531
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3Ud6ODtNYPmAEYSwxFjIcvFLcFafDyMC/4ekY3+rh7sK0MCoO0oz/wrIfGEzjZU1:30DNcnIiFgFaf+imYJOvz4rCR2h
                                                                                                                                                                                                                                                                                            MD5:3D0EF828C3BD895D981998C4E58C7B95
                                                                                                                                                                                                                                                                                            SHA1:AF4217D3F6A58EF0E813860AF905DF4F7A4DE35D
                                                                                                                                                                                                                                                                                            SHA-256:266FB97C87C109B9FB7FF8099DBA0BBE00C52F7E4106D0138E6922FED4F01EDF
                                                                                                                                                                                                                                                                                            SHA-512:9B847A3F5385601767090338CC50F8960FABA50DDAF66A71ACE6C3E9B057FDA6C5C8C55323198BA91421C902D6BD7BD496A231B4556A9533B1FD00A5697D2329
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licensavtal",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jag har l.st och godk.nner licensavtalet",.. //{0} - Company name.. THANK_YOU: "Tack f.r att du valde {0}",.. INSTALL: "Installera",.. CANCEL: "Avbryt",.. RETRY: "F.rs.k igen",.. //{0} - Product name.. PROGRESS_TITLE: "{0} .r din personliga s.kerhetsr.dgivare online.",.. PROGRESS_SUBTITLE: "Installerar...",.. COMPLETE_TITLE: "Perfekt. Vi har installerat din personliga r.dgivare online.",.. COMPLETE_SUBTITLE: "Klar att anv.nda",.. COMPLETE_LAUNCH: ".ppna min webbl.sare",.. ERROR_OS_REQUIREMENTS: "Installationen avbr.ts eftersom ditt operativsystem inte uppfyller systemkraven. Uppdatera och f.rs.k igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen avbr.ts eftersom din webbl.sare inte uppfyller systemkraven. Uppdatera webbl.saren och f.rs.k igen.",.. ERROR_VERSION: "En nyare version av programvaran .r redan installerad p.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2564
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.498731406448142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3DdmZCox80uGgE+dh70Ij+AUJBI+AxuzfvF57ybqEmpwAY3LgMseo44oU+Wz7kjV:3kwoK0v+dhYIjMs5uzf7g5ue5Lgz6CXi
                                                                                                                                                                                                                                                                                            MD5:026E4B5E29E4BBB3159ABEAF2B8E4F45
                                                                                                                                                                                                                                                                                            SHA1:7FB235431596C61420DFAE2415BD87DA22A096C9
                                                                                                                                                                                                                                                                                            SHA-256:47FB7C0C921E2948CA58775F9FA12177A33B9C8CBF4531369CABFBA73382983D
                                                                                                                                                                                                                                                                                            SHA-512:E55D2815279E0CB933525FAC56261CC8F07089D3FD49A797EDF4A51F2A31BBB29CAAFFB7D9B1DF95CAC2E7A3F255B75F4D98D314DE9F755422203442B008337F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisans S.zle.mesi",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Lisans S.zle.mesi'ni okudum ve kabul ediyorum",.. //{0} - Company name.. THANK_YOU: "{0}'yi se.ti.iniz i.in te.ekk.rler",.. INSTALL: "Y.kle",.. CANCEL: ".ptal",.. RETRY: "Yeniden Dene",.. //{0} - Product name.. PROGRESS_TITLE: "{0} Internet'te her an yan.n.zda olan ki.isel g.venlik dan..man.n.zd.r.",.. PROGRESS_SUBTITLE: "Y.kleniyor...",.. COMPLETE_TITLE: "Harika! Ki.isel .evrimi.i dan..man.n.z. y.kledik.",.. COMPLETE_SUBTITLE: "Kullan.ma haz.r",.. COMPLETE_LAUNCH: "Taray.c.m. a.",.. ERROR_OS_REQUIREMENTS: "..letim sisteminiz minimum sistem gereksinimlerini kar..lamad...ndan y.kleme i.lemine devam edilemiyor. L.tfen g.ncelleyin ve tekrar deneyin.",.. ERROR_BROWSER_REQUIREMENTS: "Taray.c.n.z minimum sistem gereksinimlerimizi kar..lamad...ndan y.kleme i.lemine devam edilemiyor. L.tfen t

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2044
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.285030103087084
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3oeWvFbBQLSECfPnIuDfC9lI2S1lZmYDbVzzIKg+bl736:3obrYzCnnIuDfC9lIZmuRzzY+Y
                                                                                                                                                                                                                                                                                            MD5:0B59E12E50A67AD6F2DDD0E3F66AFECA
                                                                                                                                                                                                                                                                                            SHA1:D8FEBC294B43FB2D8E64342BD4237B77D7CCD2C6
                                                                                                                                                                                                                                                                                            SHA-256:ADEF8EB008A44767EFFAC76D89EB8E25F2A5FDBE89D015489377AE4170BFD893
                                                                                                                                                                                                                                                                                            SHA-512:A9C34AE2CBD7B6AD7FE5EFCAFBF9BB7D94D524C402635DFE4D2FA94D0591371927B7F6A719C75C56D90202FD5992CE8D7932B0AFD0E575A235EF0D6A09A74EE3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "...........",.. //{0} - Company name.. THANK_YOU: ".....{0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}.................",.. PROGRESS_SUBTITLE: ".......",.. COMPLETE_TITLE: "...! ............",.. COMPLETE_SUBTITLE: "....",.. COMPLETE_LAUNCH: ".......",.. ERROR_OS_REQUIREMENTS: "....................... .........",.. ERROR_BROWSER_REQUIREMENTS: "...................... ..........",.. ERROR_VERSION: "...................",.. ERROR_FAIL: ".......... ....",.. ERROR_DU

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-install-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2196
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.289430294079431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3/svnWuIBR1EwNsIb5w6fIPlBZWe2jeemIuzlJIeqwYkZ0:3/Cw4wmIZfIPlBcaeJuzXjqwYt
                                                                                                                                                                                                                                                                                            MD5:C900225095802764F8679D8A02F02AB5
                                                                                                                                                                                                                                                                                            SHA1:4D9C399F5EB401D47C09690F9249FDFD51F61411
                                                                                                                                                                                                                                                                                            SHA-256:08ED61685723AF77BED3313C0AB99630DAE45433A56299A616C964FE6962CF7E
                                                                                                                                                                                                                                                                                            SHA-512:44D0B72C7E0CCC89F482CDC5899D08F5243C0A701189A149C660F5013CC3B028835819350CA40784DD07D0DA62D53343D2B5868A4D91048F12051561A627A619
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "............",.. //{0} - Company name.. THANK_YOU: "..... {0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "....",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ...................",.. PROGRESS_SUBTITLE: ".......",.. COMPLETE_TITLE: ".... ..............",.. COMPLETE_SUBTITLE: ".......",.. COMPLETE_LAUNCH: ".....",.. ERROR_OS_REQUIREMENTS: "......................... ...........",.. ERROR_BROWSER_REQUIREMENTS: "........................ ................",.. ERROR_VERSION: ".................",.. ERROR_FAIL: ".

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):716
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.607011971536562
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRTouifdRnMA2ndBN:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9z
                                                                                                                                                                                                                                                                                            MD5:DB5296C11A4E1E23249BFBA40CE350D8
                                                                                                                                                                                                                                                                                            SHA1:85C35D7E41A25D99378F2814874547D87010913F
                                                                                                                                                                                                                                                                                            SHA-256:957F3FFE17A9069F4750CD36096BD997349B53A1952A67D5C1F9FD6B5851EEF2
                                                                                                                                                                                                                                                                                            SHA-512:2D143620D9B37B28EE8F16FEBA6F422C3B4765D7D22976C941609BA283AD6636B4306C7D0E32ADF7595B7B01E0CE86F29FDF452EA6739483ACE1EF206809D77F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//81042082CF7CB241A3443F862EE0EECFC8376F5C371C52B28F8DEA321E42D8840BC343D8FABC64A697B28E43C4C1C1BFA5EC01A85A0790B68226181A356241BD++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):728
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.532507354590994
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bikzbkLwT5zxjAHo8wN9wuRTo36ClngbD3CXh:7e9SlNLiafLYFv9KO4dWIOHo8wN9ZROf
                                                                                                                                                                                                                                                                                            MD5:7B935965B36524190BD312B61B43A078
                                                                                                                                                                                                                                                                                            SHA1:52C05B0B95461D1B80543AA032422F91BA6BC72B
                                                                                                                                                                                                                                                                                            SHA-256:3C137CDC865081F47A2F8062CE7B9A3F951F992F236B974582589CD8014A8AAF
                                                                                                                                                                                                                                                                                            SHA-512:2EB7186ACFC3570FA08F39225B4198616547627CFFDAB9D47A58A25FF9FEFD8EC68AEE886622983E404E87C918024888DC39FF1C94B0BA7499ADFF08864C356D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3E820E543090689D74FF63DE8AEDAAE21AE9AB8C7D697AED71A8150A8BAE9004FC3F4C908202E74DEBAF28611421437720982EFDCC7CB2A2BA103910200151AA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):695
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.523104478615486
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRTo4SruEFqcgZwh:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZR4
                                                                                                                                                                                                                                                                                            MD5:40ACF45F141BA18E03507C2082902777
                                                                                                                                                                                                                                                                                            SHA1:DAB8213D3E5FFF5838D1CB873E65784B635DE966
                                                                                                                                                                                                                                                                                            SHA-256:CD252FEECF3EE19E9C849783C416E9B782BFD3D681C658FB1464DABFCB839019
                                                                                                                                                                                                                                                                                            SHA-512:189881E6F381CA9F6392C7B9DBD302C119158997C1B6D9E23E9D2EB375FA54FD453DE6515E073A59F6AFC14132571B4C3ECE176DA75B9244A1CD5224D6348A99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//49321CFEBE589D1646EB716015DFBDDDBC5CB3611EF0CC5F0E546054368EF7FFF2A13B5AF228BB9481A39AE66C23F091EECA5628AEFC29837E2DAA08BDF0F01A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):750
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.752183544639771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRToElNyhV3eEX2:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9h
                                                                                                                                                                                                                                                                                            MD5:25AC661CB1DA437FE20306E83B1F0752
                                                                                                                                                                                                                                                                                            SHA1:44E4613D0C73D7A51F4C649022AD3117E4ABFD7A
                                                                                                                                                                                                                                                                                            SHA-256:262AC8842829AFEEACDF6F83AF411381669D507CD3D60A51BA200C9F13385F28
                                                                                                                                                                                                                                                                                            SHA-512:B8B8C5DA963A5EE2A0357C45B70A8DE1465135A8764BF8251CEA65A8F56568796C663116F2EF58B91192F538D17937CFB9A83C580247CC74E172B94A35EECB9B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7AA3959D20712220C1EE8D6030BFEABD0FE618A56739AEB295AA1FDD7536506322ED0BDF68CE43EF03EB8900FAD16939DE7E65016BB3BC3B1C54618D07E1FC9D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):688
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5142215205780944
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRToXk7YVbFXyREIa:7e9SlNLiafLYFv9KO4zkCWIoT9ZRekU9
                                                                                                                                                                                                                                                                                            MD5:5B28705E4840EF14D1893BE363B803BD
                                                                                                                                                                                                                                                                                            SHA1:10BF34AF49949E96B94A2A0E013BB156683B4D3E
                                                                                                                                                                                                                                                                                            SHA-256:4E0D93048BB7F2995CCB68C151BDBD5D8589948F81DE2280502831DE03DCE62D
                                                                                                                                                                                                                                                                                            SHA-512:FE75224A87BE247C7114BB049ED25F55F427F1CDBDBBD685366F036E8891B270214F77958A6D8A905B66DEC529129C644321E5125A1C5317099DA2C780A8A4B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//4880C596D977ADDC5F6D3DE47F016E24850A8A25B6B56EC102FB57BE17EF30F108D9A49AE7BFD248E08C2CE6AE5D4B173F602DEC34B0926DFA5EB9F879CC09F1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.532615699841096
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToroabkmwYn:7e9SlNLiafrFv9KO40gnWIqgV9ZR5En
                                                                                                                                                                                                                                                                                            MD5:8E6F1DCBF2BBDD4812FA4F2DAB9C43A8
                                                                                                                                                                                                                                                                                            SHA1:180B797F99229214046DCB1C5BC9F2D646A75E13
                                                                                                                                                                                                                                                                                            SHA-256:D2BE5B199291B5BAB255A83AE6B0AA82D0EFE0E0DECF8937DB521C6708DCB980
                                                                                                                                                                                                                                                                                            SHA-512:5C4373EAD81032E51B69798A250890B9A2FBC9A63D26749A72CEB93B7F43682BF883BC1C10F273C92DA13996DD466130AD28803E42A78DD5BE0FD3B3B05FCBA8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7AA804C15F6975C084E7F423A39B1C4D1E061F52EE01933A21C16015FB0611C02DE575E939968EAE27B083C0DD9A5D7D263C3CC462F91B26A3EF4321880F1C8F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.522511534706463
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToTZ/xVUhxkeGdnEV9F:7e9SlNLiafrFv9KO40gnWIqgV9ZRK3Vw
                                                                                                                                                                                                                                                                                            MD5:98EFE7D3B444951AFDCB0ACBB730C25E
                                                                                                                                                                                                                                                                                            SHA1:EC3799399BA47D27AEAC09EB21B7E18714E1B2E7
                                                                                                                                                                                                                                                                                            SHA-256:10252291B3535DBCB63E84374010830ED20530C03A4E25B2A499120FB356FAAF
                                                                                                                                                                                                                                                                                            SHA-512:89CC94F506B6F0DCE08A037EC0ACA6821A2DBF258A2043AFA4D2884B14A21540F0467CA01E0B7909D38FE16997A034E50CCC04D9BA8BECDE2616143448128D69
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D230E1F1A500DB032A710473C3AECDA773F053E1419B3DA43B5CF22F51D59DF2B34B096545A072A09360F6AE735D8607C07EBE0C97AA8BF78D6E1D3083E3556B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):692
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.533689253513386
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biu6gbkLwT5zxjAHo88WN9wuRToGKheR22I6n:7e9SlNLiafsv9KO4RWIOHo8Z9ZRLEA2A
                                                                                                                                                                                                                                                                                            MD5:D0C17F7AE5C3DA9BE7BC96245E9D0F5E
                                                                                                                                                                                                                                                                                            SHA1:9BF2CDBA16C3CCCCD7A2E069086342333B573D0D
                                                                                                                                                                                                                                                                                            SHA-256:DCD5D47D3477438074B190ED1E00A72ACF74401354646F02CF00A1A77205D317
                                                                                                                                                                                                                                                                                            SHA-512:48C3C0647EABF13366E919EFB7E7A24B520917098852C49DEEA36CF430A8879C2225A2997C4F8B75A1F86CE3E5C0BEC68E714BD6D1DF2B6FA8B767FD16820DEE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BC956D6A6A53E1F7AAD19F3D631FEF940A670FD790C7DEB3A241CABBBF67E2083B495DBB95B04F2262B036B552D8A56A0044921BF062E1DD666173CB9843DB94++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.55151240094457
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRToEkhTpm8n:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRSz
                                                                                                                                                                                                                                                                                            MD5:BC4A141B5CBC453B3F05FE63DF0BA5B3
                                                                                                                                                                                                                                                                                            SHA1:0855321761C9A7035A8798FC211F597B2BCD24CC
                                                                                                                                                                                                                                                                                            SHA-256:6C373DF185597E9B942D5738D1077919AF981DBEAE5A2DB69F7D06BB58137EC1
                                                                                                                                                                                                                                                                                            SHA-512:85AF7B1CDD91DA5F1BBAD996866C42B6EFB2D8A35A52799F85C025361C211AA2BC40B1869CEE7A50EC9A24FC3B8862A58A290258D741018AB6E5B350541CE0B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0F0F9CFDACF5B41C6C177531339BE320FAFEF6A800775EC347D5D488EFA8F8317B5DE20B713422F1FBFDC13EC57F67B1CC08B1A30C59525F06DEC2E0D56A5668++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.530208948535214
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRToc3PJYs5aA:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRnf
                                                                                                                                                                                                                                                                                            MD5:C44E59985A55311E7F6BAA87EF993B98
                                                                                                                                                                                                                                                                                            SHA1:12134E8C69120B2FBC8AF82E1BE8183DB5BB898E
                                                                                                                                                                                                                                                                                            SHA-256:32E9956A1AB7DFDC54EB77B1FFFCDADD2DFEC0CA5B4D38F2A5B950A79F5D062D
                                                                                                                                                                                                                                                                                            SHA-512:2ADCC224B551C403FF00FC21311FF9D842027FB2BEDE9F64B66F08A128D561517721CE3C72BC5B8F38D70E7FF526C911BB99BEC23021DC5589B80BF7DF2203B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//998ED52278AF698342457AFEF2ABFC43EB8E1CA85C5511CF6E5DEEC26B18184BDA7A567652CA7982A1162D16F248961F2D98D598A2792DAA948A5069C85CE9A3++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):703
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.518105253351284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRTo9g3Zlw:7e9SlNLiaflv9KO43BoWIVT9ZRdPw
                                                                                                                                                                                                                                                                                            MD5:DC378106F4DEAEC0CABD0F5E88A515AC
                                                                                                                                                                                                                                                                                            SHA1:F67E647DD898830A46A8B6480D8806E2A73917BF
                                                                                                                                                                                                                                                                                            SHA-256:CCE7D0C8F783F6D14436AEFC89B8879A4700AE8BC1DC5912D0B9C2EBF365A0A3
                                                                                                                                                                                                                                                                                            SHA-512:39DD91FE9AFBCC7D4D31134315360D595A83A845799C256147A71B94A08696FDAF383867CD51961950821D75CCD4748EFD0D844AC6F9568038AC8649D235C4C1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//A493FBFB5AE3EC66777ECF1DB2BA30F9F1F4A6E6DFCBAC4EDA0DA7443D2DC28F3CCF659841F3F6446712C6D8D47AC143ED02C8A4EAC11C700573E2C920ABF9C2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):699
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.599467220659489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRTo4dzeBXMPjZS:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwvo
                                                                                                                                                                                                                                                                                            MD5:04D4B5B205C463AD95BD36318E6714AE
                                                                                                                                                                                                                                                                                            SHA1:8F2D5223224D0DB4445D37B29F624DB2C56BA0E8
                                                                                                                                                                                                                                                                                            SHA-256:6C47EA4147DB11C121F90CB9456CCB273AB45B7D3BF291F795DE4D99CA8DA668
                                                                                                                                                                                                                                                                                            SHA-512:DEF6234A83BC211AE3CA539A282400869A8FFF95ABCDB90C2F31436D0A27EA2BBA26A0094089196C8F1C173E52FA6A1AD1C50E369148DE4908C07BF4433AB738
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//CD9F5CF6CBBBA54C3F23A659D3912D647862A87F5273FB0E2DBFF22941D2BE434F1A6538BE7A4CD09D28EF385A95B92D9C48A687DBE1B013FBAA731521673633++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):697
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.539019069592982
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNkbkLwT5zxjm79wuRToCaP1QsZzXt7lP8:7e9SlNLiafVv9KO4akWIo79ZRBYasZdm
                                                                                                                                                                                                                                                                                            MD5:66DA2DC63D6A3925D48F40AEB602D502
                                                                                                                                                                                                                                                                                            SHA1:A53F5FA1B97FC7CAFFAEDFF3E3FD7B8C0725D2A7
                                                                                                                                                                                                                                                                                            SHA-256:1638AB11E485CA57AEC94F987B5B0CA7B9D0B8B09CD7B80A36FD3DCF0BC3F55A
                                                                                                                                                                                                                                                                                            SHA-512:13766D0071C8B96FA222645026C7BBDF78D1C629C0C5A7FE7796A3F05384C652B36602D792A8C9106E90C1B0623DC11AEB7BFBE4DDBBDDBB1BFC7AB409B474CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//01F59DD33A54B1B634D2DAD086EB337D2F51F8692DD0CF7F590351097B7C81BBFA9106E0E29D53425605E0B0A607D8C11B05FFF8CABBAA10DA77B6B84C1D138E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):808
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.738433406660423
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZRenKLs:K9fLdICdfA49XLAWIOfUHFqms
                                                                                                                                                                                                                                                                                            MD5:AE48A5FF7596694A4FD1AB26F50B00E3
                                                                                                                                                                                                                                                                                            SHA1:702780AC40822B2ADD3139E0B7B123834CA4B487
                                                                                                                                                                                                                                                                                            SHA-256:6DF0DEA4086371AD6A3F1DAFA584FD2531F0229DFC518396AA3434F3DFEFF7A6
                                                                                                                                                                                                                                                                                            SHA-512:DC188AD001508C0BAD665E7AD9886551283E5B16BC590FCD5B14373401ADB137119C93FFA68C69B939E1989D6861449A4C200D7BDACDD97BAD82190B51BC272D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1C4184071F95F14CF00EEBD3AB4A7D7995B06EC7F97188DFFC294ECA8E75AF545331449C57697749715F92FE166E2E4AE3D22882960F462CE6F6996A1E75D592++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):742
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.822041209914263
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRToQciKdyhQyVSTrF:7e9Ed13isnfVtv9kc4sWIViQ9ZR8yQDl
                                                                                                                                                                                                                                                                                            MD5:DC7B76F9DE7F35276C2143C5EB102EBF
                                                                                                                                                                                                                                                                                            SHA1:8D2AB5544CCB298761AD43B3644041023B758BDD
                                                                                                                                                                                                                                                                                            SHA-256:B7AF107F96B56FC6FCBC642A0A6F94F0ACF0352A2FC8D6A30B0DC4F7A78F3576
                                                                                                                                                                                                                                                                                            SHA-512:B231589775366E1B6B4D12497F321E9A93D2C8DF0C5CC1BBCBA1012CE8BD4429FEFA91BE68EEC9C797649FA2A14FA7DA8342F23023EA4B17C6F6F1B194EF7BFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//AAFA73BEEF104F5ADBF69569B45268191B8C4082876E870E1484D98FA17AC8F7275EE9083D7D9FBE552E3144770D5820AE3AA2B0FCC2E732A3BA80B338CE1904++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):696
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.563291933943177
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRToSdP3oynrr:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZRZ3v
                                                                                                                                                                                                                                                                                            MD5:DD4688CB4523EE561CA94C2DA49E335A
                                                                                                                                                                                                                                                                                            SHA1:8047EC0B501FA264F945957C0E362310B1CE66E7
                                                                                                                                                                                                                                                                                            SHA-256:3F1E1DD5CE540E4DC4C06313851F35FFD1D7DFB27961059FD32947F2D8661F05
                                                                                                                                                                                                                                                                                            SHA-512:9FF8C8392F336D7291574542505A8175693CA1534D4BA26977F1817E261727FF5CBBC31788A23735E7617950F06DBA20EAEACA563399A492EA155E48B60CD191
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9E9A1473D0E14AFD79647DE49EBDB6500B342965F5C3E5F660CA5BE56755AB544CE8034283771B76E169B8FCC0E95742C6CAD1E238FC2211EB505CF6BC884601++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):746
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6087546952598295
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biqLEnbkLAWB2CT5zxjAHo8CW9AWB2CuRTo4r/0Wp:7e9SlNLiafyv9KO4zLEnWtB26OHo8CWo
                                                                                                                                                                                                                                                                                            MD5:12B1FCF468BEEA23810C5E29E00955A3
                                                                                                                                                                                                                                                                                            SHA1:1C5829EDEBAB9768FA20308DE723FB452A09BD2D
                                                                                                                                                                                                                                                                                            SHA-256:F214DF27C228AF7545300A18535433501C730B035A46E5F9C5B6D8EA134ED3E1
                                                                                                                                                                                                                                                                                            SHA-512:8309B74B03D8D2E5F55ABA411DA06B604B74586438CF13CEF59A92E07C0EC9D5B389420B73CB98558ACD0B3266311E861CFAE71D63ADAEE639A128872461BEFF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//CB6340B4EFECAB3E71CB08FD5C0F4C5285E77639F0E2D8361F3498F4A47F78E2FAAB43BD5148673AB645AC0AC3E22C9D3110834DD0FE917B44E73BE905B94BD7++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):709
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.547492619756502
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRToozzFT2bGG:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRkH
                                                                                                                                                                                                                                                                                            MD5:8826C3D661F02DF18E529EE006C0074E
                                                                                                                                                                                                                                                                                            SHA1:3B34EB20315AC50282146A4204D3EBB1BAB9E5A2
                                                                                                                                                                                                                                                                                            SHA-256:AADC501672DFC69A1443DB6DF6E7E265105AD0D35E2970A0BE0B581934EBFBA8
                                                                                                                                                                                                                                                                                            SHA-512:8299A48AA7B13FB6CC757FE0D01FC33073218FCE89E0AEE014A5550FA8EB0DA43295E9B81113E523CBAB26531CDEE98EC65D7D3E3FE9742A640651381E2D934D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//17FDDA361C160E1D310873ACC18B2A0ADD5102010B762EB776BD100F17C46301160D84E653EC76428F9ED2C2B81B441B716B90800DF6CCCA3ACA5D867D193D60++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.538511894040431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRTo1AMvVqghkK2a:7e9SlNLiafBv9KO40HWIOHo8K9ZRqA3w
                                                                                                                                                                                                                                                                                            MD5:FDE3D3EA8FE84835283B9B56430EC29E
                                                                                                                                                                                                                                                                                            SHA1:1264DCF81224D50E00668F2AB05954205445704F
                                                                                                                                                                                                                                                                                            SHA-256:F320951C0B9E57DDF7A910E0B94F4125B15320C8656CAE832DA0D1DAC46604E3
                                                                                                                                                                                                                                                                                            SHA-512:1DEE807E2BEBFDCB144421FD9CE53EF5CC26352CDC29E784498727C6966F92CDBFAFEE0E9584F25361ABA2726AB656FEAB3FC8D7A65348AA939D1BC1A398E0BD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//B6B6A9911A08317B36CCB25A27F2A509E5FE6E73002120AD1BED572BE9D87A7CFDBA2607ECB9E5023860C494E0F4F0708E84CEEF8BFDA4F07F53491FD9BFBEBF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.537523162423459
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmuybkLwT5zxjmkf9wuRToc79Bz72b:7e9SlNLiafBv9KO40nWIoK9ZRHpBz72b
                                                                                                                                                                                                                                                                                            MD5:14C56FFA20920CCDE1B19B733CB85FAB
                                                                                                                                                                                                                                                                                            SHA1:474AC88709CE4B55BB54137F467949B09CD147EB
                                                                                                                                                                                                                                                                                            SHA-256:9E00583D89A3A1C5717D2D1659E4AB128F86AD0801B2B3BA5F85F3CF7BF170C2
                                                                                                                                                                                                                                                                                            SHA-512:EEF3A6C625083AFE5261ED7659B63E59D793228B7A07F791833EFCAD699F239D0C3B60BEAB2C65F194AEBF4019B16086E6D81D429DF42A96294FA15ADB83E0AB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D630EF6834C2DF4F454AAD8AC93FCDBEA26EF7FBE1396FC5E95D2ED564E46E5A122BBC1943EB4F39BC54CD5FCC0768C696B62861C1259FF82F57120574CAC80A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):751
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.762905150784842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kf96v9LuO4biq0epiXbkLwT5zxjhKgE9wuRToJ2UwvOlBtORchW:7e9SlNLiafUv9KO4zrWWISt9ZRfvOlDo
                                                                                                                                                                                                                                                                                            MD5:D37EE749862FB89C64AC60108D7DFBF9
                                                                                                                                                                                                                                                                                            SHA1:20647A50F8807D09819EEF6C2CD29230882373B1
                                                                                                                                                                                                                                                                                            SHA-256:9F3AA8EBCDD309AFDDAE08C5331CFF223DCCDB026BBB20618A09AB84C26789C8
                                                                                                                                                                                                                                                                                            SHA-512:F0FA804CC1DDAC94CD15B5414A12B89F97E6997B02E14337C0DEA619F5D83AAE3F78456DCAECC896E79B8DAB1074F8EDC9CC3041AC863DC55658F65B753EDFDE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1BBCF622DFC15CFEB9A52B5F5D981C8B8413EDAEA7B714254A99AFC82C962439630225D096E319595DC777402B74CF57B39402B61FB4A77DAF7FA0278366CFF5++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):719
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.608359372203038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRTo97tJVLLjpPhv:7e9SlNLiafNv9KO4uWIOHo8+9ZRY7jVr
                                                                                                                                                                                                                                                                                            MD5:039A4B97702E56DDDD98E64526364190
                                                                                                                                                                                                                                                                                            SHA1:39FE5D4FAA2B83D9F7930D5EF64711BCAD9E4830
                                                                                                                                                                                                                                                                                            SHA-256:FB4283F741112BFA20A09C4693585AEF9521D2A7D70D66440030D957DF819DAC
                                                                                                                                                                                                                                                                                            SHA-512:C8403E82680B6FE1E2FF9FA14969ACD4C33AE3CBF2D6C1291AAD10A10B63B4F35D6BA7F7D7614DF1C481E300564EF39FAA39D9D079DF4F6FFB9F6A99304A609F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E574C8953368BE6E9E4E2131834E332BB1EF2B469C106EA92F119638AB8BD08E79E61753671722021A4AA0BDCFA111B5319B3EAEA44DBCEA84E4DDFB9109EDB0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):706
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.563197455028977
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToJhfbkEm2Z:7e9SlNLiaflv9KO4cjWIVT9ZRetRzZ
                                                                                                                                                                                                                                                                                            MD5:0B067B696A6F2B7FDAFC6E733872401A
                                                                                                                                                                                                                                                                                            SHA1:E804B3A048F3381C3E8DBDDD2DD51F0C11156971
                                                                                                                                                                                                                                                                                            SHA-256:B42F2EC3B128DEA5FB95E19BF3C9B0794D7DF0E9A9CEA51199C3D69C252AF9BC
                                                                                                                                                                                                                                                                                            SHA-512:204EE91380D9F87C8895EF29EDDD3FF2A1E4E79B423DE38DBCD6CFE79ECAF22E30CC4A79D1B756C9D9658D7347C088D89B4185D1ACAF347F91AF08391E1AA61B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//81CD68B5ABFBD1D2EFFC9A3778314BDBB771A2770E9125B7369851DF9C36434CEF054A284B0CED6E3AEF5F9E4D745F2507A51DE8375215334BA83E007F2E1661++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):690
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.533144558424333
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRTo2kRhFSVhfXn+h:7e9SlNLiafLYFv9KO4JGWIof9ZRdE/0I
                                                                                                                                                                                                                                                                                            MD5:49BD8D622ABF07A89C6450F6760A934A
                                                                                                                                                                                                                                                                                            SHA1:FC7C55ED457358DB7A0A34042F3E17AB21A000D0
                                                                                                                                                                                                                                                                                            SHA-256:5491BC1348519AB1130D9E1859272FA7336B6386E6F002E92C725007E1BFC8CB
                                                                                                                                                                                                                                                                                            SHA-512:BE3210541077EEBC083B43E330AC32C2ACD6092D658D9E725B2D1467D6A7FC5B7769506007E110DA390BFAD12C3FED038601E34E1405949AB233D42A5D51D0C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//99592B3FDCD482063EFDD4D0D71A45608159E4B410EE9DA426896483C35C9A1576F22AF8CC2225CAB446BF6640B248A7E04B2250D9880E21EC2D34AFBA6F0592++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):696
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.546230689160202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRToBebfZkED:7e9SlNLiafGv9KO48QWIuv9ZRpRL
                                                                                                                                                                                                                                                                                            MD5:0A399950FB2D1D80725F3CEA6BE75322
                                                                                                                                                                                                                                                                                            SHA1:F78707F7288CC04320CBD855830F7D0D5C5862D5
                                                                                                                                                                                                                                                                                            SHA-256:11BCB1325493DD7886DB10309A616EA8ADF395D470759ECE01540DA39CC02B31
                                                                                                                                                                                                                                                                                            SHA-512:3978A9F55ED7075C3642C385818C0A099FA914BDFE67CBB36AF94773BE4447D6BC838DD605D7FAFD2DA0915403BC2435B664F5AA8E88C14928B13604CB2C7EEB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//459C6B15A94C2BDDB33AC8749C4799657210EC421A307BD0DFEA6943FFE5A4E0E3F6D7E94E3FC34F7581AE498B26A46ADAC1C962E3C5AF1E01563551E7C83D3B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):713
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.911021719409146
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSuKxi7s6kfF6v9bgbiE4ebkLwT5zxjtDYv9wuRTo4QCejK:7e9uui7s/fsv9bg/HWIv49ZR7QCejK
                                                                                                                                                                                                                                                                                            MD5:61254A9C6CE57B8FB6DAF5C47840C53F
                                                                                                                                                                                                                                                                                            SHA1:D9B109B65B5B725D90E4366FCDEE509012FB0751
                                                                                                                                                                                                                                                                                            SHA-256:BD6876CAE0889DB066FB4F8F7FA38ED517023806C7D41341C7522DBC0E412FC6
                                                                                                                                                                                                                                                                                            SHA-512:31A0C944BB7EB098AAFE2FB280D21248834F3AFB7CE21D818C8CED3CFD95D0EC8F61F6023BD8EDC3178AC39AE7A9059EFBA35A474E18BC8C697DB9546B6CA9E8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//C49666C6D17B3380489032D792278402A58C50CA24B473ED94B458FE49F52BF29B7E9CBB0FC9915FCDFCE0CCE37FB45A71D3DB9EF0EF754DDD0177BFEFDAA76F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):694
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.692484981098063
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRTosTKGxVWv2KA7thn:7e9SlNLiafsv9KO4d1WIG49ZRknmhn
                                                                                                                                                                                                                                                                                            MD5:A62FE1D5E76F93DE63A6CE0848412310
                                                                                                                                                                                                                                                                                            SHA1:951E5AF2615D9D352124599DD8B1E0A5796479B3
                                                                                                                                                                                                                                                                                            SHA-256:FAD192A1E13114CFC65AA7EBDA0589240B08C8516ADAE145F2CF7309B5156CD3
                                                                                                                                                                                                                                                                                            SHA-512:FB1D86DE2F4975AB293B10062854A3D7944664109EFF5679011D4E22AEF3FAF8C6A611BCBE67BEEC343DF89B0C7DD8C062349CB223302791F595585C97657BB5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//DA60579E457B68E8BEED2C221EB14808A61CCB56CE7A89168B68C6933874687459C88D14DCF7061DF466EE138F540489BDA6C24DB96B3C8D0E348B97E735E643++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\l10n.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 259404 bytes, 513 files, at 0x44 +A "\l10n.manifest" +A "\jslang\new-tab-res-toast-cs-CZ.js", flags 0x4, number 1, extra bytes 20 in head, 39 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):281404
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9353344781841635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:/9+TNUI6J8KH06JGFshKyAY4WTP7o6E1AkbVz/mI4V:/ET+I6Jd06JGFryAYpTP7ZQAkZaV
                                                                                                                                                                                                                                                                                            MD5:3D2DA95E75C0FA4FFF38C977227891B1
                                                                                                                                                                                                                                                                                            SHA1:246CB3E6BD274AC51AB45A512BF7B02B7E993681
                                                                                                                                                                                                                                                                                            SHA-256:2EDE69815E66AE0D47F6121CB92C74DBAAF68D9E09AEE7F0F1675CA6CC0EB249
                                                                                                                                                                                                                                                                                            SHA-512:400929026E74C78D1E86C767445637FE6C7196DA3C9DA54A055010705D12503010201717739A302256B3E2F427EE0DEEFA8703F7055E8CAAD4EBB8D0ABECABEE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....L.......D...........................L....U...........i..'.............SW._ .\l10n.manifest.#.........SW.^ .\jslang\new-tab-res-toast-cs-CZ.js.#.........SW.^ .\jslang\new-tab-res-toast-da-DK.js.#.........SW.^ .\jslang\new-tab-res-toast-de-DE.js.#.........SW.^ .\jslang\new-tab-res-toast-el-GR.js.#...!.....SW.^ .\jslang\new-tab-res-toast-en-US.js.#...D.....SW.^ .\jslang\new-tab-res-toast-es-ES.js.#...g.....SW.^ .\jslang\new-tab-res-toast-es-MX.js.#.........SW.^ .\jslang\new-tab-res-toast-fi-FI.js.#.........SW.^ .\jslang\new-tab-res-toast-fr-CA.js.#.........SW.^ .\jslang\new-tab-res-toast-fr-FR.js.#...."....SW.^ .\jslang\new-tab-res-toast-hr-HR.js.#....&....SW.^ .\jslang\new-tab-res-toast-hu-HU.js.#...9)....SW.^ .\jslang\new-tab-res-toast-it-IT.js.#...\,....SW.^ .\jslang\new-tab-res-toast-ja-JP.js.#..../....SW.^ .\jslang\new-tab-res-toast-ko-KR.js.#....2....SW.^ .\jslang\new-tab-res-toast-nb-NO.js.#....5....SW.^ .\jslang\new-tab-res-toast-nl-NL.js.#....8....SW.^ .\jslang\new-tab-re

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\logicmodule.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 1558063 bytes, 2 files, at 0x44 +A "\logicmodule.dll" +A "\logicmodule.manifest", flags 0x4, number 1, extra bytes 20 in head, 138 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1580063
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999600937770339
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:3785frT0NhG01q/YGqiz/lDiTiS9kLkLCHjQu4K4VPgF6czJ9tXq:L85frS8YqwLg/K9kLh4x1nczJ9tXq
                                                                                                                                                                                                                                                                                            MD5:4AF485B15421E8B721457AB0286220C4
                                                                                                                                                                                                                                                                                            SHA1:DE370B917B0ED36963CA95BB94FB6D1365FAD4FF
                                                                                                                                                                                                                                                                                            SHA-256:117969CE7A430D98F1B51BF6830DC729F664D71641F064654ABB9C79C0C1E8B7
                                                                                                                                                                                                                                                                                            SHA-512:F45A1B31CA9D7475FF51E41107C6BEA0335EDF95334AC3EA2AA4EF96F8BF78CCC7CA952AFC52818B266B0C42BA939E99BE3B99559B3802C4792C64FDED7B24A6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF..../.......D.........................../....U..................@.D.......SW._ .\logicmodule.dll.....@.D...SW._ .\logicmodule.manifest.&l...,..[...< .......4....._..Vi...Fc.....9......X..E9.;....T.v.[7....]-...Si...#g.NJ.a41g........b..9...|s..|.._.'...$.z.R.".2...R.....%.N..;5....7...rV.............I:...F...E.;.... )!..>.+ .....]@.............f.h............yc....1.R.IX&@....+...7tvPI../.g@.<.]..y..sJ...r.........m..Dvv.XeSr.G:.;<OvE..v?..7_..|.w.D..vo..W...r.-..z.n.."].....s.5.%.I.?.L..E.o.?...L{..[.....[jz.w...~-...y.u..~K.3Y.....V}.....H..H.$H..o..k..[..._...zz.........J.........<.#^......W..\.?.L.{.S.X]..B..{...[u.......1U.............%.D...]......k[7...f.4|...be.+..h.....<}-...'|........W.}..../.~..!/W.^.+...f.H...o..g..w.+I.......Y.|.{..x..s.o..7.i..?.J?..y[......^k...>6...g..;.~l|...i|K<.+.e.....{.).O..d_.....[~.Y...%2W.6|..L>....>..5.>.u.^.}O>.O........w.......c......+yc.[}|r.........9....{..,.#.....<9......)5k.L.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\logicscripts.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 36383 bytes, 20 files, at 0x44 +A "\logicscripts.manifest" +A "\logic\aj_logic.luc", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):58383
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.922554941357534
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:HOW1MNmm9D36XCHJUj2aff4i3Sx/p31tbLxO7:HOtNmm9DqSHUf4j1O
                                                                                                                                                                                                                                                                                            MD5:ADD08210F32AA8FBCB6472FDC03F9440
                                                                                                                                                                                                                                                                                            SHA1:E46956E5462B34A284FB0D7F39FD0604227F3064
                                                                                                                                                                                                                                                                                            SHA-256:E9BBD57E9AEAB34A1ADFB8E6F0B9F7F150F8797BC2C3405BA16F9AD3E333360F
                                                                                                                                                                                                                                                                                            SHA-512:6D1334252BFA9A314BA1B8A5F7DD0456861433D4087DD102E85D8731BEAA21A9F108D6B4A81DA509CE2D7AFBC9E704AB9B702916D5299CC8DEF84EBF3633731C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U............................SW._ .\logicscripts.manifest...........SW._ .\logic\aj_logic.luc...........SW._ .\logic\base_provider.luc.w.........SW._ .\logic\edge_onboarding.luc.T.........SW._ .\logic\ff_monitor.luc.....l;....SW._ .\logic\logic_loader.luc.....RC....SW._ .\logic\miscutils.luc.#'...S....SW._ .\logic\oem_business_logic.luc......{....SW._ .\logic\providers_selector.luc.?x........SW._ .\logic\ss_logic.luc.E'..C.....SW._ .\logic\tests_logic.luc......!....SW._ .\logic\type_tag_utils.luc......*....SW._ .\logic\usage_calculation.luc......2....SW._ .\logic\oem_utils\affid_monitor.luc.0...%7....SW._ .\logic\oem_utils\oem_util.luc.W...U9....SW._ .\logic\oem_utils\oem_utils_wps.luc.Q....L....SW._ .\logic\oem_utils\oem_utils_wss.luc......U....SW._ .\logic\oem_utils\oem_util_selector.luc.(....X....SW._ .\logic\providers\bing.luc.`9...g....SW._ .\logic\providers\yahoo.luc....2/..[.... X.q...D34C.P..._....$.Ir........=...M'......n

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\lookupmanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 469579 bytes, 2 files, at 0x44 +A "\lookupmanager.dll" +A "\lookupmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 48 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):491579
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998529856255498
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:nmVR3NNzot3a/AImtlCvyJzyyvEV3q3qJ49DWlRvSxj/FvbN8v:mVlNNz+tvBySy3g9CSZ/L8v
                                                                                                                                                                                                                                                                                            MD5:417EC3C8C79435BC05A035E1EEC7C7CC
                                                                                                                                                                                                                                                                                            SHA1:F4007A7889B6C7B85429E1E5CB777B49FEEE7C47
                                                                                                                                                                                                                                                                                            SHA-256:0F5584619C6B6B0A40367EC3DCC2BD97CB037F912C7C5C806FC98D4A53940C3B
                                                                                                                                                                                                                                                                                            SHA-512:EEE040F0290907B0B97BD2D98A450782CF72684C392C25442536E579687DE8A3E4DD1D5D778736384BF6D781C8A5573E4DF074CC203430D5DEB65531854478B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....K*......D...........................K*...U..............0...@.........SW.^ .\lookupmanager.dll.....@.....SW._ .\lookupmanager.manifest.k.&.....[.... H....@d.5......myS.Tk.Sx.K....[j.\o.....R(-..$.g..Q.-4.....X.,..-......q}......#.:3...3y.s.....\w......z..F..T.d.w..*@Q..d...G.a..)..].c....US.-...I......-.c.ga.A.3.......d..~....1...3......{.s..t'..#1G...5..5FO\.:.Y4a....G.M...w..y.fH..?....E.m>.8.6}..k..PY...(..{....S../.....|W..~)....../[._p..d...~.l.k..'..k7...xxw.m...r..r.....s....am.......#.-..7K.u...c.....\..\..}...Z.7.7=u...X.H.-..n.1.+V.~[]......7...`.m......m..![........dg6...d./<.......W~.g4?.....M................n...E....X..f~..?....b...[..M..}.[.q...o|w.i.C.CG............6.........._M.....U..V...o..sW....RC/j.{..mo/...$,?dQ.lz..[t................./...O.z..3.Uc.....m.........OY.,....~)w..c...../...{.[........c.n..;..|V....o....A..zw7.......J~X?.{.E'...zk....Sn6..R.......v.g.y.'..........=E........u............g..7..zn.m

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\main_close_large.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 13 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):440
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.185064395828422
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7Jmynud+EVDvBXmY5j9yEhcZxAalEbKWwz:vyGbVDvxJ5alnWwz
                                                                                                                                                                                                                                                                                            MD5:3F33BF7A71F1A94B30AD98121F2DC31F
                                                                                                                                                                                                                                                                                            SHA1:533B933BACBAE375164518AF202EB90086BEFC44
                                                                                                                                                                                                                                                                                            SHA-256:4D3581315F5AB93538BEE793BA9727FC9E8444E9B09773566C4BDF0C44618828
                                                                                                                                                                                                                                                                                            SHA-512:4E768ABACB878A5F9BE79B91E9BC77778F62AA4ACAEC4A246AB3359E86FF685250A1BA9E7765CE5174A42E5936CFAC27CB381B505F92F30EBF4B43806848899C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................sBIT....|.d.....pHYs...........~.....tEXtCreation Time.10/1/14........tEXtSoftware.Adobe Fireworks CS6......IDAT(...1K.a..........+ht...".96..\....M..f..9........ n....~.KK..o..~..g{8.:...I..D%...^..6V......w<K.......z.?..dk2..p.G.U.&...?..U.].m.O....L2.o.`<,.....k....|....L...Q._.<.....?(...[...lW...O.6....Z....r.q....Nr..p2.d._.w...1....F.....@..x....x.X..T./.H..w./.yrd.......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mcafee_pc_install_icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2052
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.890065571351557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                                                                                                                                            MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                                                                                                                                            SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                                                                                                                                            SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                                                                                                                                            SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mcafee_pc_install_icon2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7205
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9471260512499375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                                                                                                                                            MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                                                                                                                                            SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                                                                                                                                            SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                                                                                                                                            SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mcafeecerts.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (2293), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):126293
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.969613768259596
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:sY+8or+sWZ21Wzwtp31uRla7GTvfwjBobALAnr+sqDK7G3lq0lAE:dcPsjO31ui7GLjA8rPqDK7Gb
                                                                                                                                                                                                                                                                                            MD5:D0CD30BD9B02F33B222FF8A846821D4B
                                                                                                                                                                                                                                                                                            SHA1:DA85556707CB3FD59E08DF69017DF6BB82E52F62
                                                                                                                                                                                                                                                                                            SHA-256:1CC3969AEF3DC3DC2330DB0386C6C27C09A58D078689D8D97D900A2B9ABE31A0
                                                                                                                                                                                                                                                                                            SHA-512:6C1F9DE0897F02648638B26F20728C5F2E9822F8CAD232ED42ACC18F33AAE7E102C7A00E5D42B80C10E423DB937DC6AB783255342B12B0DB07B378508886C2ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" ?>..<Package Version="1">.. <Certificates>.. <Certificate Name="McAfee Trust:0">.. <Privilege>PRIVILEGE_IOCTL</Privilege>.. <Issuer>Microsoft Root Certificate Authority</Issuer>.. <Subject>Microsoft Code Signing PCA</Subject>.. <ValidFrom>20060125</ValidFrom>.. <ValidTo>20170125</ValidTo>.. <SerialNumber>6115082700000000000C</SerialNumber>.. <PublicKeyMD5>4A171B7E5701870357585DD1BAAD752C</PublicKeyMD5>.. <SHA1Thumbprint>FDD1314ED3268A95E198603BA8316FA63CBCD82D</SHA1Thumbprint>.. <Data>MIIGgTCCBGmgAwIBAgIKYRUIJwAAAAAADDANBgkqhkiG9w0BAQUFADBfMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMTI1MjMyMjMyWhcNMTcwMTI1MjMzMjMyWjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQDExpNaWNyb3Nv

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mfw-mwb.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 10303 bytes, 6 files, at 0x44 +A "\mfw-mwb.manifest" +A "\packages\mwb\mwbhandler.luc", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32303
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.808899056176092
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:jbr4L5oOh8J2C2HiPvYdAMxkEuvpq41tFAMxkEg:jP4L5X8J2C4i8xavp31t9x8
                                                                                                                                                                                                                                                                                            MD5:47CE729455BB56778B16B97EF1F5DE3B
                                                                                                                                                                                                                                                                                            SHA1:D81688BFEBE2E51A5BFE5C7B8BE1A492B790F553
                                                                                                                                                                                                                                                                                            SHA-256:E639502F668950CE99B5E6ADD518A12E43C98B3F8CA8EF524B75F190396AC4D5
                                                                                                                                                                                                                                                                                            SHA-512:2BA5DBADB091D441BD372A5C104F464EFE9CEDDE9900925049E7DC7C1518D0A402491C807625886F9FBAF9487D9682C9D120B0B4FAFB6B9AD85480D838C49614
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....?(......D...........................?(...U..........m.......W.........SW._ .\mfw-mwb.manifest.~...W.....SW._ .\packages\mwb\mwbhandler.luc.3.........SW.Z .\packages\mwb\stop-video-alert-icon.png..*... ....SW._ .\packages\mwb\wa-controller-mwb-checklist.js......J....SW._ .\packages\mwb\wa-mwb-checklist.html......T....SW.Z .\packages\mwb\wb-rocket-icon.png....6.&@V[......d..A..#..O...%......Jk..m.?.D8....V..".A...|.8...|........w) "4.5#.p...`....t..8...`.4.....P.y.[7/.....IU.....}c=...[.j...5k..zX....C...a......j.h..>..... ...#.DD...U3w//ro.V...@#...). .P.YP"^.p....x|...|..a..$R...&.`(..=p..+ti...C.....F.U...!..0"E.%&...bM.[..^*L.?B..mr.w...G..U{s..O.}..$...]p......6./......l|..&P..AMN-A8<..L.*(.aP.?..q4...,...~/....='..2.$F.1.'...0[U.'..y..QeF31..(..H.......N.$D$m.q.5...%....33.".>.O-..o0...@..../.3..{caRV....$eL..<..b.{.p...$.~Q0..p.....~.I...9..(K..Uy.T.9.E...r..I@../..I.......Er...oQ..PT...........%.0./...c.c.P3B_..Y.\.........Y*\.r.......5...H$#Z

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mfw-nps.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 12598 bytes, 6 files, at 0x44 +A "\mfw-nps.manifest" +A "\packages\nps\clipboard.png", flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):34598
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.82948620298698
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:XSORz4/xsyc3I1jjk2HiPvY9AMxkEApq41t9O3AMxkED:XSyAWn4ikxsp31tgx/
                                                                                                                                                                                                                                                                                            MD5:E1995E6890D79881E969BE718925F2D8
                                                                                                                                                                                                                                                                                            SHA1:686278ED110BACE808D3122349B0823A57CDAF1D
                                                                                                                                                                                                                                                                                            SHA-256:85DF465C4E7C0AE9F821D7B291DB4E9AD22609822C2258EC5F9A50EAB5C04737
                                                                                                                                                                                                                                                                                            SHA-512:D69DD972F318206D6DC980905E36C562F17CA5C6F5E93F560081F05DBF6487D1DB092470F4E3F92742D787F14319EF7BA2B1D00C604A9D3966679B3B58D3858C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....61......D...........................61...U..........Z.......P.........SW._ .\mfw-nps.manifest.k...P.....SW.Z .\packages\nps\clipboard.png.-.........SW.Z .\packages\nps\info-16.png.o.........SW._ .\packages\nps\npshandler.luc..j..W/....SW._ .\packages\nps\wa-controller-nps-checklist.js..........SW._ .\packages\nps\wa-nps-checklist.html.-+..|*..[.........B.....=....$".^..=......Z+~...Rh).Vi...VG.V.....+hBX.A#.`U..V.x.$..W.o%h.^N0.^-Iw..fk.2.D.q.....w 6..P{._..........jdh.=..~AI.n=.....'.yZ......|E{.K#.sQ.#.t.Y.<M.2..wE.GF.!a...N....055..3.i......ORH..%... w...7...^..L...f....F..oZ[...Z.?.~Os..k~....U.h]....................Q.|8j4....~B}............K.......L.G.I..7.....;..~.~.1....~.. ...8....Q.Z.v......)hq.....z.?....c..,..'..X..../.._..j..pk.*fS...?.=?..._)w.i.IASM..3..n......+^[........a8L....@...U..{.._...E........S3.."....w}7?ok.....7.......>.>.E....y......Y.5.~}..o\Q.qNyr.../......zjOjo..%..........2.G/.........B..9.8..0.......98.@D.(~.....@..B.......82.T

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mfw-webadvisor.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 914590 bytes, 203 files, at 0x44 +A "\mfw-webadvisor.manifest" +A "\packages\auxiliary\reset_handler.luc", flags 0x4, number 1, extra bytes 20 in head, 48 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):936590
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997351059282376
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:tPzcWKTytcy92IEMZN1YVMaA1eIQg/Qi2FvRho:tPzVKTyWyzEMZzYVMavIvELho
                                                                                                                                                                                                                                                                                            MD5:0927B8B2CADAE4A10A45FB4AE65811DC
                                                                                                                                                                                                                                                                                            SHA1:1B4894803F93009E0DCB1979ABA89B4DE74AFE15
                                                                                                                                                                                                                                                                                            SHA-256:16733E6356B7EE58EB78FFBD53925FA305712C9BC524C2480E6D5B9B37533A76
                                                                                                                                                                                                                                                                                            SHA-512:39928E91E95F1322D2989283EF55991D9111A490180BA2D0824EEEF5DE6AD3BEC768E13EA5C2D198E3E4DF98C39733B2851716F286CBFA16FEF393ACF5C8DB1B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U...........1..0.............SW._ .\mfw-webadvisor.manifest...........SW._ .\packages\auxiliary\reset_handler.luc.e.........SW.Z .\packages\builtin\allow.png.....,.....SW.Z .\packages\builtin\balloon-arrow-right.png.....).....SW.Z .\packages\builtin\balloon-arrow.png..5..6 ....SW.Z .\packages\builtin\card_bg_image.png.....%V....SW.Z .\packages\builtin\celebration_white_bg_color.gif......Q....SW.Z .\packages\builtin\close.png.8....R....SW.Z .\packages\builtin\close_icon.png.T...%T....SW.Z .\packages\builtin\dialog-balloon-logo.png..I..yZ....SW.Z .\packages\builtin\enable_ext_guide_ss.png..R..d.....SW.Z .\packages\builtin\enable_ext_guide_wa.png.d4..@.....SW.Z .\packages\builtin\enable_sideloaded_ext_guide.png..8...+....SW.Z .\packages\builtin\keep_changes_guide.png.W...id....SW.Z .\packages\builtin\logomark_white.png......e....SW.Z .\packages\builtin\mcafee-logo-1.png.)....k....SW.Z .\packages\builtin\mcafee-wa-logo.png.EP...t....SW.Z .\p

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\mfw.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 295347 bytes, 54 files, at 0x44 +A "\mfw.manifest" +A "\core\class.luc", flags 0x4, number 1, extra bytes 20 in head, 32 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):317347
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.995080582141161
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:MwGiG6qjT+zS/pwIW2XFTKWmeprMTWbLJzWe2vh/ehYsgM5RA6JoCJSTfr422:N7G6q+zn5aYWbprYqLJCe2JW6hM5xoCx
                                                                                                                                                                                                                                                                                            MD5:94C4D71DDA561624BBA345AD8FFED580
                                                                                                                                                                                                                                                                                            SHA1:F6C9ECC1C418A82F75FC42F5BB727AFC3A7C746B
                                                                                                                                                                                                                                                                                            SHA-256:A1A28B554B155EAE43329F216F05C1CEC8F5B91A39EA7487B19C8B2B2BB4B736
                                                                                                                                                                                                                                                                                            SHA-512:C3EE2671C0267291474B970C7397B207887D1CBEA07377B0B5600EBD3CD8BDF1EF6760AAA101EA411B41300A07B54951C3F7558150A455D8B38FCE297D82473C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D...........6....................U..........3... .............SW._ .\mfw.manifest...........SW._ .\core\class.luc..'..H.....SW._ .\core\dkjson.luc.....82....SW._ .\core\handlers.luc......:....SW._ .\core\init.luc.....oD....SW._ .\core\json.luc......F....SW._ .\core\logger.luc.....*I....SW._ .\core\postinit.luc......L....SW._ .\core\priorityqueue.luc.....xQ....SW._ .\core\triggeracceptor.luc.P...TS....SW._ .\core\uiarbitratorhelper.luc......a....SW._ .\core\uihandler.luc.u...Rf....SW._ .\core\uithreadexithandler.luc..d...j....SW._ .\core\win32helper.luc...........SW._ .\core\utils\browserutils.luc.`...].....SW._ .\core\utils\common_utils.luc.c.........SW._ .\core\utils\packageutils.luc..... .....SW._ .\core\utils\settingsdb.luc.}.........SW._ .\core\utils\stringutils.luc...........SW._ .\core\utils\telemetry.luc.^...a.....SW.Z .\packages\builtin\green_check.png..>........SW.Z .\packages\builtin\icn_mshield.png......I....SW.Z .\packages\builtin\installer_background.png..l

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\resource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):38888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.344666762097508
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:EBr3M65hS2HiPvYumAMxkEVLpq41tuAMxkEW:Et3xzS4iGxNp31tcxK
                                                                                                                                                                                                                                                                                            MD5:9FC3387AB7332BA77EC8EDAEAF67FFCB
                                                                                                                                                                                                                                                                                            SHA1:9DFB79913911F0810357021026F72088138F4A44
                                                                                                                                                                                                                                                                                            SHA-256:7E3BE8083094958386B39F4A2C2E0E7267065EF4D2D44495058B0E571D76A17D
                                                                                                                                                                                                                                                                                            SHA-512:D758A43AD9FF77CF976C5C72AAC120D5BD361353295510312A2501D0E6D45BFCCBBDBAC8CCF99718C673CCE723D84281E6A64489FB92DD8981FB52DE2049AE07
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yj=.=.S.=.S.=.S..~..<.S..~Q.<.S.Rich=.S.................PE..L....k1e...........!.........>...............................................`......c.....@.......................................... ..\:...........@...W..............p............................................................................rdata..............................@..@.rsrc...\:... ...<..................@..@.....k1e........z................k1e.........................k1e........l................k1e............................................RSDS.{xU%..H.|5.+.s'....c:\jenkins\remoting\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\resourcedll.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 31998 bytes, 3 files, at 0x44 +A "\resource.dll" +A "\resourcedll.manifest", flags 0x4, number 1, extra bytes 20 in head, 5 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):53998
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.919912822738636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:Sis5kAEnybrX1wvHu3g8U7jeWWtlkIQx7L6do32HiPvYmTZAMxkEGnpq41t/AMxM:SPkAQy/lwvt7JW3Pu34iRTBxmp31tfxM
                                                                                                                                                                                                                                                                                            MD5:B182229CED974DD50A4CDF384D2C9D0B
                                                                                                                                                                                                                                                                                            SHA1:EBFCE8B75FDEEB4E64BC5C3F9EB3245BA4A2266A
                                                                                                                                                                                                                                                                                            SHA-256:1F4FE65A3D4EBC4C4DB02E91F5D3B8EA92A2BC45E25A8633260E8792D7BE799A
                                                                                                                                                                                                                                                                                            SHA-512:4F0BADB6995269C9B4B20525F10DC43131784615A1F459D75C96023FB4B022ACEB5AC2AAD3B06EB871A6F99BD78F4F659336277D9E152A47007A61470CD5F62E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF.....|......D............................|...U...........................SW._ .\resource.dll..........SW._ .\resourcedll.manifest.4.........SW.Z .\webadvisor.ico....y.<..[.... w.q..@........m<{....D.7y...{....J..U. R%(R$.$*...N..$E.......8..~0......v...T.[. `$.......N.....7_d..Y.X..nj..Y..<.d.>..7.8.ki||+.mk|TS...b*y~x........._.$..t.. b.DD`TU...+.|.......Z*d..%`."..t....Q...g..Du.@G.AX..u..@`.w..O.....(../xyP....D.....qq..j@.w.V.gf.q.......}......7.6.l...........h.\h...b..T.0....{`.>..S....,..TcB.....4..>...X...G.4.(/w|c.....|.?..J......`..t...A^v... -.w}..z..->....j......\...?.u'r8F0............."4.!x9....!..Q!...@s..3hbP.P.d.K.>.7..0.*.*.q.....,.K..E..3@..C.c.;K.c..[..k..:....4/...1.".:..3..*.7*....j._ccq:]75D..C..v6%./..4>....n.ps..s......tdu...w...t.Pt-jmkr.b..B~..../.F.....K..B.....-......=.z.{... .WZ..Ny.....n.1....#...`.*.I........../.%...^.yw.....2Pa .P.A/.....d..3.aA.C..E.....>1lm.b......A......m......|Gi..*.yy...p..>.......azy.P....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\servicehost.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 291149 bytes, 2 files, at 0x44 +A "\servicehost.exe" +A "\servicehost.manifest", flags 0x4, number 1, extra bytes 20 in head, 28 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):313149
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9960870127885775
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:6JhXKZw39cG3twDjK9Uo2o8Pb48++8WpU+3CN9nF4f:0aZw3913tkDDl3z8WSz6f
                                                                                                                                                                                                                                                                                            MD5:5612671EA047C3822127208FF3D393BA
                                                                                                                                                                                                                                                                                            SHA1:D575548A6B5C2607FC266269BF46EF7B89BFA209
                                                                                                                                                                                                                                                                                            SHA-256:CE830C787B162732C718DCF7399DE12D8D109BC9E568DE3E0663675E7A42F6E6
                                                                                                                                                                                                                                                                                            SHA-512:377286C251026795F6891D3701F9FA617C1CC34D3E6C967228979125EF9C2D9B80BFE045E52512B7AEBC5362AE1C9A9A36DD03005933B00144299BAAB7E464E3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....Mq......D...........................Mq...U...................u........SW.^ .\servicehost.exe......u....SW._ .\servicehost.manifest..N].....[.... H....R.4".....m..]1...D...6.W..;5K.i....i..v..VW.....v.\e/.`v.HZN...y|...2N./.Q.#; .#.g4VU...`..y{sg.9._...~/?.D....P,.\r.. ..i....X.-....d[..(!...IA.h!f..Q....B.... F..t.......P.]...5....p.....w+...h*.x..IR......1=..=.....,......U.m @.R.O....+..=..E}.U....,....u..A....Wv?+...o.......d....Nw....]..W;J..........M.d.{N.~q.D.o..?..!O..a.M.Do...n..w.08.b.r..j...{.......W{....^...#..a.X..~$.Pp...=....Y|......r..._v..o.......>.~.........).Iv.=..k..{..........d.3.oZ_o..C.......*&R..5}...|.....jo9..........S2..s.X?>sWN.|.B./.....V..~u..2.A.c........U...lkD........3..D>..+EW.#k.].?../.l...x....l.|....(.Xv....~.w......k4...j..-..A..[..o.....)C.?...ud.......Y...........".9.~....-Y....x..........dd.....Q[?..Y,L.L.#...*....7....{A$.^M.....B....W...........<k... .2.,kW....wi@...".M.......W.:L=.:){Q..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\settingmanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 858839 bytes, 2 files, at 0x44 +A "\settingmanager.dll" +A "\settingmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):880839
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999427454798419
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:ntRLJiUu5JYJEsCuVV4pD+U/VpBQf775UR:n7LJnEsCk21d/Vgj7yR
                                                                                                                                                                                                                                                                                            MD5:19647CE69AA4B694E2771A182A5151C3
                                                                                                                                                                                                                                                                                            SHA1:AA9063652BC38BEEF7F382F75BEC0B512C18C845
                                                                                                                                                                                                                                                                                            SHA-256:A0D70CD5C72B0B30CFEC2DA7569E417A0C0E7245291C3A5360587866EC0173A8
                                                                                                                                                                                                                                                                                            SHA-512:51C0E9930F1234BF78DDEE8151855CFBF8847F7336B175891AE8D8FDDFB606A36C0074F82898B5C8761D9340971DAFA2C05BF95AC7AF7457747AD7B10B070257
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U..............D... .!.......SW.^ .\settingmanager.dll..... .!...SW._ .\settingmanager.manifest...T.....[.... .....@d.5.....V.A.L[+.4^w.w..c.p.-8....X._.-.;...0n....r.;.#..i.......mUjXc#.........X..<..~.............d.L......V.@.k.m+2;A..2.P.dV...C....0.e...X(.cd.P.......(.N<..a.........H.....{.....s.U(l$.! ..@.u.%.....$:.u..=.t.f.B^}<.f.f.L."^...d...Y.[;~..2.M6.......*.S_.]......N...=.7/......../R.}...o.5....t...w...Y./~....b.L....c......W/...=y...3|.....C..9.~.a.0kzZo;.........gR..3..../........P......./.V=....u..s.e..u^......-.O...[.4....E....f....m.l.B>^I.<....i?.^..n.}..7.....4H'.....h...#.......\.J..y-=.__.r.....v.._h. 1..$...m.....w.W.?~..K..f.}..oo..o.v....../me.q.^..}.......q2.'-*S.....>xS..q...N.........w.....a..k7..Q...F.).Y8.^.O.nt..e..?..<x........X..~.s........2.H6.1....5\.-..O.\4.......q...~....Y.Z..Y.m.d...............^.u..>X=.Y..[.jR.............$.^..n...Q...a.........pwx.OBo&..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\taskmanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 1355431 bytes, 2 files, at 0x44 +A "\taskmanager.dll" +A "\taskmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 126 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1377431
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999544124187063
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:qrxkLyANS3bkj3UYZqzhn+OJVJtL0vGVdj5G2Mi6BcMuvIXd/PpmVyDEZ+PZGK:qNkLNObE6n9JVJt8Gjj5GW6Huv+dnpm0
                                                                                                                                                                                                                                                                                            MD5:A749E4229060DAF3181DB8B3BDB48A09
                                                                                                                                                                                                                                                                                            SHA1:EFBCF90D3E3470350F906353749D5CBDBA085C79
                                                                                                                                                                                                                                                                                            SHA-256:8ABFAA7FA12ED325AB48628B3E089D128381545A3A14E8E507F4DA41EEFB3D88
                                                                                                                                                                                                                                                                                            SHA-512:4528CB6225B8100C1E633A5BC2664AF21D2685178F2FC3BE11D56F562520015D2D3173410140ACC13518DAAA57D1FDB0D0BE1004BAB0CFBB2847236745F5F392
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U..............~.....>.......SW._ .\taskmanager.dll.@.....>...SW._ .\taskmanager.manifest.........[...E .D...@R.5.............v.dLv0n8..ej....a.d...d..9.ae:.j.S..-.;.\........dG....y....T.U\..5.......}.....I...[.F.U./HH.-WW...q.f&.c[....H.7.....)I.Z..P6.:4...W.J...7....T.T...~.,...B../x" .<..D...%....4.U4`5wP.E....N..I#'.-.h..T[...(=...`q....^.....FYc...^9...p..D.x...m..N../.Q.....6.NId.|.-...y..NJ.J.ne=c6q...n}.W..v.;..-g..K......M..7n...^......zO.?..n..S...c........lL]_..s^Gj9.(.7.v..b.o..~c.....Fm..bd~...!.j...........Z....D....o..W.~.U...:*8I..x..~....~..... .....oX....l.}..r_|..2)*.o0.s.....#...Ra..d...G.~.o...y.%...._......?yy.'_........1...o.n..E.'...z.?K..5.a2O.6....~.gM..a...._l.sr...o.^y.BU.{.k..U.c..w[.._7.Y......{_G.........|<...-..~./..O^z...soI.[.).-...};x........4W.T.a.Awx...^..PQ.>z..Oz.=u..~w.'.......C......~.3.........z1..8p.o.P..N..Sm.=.;2.S...[......G.w...6...g.0..g.a..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\telemetry.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 69888 bytes, 123 files, at 0x44 +A "\telemetry.manifest" +A "\dimensions\dimensionconfig.luc", flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):91888
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.922281166531392
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:nldBqCdB/UFv9iuO/BwDMnTX2rt+IOguWBvfgoMyfS14ioGx5Op31tmlxMg:nld5B/UfqTmh+pjW5Y3yf84xRg
                                                                                                                                                                                                                                                                                            MD5:5E210B6385D6CF0D469C1F6B9F34EB1E
                                                                                                                                                                                                                                                                                            SHA1:9E61166A27F70C54E06340B6A3301D17FDD93112
                                                                                                                                                                                                                                                                                            SHA-256:29DF965DA8DEF7ECBA6669188E6460A14038762AD98E22FE687258C4FF006529
                                                                                                                                                                                                                                                                                            SHA-512:5911A1E28BDD5F0B7E274501423D1495FC9A0AE917758095E9BF2912ABB4EB7B495A385975DC044F45F568D1921889BBC5CACACAAA3099C9E1FE9F5EA8B03571
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D...........{....................U..................@.........SW._ .\telemetry.manifest..\..@.....SW.[ .\dimensions\dimensionconfig.luc......h....SW.[ .\dimensions\dimensionhandler.luc......j....SW.[ .\dimensions\dimensionprocessor.luc......p....SW._ .\dimensions\version.luc......q....SW.[ .\events\eventformatter.luc.....Tw....SW.[ .\events\eventhandler.luc.....h.....SW.[ .\events\eventtransmitter.luc.....j.....SW.[ .\events\handleonnavigate.luc...........SW.[ .\events\sendonping.luc..g........SW.[ .\events\telemetryconfig.luc.....K.....SW.[ .\events\telemetryhandler.luc.....E.....SW._ .\events\version.luc.....0.....SW._ .\serializers\download_scan_ui.js.....0.....SW._ .\serializers\edgeonboarding.js...........SW.[ .\serializers\edgeonboarding.luc.<.........SW._ .\serializers\edgesecuresearchonboarding.js...........SW.[ .\serializers\edgesecuresearchonboarding.luc.,.........SW._ .\serializers\extensioninstallationtoast.js.]...!.....SW._ .\serializers\fw_av_warning.js...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\uihost.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 285929 bytes, 2 files, at 0x44 +A "\uihost.exe" +A "\uihost.manifest", flags 0x4, number 1, extra bytes 20 in head, 27 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):307929
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996513692611283
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Wnp+VXhNiQZ2zDA67IFcIvnYZxUn4qMbCtU5C4Zm:qpuXhNCzDA6wnYZxUn4qMmULZm
                                                                                                                                                                                                                                                                                            MD5:8DD7B2952CC7A3A5EB8F1AC3E8B30215
                                                                                                                                                                                                                                                                                            SHA1:39AD040718F144B92BA57D4D8FAE1C3086D67BBB
                                                                                                                                                                                                                                                                                            SHA-256:B9EC5CF56F89263A2F1EE10D0F7A09525A988C3BC636F6819BF5191D00A35EC3
                                                                                                                                                                                                                                                                                            SHA-512:4CB56D69A3C50BF34F87CA6BC378AF52004BB2F65A31360389D7F4D4AD04146A528FD856BA84FF3B65342F1D62A2E147C06B9EB90E482389C0927496AC45BD2E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF.....\......D............................\...U............................SW._ .\uihost.exe.-.........SW._ .\uihost.manifest..,3.V...[.... .&...@R.4".....n...jk.5.Lm..T.g.Z..t...6R....T2..EX.^./.7#o.....)......QL.....A.U.Q!V6@\F..h......s.y.5.......t}. .k..,......D.U.%f2`[.21.....%.FJ.@.B..J0...PKR.......}.}"..... .........B.....d...[f..T.hQ..{..1..x.t.....t.zo.d{.Sk.h.XX.@.lbk....l.>mdF.tX....}o..Z.-.A.}g.......%E....%...-.31.%.s{.p.F...s.;...g.S....y..5f......J...n.p.f.......)'........Z.v.{.r..m.........L...Ove!.79A.3..w..8...{....=....M{..%...g...Z.yw..........^:.....;....VS..9.........Dn..m..z>..c....Y..Ac..z.mO.._?..z'.I....6K..._..k..>~..=..{z.E|%......._....h..7...;...E.......A....,..m?t.'@......~.M7`....>:......s..z.?{..._.-....JKe.|`.sv=*.4h.:eA.....x{=.{..}w...k.......6.....y~...S/f.x..'......kn...l....q^?..[..k...h6....l.......z.....~...M. g...<p[.o...x{.>....'.+.e..-;. ..]._..q.2.A...fK....6..l.5......My......8N.V.....'\.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\uimanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 1751629 bytes, 2 files, at 0x44 +A "\uimanager.dll" +A "\uimanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 167 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1773629
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999595046383415
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:bUl6tnb++OYwLammut7SK0i4Ar675EsY7m/l9ML6r:bBnbUYwLaNutIi4aegKd8A
                                                                                                                                                                                                                                                                                            MD5:47E1D0B80A30A92E69B82399CA89121A
                                                                                                                                                                                                                                                                                            SHA1:4DB660A2DF048015754FA9C107986B1FF460C00A
                                                                                                                                                                                                                                                                                            SHA-256:7B476E41FA265A84630CA0C806684DEDE107DC09143695385CCB426879845333
                                                                                                                                                                                                                                                                                            SHA-512:67AA7519763A394E73D66A0D03264F1C8B353BC72D72E7524A9AEB2C85F8F4D44C86617A689FF6BCD618450BEA8E27FD1C9521367FAFBEB89250EAD3B163BC30
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....M.......D...........................M....U...................)S.......SW._ .\uimanager.dll.)....)S...SW._ .\uimanager.manifest...jM.3..[......X.."c`$..n...Y..{.P@C.A%*...e..i..d.....+A....+u...gyl..1A.;..~....we"..5......Za^F.034W2..`...o...Y.&g.M..4.A.MjFb..pSs....d...M..5......@[.4& c."G....d...k#Af.lF....&$.............*....l...yx..&T...$....a].w...c...E......b1.vB.S...|...+`..w..w.r..k..^...zKj..7...K.V..t|.Z2V.Y.....5{...CS.s<wZT.mr.{.Z..p}.[..s'[ruR[|u.*..".-...YltA.4."._.?..&G.8.F>I.....P.x..(.-....n.|.8.n'...}}n...Y.]}.4l.._......we.+T.5.h..g....p%...(.x...4w.P%.x.......H?Z^.Q..>>H...!......~.......M3...V......K.f...l...q~*{.^.....h..f..."....._..Vk6.I..I.H=..<K......Ky9%.z%e.eU$7'\a.k.\.'_...I.I..QV.v....$E@S2...r..W...X....i..nK..r.k..=..B.....r.-..u.O_^.^X..y.u...=...h9F;?.|...S5......a.9.##q..T.we..8..x.R.......!W-.$]..*.;...ee...b....OS..*Q'...E...Q.Ox.<.U.8.i+.......?~....f.A4.p2..G.9....a.R..5<H+.D.."U.%...|%8|....{.*.=...G

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\uninstaller.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 896328 bytes, 5 files, at 0x44 +A "\uninstaller.exe" +A "\uninstaller.manifest", flags 0x4, number 1, extra bytes 20 in head, 78 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):918328
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99935092902814
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:ld3svCfMqwCoOPV98+Iaxm8Y+nvSL7LVzONM:z3sv5qGrYmMv67LViNM
                                                                                                                                                                                                                                                                                            MD5:73AF0159DBD92E6039AE1D86B84F312D
                                                                                                                                                                                                                                                                                            SHA1:F69A327A885DEEED29AF60FF26F382C4AC4F2DF5
                                                                                                                                                                                                                                                                                            SHA-256:4D8CCE57584B25B71EC547958E84E95954090644CCE0C7284243DB5E5EA48DE0
                                                                                                                                                                                                                                                                                            SHA-512:D001C8A65C8A7FF09220DAE89DEBE0E07EAAB3A2C36542ABC0A735AB6AD615321BB4869A075C6735A16606383C38023B7D824F9FE3F5BF113220B1E7DFFADAC5
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....H.......D...........................H....U..............N...@E&.......SW._ .\uninstaller.exe.u...@E&...SW._ .\uninstaller.manifest..'...W&...SW._ .\wa-ui-uninstall.js.......&...SW._ .\wa-uninstall.css.......&...SW._ .\wa-uninstall.html......,..[... .......4...........*.Y.l......K..KvS.Z.KQXm.bl.........aka..d."i.b..QX.@,f..f..........._.N.{w1.1s.).D........[Z1....n....6.......TI.,.;.jl,...9e.I.ZK.q$.i,Z(..,F3..0...`...&zH/................AA?.{.L.1...9n..v...T.T....E.-...E.Q..i..V..Y...^Y..v..ES....((.c_..h..aOrL....>...1N6..[.\`7.+.n.o.f... ....r...\..{`s|..n......./.7%-c.....c..y.8o....l/.\2.D.!....,c|.9..ay.`...y.z.Y.A.@...Q~.....v.v./......$\x..(......sM.:.W......;...5C...J.-....d.*...5.P3.h.._O.Yb..)..............Tk....W.v.&..e_....?..B.....*&........v.`...P..~....C.r....a...........%..[.:...D...........S|*....s.-.Zm. ..j...[.....yH.z.......uK....V.C0.z....G.Fs..........W.=...^.T....i.V....~..o.V...\.n..O,}...2u.......x.......l....G

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\updater.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 855441 bytes, 2 files, at 0x44 +A "\updater.exe" +A "\updater.manifest", flags 0x4, number 1, extra bytes 20 in head, 77 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):877441
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999306815127104
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:yYAnl70cOcfMZSej3ekw7ZUtbKfOkdxgPVbzV2xDx3Z:yLKcuSqbNkdKNMNlZ
                                                                                                                                                                                                                                                                                            MD5:15E28F4C08E79950B8534200C09E5F37
                                                                                                                                                                                                                                                                                            SHA1:CAD828D2B815EDBC916382F68FB6EFE810D0EB49
                                                                                                                                                                                                                                                                                            SHA-256:CD5920D44F5A5663B556098836F04D932769AA86E96129816FF63D0802CE2BBC
                                                                                                                                                                                                                                                                                            SHA-512:80CEF52CE5A4A98EED6AEE65B5555F84AA97EF5431100CCEC33C0B96713F12F0875A4F54C2E7F7E29C343F3DBABEE44B1747DDC158001F182524287E27353007
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U..............M....M&.......SW._ .\updater.exe......M&...SW._ .\updater.manifest......*..[.... ......d.5......m.ZV.........,..B.R...R.HR.[..K.C.m.......q..q;.a6.t..v.....Zl...!3..23.~?.w.9......w.f..'.2iE...l#.3O.B.c......fC7.$..Bw:K.6...-......WP. ".v..TP.([....T&b.&.Z.m..9..cM,.3KY......Dh.f........~$../..7.y..P)M.@.......lQ.....N@K.,...5...*._f.7....YfU..~.{..J.'...s...,=..y.....=.g....}.k..k.}+...=..x\.o{..E<.N../.:.....t.&.J.&...,.fS..I....t.....)}.#......go...i.c...H.c...b.H.....H.F....I...i.1q6._s(...W...H.myO...3...].e7.l...J......i{.fH.q^u:..=,'..l.Y..6.g...%.R.t....-4+...?....C|7{........mB.>.....?..S..R.Y.<...z..#.......fX..cG..W......o.O....1...l.6..w.....h....J.......f|.i....N..a*_.....^g.9.1.K.e..{...;...T.6Y..y.|.Z...W.....zl...z{...oU[-..}._..i/..t..........e.....~.+..tHmM{...oJkfM....l..`....ak8...>..K.%....,..z.nx.....F..m.....@8....6..s.v.>g.j.........-...-Z

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa-common.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):34082
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.048810099348607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZW:E9DDI6thXjez1jtn9
                                                                                                                                                                                                                                                                                            MD5:BED2FF23927C34F86C480203AA7F87A0
                                                                                                                                                                                                                                                                                            SHA1:90B1B32D7A9CEECCD555D674582CB8AEE64E8909
                                                                                                                                                                                                                                                                                            SHA-256:9D7AC9A5AE897E993C0B6BAD468F56BF3B6CEFCFEAAD6FD2307CF8370945A2C2
                                                                                                                                                                                                                                                                                            SHA-512:6538FEDBC2DCE5EAF944CBD18F93783CDBFDC2920726A3509D0686BD062793B422AE6C6F67DFB0C344AC3E084F8B1F10425FA4636D1BA0FBD9E2ACE86EA6AE83
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa-core.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26073
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.774476579925344
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:J+6T4vNmgN8t0+yycVCI6z0jG7RMDX4WUMRmvm/W:IDIy+
                                                                                                                                                                                                                                                                                            MD5:4C7B6F8674B7AB6F82D336DDA5EA7458
                                                                                                                                                                                                                                                                                            SHA1:273346C8B26F0804D5D4AD8DB1382A2775FCB230
                                                                                                                                                                                                                                                                                            SHA-256:7D6298561E441CF79CE9B698D1040FC19460E1AF44EA1216AA27E662247895C1
                                                                                                                                                                                                                                                                                            SHA-512:58DDD8819F40D37BDD1236DC7C2CCAA28666C3DD84DE24F7C6A3F8B590AAFEEAF66AD609B3DFE97C452C19AAC0E6FA455FC1C2710BAE58B59AC017C27139B9F6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa-install.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5549
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.066110247641768
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Uji+oLbHInScwC0oljdaLDb2nD6nu7aabv5k/yigIAMvda0hS/iS:rbonScwC0olMLDb2nD6nupbv5TbIAMc5
                                                                                                                                                                                                                                                                                            MD5:F537A07AE7D570F52EE50643365B1FC9
                                                                                                                                                                                                                                                                                            SHA1:F3EB5BF057F2F981123FEBFCC568741E4E0F8FFB
                                                                                                                                                                                                                                                                                            SHA-256:2518B71F18A08AF85F79A3947C975A098346346750F0136891279B803F369529
                                                                                                                                                                                                                                                                                            SHA-512:1DCA227E358932ADEE77011F3E0A949E20A402FE99AA71B204A2E1936EF9C159D8DDB39F1DD36E2A974369232CA59D703334833DAE72F2DEEF12C8EC48553F0E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. background-color: #ffffff;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....img {.. -ms-interpolation-mode: bicubic;..}....#wa-installer {.. width: 455px;.. height: 378px;.. border: solid 1px #BBC7E7;..}.... #wa-installer .header {.. height: 50px;.. display: table;.. width: 100%;.. background-color: #F5F6FA;.. border-bottom: solid 1px #BBC7E7;.. }.... #wa-installer .header > div {.. display: table-cell;.. }.... #wa-installer .header .title {.. padding-left: 15px;.. vertical-align: middle;.. }.... #wa-installer .header .close .button img {.. float: right;.. position: relative;.. vertical-align: top;.. padding: 4px;.. cursor: pointer;.. }.... #wa-installer .header .close .button {.. float: right;.. position: relative;.. top: 2px;..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa-install.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1222
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1935835170409215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:csYR7A2NVMz71Mz7FMzrVMzPVMz6LVMCo7jpSZvF5aB:3C7A2meCeiCoH4V7aB
                                                                                                                                                                                                                                                                                            MD5:52675F42F15FEF49BD83972DFB0BF87A
                                                                                                                                                                                                                                                                                            SHA1:4582F2C4B969F278E341B2291690817E042F9568
                                                                                                                                                                                                                                                                                            SHA-256:97D5EBA4BCD228D7F99F1E132DA57AD12F1AEDFA8C883CFE89E3CFD2787B6429
                                                                                                                                                                                                                                                                                            SHA-512:1AE4D696542E48D279342F8846488CC3D2E42094310F7DD9DDC6CA1A0BE14D1F8DA96CB3A9108B82DBED990C19204E4B12EF25BD2C222AF82435B2771B553A59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=8" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-install.css" />.. <script type="text/javascript" src="wacore:jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-install-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:wa-utils.js"></script>.. <script type="text/javascript" src="wacore:wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-install.js"></script>..</head>..<body onselectstart="return false">.. <div id="wa-installer">.. <div class="header">.. </div>.. <div class="content">..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa-ui-install.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19389
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.84079067044455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:GVtiO2qyGuMW2FnrjPfGUfsdd5nwwCbvlOzNZLXQDCR1ZgpNW:GVXyRMBbPzCR1QW
                                                                                                                                                                                                                                                                                            MD5:013999C3E34A01093530CB57DFAA82AB
                                                                                                                                                                                                                                                                                            SHA1:1A596422E65CF0D6E725432D90DE2FFC01BF0E83
                                                                                                                                                                                                                                                                                            SHA-256:5F34A5F6E926F8A15029FC82B975123CBCEDC3E6C799CDBCFC8CF6EF7136A8AA
                                                                                                                                                                                                                                                                                            SHA-512:25D8E78297EEC091E85C93E538A58A6A5A4633250C95564CB51DA15523A7FB9644AB3EBE0E541B9621C0D2FDC7E4CACBD6518FB439E7EEBC71DB8D015B8118AB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Installer UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.INSTALL).get,.. _window = wa.Core.Window,.. _external = window.external;.... ui.Installer = function () {.. var buttonId = "wa-installer-button",.. _this = this,.. RC_INSTALL_ERROR = -1,.. RC_INSTALL_DOWNGRADE = -2,.... open = function () {.. _window.ready(function () {.. //check preconditions.. var productName = wa.Core.WebAdvisor.getProductName();.. if (!_external.CheckDoWeMeetOSRequirements()) {.. _external.SetInstallResult(RC_INSTALL_ERROR);.. _external.ShowMessageBox(_l("ERROR_TITLE_CANT_CONTINUE"),.. _l("ERROR_OS_REQUIREMENTS"));.. _instrument.log("Installer",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa-utils.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15448
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.445434608553055
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BZwBjyfDzRj5csy4h11lidEaCaNz46UcEm7dO2qSFZC9OQ/KTeV:Wefpj5csy4DIE3oU6Um8CTE
                                                                                                                                                                                                                                                                                            MD5:D83DA2A43B7160E76863E4D73A390C68
                                                                                                                                                                                                                                                                                            SHA1:0C93A9B7CD8290C536ACFB1C98B86B2DB5A15FB7
                                                                                                                                                                                                                                                                                            SHA-256:5D47BA4710B8DE34145DF1732FDEE9A5E7EB016322AD50DA1CCF56A21BCA752F
                                                                                                                                                                                                                                                                                            SHA-512:0ECAACEBD247AEBB320CC96199B24F40EBACA6B9704F877069A97D1233F47CCF9528B1DC71EE568FBFB90C7DA91149586DC67A73CCE3451B2C5B4BE3367A6107
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_),.. pscoreToast: (typeof _pscoreToast_ !== "undefined" && _pscoreTo

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_install_check.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):558
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.494810764492959
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                                                                                                                                            MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                                                                                                                                            SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                                                                                                                                            SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                                                                                                                                            SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_install_check2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):785
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.380231936591206
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                                                                                                                                            MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                                                                                                                                            SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                                                                                                                                            SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                                                                                                                                            SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_install_close.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):327
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.1140535970703365
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                                                                                                                                            MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                                                                                                                                            SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                                                                                                                                            SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                                                                                                                                            SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_install_close2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):272
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.591404605834916
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                                                                                                                                            MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                                                                                                                                            SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                                                                                                                                            SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                                                                                                                                            SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_install_error.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):428
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.367179920202989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                                                                                                                                            MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                                                                                                                                            SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                                                                                                                                            SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                                                                                                                                            SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5361
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956335361585333
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                                                                                                                                            MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                                                                                                                                            SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                                                                                                                                            SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                                                                                                                                            SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wa_logo2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2938
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.909981061900822
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                                                                                                                                            MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                                                                                                                                            SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                                                                                                                                            SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                                                                                                                                            SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wataskmanager.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 2942853 bytes, 3 files, at 0x44 +A "\microsoftedgewebview2setup.exe" +A "\wataskmanager.dll", flags 0x4, number 1, extra bytes 20 in head, 170 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2964853
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999835391713119
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:jy3xnx08sXqiQVLyAQ6l7xcha+PVhtnZICOkvkEMC1zF5StAx0NDYG4hOJVQijYW:Wpx08sXRzH6l7xktakcE71zF5x0N0G4i
                                                                                                                                                                                                                                                                                            MD5:A9120CBCA8A683E101E61BD787A3355B
                                                                                                                                                                                                                                                                                            SHA1:E0D8376ED24F95110CDB08E3A075243F25ACE126
                                                                                                                                                                                                                                                                                            SHA-256:AD79E799C810DF7822C525E0091FFBB82C195D48715E51C41FE7216851373598
                                                                                                                                                                                                                                                                                            SHA-512:4FA6D8DB590CE8319F6735D9A84AF00C529BF019A1084B5FBF6D02C7C0AA13ADB2C835E17E792EF41A3AE31743D03D4D16BBC080B4E1E704A7280D145633F0D9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF......,.....D.............................,..U.................. ?........SW.^ .\microsoftedgewebview2setup.exe.X.9. ?....SW._ .\wataskmanager.dll.Q...x.T...SW._ .\wataskmanager.manifest......I..[........."S`$..........XY.....$.$B9f.....0`..u$.*.V..w..g;`.......l.........d*<.*......@H..E..F..h....m.l.m...sy;3...r.....g....~.....ml..<hm.......@y.`7m66..-Vp...[Xm......b..`...Zq..7...f.....71K4..\......#.TD.U.E.{{..f..]...BeD0 d"...t@@..A....pr....B0"`Qy.rS..>a.5..@..u...*n...D....7..W+=.W.h.~.[?..SQ}o..I4....*.....vQo..w.K.O.Uj./......Q.?....T.^...l..'P........>.1....-....../...~....y=.~e....c...nVX./..U....4.o....T..O.....;..R..!..`.{l.....Cr.?.7:.Q.....+5.....>Z...,j.|.....-..L..+0.<L}..Ecc...V9s.kq..u.8.KUb...7.w..l..d?..`....K..+Kc.h.=F...~...\...\F.....j3.<.g..r.4.\zO..v.-..;..:.\..wdH&....AU...z.....0W\ X.'5W.J`>...z.......}..dr.."...*V....H.EI..[.A`.$[.fS ...z...^.Ez.....9..h..'.....6../.ut..(.c....0.b*.....'.dz0.!.`.....F~Z.....y.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\webadvisor.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, single, 1209 bytes, 1 file, at 0x44 +A "\webadvisor.manifest", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23209
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.660058320276064
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:E+Vj6ki2HPviQUDvYzhqDAM+o/8E9VF0Ny7LVKNSCpq6Z1tCAM+o/8E9VF0Nyq3N:EAu2HiPvY9oAMxkEtQpq41tCAMxkErE
                                                                                                                                                                                                                                                                                            MD5:F3C3AC8816B1DC7C05278A3E891A24E3
                                                                                                                                                                                                                                                                                            SHA1:C39A727DEF7B1527A0F58000F5EF56865AB2A4F5
                                                                                                                                                                                                                                                                                            SHA-256:FE007A4744205AA6E37BB57F09573DE20AC86E1DD0FC42C895DD31EE19317958
                                                                                                                                                                                                                                                                                            SHA-512:241E4B5308CA6230D9BD010AC9CC06F384F47355F178622EC4FDE01A764980E3108EEE602C6862F46E93309A0EE1DA1EF099B586A41350A9615C4E2BE6C87AA8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U..........i.................SW._ .\webadvisor.manifest.:..SH...[......K..3.%C...v@...N%.... P.../\..f....m_.S/.n..)..p..@............m.m.w.7./|..g....>w.....;.0.FoFp.6j$3c5..!W..............T2...e[.=..2E.M..t4MC.8.....:..fdx..V.j...z:u.t.J...h5....l..2.u,.`0..j....^...w...U..r...*..n.}.S...J......B.....w%o.CT...a&.FjG.9.a.....9.G..."...\..j2.s..L..0......F1D.S/.n...^<.x..5V.........QeFh...loZ6..K....E4.......Z.X.`..@...o...}.....X.. .....l....vv..>\......a;..".....k......G.0..n".P.. 5C..Qw.5{...N......1.8...tOw=./@G....L......n....0.l.U[Y%Z.`...7.i.>.Z.e8j.].A.z..Z.a.=...Zp......:.h......bS.&.-......e....w..%..v,.=.U.X..@...Lb..n.'...o.+.|...F;:..jJ.(....-.....&.{|;..|...Ly..jZ.E..;7.....H[....vF.>........;.(..[].c.s..:......<...+.cQ!.sY......t.1....z_...h..;.5vX..o................~......& ..Up..`.(......C.$..+u..5...OxqIT...f....t..1.i...0;.......C`.1......pj...n../8.(C.y]._H0Bf..C.G@.xt...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\webadvisor.ico

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):99892
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9749743269785345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                                                                                                                                            MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                                                                                                                                            SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                                                                                                                                            SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                                                                                                                                            SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\Temp1463644285\wssdep.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 581039 bytes, 3 files, at 0x44 +A "\wssdep.manifest" +A "\win32\wssdep.dll", flags 0x4, number 1, extra bytes 20 in head, 46 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):603039
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998659373142574
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:hf9tuG0WZPhmWvaKKXCGqnYN7XtaErgT0UOQ6WpLUti7FLaxlx0ex+yi:J4uhmXSGq80PT3LUtSWXJx/i
                                                                                                                                                                                                                                                                                            MD5:24080993552AFF33FD59C7C8D23DD3F8
                                                                                                                                                                                                                                                                                            SHA1:EEC0A5CFFC8FC701D6338A67B6B1968843DDDBE3
                                                                                                                                                                                                                                                                                            SHA-256:922F51C14ADD9EDDEB7A1B86F82C269DE96AE7E1F3D3626D632D611AD2771C59
                                                                                                                                                                                                                                                                                            SHA-512:A36B0F8B38CC25420A67A5BCE55FF0962FEAAFFA4FEA259EA027DC91714A1D24E26DE3C3C6197E418A72D77E5A0A4C6D5CA3563928683E6E35A19B93180BDE55
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF............D................................U............................SW._ .\wssdep.manifest...........BV.h .\win32\wssdep.dll......$....BV.h .\x64\wssdep.dll...q.<..[...4. ..."C`3..[....]..4*.....F*-.Ck..j...F$`Y.AHe.5G...C..O.;..w.......%.e.D..2HHF5..1..jg.Sf6".p.....}T?.y_.w..|...8.:.u.s....o..;.d.....r%.}...K...;..%R...o..-..f..B(....(Y......IC......E.d-i..'$.....!......".3?+.....y.}..z.5..Yko..Y..e#.#.....B....p..H.....x. b.......q...?...*..'t.Lb..A.z$*..>}S.3..iu.L.$..h.?...].;...%.Qy..}.d%6.=K.T.S..F....?.Qi/=...^l...4..h..z..ZE......Z.-F\T.T.[f.%.P.[...v.W..n[..X....[.zl.H. :.H..]=........o...|...s...@...D$.t..o.S...=..PK.....7...}.f6.L..nm..r..J.y.....U2..wr..t.C%..{.Z.V.8..U.b.ku...7I\..V.".[Q.OvFQ.K].9..&]t.i.7..^.-..O.d]3.p*.WD7 ./..DjO.]......[..(..F.d..Z..N?.u.a...=;i..j&)Ev.l............N|........[KK..UuR...^.0i..i..H/.....Z.H.J..f=.e.Ka../Zk..*!1W....f..V.s.......0..-uZ')i...2.f0.IJJJSi.#7J..^...3rfz...6.F.r..z._..x...M

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\aviary_client.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1458), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1665
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.299957524025923
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:HL4WKW98d7lvOKi18GDAxJxFyWLcLBoHC85QsZKg:pKxd71OKincxJxMW08D
                                                                                                                                                                                                                                                                                            MD5:1325BBAD2BB01570B527769E0AD7AFCF
                                                                                                                                                                                                                                                                                            SHA1:7FE83FC3C9152EB433176481F1B09C6D77654F8B
                                                                                                                                                                                                                                                                                            SHA-256:3D653E48C4CAC8C85C3D686EEEA27BA230D10BD49B44E72C69C0AAEBF279DF10
                                                                                                                                                                                                                                                                                            SHA-512:199D8BF69E56D7CFC3AEFD6991AE0C8CDA0F2A632FCED126C51A7238EF62D7B6E70B47004AAF78BD5A6E28537D99650599266F410A7F3C9AC12C850C4FDBD58E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var aviary_client_fileVersion = "1.2.181"; ..function CreateAviaryClientHelper(){try{var a={Get:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.Get(d)}}catch(c){this._logError("Get exception: "+c.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));getScriptVariableStore().Set("ContextItemAviaryStore",this._aviaryPlugin)}

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\common.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (13833), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14033
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.342408631225737
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:qtu3RAn5OgUkr5oAZ0hFrBhCHuBIeTGqU37nw+9RXSWV0ai:q43RAnblghz0eIH7nwYpV4
                                                                                                                                                                                                                                                                                            MD5:144A8645F924580E833D56C442ACDEC9
                                                                                                                                                                                                                                                                                            SHA1:25B4CE0D450DBDF87F854AD19D2EC027A3252086
                                                                                                                                                                                                                                                                                            SHA-256:64F3218275D1D3A5A5B2643225728C44CD64A9E41F558AD150F7438E00B8B0A9
                                                                                                                                                                                                                                                                                            SHA-512:7D64DBD260896223CA2F66C1800455A865153CFA6EB1A7E27006ECBBAE14A3A76A7C0540785DAC5D6684309005B8F7677C16B2E0A320D49523A649D0B65BE021
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var common_fileVersion = "1.2.181"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\config_manager.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (842), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1050
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3308262881228865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2VeEhIBolSPnrVCYJqPse4A7PWLb/X0rbjIfJNosj/fcIg:28EhDSPrHAPse4A7PW3/X2uosj8v
                                                                                                                                                                                                                                                                                            MD5:2A57B3778C74AE74813C582C421E2B3F
                                                                                                                                                                                                                                                                                            SHA1:8A26061D568A31F40A9B9F3FAAF07169B29BFDB6
                                                                                                                                                                                                                                                                                            SHA-256:811306686B18AC1D3F4AC3BE033B9B2A0FAD47756EBD3B0DA732981807693020
                                                                                                                                                                                                                                                                                            SHA-512:7B782F0C54BE0D9A179648B53D798FC977C6C4816DA5188C0DF23BFFE733B0447890FD288FDA48D9F67AD858DEC600D2A0F4ADE60C1DA18EA74B5C9FB7CF72CC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var config_manager_fileVersion = "1.2.181"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//269916DD98552834BFB08C7C2DBF38F93397F34BCD7233EC8F33B0D2901D54943DA31E56165E4EE2

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\csp_client.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3383), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3587
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.298620762714509
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:39Brq8ECI+Vttye8xYAAkSynknNkTv5ApLCYnawFwklt48ZI3OU2k9qM4JCZ0urk:PrHEfqr6GpdL4RgI3OL8ACe0E9CI5
                                                                                                                                                                                                                                                                                            MD5:76ED8D0EB457983AE7DC1E9CE0E2DF69
                                                                                                                                                                                                                                                                                            SHA1:157DC04AF4C77C168A78248E0613D60FA3A7E6F6
                                                                                                                                                                                                                                                                                            SHA-256:1C62B1F4BAF55818CF3C3869CF5A9DC2FD83F9C738EF9326A1636219EBC71D7C
                                                                                                                                                                                                                                                                                            SHA-512:7A9222329543B7BA0CF7AF7685A26DAA7FB539C1395B42E4C795E86BBB6408E3DC7C0502A63E4EA5FAA4F71CE0C8689A9359E25A840C872729C9110FCE903B50
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var csp_client_fileVersion = "1.2.181"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_collector.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (13758), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13966
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2090049632194315
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:eWRhWbpB4FRhL10g4fquSZHo7vwFCw43NvyLUPu1phBOeY4PZTIit6BU6wHAUJ6r:fmbpOFvY4WXo1tYQZTAhLhc0
                                                                                                                                                                                                                                                                                            MD5:C0F8805AB18F2714D5407D77CA466165
                                                                                                                                                                                                                                                                                            SHA1:3684896574EF06DC678ACEEFD4FA69F80B22E30D
                                                                                                                                                                                                                                                                                            SHA-256:B9BE1DED5B76161372EB2B98528179E8D0AA8B73F7EAFAE3318B7F3CB6E8BF62
                                                                                                                                                                                                                                                                                            SHA-512:53EF3C586DC660502F31CC31FF605241D1D6043F53C39EE3EE12633DDCD14B0B30A84BE16F20DEDBC647A58BE5B7BEDC22E807BA6265AB7A0898ACBA35E1BB58
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var data_collector_fileVersion = "1.2.181"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers||!this._refreshers||!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_items.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8960
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7010716622460236
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Xvvu5bVDbDvhF/62/64N/6j89OywRq7ApAd31yycEMKlo/xJMx2m5H9MXYwfczyM:O/62/66/63xQ2m5dMoqMmOZ
                                                                                                                                                                                                                                                                                            MD5:E9A5F604E451A4C240474457B6F5F775
                                                                                                                                                                                                                                                                                            SHA1:DD5D46CF0A510C16D354096513F28C8F438B4C38
                                                                                                                                                                                                                                                                                            SHA-256:D4B0031958C4B30AF517D6B22F76D22BF10EF19BBCE9A5A87D313717FB4CEF52
                                                                                                                                                                                                                                                                                            SHA-512:A455B6AE58B94A390DC514B3B9A60161002AB138F3AD09CC56D9608DAA819146D41D66CBE56C40AB17AE84564B9EAA976D84DBFE1C0BBC3CF61E2B60C361F36D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "version": "1.2.181",.. "data": {.. "product_analytics_content_version": {.. "params": "getContentVersion",.. "rule": {.. "ruleName": "notNull".. },.. "source": "engineContext".. },.. "product_install_type": {.. "params": {.. "name": "is_loud_install",.. "scope": 0,.. "default": "UNKNOWN".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "product_affiliate_id": {.. "params": {.. "name": "*Affid",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "device_geo_id": {.. "params": {.. "name": "SystemGEO",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waS

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7140), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7341
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.27407171797532
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BSNaQstBT0ZVs64Hwxizhs2RS+R8Btmm9TsbYF0Rx:+WhxhLCPmn
                                                                                                                                                                                                                                                                                            MD5:8957C96F2D8A5EAE05B1FFB5DAF15B8E
                                                                                                                                                                                                                                                                                            SHA1:41DC6CCF5E2434E5ED67FF1EE7329E5FD16C0FA7
                                                                                                                                                                                                                                                                                            SHA-256:1D97C9DB7F04860A7B9571532191F0D7FA3A43ACED30256ED99852851F107CB6
                                                                                                                                                                                                                                                                                            SHA-512:682864682122B9FA199E3CA9EE7548433ABF1B010BC38A59B2A0AA32AE92F25E9920FB199C4CBD0F6C078E402DE22EE885B0FB18FE177E7D4B924571991A2D14
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var dataset_fileVersion = "1.2.181"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset_da.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (6749), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6953
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.406901064256282
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:JE+7wzRBsvJdOwfwrsEkRvtPYiNsnWPVybI6gNzgMd7e6peMYs5mI98RGx:JE+7uoJdSwHlQit0ONzgC7us5mIme
                                                                                                                                                                                                                                                                                            MD5:877309C597A1754C7CCCB61D7FB82320
                                                                                                                                                                                                                                                                                            SHA1:04CEA4DFF078D64B4BC8F30C219039423FB483C3
                                                                                                                                                                                                                                                                                            SHA-256:8EC7F3E1193864D6ECF6C38719F85511AB198B6506C4FBA601DDFB4D0B9FDE0F
                                                                                                                                                                                                                                                                                            SHA-512:601BE3B231A89D41558C316C65A13DA13A7FA49603823F321B32190C1FF12A2210F965E0D343365D59B35291080EDD390A4F62B4FC638B384B195F49B7B54A5B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var dataset_da_fileVersion = "1.2.181"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(1*60*60*1000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=24*60*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\datasets_catalog.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1536
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.717699904609679
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1r1GHkJZEwv0SD0FOZVYEsWElFcTduoLqr7QYrMKHqEQDsHdYrpFxG9sSFeJpK:HCEnvU2mEsWYFAnLqrtrMKKbDsHOrpFU
                                                                                                                                                                                                                                                                                            MD5:CA4481199F1905633D8635ED4C4D9B2F
                                                                                                                                                                                                                                                                                            SHA1:B151F60C430D398E9ED81399110D653D70F4BEB0
                                                                                                                                                                                                                                                                                            SHA-256:83AA1C521E2FFE89D16B2EE44DD3678CAF95FC2567DB17263B97D87E2CE1BBA4
                                                                                                                                                                                                                                                                                            SHA-512:E40ECBEB700E9A15195E83200F811EB3D2D120F83F860E37AE7FE57778E97DF2881776C00B5EA2C19D27B367F44B475AC4A86808B00DC616DAC5649F2A7C6539
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "version": "1.2.181",.. "data": {.. "default": {.. "data_items": [.. "product_analytics_content_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wa": {.. "data_items": [.. "product_version",.. "device_country_code",.. "product_subscription_type",.. "product_ab_test_group_id",.. "user_account_id",.. "product_productkey",.. "product_package_id",.. "device_platform_edition",.. "product_cpu_type",.. "device_platform_version",.. "product_install_type",.. "product_affiliate_id",.. "product_subscription_expiry_date",.. "device_geo_id",.. "user_global_reference_id",.. "device_id",.. "device_platform",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dictionary.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10174
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.056574499020934
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:dWOHdgzPqNxXciNwSmX2C6mWaSgkzRqU83ZPh4U:rgziHGazGVh4U
                                                                                                                                                                                                                                                                                            MD5:95B93A03B8CB08AF09BD8D482EE0D29A
                                                                                                                                                                                                                                                                                            SHA1:5349BAD7E28368B4705028EB34C8B04F6D3604E8
                                                                                                                                                                                                                                                                                            SHA-256:8A5E81CCFEB1CB82E0496FEAC6506A75654C546ECC0239055EEA64CB63F5370E
                                                                                                                                                                                                                                                                                            SHA-512:70865CC18B2CCFD9A0BA4C4E45E844A61E35342647F7BACE640C19D1B1C1F9122D8999EBA0B82046B5465C495E92D1C535A51DCF6732756ACD2C1C9A37A3EAD7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "version": "1.2.181",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_met

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\emitter.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3654), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3855
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.20710916605884
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:4yk11hc+h8Md+O2SNyMZ5uGC2AjrkCOGnDila1:vk1I++Md+O2SNtC2WrkCOGnDila1
                                                                                                                                                                                                                                                                                            MD5:6C8C011735FDC08793118C82D92DA4CB
                                                                                                                                                                                                                                                                                            SHA1:CB7B4BA48AA9E669C3D83D2BFBC69F80AE0CC2BD
                                                                                                                                                                                                                                                                                            SHA-256:4297BF13FF46485DB3A16C0E64C894B83C53CFBE0FC19227066F0E99B2623264
                                                                                                                                                                                                                                                                                            SHA-512:A2F9E1E123B4D113582B7A422DB1CE67BCC4BD3513ECDA6A661B9D825D500FCC4BCE9C5404E4F58BCF136AFC5F4AF2AF9941831E5737D0818259718C3CF19B71
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var emitter_fileVersion = "1.2.181"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transportName).GetVersion()){return false}if(!this.initialized){var g=ModuleM

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\engine.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (11329), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11529
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.250907548570848
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:K8+1u9z1l8Le62L9s9Zs2JFsIOSsnQSRTPd3uXsx14jxN2FhvsC7PquQQHDmksFB:0e1LYpJyZQSRrdeXsx1AxNWFRddDmWM5
                                                                                                                                                                                                                                                                                            MD5:85C7C5CCEED140146D877939FBB40750
                                                                                                                                                                                                                                                                                            SHA1:B3C266846A70C3B3E79526A8E3D59FBED5E5AC02
                                                                                                                                                                                                                                                                                            SHA-256:F7695E7C7B6B0A793F2E518494D343002E5AEE0E4F735949D46A853ECF0FC58C
                                                                                                                                                                                                                                                                                            SHA-512:C3136DBCD763AB2F9BE0FCA42F4696ABD7183C7BFA06AB2C19A24D09C7816A9CF699570F6F7DCF3A4A4B9D5E749E7F6E8182DB79FCB84E13F99F2962F0B1404E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var engine_fileVersion = "1.2.181"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60*60*1000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\error_transmitter.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2529), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2740
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.310758777564662
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:XURsQEqp22+r9sEDQgWenZsEXRiRmf3djAFzsEysEBQsEsFsEBMCnUGsEaffL/Tx:DQnp2fxsrsnZsEAEf3d0FzsFsfsHFszd
                                                                                                                                                                                                                                                                                            MD5:BFB81A6C06296A0E3DB5D3ABCF633C76
                                                                                                                                                                                                                                                                                            SHA1:C86B17B783EC3076F3E0D2BAEC8E6D0842DB52C2
                                                                                                                                                                                                                                                                                            SHA-256:F5A8EF08DC65DD2E4B4E5769E445572B3F6F944BDDF4FF5E9ECB4100C084E5C2
                                                                                                                                                                                                                                                                                            SHA-512:14A1E51CCCAEC42C2CAA85E0B70BFB31B663542A961FCF91BEB227B2CB6A2AE910C7A262A82D631FD269EA378A74181E0CC0066DED700FABFF658339EA8C64EF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var error_transmitter_fileVersion = "1.2.181"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\event_handler.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (6709), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6916
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.333702053750348
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:7b+vdzkDCDfgTg3ZyHORvgaF22TYlpt3NnhYqBU3YYXCf/:skDgrouvgaF22TYlpdNnhVW3YK0/
                                                                                                                                                                                                                                                                                            MD5:6772FD53C0B998E06A851503E851BD17
                                                                                                                                                                                                                                                                                            SHA1:4B7426F7D2B3585BB9FCCC132F9A76C63D7290FE
                                                                                                                                                                                                                                                                                            SHA-256:D8848D8334CE9117374DD12AEBC180D208FEC0F958B89664E85E83D45A7E2149
                                                                                                                                                                                                                                                                                            SHA-512:CF410C8D5D49B6A2603818CD3AA093DC2AD8B4AF8F71069E36B7D706BB82C6C0508B0F9C2BAADD3B5D2C152693D8B4319520BD89062E96E39677B9568A3EC4BC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var event_handler_fileVersion = "1.2.181"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)||("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)||("Analytics.AddRecord"==f)||("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\events.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):134361
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.1600337530633746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:0fzFRfzQO30XiSLXyM6dzYcUXgIo8RmsziMw6pl7tzBuWpCBwOCBwXzN3PKbDf8E:WvN0PXgOGPwBwhuV
                                                                                                                                                                                                                                                                                            MD5:98F6DC778331E4029FB4B191D54FC985
                                                                                                                                                                                                                                                                                            SHA1:84647C518329FF8C18F12C8B04A833C102BD03C9
                                                                                                                                                                                                                                                                                            SHA-256:2BF53E32D9F91E0177C9BDC05DD9B3A236B3D0E6A41F2D5720F949DE9BDCEFB4
                                                                                                                                                                                                                                                                                            SHA-512:AAB3F2C37628B1A0BB2563CF1532B310F75EC9CBD608EE3E4170DAA7F9CED8DB0F8379628C134A2C314023DE8BE1B76382DA04CED7867138084D4E3E1073B7FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "data": {.. "wa_advanced_protection_signals_impression": {.. "attributeRules": {.. "hit_action": {.. "meta": "screen_load",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "Analytics",.. "ruleName": "override".. },.. "hit_engagement_interactive": {.. "meta": true,.. "ruleName": "override".. },.. "hit_feature": {.. "meta": "TBD",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "success",.. "ruleName": "override".. },.. "hit_label_18": {.. "meta": "AdvancedProtectionSignals",.. "ruleName": "override".. },.. "hit_label_19":

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\hash128.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4059), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4260
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.611174413374786
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:/hGfe5Z6TQ25OkR/ZCpMJFU7Rz94+IFpRREbgMG6hxOIq4sU/G/HIGIkUNjYbah:/I14icRpVIbRybgMGyxOIq4sU+/oGIkE
                                                                                                                                                                                                                                                                                            MD5:30DCF4CF45E8914CED95B9A7C012B7B9
                                                                                                                                                                                                                                                                                            SHA1:B131D1710139B270C6C75A03B12D7615D4DD772E
                                                                                                                                                                                                                                                                                            SHA-256:EDF4741A3F6E86889E6FC3FFAF2A1450678E2E16BD2D008E22DDE4A9AA44536F
                                                                                                                                                                                                                                                                                            SHA-512:35044DC820842CBDF38FA41D5604ED0035D0339C0B05833F4BE10ED54FFAE4927F951AB3282C6EB83EE0275761CAB2363DAC7208ED2FD20492CFE950A4184ED2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var hash128_fileVersion = "1.2.181"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)|((~b)&c)}function q(b,d,c){return(b&c)|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\json2.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3618), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3817
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.529217349892361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:d6xjvqEYontqQYCNRqihKDMl1Q9/+slg60yvb0Pz/RlOZglybLnEl:lEKTGzg2sWqz+lybLEl
                                                                                                                                                                                                                                                                                            MD5:8BB6763E626752B16CFD110B5453B3E6
                                                                                                                                                                                                                                                                                            SHA1:E4A8DDF530A4D05072E39F182D806348ECCD8CFC
                                                                                                                                                                                                                                                                                            SHA-256:F3661180451AEE65BB609B6A28489D32B7A8B928AF5094F518E2DCB0BE16003E
                                                                                                                                                                                                                                                                                            SHA-512:6E0119E6BC077A8D9AEF5D96F3D774FE1F2D27EA209E8542DEB0D9D2AAF6F91F301D267FEDFE768B5253D9800A29CF13CE1F1CB232E7C8368D32797FE0B26AC9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var JSON2_fileVersion = "1.2.181"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]*$/;var rx_two=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^|:|,)(?:\s*\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\logging.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3176), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3377
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.478774658651738
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:RXNGJtGJIGM+GtH5jnV+g2CdWVvDK1lEwJ2MPRp0WvIttWh:CJEJTMpzYVrKwMPv0WAtgh
                                                                                                                                                                                                                                                                                            MD5:BB39BF60BBB5649F2E6AF73E03C801A9
                                                                                                                                                                                                                                                                                            SHA1:BC7B877FA0069FE885951438C15F6F7C157E6F58
                                                                                                                                                                                                                                                                                            SHA-256:974599BC2BB79BFBEE739957B73F79D94953D1D97048F75EFC1A172C4222427D
                                                                                                                                                                                                                                                                                            SHA-512:12D5191D0620E04DC2DE5CDA2D5957E2CF4A97D4D664025F0035082C715C74033B832A5AFF9AF18E46552B44CCA06C9B3B2235F0A5B2EDF5249CC41934E770C9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var logging_fileVersion = "1.2.181"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mappings.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2160), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2362
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3401536620120975
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ob7j7XL5Zqjbtkp2yI4XNJEE+yqAUfOh6A+33SRWVCYAFET:I/IkxXn1+yQOh6D33vC1ET
                                                                                                                                                                                                                                                                                            MD5:ADB684CA19D54C05B7032156B1B26823
                                                                                                                                                                                                                                                                                            SHA1:EF6460CAB61E66C3A06D7DAC877D7D54BE7E871E
                                                                                                                                                                                                                                                                                            SHA-256:33656F3B24C664F73A57AFEB2C7B705C825CBFEE9BF7585D7359CD663518AEA3
                                                                                                                                                                                                                                                                                            SHA-512:93D5166883CED16E3CCFDB430B4D5021DE13434E08FC939B5C5E8A82EB0E252D79F0B34C02F07201E8CDF0C81AC95E5EC4E0E11A3164440EFC6D1ED3FE555653
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var mappings_fileVersion = "1.2.181"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b||!f||(typeof f!=="object")){logWarni

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mcutil.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1832), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2032
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.423419114482651
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nb9YBy8KJU9hYErsYvZ5YxHqbWbb//yb07jcFl4ADv8TuScfRD:n5Y7MErvScaiNXScZD
                                                                                                                                                                                                                                                                                            MD5:CE103C399CCC08F9AA5B0DBF88881E28
                                                                                                                                                                                                                                                                                            SHA1:6774BDBE18B6D63BA790FF9A32822230FAA6E1C2
                                                                                                                                                                                                                                                                                            SHA-256:4FC19203D995BF3543796193E60841B77EFB660D5A0D4C91201BC65ACB8E8354
                                                                                                                                                                                                                                                                                            SHA-512:AF6574E53690A6141D028079B6ACD7E54AEE853D86C619AABA635FE3848D7DBB69C86754EE7C36874D42BB72B48AB08E38458FDB3B8C0382CAE9CAFDDB8038C6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var mcutil_fileVersion = "1.2.181"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\observation_analytics.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1151), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2017
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2643713576298214
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KvZEumJTxfCViKARzApkiNOVBdDzdzHbp5db5GFDvVd9MGZdozuIdvJEd:KvuusTxfCViK0zJD5zHVjb5GFDvfb5Iw
                                                                                                                                                                                                                                                                                            MD5:B3AE304C1084A7D4B5CABF74C64458D8
                                                                                                                                                                                                                                                                                            SHA1:A88D20205FA58ADB5ECEA1985593FFFA2DA1C417
                                                                                                                                                                                                                                                                                            SHA-256:54A31A36672CCD6E11CF0BFFA1BBC08460BCC91CF1AABFCFECB0A939EA189AEC
                                                                                                                                                                                                                                                                                            SHA-512:F72F45665522B40AFE6BDC228A2E179320E9D835C20725D5A1846CC206DD6428C7A5B84CAED666416642CCB894EC6BD7939AB3E332941145ED6339E239B86E2E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var observation_analytics_fileVersion = "1.2.181"; ..function getObservationAnalyticsEngine(){./*. * config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\operations.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (6480), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6684
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.337224061028135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:jAk6WqZs6iqL5QaQldifjf9i/OCi8sdHvzqZ+SSf72NfoDc8H5sviXvq:jEb3UidGBdT
                                                                                                                                                                                                                                                                                            MD5:572BDB31B5DEF5ECDCBBE9D0F8298167
                                                                                                                                                                                                                                                                                            SHA1:13C1BD6AA368846990EAE0527C0E7B3B9B6F6560
                                                                                                                                                                                                                                                                                            SHA-256:53A05779BA4FF6DA18FCA7D817516F2FFDC180DC00DA8E91AE8F472493E67FEE
                                                                                                                                                                                                                                                                                            SHA-512:4D04D03F7DD01C407F2554AFDA61D1CB1924256C7C67ECF3F72AE656703B0148A57D906876E2D7ED73E4A9A574B2F5146A0BDD072FC367C2514F3FA30E3A87C7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var operations_fileVersion = "1.2.181"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\preprocessors.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (825), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1032
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.406672124511126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:8eLYQI/YCqYJIAb2sFsn5caYyb2srq7Y4cbfsk0RrnsEeEc1Jntk2O:pLVI/xqIXbTFsKrybTAncbfl0Rrsn1Pk
                                                                                                                                                                                                                                                                                            MD5:AEF9083AE508ECD909C4D1B26832761F
                                                                                                                                                                                                                                                                                            SHA1:34DB0B9BF4F1949381C4397D03434DDEAF74BBF4
                                                                                                                                                                                                                                                                                            SHA-256:E150DEEB702CC930402D7C5756E8DADF216F6FFFADD22E1C12C98E3DD5FFB92E
                                                                                                                                                                                                                                                                                            SHA-512:B95970D7BAEBEC0BF538248960157D22D31CB0E912ADC11ADE890D9C45B923825FBC39FD8AE0D20AF27956D4B80D0FF94013B7438D94902C46EB60FECED7E698
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var preprocessors_fileVersion = "1.2.181"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//D9AD4ACE1BC0124B3BA656E014A50EA9D4D2D3F7739C91C96AE198CE73126023D2809CEE59018A9C678F901DDE34D55D3F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\profile.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2283
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.215493750927689
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:HV9y51drjiTX2/mIQft9y51drGhImxs9y51druhmmC:bf2/dGTYs62X
                                                                                                                                                                                                                                                                                            MD5:EFEE1A73FA907F3D0A6AC06D624BDC49
                                                                                                                                                                                                                                                                                            SHA1:563B2AB8FF69694D52F96F100A7BF53719621DD1
                                                                                                                                                                                                                                                                                            SHA-256:3C29F581572B84D9D184785120E31D5A0344234E4BFBB44942E658C330DF7C9A
                                                                                                                                                                                                                                                                                            SHA-512:9B5276A40F88231C01B974E49894C414511F15A9C2551613B7106E8259AC21947FD86DD660A4A9DBB746935B53B6B6A9B3381C3C6785241821582259A3BE7AC3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "version": "1.2.181",.. "data": {.. "profile_webadvisor_mosaic_100p": {.. "transport": "eh",.. "dictionary": "dictionary_wa_mosaic",.. "datasets": [.. "default",.. "wa".. ],.. "maxDimensionLength": 500000,.. "appid": "7b3ed1a8-7907-436a-ac6c-640bfd5db80c",.. "transport_config": {.. "apiVersion": "2014-01",.. "servicebusNamespace": "cu1pehnswebadvisor1",.. "eventHubPath": "new_wa",.. "sharedAccessKey": "IU1g+5XrDoldu/krnr8GDbVL/jHXoqZrH9alKG29J8Q=",.. "sharedAccessName": "new_wasend".. },.. "throttleRule": {.. "meta": 100,.. "ruleName": "dailyMax".. },.. "throttleMultiplier": 64.. },.. "profile_webadvisor_mosaic_kongapi_100p_qa": {.. "transport": "mosaic_api_v2",.. "dictionary": "dic

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\registry.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2785), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2987
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.391913933403757
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:WNToenoesA9R/io8udVQN7wfagenv7sboA+FNvf4uCmnWoGbA/WoGb5u4U7li2cC:yBVsuvsnvYc/UiWAWBun7hn
                                                                                                                                                                                                                                                                                            MD5:5372B326CA29EC2DE36EF8F109502301
                                                                                                                                                                                                                                                                                            SHA1:C3EEB4C2B4FAC9C4994248CF3D7F95D500C51F88
                                                                                                                                                                                                                                                                                            SHA-256:03593C81230E51745836B2BCF35B3D908FC5B17841BF245B4D87ECAB67BFF653
                                                                                                                                                                                                                                                                                            SHA-512:5FDC6490CAAA5A8461793870407D3A6E96271F552B5006C7AC8C8B8CC82B32B49FBF6391A8BFD98AC0C9B4E53B609366BF2E9543E2E733171F2CF600C06B18FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var registry_fileVersion = "1.2.181"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rest_transport.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (6423), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6631
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.301476595849207
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:E8sCKa1ZC0CG20+M9wBFmGO1zadW9NvEPzs5C7c8a5dcQbefnLpNxSf:8B9Pzpqf
                                                                                                                                                                                                                                                                                            MD5:1AC8A0EC5A66AD08CC9DF81972F571AD
                                                                                                                                                                                                                                                                                            SHA1:0B27C814B04BCC1C45F442A3D5B0305A38885555
                                                                                                                                                                                                                                                                                            SHA-256:AD9BE63E53A1885949B3EBD506C1C911539BE31584ACDFDC081FB022B55A645A
                                                                                                                                                                                                                                                                                            SHA-512:9F200BAA040AD089D3DD4A965C39A71A3E594395EF087DA25D7BB96730DFE19CBC9DA582C696D048607C04DCF68DA295402953A64C6A908B3772E9CA72A91C3F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var rest_transport_fileVersion = "1.2.181"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rules.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3246), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3445
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.352977551180376
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:IM0Vnh1PJzvkXv3i/kYrAH6aEPhZf3a4BdaFBLYFpGbaaPYFpGbMmUpXjJbO8iR0:Xfpkq4qFypHrVdiSN5bYQhavJ+N
                                                                                                                                                                                                                                                                                            MD5:6D3E819131969A13A1CB711251D35B84
                                                                                                                                                                                                                                                                                            SHA1:800E3D54CED7EDC9E4DA86C5EDDFF916A67C8D44
                                                                                                                                                                                                                                                                                            SHA-256:0C65B236AEF00DA1CB864D02C60F5DA6D071ACD977A836EBECFFC8FF1D0FB0D7
                                                                                                                                                                                                                                                                                            SHA-512:5D97D85E70B9805907790AA8074D6D43A928CA9E4705717B0D515D873F9B33623FAEDE59F61BF4BFFF3EFC697C1C47514BD193F354BE80CCF82CFBF79E89D777
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var rules_fileVersion = "1.2.181"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\sha256.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (709), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):37442
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.182556715531017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:aNLZ52t2LQdhrnY09gCZHAtV9EhhfVroWqAv:av5KUQ809gwHAlybqAv
                                                                                                                                                                                                                                                                                            MD5:1F991FEE209172D247C3BE87A794819F
                                                                                                                                                                                                                                                                                            SHA1:52974B066FB6AF6802A3C3A225710FE6C0B78260
                                                                                                                                                                                                                                                                                            SHA-256:FC0F46A6495B9DB6789CAD245272125AE1D21D9A1AC823F663FA5D4D8DED39FC
                                                                                                                                                                                                                                                                                            SHA-512:E5373D7BDD0D5C9697941ECD9ADD2752971ABE32A45519068A2B93B97A76578599854A71F6C5907025BF7E9FC8432EE55F81187421601DD3ECD3DC654C9BCF7F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var sha256_fileVersion = "1.2.181"; ../*.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\subdb.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (663), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):862
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.488970807055558
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ZmeV5IOd09ODopDwLgmjNnbi1W7xzBtxR:hV5iOD+ss4Nbi1yxR
                                                                                                                                                                                                                                                                                            MD5:B4D8A83F38DDDE9224AD7DC9939DFEBF
                                                                                                                                                                                                                                                                                            SHA1:7FD27259867AF6DD887FFBF576E50A7DD10D19F7
                                                                                                                                                                                                                                                                                            SHA-256:8A92A070A6980C4D1D7DA6770430FD9F489AF3E633900C3160289310CDB137C8
                                                                                                                                                                                                                                                                                            SHA-512:EBD0F64906866BC24BFEC78EC4BF83AA9FF83C239F709F2DDA5AEEF3B681CDB7F974CA533E9077530EF8475DA072A8AFE6ABB63D79220CB2684C6693201A4B2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var subdb_fileVersion = "1.2.181"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//96CD01F745528C105AEB51D4C1105E4FE241D7862766FF34045AF7A7EF36BC8D1A800404C1D9F2A3E989A6E8CFB15075436E6E4039508BE969B04D52F4780971++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transmitter_template.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3717), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3931
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.351870644238223
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:BDeOIhVr9zrhSLCxNBpyX0irau/9lRCHfYMSd/:QOIBzrhscB80irj/9lwH+p
                                                                                                                                                                                                                                                                                            MD5:4DE18F19E9FBDE4AB4792E99DD2C29E6
                                                                                                                                                                                                                                                                                            SHA1:34954800F967063C688604ECE3B8FF166B07B9E3
                                                                                                                                                                                                                                                                                            SHA-256:EAC9EA44BF0ADEE80A41D183D140D090271BBF7102A88ABED38A3F1E694C0E9A
                                                                                                                                                                                                                                                                                            SHA-512:C8FCFC7DD9C8AD40AFBC951B4E92CBEB3186FC122FAF905F89873C4A5C96C8A25B971F0CACD6DFA30F34AD9952C3914B76342CA107B91088534C4FE948CDF8E9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transmitter_template_fileVersion = "1.2.181"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7089), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7292
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.239821014895397
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BNppM62N2XDFDHmoHKvxOjrfFQdRn2ESa/ecRWUIWqdGE1SbGvk/Y:BNppT2N2XDFiRvxOjDFQdJ2ESa/ecRWt
                                                                                                                                                                                                                                                                                            MD5:2CBEA70DF849FC997D34AC5696C8F91F
                                                                                                                                                                                                                                                                                            SHA1:20E9B5CE417B20DCAA3531C7041260362B4A5A6D
                                                                                                                                                                                                                                                                                            SHA-256:6CDC2626E4528A09BD088B29B2772EE28B8FEDC71D2A9E5AB688C17EFBBFBF5B
                                                                                                                                                                                                                                                                                            SHA-512:7585A644CD7CF82B947A7C89EF87A7F522041380534A6CD3953BF0D7DE83CB49C7A8D8C7EB556045500B5A7642101CB25ABA26459EE601A1C65AC01E57D3A41D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_fileVersion = "1.2.181"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ai.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2458), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2664
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.49417849126966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FtzciWIdy2hgcmGY2rVTOd6oNoP5vCuKKiWXUlK7Ytalh:/A2hqGY2rhOELKM1lh
                                                                                                                                                                                                                                                                                            MD5:35B2B558D1017AF1D35BC86E2E87DC46
                                                                                                                                                                                                                                                                                            SHA1:8C720ABC3163B1701D77518F83BAE046A02459B6
                                                                                                                                                                                                                                                                                            SHA-256:206B340C24FADD062B525EBDBE788ECE76932C0C441B27BACB5F61DFD7B7B9E8
                                                                                                                                                                                                                                                                                            SHA-512:FEEAF734F7ECF4DEDF5016D35417F0EE9F4550FDE9038EAF05102CC208E7AE900C6BF0B6929E503C605D27421687753A1DEF283B2F7B7C621BD716C75BE7B213
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_ai_fileVersion = "1.2.181"; ..function CreateApplicationInsightsTransport(){function b(h){try{var j=/\d{4}-[01]\d-[0-3]\d\T[0-2]\d:[0-5]\d:[0-5]\dZ/;if(j.exec(h)){return h}var i=/\d{4}-[01]\d-[0-3]\d\ [0-2]\d:[0-5]\d:[0-5]\dZ/;if(!i.exec(h)){return null}var l=h.split(" ").join("T");return l}catch(k){logError("getValidIso: Exception caught: "+k.message)}return null}function c(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"EventData";case"screen":return"PageViewData"}return null}function f(i){var h={};try{for(var j in i){if(isNaN(i[j])){logWarning("getNumberValues: ignoring value at key: "+j+". With value: "+i[j])}else{try{h[j]=Number(i[j])}catch(k){logError("getNumberValues: Exception caught at key: "+j+". Exception: "+k.message)}}}}catch(k){logError("getNumberValues: Exception caught: "+k.message)}return h}function e(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"Event";case"screen":return"PageView"}return nu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_api_endpoint.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3250), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3466
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.33120514305712
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:xLi5lyUHvoZQLbMF1YfEj05DK+wlVE15DkAPAkE:xLi5ZwibMF1YfY05DK+wkzDkAPA7
                                                                                                                                                                                                                                                                                            MD5:625E5E7CC99E67C103A5BE1EA34EF5BA
                                                                                                                                                                                                                                                                                            SHA1:C1B69DA64A1D568631A6A267CB182B9A5616159C
                                                                                                                                                                                                                                                                                            SHA-256:E8A14CCBE0D37AA4BEB602D2742437F452022D15175F73A208266E151AA705C7
                                                                                                                                                                                                                                                                                            SHA-512:0CA483AC74528F2CB3B66CB88353818C24FFF77262BC615CE176B501CD00C11358B6E4790419FFF0B0CB2032042E2A336F430AC949362B915B2DD7F8F6B3D2A8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_api_endpoint_fileVersion = "1.2.181"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_aws_apigateway_v1.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4753), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4974
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.404388594792175
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:8K44u2URXvoZjLFlE5WB1AwfitMQxHcdp:8K4LdwFFl2NwfitrxHcdp
                                                                                                                                                                                                                                                                                            MD5:45A21281AA742D748DC7B91289FF2BEA
                                                                                                                                                                                                                                                                                            SHA1:F36EBB2231B75087D814DD8EB5871E43FFDEA1B4
                                                                                                                                                                                                                                                                                            SHA-256:3D92EE4BBFC16C0B57562A437CD4FC2D531AEB3D1F7A76332399C0E1AFC5C5E5
                                                                                                                                                                                                                                                                                            SHA-512:AEBF728F5BA92A7D8BEC477D38DD0CDB7152860EB26E3573A0D6407135EA444B24C3EC16D6D8FAF5F7394FF7BB1202390BE81151A56D0080DEC43378127912A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_aws_apigateway_v1_fileVersion = "1.2.181"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_da.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2581), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2787
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.390816850510691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:F+RC4cETZD7ThSwsnoK2NkNCalAVKp9oH259ln2W8HsFAS0+NN70JxAesVuCdL0L:DUvhSwODAAce2OpNS+VfBs/P
                                                                                                                                                                                                                                                                                            MD5:F1AE9AC1E6679143679FF45893E7BB4D
                                                                                                                                                                                                                                                                                            SHA1:EFD1513AFCE156E20EA05E662C0B9F3783078CF8
                                                                                                                                                                                                                                                                                            SHA-256:6538E69A2E76417848617108D1D64D0B5EADA2B717C8F8B12A6C07C470A81629
                                                                                                                                                                                                                                                                                            SHA-512:A5932E41D2CCC7A4EC292C6086867C2089539E375186426E18E1AEC2B7F68592E13588633B329D4D5B4F673A25FCD64D67407F1BDE2F4C7C578CCF36DC71090D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_da_fileVersion = "1.2.181"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_eng_observability.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3274), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3495
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2002350269366575
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:0fXKiK/bXDX8cX0XkXRXUXL1XUXSwXUXNXWXBoX1b6iYikiXxxiEiQX4iw2XK/nX:0fXK9/bXDX8cX0XkXRXUXL1XUX5XUXNq
                                                                                                                                                                                                                                                                                            MD5:7A0861869FDBA66520911DC0EA0A9D99
                                                                                                                                                                                                                                                                                            SHA1:5519A55F5EF099361C362ECAD231EB52CA31B204
                                                                                                                                                                                                                                                                                            SHA-256:4DE1D0E6BDA27F5510B60B4A877DECD64DE08D52AADC1329C71B1CF838BB2CD9
                                                                                                                                                                                                                                                                                            SHA-512:8224D939F4D49A47F5D7ED1724AAD45F1168BB8DA59187024BB5CEF4D58AA1F8457283AF1694F013EE19CCD7239011DFA2ED2021AA629E49A9858F762CC4F797
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_eng_observability_fileVersion = "1.2.181"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_event_hub.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7985), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8198
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.26365769145665
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:iiONyk/DC0+p55U7voKLgIEpfEdvQKf3Jmn/i/6/lWqu/K/z1gdnxmVMdqAQ7FG3:iivk7uYwGOZIWEcQ5s0nx23VIHkZK
                                                                                                                                                                                                                                                                                            MD5:71689F9093BBFD5637CEFDCBE8756B73
                                                                                                                                                                                                                                                                                            SHA1:7EB5652426259B7773D72CC15C581C02D195D770
                                                                                                                                                                                                                                                                                            SHA-256:FC23D9D2806D5D4195F13AE1C557063052749FBA3396B050698B1A02934E3889
                                                                                                                                                                                                                                                                                            SHA-512:B6313EBDBBE654F8B26BA0ACA5E0500F664422031A990948FF2C208BD59F71DFF4757ECE8C3110AEAE6D9A78997AFA53D090F18AD0E198989E4FEA52242F2404
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_event_hub_fileVersion = "1.2.181"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ga.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2200), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2406
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4783531591773516
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:F7oavQfNfXcBBCE+yR60SO4k2WMWsH6du4jTk7tRIa:1MXcgE+yWOd2WRsH6ZkRRIa
                                                                                                                                                                                                                                                                                            MD5:28C9BF3F57D8F2ECC7E964A74D6A2052
                                                                                                                                                                                                                                                                                            SHA1:6E090268DEC59BC88B1C55D69630C21784B0DCFB
                                                                                                                                                                                                                                                                                            SHA-256:BC8C873188388C0D3BD49D78EB6EB841E5A35FCCA8085131E5B5BBC612FD99B2
                                                                                                                                                                                                                                                                                            SHA-512:08CFBDD3F118287402394E0AC783FA07EE1D8CAA04A3E1A92A22AFECD7F97358BF925254FC67654D775421599D25EF2E050FF257FD8D05F65D0E6980DB1AEA23
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_ga_fileVersion = "1.2.181"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_mosaic_api_v2.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3901), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4118
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.22879538644478
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:VitbQ5N+gtjbB6iYikiXxxiEiJiwWBibLVMUib2:V8bQ5IgyVikC3DAHWBELVMh2
                                                                                                                                                                                                                                                                                            MD5:D63F0BFD3BE7FF03BC23C6F1E6FD777E
                                                                                                                                                                                                                                                                                            SHA1:735606E253DA3E549F7BCBD9275450A52C1A0CE7
                                                                                                                                                                                                                                                                                            SHA-256:D25EA0281876A50FA966850A274AAD05F5FCBC22D79B5714B44BF94722F8D209
                                                                                                                                                                                                                                                                                            SHA-512:F5658418EEBD4C1123C467C085AC486DA1ED628A614E9CFD3CC6BA3A3B0282BB957D8D8156D315A755F73D7461F75AEA63D0BC25255B826532333152196ED177
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_mosaic_api_v2_fileVersion = "1.2.181"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Transport.prototype.GetVer

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_msgbus.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3000), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3210
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.246215650373015
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:FM7AiguxG0OAO/YxsMY7/KK3q/JepiZOViXNlJdZJz7MfQ:eANwGPAhxeP6xGSjddPzGQ
                                                                                                                                                                                                                                                                                            MD5:C017DD12FC87C05EE29B726A7653175D
                                                                                                                                                                                                                                                                                            SHA1:555A26686F8DB7BFAB4DC42CD111AC03B0D36941
                                                                                                                                                                                                                                                                                            SHA-256:41B1255A103DBB02CF0D076A438CD439E140E3EEBF09F1D572A61152EFF64C6A
                                                                                                                                                                                                                                                                                            SHA-512:27EB4D06EA211BF394CA205652B4881567A145788588137A4EC69FF9CF42A39C3D3770F325168F2633BEF27460764280755080CAA6039D5F9E043D82DEFDEFF9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_msgbus_fileVersion = "1.2.181"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_template.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1249), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1461
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.343806426879196
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:F/8em3IGAIOt/m/HYu2eRejjysUutC9zf/98L4oIiAIu7LQ/Ho7/cmCGrXbt:F/pm3FAd/m/Hz2xLcT/696Dx7/pTt
                                                                                                                                                                                                                                                                                            MD5:D6A5D0AE93A15F9B8B6729F56E2E71F2
                                                                                                                                                                                                                                                                                            SHA1:4E85902BAD76183187932178F30A55BC52D0A24E
                                                                                                                                                                                                                                                                                            SHA-256:914AFE8016FFFAC8EF01ADC2E6C79B165D008F9673B6A86723F6F1B540AC4367
                                                                                                                                                                                                                                                                                            SHA-512:7B199633AD26E1DB7491AD6D935954491281EE807486DDAD59CBBC5E3CCD16BE476DCA998B96507D7F1655067D6ACB405EBC73E77B8A05F2850D1D81B7F46C80
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var transport_template_fileVersion = "1.2.181"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a||!b||!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config||!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\uwp_storage.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (474), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):679
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.516887468680435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:UFdD47iGreq8C5qlHz0TTqB7kh8hqzfAImT0mgqmOYBeFePR2BhjL7jB6xXVWG:wd4iGf88qlHQ/qIUIqqq9u8ePYBVL7Yn
                                                                                                                                                                                                                                                                                            MD5:941EDCDE45631326D5E531071BD587F8
                                                                                                                                                                                                                                                                                            SHA1:E8A6BF6C4AEF3B9B48A4817D00729C692905FFDA
                                                                                                                                                                                                                                                                                            SHA-256:B59E9800B6BF046D4710B043D2DFA3A2EAE60DB16035FE060E8AAA39D2FFB968
                                                                                                                                                                                                                                                                                            SHA-512:9348929E433E54ECB6BBAE66822D7E62260FE43A9184701B6284854DD8796510AAA827656DFCEABC0A659EC102F012D562ECE1B864E202AFFAACEEFD06410B36
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var uwp_storage_fileVersion = "1.2.181"; ..var createUWPStorage=function(){var a={_content:{},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{if(!this._content){return null}return this._content[b]}catch(c){logError("uwp_storage:get: key("+b+"): "+c.message)}},getContent:function(){return this._content}};return a};ModuleManager.registerFactory("uwp_storage",createUWPStorage);..//7F09D5AE16C182D7FF3F1E073E5B279E9911F704AD072F91B0844161FFA3C8DF9CAF5B6AB7F7B5BCE977EE87FFD7635BA71F1E1ABDEBCC2D1F6EE8F5838303A0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wa_settingsdb.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (814), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1021
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.402512092698406
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ybeFOX49BAsnzOURzngpy3WAsngFPSIO90doQUkQ0W88nTuNa3f:yqFOSAZA3WAzSixdW8UP
                                                                                                                                                                                                                                                                                            MD5:6156BD039B5C6E4586C55CB1CAB5EBD8
                                                                                                                                                                                                                                                                                            SHA1:D42978FFB0EE883E7AA76D6DF97C141CF9B4A9B3
                                                                                                                                                                                                                                                                                            SHA-256:503BC36485E16E7CD8F2D9275FC85F5B4F9E5AD1FAACC47C582E8E9749225C90
                                                                                                                                                                                                                                                                                            SHA-512:5F296644766BADD21B560F379010D620CB69B6D05C1505A29F0A6128D74659B7C49A5C4AF76CBC72935146C9044D28EE4B77CF15CF1BBE4D8D2F5D845C230FF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var wa_settingsdb_fileVersion = "1.2.181"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//AAD7C08342037B6720236970C005DB688706719B9A602224AF698FD933418A35A3D9570D5425B316160F603D82ED63DB9D0D364373576

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wmi.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7401), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7598
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.384581923070925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:tt40Xb6wcFz1g8o3IE/ADvEWgj0xOsdmMcJS+c04IqIz65vSzCTJK:tt48brys3IE4D8WqM0S+c04wzlzCU
                                                                                                                                                                                                                                                                                            MD5:91389CF32E9E19302DA3193FC5404113
                                                                                                                                                                                                                                                                                            SHA1:FFA68C0465867F251C5CBDB810B3A303053A7ED7
                                                                                                                                                                                                                                                                                            SHA-256:E9FF5DF0FD463B176922EF72F194A89761453643306DC3133A728153CB27B975
                                                                                                                                                                                                                                                                                            SHA-512:85E7304662B5A5787C1EFA37E444E56B298AC30CEC90AD3EBFB996F90B6EC87AC2980A620E37C373D03538343E2471A8590AFDFE84AADB308E8A5CB669796AF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! $FileVersion=1.2.181 */ var wmi_fileVersion = "1.2.181"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d||!h){return null}var g=this._getServer(h

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:Microsoft Cabinet archive data, many, 61533 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 12 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):74645
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972630575101076
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:+MF3SvcRw2k6cljK92dgcljMWGS+AvZeoav6wxKa:+MYv2w2EjdzljMHxAvZeo8N
                                                                                                                                                                                                                                                                                            MD5:A7B0DABF4A52B6827C35DE1E05111BA6
                                                                                                                                                                                                                                                                                            SHA1:21065F550492165D5290446E433E0F9CDEFAEECD
                                                                                                                                                                                                                                                                                            SHA-256:B92F20569BCB06EB12A87D278592AF03F564281AD9803EB8EE748EED0C4AFBF2
                                                                                                                                                                                                                                                                                            SHA-512:5C4996DF6335D5CF045F09D04CCF2382306AB4AB962DC2AB1889248DF00F1470A336724BF137986DF7BE60E6B5B2417D75E4270B18F3F87FB533A8C1C530ED3D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MSCF....].......D...........,...............]...83............................WW.A .aviary_client.js..6........WW.A .common.js.....R=....WW.A .config_manager.js.....lA....WW.A .csp_client.js.....oO....WW.A .dataset.js......l....WW.B .datasets_catalog.json.)....r....WW.A .dataset_da.js..6..E.....WW.A .data_collector.js..#........WW.B .data_items.json..'........WW.A .dictionary.json...........WW.A .emitter.js..-........WW.A .engine.js......J....WW.A .error_transmitter.js.....]U....WW.A .events.json.....6b....WW.A .event_handler.js.....:}....WW.A .hash128.js..........WW.A .json2.js.1........WW.A .logging.js.:.........WW.A .mappings.js.....2.....WW.A .mcutil.js.....".....WW.A .observation_analytics.js...........WW.A .operations.js...........WW.A .preprocessors.js.....'.....WW.A .profile.json...........WW.A .registry.js...........WW.A .rest_transport.js.u.........WW.A .rules.js.B.........WW.A .sha256.js.^...[.....WW.A .subdb.js.[.........WW.A .transmitter_template.js.|.........WW.A .trans

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):656
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.276996274143321
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:+5X0IlMlq23HklYm1BSE4w/WnVvYsAjoBzkp+TkNixUKXfUlecMk:O0Z5IZ4wWnbAjoBzkp+dZfUo0
                                                                                                                                                                                                                                                                                            MD5:302A4F692A6B360B5FEF6B94FBE2AD4A
                                                                                                                                                                                                                                                                                            SHA1:76F5E66667C5C0604BA2FCD8636367190880F852
                                                                                                                                                                                                                                                                                            SHA-256:D8489981E953F07198A9B82774621D0A1BF67C63C90EF81D00D50C78C258ECC7
                                                                                                                                                                                                                                                                                            SHA-512:DAA8DADC53B5BD84A118CD1A86E69E16F91880232FA5210583162D4B910D89B7A649180402786243372D1AE35428E97BE6CBD9A798A491B55A866B83B3528795
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........2...4.......+...>...+.......T...+.......C...=...T...+.......T...+...7.......T...+...7.......C...=...H..........init.setmetatableR.......4.......>.......T...Q.......T...)...H...7...T...)...H...._base.getmetatable........%2.......T...4.......>.......T.......)...T...4.......>.......T...4.......>...D...9...B...N...:...:...2...1...:...:...1...:...4...........>...0...H....setmetatable..is_a.init..__call.__index._base.pairs.table.function.typeB.......4...7.......T...4...2...:...4...1...:...G.....class.core._G...//F4B9FA13B5E21481ADB13436343E0B3AF539657F6B9FB6358C2E5CB6B7AF3AA9D60C8A411BB19C5554E19C1A3BC258E42765D13F1DFA092B4C36523971F24ECE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10224
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.588652870010626
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:iAjYnl5VRXESz733js/N7TNdmXrLSombvx9QLPyn9ICsV9zDryJjZFdbHxB:HGl5VX3wl7Te4GyDS9iJ9FfB
                                                                                                                                                                                                                                                                                            MD5:0231BC2B2C61B8A8EA6BBA237185FC2B
                                                                                                                                                                                                                                                                                            SHA1:DF0DFECA2A148310196B4104453E111B50E0262C
                                                                                                                                                                                                                                                                                            SHA-256:02E1E047F2D73507026726D6EB01B25C8F2FDFCE10C3D62EB7BFEC261DCC88A9
                                                                                                                                                                                                                                                                                            SHA-512:4AF4D9D084E0C96FEDC367C07B73DB2B01AFF69E6B496CB9030DF3AEF4639378920A566FE08E1379A3B687B60683028169DF7AE410ACE0F252DAABC58BD0A3C0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..>.......+...%...>...7.......T...,...G........getmetatable.debug........%...H....null........5'...'...'...+.......>...D.......T...+.......>.......T...........T.......T...+.......>.......T...'.......T...+.......>.......T...)...H.......T...........B...N...'.......T.......T...........T...)...H...).......F..........number.n..........w+...6.......T...H...+.......'...'...>.......T...'.......T...'.......T...'.......T...'...............'.......T.......T.>.'.......T...'.......T...'.......T...................T.0.'.......T...'.......T...'.......T...'.......T...............................T...'.......T...'.......T...'.......T...'.......T...'.......T...........................................T...%...H...(.......T...+...%.......@...T...(.......T.......+.......>...............+...%...........@...T...%...H...G............\u%.4x\u%.4x.\u%.4x.............................C.......+...........>.......T...+...............@...T...H...G...............A+.......%...+...>.......+.......%...>.......T.0.+.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2193
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.731788125933509
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:vfm26JIcjHmWhrVeYOneTCeeQN4DWdz8ddyJmlF4KjC9Mn:3m2uIcjHmdk27y4Wm34eCu
                                                                                                                                                                                                                                                                                            MD5:2CD1B87553CCC7CAFF14A7E834EEF985
                                                                                                                                                                                                                                                                                            SHA1:5D7ED683520B38C55208875B426ED414FFCD048E
                                                                                                                                                                                                                                                                                            SHA-256:2E1E2B982A4B7688C6E4675BB0B28ABC5DD59DF12876F64BF95C2F8A28452508
                                                                                                                                                                                                                                                                                            SHA-512:5918229A97318EF27E368133EBBC6528C72C20EF8664338781DCC3516E41AE16A9043D01B891AFEFB5560B069A68B81162193884ADEB5F820EB58D7FF82204C6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........]4...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...7...6.......T...7...2...9...7...6...'...........T...Q...6...7.......T...T.......T...3...:...:...6.......T...6...7.......T...4...7...........3...:...2...9...:...>...T...4...7...6...7.......>...G....handlers....insert.table.check_updater_flag.handler....order._registry.handler must be a function.function handler id must be a string#handler order must be a number.number event type must be a string.string.type.assert.|.......4...4.......>.......T...)...T...)...%...>...7...)...9...G...._registry event type must be a string.string.type.assert........)4...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...7...6.......T...G...7...6...'...........T...Q...6...7...)...9.......T...G....handlers._registry handler id must be a string event type must be a string.string.type.assert.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2470
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.825813853228207
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:+eymEl2PsN0qjwKgVl3icar6JMJlSSS+iwgqLSRurHi7u4eCGPes6Ea87QZvH:+etEl1fMKgucE6JMxiTRujibeCGms6Ec
                                                                                                                                                                                                                                                                                            MD5:90C44FF9B416D93E1EFBD470A3F4BDD8
                                                                                                                                                                                                                                                                                            SHA1:C734BDBD696D492BB99C629CB5A28DB4923A6D92
                                                                                                                                                                                                                                                                                            SHA-256:91BA73DDC4C669C76786A5C5E7E1A67ECEF63D9DB64FC87B6E8E03504DBEDE19
                                                                                                                                                                                                                                                                                            SHA-512:7438E307DAD85876E161121C4D0EF0251A5AC441DC4B5E1F2DA3F82915B20FF3C711FAB85B4B24A8DBD4AF8B6D46EB8A1583D6C0A0638BE4DAB4BA46E457F56E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........3...%...4.......>...T.......7...%...%...>.......7...%...........$...>...4...........>...A...N...G....require.Loading script: .info...luc.gsub.ipairs.mfw\core\.....dkjson.luc.handlers.luc.PostInit.luc.json.luc.PriorityQueue.luc.UiArbitratorHelper.luc.UiHandler.luc.UiThreadExitHandler.luc.utils\SettingsDB.luc.utils\StringUtils.luc.utils\Telemetry.luc.utils\PackageUtils.luc.utils\BrowserUtils.luc.utils\common_utils.luc...... ...4...7.......'...>.......T...4...7.......'...>.......T...)...T...).......T.".....7...%...>.......T.......7...%...%...>.......7...%.......%.......$...>...4...4.......%.......%...$...>.......T.Z.....7.......>...T.U.....T.:.....7...%...%...>.......7...%...>...4.......7.......%.......%...$...)...>.......T.......7.......>...G...4.......7...........>...4...7...7.......7...........>...%.......%.......$...4.......7...>...%.......$...+...............>...T.......T.......T.......T.......7...%.......%.......$...>...+.......%.......$.......%.......$.......>...G....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):539
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.529904555876259
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:AHhXr7ZM1nBgpj+TDaA6AtZA8W5HUN2sn:GXuMj+PaArtZArluDn
                                                                                                                                                                                                                                                                                            MD5:F7C693968280935CEFD552A7F44471BB
                                                                                                                                                                                                                                                                                            SHA1:24305ABA2EEA82B91881757CA6EADA78E0131EE9
                                                                                                                                                                                                                                                                                            SHA-256:9B7EF67345DF32FB6E9BED81390E345E0A03C1654EA9DF43ECC0CEDCDE5DF0B5
                                                                                                                                                                                                                                                                                            SHA-512:AE570ADA0E1F77AA91255E061BBD7641D6C2EDBAAEA51C1D5F74904FA125DC662DD4D5B54507476C5F7CB0B077D58DB223014EBE42758AEB178287FD0E7F2ECB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........7...7.......'...)...>.......T...4...%.......7...'...'.<.>...%.......%...%.......$...>...H.... pos: .',.), error: '.sub#Failed to decode json string (.error.decode._json3.......7...7.......3...@.......indent..encode._json.........4...7.......T...4...2...:...4...3...4...7.......T...4...%...>...:...1...:...1...:...:...G....encode..decode.._json....core.dkjson.require.dkjsonTest.json.core._G...//F1F18E8C7ACE80A6AA865EC052539B03C846CF3772D9E8C27133F61A0EEAC66EDA459F6B5D1398538DE895BB23EF2A7F1892BF348AD2215C06AE223287B82F37++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):672
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.304008934697606
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JVO1ULfwNYtAVvJOsvJFLvJCvJgIc+0OkFocsAwOPFI25BP3zz:C1KwNEsxHLYk+0xocsAwOtI2T/
                                                                                                                                                                                                                                                                                            MD5:053C65E8AF08D3960DA116FC9A274536
                                                                                                                                                                                                                                                                                            SHA1:F9613AD80340AF037491304330E9DE33493235D5
                                                                                                                                                                                                                                                                                            SHA-256:4F38CA877EFDD7B7C2212452250C1B225037056FE59F81C6E8BB9549D8DF4D08
                                                                                                                                                                                                                                                                                            SHA-512:0C6F7FBC2993F80E592795A362DCD11DE57ADDCD422DDCA7787FC89C6D227BB8AB0449E321613F5C75C477BD3C7BE24D4992478000B93BCDB8AE1419235389A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........C.......T.......7...C...=.......4...7...'...>...4.......7.......7...7.......>...G....currentline.short_src.Log.utility.getinfo.debug.format........+...+...7.......C...=...G........Normal/.......+...+...7.......C...=...G........Warning-.......+...+...7.......C...=...G........Error0.......+...+...7.......C...=...G........Critical.........4...7.......T...4...2...:...3...1...4...3...1...:...1...:...1...:...1...:...:...0...G....critical..err..warn..info.....log.....Critical...Automation...Normal...Error...Warning...core._G...//AB4A198CB4AF2C03A1DF81A3AE00A17A3B3996A735B867221F16D59596A822768F76538C2E4A709EEAD61E8E31DD46C37D04AAB5FB328C23A0CF95C93B472FD6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):928
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.708134632942788
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:vneUBa5eU9CwyTcfcAobrLBsxX+PN8+kiKcJA:vnjBQj0wDMbrLB2uNIivm
                                                                                                                                                                                                                                                                                            MD5:E052D30968E43AE4059473DD4822C335
                                                                                                                                                                                                                                                                                            SHA1:B902D601B6DA4043DBC87BB1BDEF37C37C527CC1
                                                                                                                                                                                                                                                                                            SHA-256:A2F1F3E56B230787AB99D25C4BAAAFD46C727748587FBA99F71D7377B9B8B7D0
                                                                                                                                                                                                                                                                                            SHA-512:B0E9CFCEE3285D4D6F237F7DBF973B91E76F076D3820E08B418ADF95C27F4DEC8771DD26A2D827B9033D1DA5634E0D0428B16823309EF07CEC63435FC7A23A17
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........94...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...'...7...........T...Q...7...6...7.......T...T.......T...4...7...7.......3...:...:...:...>...G....callback.id....insert.table.order._registry%Callback type must be a function.function!Callback ID must be a string.string$Callback order must be a number.number.type.assert..........4...7...>...T...4...7.......7...%...7...7...>...4...7...>.......T...4...7.......7...%.......>...A...N...G... Failed to run callback (%s).err.callback.pcall.id.order4Executing post-init callback. order: %d, id: %s.info.log.core._registry.ipairs|.......4...7.......T...4...2...:...4...3...2...:...1...:...1...:...:...G....execute..register.._registry....PostInit.core._G...//D900138ACF93AAFA306880BD27AF10BAD2F909C0A01175EF4237B19182C42A8E43116F93CE25BA6CD776B3C12C893C1BAE7B9BFAA2B389E12B86BB029AF9F03B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1198
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.909867188732893
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:dE8JRJ5PwKwyk5mLMUhQqbuDljoCuDldyuDlesaDS7BmEXlFuIeC+UR7Zr5g:i8PJJwWk5gMKCDlYDldXDl/YWBmEXlFW
                                                                                                                                                                                                                                                                                            MD5:E852C5D03B246C0E53B104C01B59CC57
                                                                                                                                                                                                                                                                                            SHA1:AECCD50B6BE3387A04B01DFF08F25C2BEA6E611C
                                                                                                                                                                                                                                                                                            SHA-256:177A4B5ED2477C563A040AB4104756B8FF2256ED83E45B6E72C4B69D6F1AF141
                                                                                                                                                                                                                                                                                            SHA-512:214263E612E2BE1F32DAA44923E157ADBD3E932D7E13D69F32D362D9DFC2AB16DB874B2D7CBA3A309C771F13E1E81371D07A979C3C2BD343F3635849B96012F0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........1+...7...>.......T...3...:...:...,...+.......,...G...+...7.......T...3...+...:...:...:...,...+.......,...G...+...7.......T...Q...7...7.......T...T...7...T...3...7...:...:...:...:...+.......,...G.............next....value.priority....Empty.e.......2...'...+.......T...Q...3...7...:...7...:...9.......7...T...H......next.v.value.p....priority........."+...7...>.......T...G...+...+...).......T...Q...7.......T.......T...+...7...+...7...,...T...7...:...+.......,...T.......)...7...T...G..........next.value.Empty._.......+...7...>.......T...)...H...+...+...7...,...+.......,...7...H..........value.next.Empty.?.......+...7...>.......T...)...H...+...7...H........value.EmptyB.......+...7...>.......T...)...H...+...7...H........priority.Empty........+...H.....&.......+.......T...)...T...)...H...............2...)...'...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...0...H.....Empty..Size..TopPriority..Top..Pop..Remove..Data..Pushj.......4...7.......T...4...2...:...4...2...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):476
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.418054935092156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:vqpQD3JkGkQXMjvoBhT0oZo/DAUECXBSADx1Ftpj4gblgSa:BJkeBhooZyDAULXBBvFD0Sa
                                                                                                                                                                                                                                                                                            MD5:A5C5B951B3A84A808E81BA25F12DB518
                                                                                                                                                                                                                                                                                            SHA1:12CD6C6E945707E1B80B6A575066C1AB91B9F97A
                                                                                                                                                                                                                                                                                            SHA-256:8977B6657DA16F9D201064443CA99087DBA03912E3BF26D72A8607B16C482332
                                                                                                                                                                                                                                                                                            SHA-512:6F277A70A6E50FE2CB813D9BC2DFFBD862EB01FC5C38ABC55310F091DAB25BE2C891751887DAC7C777E73C579E9CA8591FBD4593030863764587850CE003C1CD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...6.......T...6...H.......T...)...4.......7...............>.......T.......T...)...9...H...4.......'...>...G....error.include.external.loaded.package=.......4...7.......7...........>...G....execute.handlers.coren.......4...1...:...4...%...>...4...7...>...1...5...G....HandleTrigger..loadPackages.core.core.init..require._G...//A440620070C7C893DD55C055A956A84456937F05875ED805F296BA4201CF771F78F4892DC0703A70BAF21830CC28783A69149A91223C31BAB4BFF8D06F77BA1F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3664
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.515664499369645
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:mqTRdCM6qCNUedAWFXWPhz8w6zQieb8Z7w2hzly44LkLc:mq9dd6pFAn8w8Neb822hzly44ww
                                                                                                                                                                                                                                                                                            MD5:B8EBFDEB78E67C342255B8CBAF32D4D0
                                                                                                                                                                                                                                                                                            SHA1:1994D7F8B42FFED5F650E4196D8DF5E3E0E8D636
                                                                                                                                                                                                                                                                                            SHA-256:EDEC892ACED4A2245AC85167AEFBFF8F426898BE8411AF623A373BFC17035198
                                                                                                                                                                                                                                                                                            SHA-512:A2C0FF6D63C6E930D810B54A478416B8B0869756ECFA631A629FCFC5A4AA0718DBCCA7EE24E4F9BCF2F306436EC15D586EDACA72049EE8576DAAF6E5C9FA6A1A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..T.......+...6.......T...+...4...7...7...>...9...+...6...H......new.PriorityQueue.core........+...9...G.....T.......+...6.......T...+...4...7...7...>...9...+...6...H......new.PriorityQueue.core........+...9...G.............+.......,...+...H......0...........2...,...2...,...2...,...G............B.......2...4.......>...D...6...7...>...9...B...N...H....Data.pairs........"1...5...3...+...:...+...:...4...+...>...:...4...+...>...:...4...7.......7.......3...>...4.......7.......>.......T...)...T...)...0...H............StoreArbitratorState.uimanager....indent..encode.json.core.ShowingUiRequests.PendingUiRequests.UiRequests.uiId....DumpTableData...............2...4.......>...D...4...7...7...>...9...4.......>...D...6...7...4...7...>...4...7...>...=...B...N...B...N...H....v.p.tonumber.Push.new.PriorityQueue.core.pairs.........1...5...4...7.......7.......>...7...,...7...,...4...7...>...,...4...7...>...,...G............ShowingUiRequests.PendingUiRequests.UiRequests.uiId.decode.json.core.Construc

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1198
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.907314306620713
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:lYGBBXwDQP3ySSzU06BePBh5DKScPDDQ5c4acKf3gV1Q0pVqMpvpx:yw4I//QRKScPDvAlv1px
                                                                                                                                                                                                                                                                                            MD5:5850799BED7E74A95AE88FE77B96A449
                                                                                                                                                                                                                                                                                            SHA1:1F816557D0A382D9405A5252F78326855BA5B9C2
                                                                                                                                                                                                                                                                                            SHA-256:598DF4FAF016CE200FA98B48AC2E4CBA2B9B2A2714CFF93EADF2881655F0ADDE
                                                                                                                                                                                                                                                                                            SHA-512:560BF5D3CFF64F587A81331A08058739B2411D94A0915B789DB05105BE88A8E169FF1033767BF685394FBBE852B56EEEA7188521A07AFC7863FF73120E7A420A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........)...4...7...7...>...7...>...:...7...7...>...7.......3...:...:...>...4...7...7...>...%.......$...7.......>...).......T.......T.......T.'.7.......T.$.4...7.......7.......>...4...7.......7.......>...4.......7...........>...5...4.......T.I.4...7.......7...%...7...$...>...7...............>...T.;.7.......T...7.......T...7...4...7...7.......7...7...7. .4.!.7.".>...=...)...7.#.....>...4...7.......7...%.$.7...$...>...T...7.%.....T...4...7.......7...%.&.7...$...>...7.'.............>...T...4...7.......7...%.(.7...$...>...7.#.....>...........F...6uihandler: no special options, removing request: .AddPending"uihandler: adding to pending .skipPending,uihandler: Added a delay timestamp for .RemoveRequest.time.os.setting_name.setting_scope.SetOption.SettingsDB.utils.delay_data.delay.AddShowing"uihandler: adding to showing .info.log.ret.Show.uimanager.encode.json.overrideSelfPriority.TopShowing._.Browser.EventData.tostring.templateArgs.config....AddRequest.UiType.UiTypeInfo.UiId.GetUiId.GetIn

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1141
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.940399632373928
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:cIS7l0ybV2omlMIqWiwaUCvwgefKS6VlceP1Q3D2c0dlre+GpzaXOL1:cVG+BtWi54gWaZ1427dlrPGpuX01
                                                                                                                                                                                                                                                                                            MD5:9E1E0431420A8CC808387C39D83CB3D3
                                                                                                                                                                                                                                                                                            SHA1:6921799C697A3223644001864FD602F877053473
                                                                                                                                                                                                                                                                                            SHA-256:45C6CD41816D50C6C84D49DB68B857C74CEAA19F28986188ECF38307986DAB44
                                                                                                                                                                                                                                                                                            SHA-512:830B89F854136C92D7FC8DE76CB7E863F0513D65F59AC891430D1B4630C6735778992F8EC5A93A87C2255CD86CE2B91374DCE777526FD290D96F0024B852303C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........$.z4...7...7...>...7...7.......>.......T...4...7.......7...%...>...G...7...7.......T. .4...7.......7...%...4...7...7...>...$...>...4...4...7...7...%...4.......>...%...$...>...=.......T...4...7.......7...%.......>...7...7...7...>...4...7...7...7...>...%.......$...7...........>...7.......>...7.......>...'.......T.+.7.......>...7.......>.......T.......T.!.7.......>...7.......>...4...7.......7...7...>...4...7.......7...7...>...4. .....7.!.........>...5.".4.".....T...7.#.............>...G....AddShowing.ret.Show.uimanager.templateArgs.encode.json.PopPending.TopPending.TopShowing.NumPending.RemoveRequest.RemoveShowing._.Browser.EventData.UiType.UiTypeInfo'Failed to run onExit callback (%s).).(.load.pcall.tostring6UiThreadExitHandler: requestData.config.onExit = .info.onExit.config,UiThreadExitHandler: requestData == nil.err.log.RequestData.ID.GetInstance.UiArbitratorHelper.core.....j.......1...4...7.......7...%...'...%.......>...G....Core_UiThreadExit.UiThreadExit.register.handlers

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3251
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.538218926425805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:yXMczkQwcg2LrLkFn3nvn3nlnonMngn9nMvs1hbzD:Jczocg2LrLkn3nvn3nlnonMngn9nMvcJ
                                                                                                                                                                                                                                                                                            MD5:3E808E826CC4819BA5514F76C28300AE
                                                                                                                                                                                                                                                                                            SHA1:DCEB404479E9725B4EAB726F4F0233BE396FD9EB
                                                                                                                                                                                                                                                                                            SHA-256:202C4C3E5284D7F0697236C02F93B9BB14760D9830FA1EC14370777F345A4155
                                                                                                                                                                                                                                                                                            SHA-512:34F0C23F9C7C15C2DED960D34C175C9A5A7428642BC5025AEDB23CB1CE8642495D2EB6F04DC3C32D9E9BC21A3FC428BD146233731448595D80BE2CB16A73C459
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..a.......4...7...7...7...........>.......T...)...T...)...H....GetBrowserStr.BrowserUtils.utils.coreI.......4...7...7...7...6...H....BrowserTypeString.BrowserUtils.utils.core.........4...7...7...7...6.......T...4...7.......7...%...4.......>...$...>...)...H.......%.......$...4.......7...............@....GetOption.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........4...7...7...7...6.......T...4...7.......7...%...4.......>...$...>...)...H.......%.......$...4.......7...........@..."GetUserOptionWithSystemBackup.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core........"4...7...7...7...6.......T...4...7.......7...%...4.......>...$...>...)...4...7...7...7...7...F.......%.......$...4.......7...........@...,GetUserOptionAndErrCodeWithSystemBackup.settings._.Unknown.settings_error_codes.common_utils.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........4...7...7...7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5984
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.583892391622832
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:kjfJYxPlevECOq5BY8yQP3R7eEg9L9Uo2qS9w6mXL2tOPCeYubd:kjfJYxNCOqAKR7eEg5Z2qS9w6mX8zeYe
                                                                                                                                                                                                                                                                                            MD5:91C871CA0D7F0340755B6718E8A558D3
                                                                                                                                                                                                                                                                                            SHA1:C500233DE6F7A9519145F6AC523E75FB37C38C33
                                                                                                                                                                                                                                                                                            SHA-256:D1D3FE21137D0CAA17F43F5EB6C4A9B2A9FE042B142A504D4DFB8B883991571A
                                                                                                                                                                                                                                                                                            SHA-512:39EBBA979FF7E2B2B6487208A54B5E05D86B8DD5D6C985FFF19A2B9851C37128CA0B4063E42865D42E4FBC305B1D971AEB86912A02ACBF764AC8613B9A6F2A53
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...7...%...%...'...(...>.......7...>.......T...%...H.......7...%...>.......T.......T...%...H...4.......@....tostring.NULL_AFFID_ERROR..affid.QueryValue.READ_ERROR.IsValid+SOFTWARE\McAfee\MSC\AppInfo\Substitute.HKLM.Registry.Win32.core................T...4...7...7...7...7.......T...4...7...7...7...7.......T...4...7...7...7...7.......T...)...T...)...H....WrongType.DoesNotExist.Success.settings_error_codes.common_utils.utils.core.........4...7...7...%...%...'...4...7...4...7...7...7...4...7...7...7...>...=.......7...@....IsValid.KEY_WOW64_64KEY.KEY_READ.RegistrySamConstants.bor.bit5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core........04.......>.......T.......7...>.......T...)...H...4.......7...'...'...>...=...4.......7...'...'...>...=...4.......7...'...'...>...=.......T.......T.......T...)...H...4...7...3...:...:...:...@....day.month.year....hour...min...sec...time.os.sub.tonumber.len.string.type.,.......4...7.......+...!...@......floor.mathY

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):867
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.432998811769363
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:pufrcUtccotqTrcT++vrrjkvFwceUkOaXVq:pMcU+ckIcpvrPk6Hzk
                                                                                                                                                                                                                                                                                            MD5:7F7CBC69F38143C067B92C2E163EBA5B
                                                                                                                                                                                                                                                                                            SHA1:543A78DCFA1940DF41B625E30702988E154305E1
                                                                                                                                                                                                                                                                                            SHA-256:CE7561153D826E37B8FA073868459DC40071DCCEFFC9D42B6F429BF63F804A6B
                                                                                                                                                                                                                                                                                            SHA-512:D66B3FF734EE0111EA000E25BE528FAD1BF985DFA865EABA3DFCB0A68B78EAC64A850F3E11D8442A6B60659E6A23F4E6676B4BCC8B28D4833B121FBAC18CDE71
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...4.......>.......T...)...T...)...%...>...4...4.......>.......T...)...T...)...%...>...+...9...G.....%Package version must be a string"Package name must be a string.string.type.assertr.......4...4.......>.......T...)...T...)...%...>...+...6...H....."Package name must be a string.string.type.assert.........4...4.......>.......T...)...T...)...%...>...4.......7...>...%.......%...$...H....\.mfw\packages\.GetInstallPath.utility"Package name must be a string.string.type.assert........&4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...4...7...2...:...2...4...7...7...1...:...4...7...7...1...:...4...7...7...1...:...0...G.....GetPackagePath..GetPackageVersion..SetPackageVersion.PackageUtils.utils.core._G...//B62B06F3A47C3CB6DCBE86D4ACA60A663FA9CF9D014B7374747E3501816A2ADE301CE157D2FA79E3CE37D6BC596960813AB3C9FBD3E8438E451BDD419536CC14++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):761
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.488665434947188
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:+7Of2MysdmYQjf89YbUiBO5qqxDaxz8+TuJH9gLfdNEELSYi+KIf8wQjXeqqxDxB:+qpHmg9mUigC8++Cf3a+8wUe9RlHP
                                                                                                                                                                                                                                                                                            MD5:E2F498793C66755F1B146B1BE0E4FE35
                                                                                                                                                                                                                                                                                            SHA1:CA341BF5AD1CD04A9368E8E124DA90A37A0ABE4D
                                                                                                                                                                                                                                                                                            SHA-256:9B6EC2909A68DEEBC772EF4C72DAD762259E50E04ECC30294D4A606FB06F985E
                                                                                                                                                                                                                                                                                            SHA-512:874726D988C6937C990CF012A76CB098B757478AF049E94827C9CE013C86E1CED8A0A9B5AEA44ED280C3F9677F96A30E322EC9DDD4A3123FD29C48700F068AB0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..6.......4.......7...............@....GetOption.settings.........4.......7...............>.......T...4...7.......7...%...4...7...$...>...H....Name.elem.Failed to set option: .err.log.core.SetOption.settings.........4...7...>...T...4...7...7.......7...7...7...7...>...A...N...G....Value.Name.Context.SetOption.SettingsDB.utils.core.Settings.ipairs........)4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...4...7...2...:...4...7...7...1...:...4...7...7...1...:...1...4...7.......7...%...'...%.......>...G....Utils_SettingsUpdate.SETTINGS_UPDATE.register.handlers...SetOption..GetOption.SettingsDB.utils.core._G...//BA064BBD6C961AD90A129B2A40D9889D6AA0EEF35B2A76B1CE9D32807CE2FEB71FDEDC1EE41CC46F5A2DD4BE6944B075CBD444C9B4009D49F36ADBAD9632501D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):381
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2572900003489815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:5xk6weLbmqJStrRgR68/GXDal/fqa1F9gLf9VZYcR7QhMQFZlXkfLFjeQkZOPrG:AUJKrRgRF+TuJH9gLf9VKtfbkD+gi
                                                                                                                                                                                                                                                                                            MD5:014A827B47EA55E276744BD3A905477D
                                                                                                                                                                                                                                                                                            SHA1:7AA21869F823AC82AB1CD2E5A2AE113197984FE4
                                                                                                                                                                                                                                                                                            SHA-256:57B3CF2CF69F14B8B204C4197E2ADFDA5654587B5EBFFDD882428025A7AC32D3
                                                                                                                                                                                                                                                                                            SHA-512:5E007A1C93B9B56730D514D8E13698588822C03304449C69D2680A77ACC1552F9D81899909A28A62A791286BCC3ECADA66F797A272AED2BA643D48FFBFCDEA67
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..O.......4.......>...T.......7.......>.......T...H...A...N...)...H....find.ipairs.........4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...4...7...2...:...4...7...7...1...:...G.....MatchInPatternsArray.StringUtils.utils.core._G...//5F329B9C566BACB8FE9B8B521D39D211D166466CAEFAEC1DC1BE17D60E524C29CAB9C08F725FC13D85458B07D6D730F2E04C2F97998A53E3A42ED4E7E613F6D9++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\telemetry.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):715
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.528123672687843
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:5SjrFSHkRjWlvObBma76OWSgLbht2SYuui8+TuJH9C4cGYi+F6pqQBunxSmnNnMj:5WFSH0z4SKSgLbhISKd++Ctg+F6pq5xo
                                                                                                                                                                                                                                                                                            MD5:8E5BDC8B9E55B6BD44C01E17DE346BF9
                                                                                                                                                                                                                                                                                            SHA1:CEE53B1B473C32CB83BCB21F9E5E1B38574156A3
                                                                                                                                                                                                                                                                                            SHA-256:A7662585389DE51DE324275A5D354AF6675579376366812BBDEF366A71CABF55
                                                                                                                                                                                                                                                                                            SHA-512:110CF48886560E8885812A66BB82F247C01BA72129436086D470C462D5493DB4762117173FD7A3162CB92278B9D95D357CE4EA8939D33BD9FD7EE959B232BF87
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........*7.......T.......T...4...7.......7...%...>...G...4.......>...D.......T.......%...4.......>...$...B...N...4...7.......7...%...7...%.......$...>...4.......7.......>...G....SendTelemetryEvent.telemetry% with resulting instrument call !Telemetry event handled for .info.tostring.,.pairsDEvent data received does not contain a name for telemetry event.err.log.core..Name.........4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...4...7...2...:...1...4...7.......7...%...'...%.......>...G....Utils_Telemetry.TELEMETRY.register.handlers..Telemetry.utils.core._G...//4B7D164CC79C27D67E2739FEFBFFDD7B8A64403F6A77D3546BB75E58A0551143F006563368CBC7BAAB9F79D4B2693EE5BC60AAC9E3CBBBDB5326CC91DFB3F0DD++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25827
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.653067104880243
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:X+TLK0EBBhyA/Hqr1vFBMFbwFqYnKgWW805:XS20EByA/H0vrMFbwFqYnXWW8y
                                                                                                                                                                                                                                                                                            MD5:72DF882DD6D0A7C9D72287AA760251FA
                                                                                                                                                                                                                                                                                            SHA1:FD296D0A322FA1ACED5CE0C69DFFD917D77D67B7
                                                                                                                                                                                                                                                                                            SHA-256:7FFC41E1160ECEB6EB40CA366DE192029ED5BACD2E41A02F953CBC0A05F731B9
                                                                                                                                                                                                                                                                                            SHA-512:E1FECF45B882DFDC9EC6D13C7FC9F74B6D770D0ABF8C86E4A950BF3FF61E7822F2ED2003B3246187491CDFD9A38C7FBD845B1B5EF1CE7A1BB439CC4C41E4EF06
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..9...........T...4...7...7.......>...G....CloseHandle.C.ffi2.......:...4...7...7...1...>...G.....gc.ffi.handleV...........T...4...7...7...7.......>...G....DestroyEnvironmentBlock.userenv.Win32.core/.......:...4...7...7...1...>...G.....gc.ffi.env1.......4...7...7.......>...G....RegCloseKey.C.ffi........<....T...%.......T...'.......T...4...7...7...7...4...7...7...............>...5...4.......T...)...:...0. .4...7...%...>...:...4...7...7...4...............7...>...4...7...7...7.......T...)...:...0...7...8...:...4...7...7...1...>...G...G...G.....gc.ERROR_SUCCESS.Win32ErrorConstants.RegOpenKeyExA.C.void*[1].new.ffi.hKey.rootKey.GetRootHKEYFromString.KEY_READ.RegistrySamConstants.Win32.core.(.......7.......T...)...T...)...H....hKey..........7.......T...)...H.......T...4.......>.......T...)...H...4...7...%...>...4...7...%...>...4...7...%...'...>...4...7...7...7.......)...............>...4...7...7...7.......T...)...H...T...4...7...7...7.......T...4...7...7...7...8.......T...4...8...@...T...4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\reset_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2829
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.562027588731734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:1LJhOJPjvbGScwwqxj0UBhC2/94i03T0z0707Hve24XLHStNovSoowyLHeyl0WeH:1LJhySRqxQGN/94i0D0z0707HG24XLH/
                                                                                                                                                                                                                                                                                            MD5:41075800FB029DEFD6FF8288A95A000C
                                                                                                                                                                                                                                                                                            SHA1:7F70B8E77BF3967BE31E459EC572851EA8B38F56
                                                                                                                                                                                                                                                                                            SHA-256:559D9E02B178AE5F32F9A903D31BFB9A7A619A60FDC6FBED1D227097E1939216
                                                                                                                                                                                                                                                                                            SHA-512:9D738FD7A3BFD3D1B3820F2820F95E08FDF6D637C876A1E1C29FA891BB38019E11ACBE5EB6936169F637A0A0EA6C6336DF9892AFD2C95A1E30F50C166026EA99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........Z4...7.......7...%...>...)...7.......T...4...7.......7...%...>...G...4...7...7...7...7...6...4...+...>...T.6.4...7.......7...%...4...7...>...%...4...7...>...%...4...7...>...%...4...7...>...$...>...7.......T...7...%.......$...4...7.......7...%...4.......>...$...>...4.......7...7.......7...>...T...4.......7...7...7...7...>...A...N...4...7.......7...%...>...G......handle_reset_event: end.SetOption.settings/handle_reset_event: local setting name is ._.reset_value., reset_value = .add_browser_suffix., browser specific - .scope., scope .name.tostring+handle_reset_event: resetting setting .ipairs.BrowserTypeStringLow.BrowserUtils.utilsBhandle_reset_event: no browser field in event_data. returning.Browser.handle_reset_event: start.info.log.core........;2...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...1...4...7.......7...%...'...%.......>...0..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\allow.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 123 x 127, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1893
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.818694714241724
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Q/6gmJZSP7Lx45VjqtJr9E6y6jP1CCrAJJe052IoqZT:QSgmm7u5VmtE6vP0Crke0kIo8
                                                                                                                                                                                                                                                                                            MD5:27A2992C0DC4D2968404F3A0436B0E50
                                                                                                                                                                                                                                                                                            SHA1:42A65AAE398A086216E4240DA626EE2425D5E343
                                                                                                                                                                                                                                                                                            SHA-256:7B6B15968EB22203596DAE54A8DCA5CCD766112C85F7D64D21EB2DA361790D40
                                                                                                                                                                                                                                                                                            SHA-512:AA6892A82F14203367D25FA4C11E8B32CB27B681ABB2433806BDC889BAB483796B2C1C79C25336D7D4F07725F1F97207AD13D8630493BCE49F11976AF6239251
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...{..........V.i....pHYs.................sRGB.........gAMA......a.....IDATx...Ol.U...........(P..@B.J0.?+.C0.11." 1.E..I.JLL<...=.z.D..E.A..A!$..J.(+..m..{...-.3..N..4.N._........!..B.!..B.!..B.!..B.!..B.!..B.!U.a....I..@...Oa.-[.S.......g..Y(.2.@....^.>cu....K.w2..x.f.S..q+C.4.K.Os....p.xa*fE...MA/#...$.\.f...(..........k@.B..80~.......b0...'...Q4F{.@x....R..= }S,..Vs.....a.......*.Z.b..8..E.-z...i.`:l..P..0.m...)2..hT.K..0.t.i..V....X@......Z..2.6O$....@..B...K.. SaO..1.tgA.Z..S.y#..d.....g.[!..........J..........vm@..k..Z..W...c...1[!..B(l..6fOd......?S....?......PI...'...........,...Ba+..V.mc...~...U..j..Z........J...l.....AV.......Ba+..V.....[!..B(l.P...|.....'_....{~.N.:.jW........[!..B,.... B.0.]]]=Tcy....u.<.j...wv....Ba+..V.....[!..B(l.P.....Ba+..^/..<1.'.....&O8o.S..}@fj..H...-....w....c....DpEL..W!P.[.h~.Mc7`....b.......mXo.ug]..ehz.o.....U.!..&'.".h........ ......w.......z......o.k........*....h...0.t.\.{..;

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow-right.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 54 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):509
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.265106458574301
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/76lJ/6Ts/4qfsK+Sz2D2cP03cbekp8LuwkWBjMAraM7P:9lJ/68fsPSyFP03gpLWqu7P
                                                                                                                                                                                                                                                                                            MD5:B9239E137DA0942222FD6E7FBB95F084
                                                                                                                                                                                                                                                                                            SHA1:4D8B1C9DA9E1A8772F5C6929A4337D5D9A659EF7
                                                                                                                                                                                                                                                                                            SHA-256:FB3B5BE9639CDB51AEDA6F379B0E3D78E64035C53EBBD9D99D28E6913A6BB761
                                                                                                                                                                                                                                                                                            SHA-512:02EEB55B6C2A00D6E638B57CF448A5110C40A0962D68121BB869C8CD82812AA50FCC882A0E3FCFBF9DA5047F15A2686176CCFA1F61044DD8BF7F0CC957A630BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...6.........c..+....pHYs.................sRGB.........gAMA......a.....IDATx....M.0......kzH..+d.6..$.0BF..e..!7. ......B...I..g....{.].b.D.K.....".e..."}k~..Sk.y.R...1.x.R....rcp9'.!.......n.&.<.zc.9..(..W..7..9.ZbX.d..e*.....n2v5i.x.!.8.0d....l.D..7N..q.D...N..q.D..T.X.....Ccq.ah......S..MS<..b...C.KI;h......a...k.%..`fx......{e&.r7.)...P$.T.Q(....(........h..P.G..Q(...(....i(....(....0....p....i....5`....p.c...5`......i^.e....dC!.0M.c.....^...4?..R...Kb_}nL...i.....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):525
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.401937246200202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7W7/6Ts/B2l3fqAXsMj1VswTbTfH9O95UzdOo9Fy2S97:F/6B3io1p79O/kdjHy2St
                                                                                                                                                                                                                                                                                            MD5:CFD3007010FA11DFE25FA8D48E65E72A
                                                                                                                                                                                                                                                                                            SHA1:9973303D168AECC57EF380EB705DB4B7C6055766
                                                                                                                                                                                                                                                                                            SHA-256:8FFC2BAD58D0322050F9AF74D140A23A589AA6E0710D6E48285FCC123A80ACE4
                                                                                                                                                                                                                                                                                            SHA-512:DA7514A4B7CCED85378E25B49742AB674937B7CE3AB714923D848CC1F3CE38CF6C11A0DEA8B97C2860B0BCFC770ED3CC39E74AA358A63BFE81E9DC47754DA60B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......6......<......pHYs.................sRGB.........gAMA......a.....IDATx...MJ.@..........EA\y....y........'..R.B=B.."dmM.L...$........4...$......I..........\ '.r;..~.o...zy(Ujq.vu.,.C.W.!t<......Q..h.....@C(.(x......#.P.>.......pD4..W>'.<...........#g..s..........r.c...p.7"&....k.._.os...SL.b......../8.......w..B.%.K4./......9.......&5'....x).}.........P...3Oo.^.........P-^..r...h.W.,.q...2.\..>.........}2M.G.t.3I.{... .....Cb.b8u.....1.:.S.p..N..c8u.....1.:.S...Di.(.."....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\card_bg_image.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 198, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13807
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980033051105471
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:r82XmabuE9fiCT7j5ggQkSDKoEBF4mRzzJt:40XiClggenEBp
                                                                                                                                                                                                                                                                                            MD5:A7522FA80144583C5F0E070F50E06C47
                                                                                                                                                                                                                                                                                            SHA1:FF32E2DB5468B183DE1FC7A68D3F82BCAC033262
                                                                                                                                                                                                                                                                                            SHA-256:AE9F79BE354331730247196BAF87001D48330E8452593952820AFEE0DCE5724D
                                                                                                                                                                                                                                                                                            SHA-512:FB8E730EB796F051AB4E84A1277C2C6B53CC8DFCA96CAD8B3CCE4DB48675B3D7AE008F1A1B100D776E1BB9F040CE0DCEC020462F13C9CC42126F463F87CC0802
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............0.y.....pHYs.................sRGB.........gAMA......a...5.IDATx..}m.#7.% _..c........{....X."upp........Uf. ...J...._......p.y...?.v.........UA.....k.i..W.+...f.?..8h.F.C..:..z.=...\.)..P.+yW.....km8.O.N.;s..9Hs....x....ni.2b..1.....$:.V.c%.~...4Q.w....VuT<N..... .....^.....j."Q../#n'....K..d...h.c...tQ'....L.U6@^.K..g.. .....>1;.@..m./...<.0.......d..o.t#........!d0.^9..|..D..K..6..Z....<....N-...M....%....B04Rr.. H......u...f.........|\.q...r.'Vt.g...,...[.V.....t%..]..H...J .G:.....x.....).....,.K..)....jC..........d(.m7p*9L.Lr=.Dc.~..f}8.J.c8.`..`i.Q.'..S.......ZT^1..L{n.Qy.._.6..)hv./41!.i.7'}..F.L:. .... K._Ag.L%{..:/[n.P.I..g].D.80J,o....)g..~.z.P......y.\..K..7^+..d..]42..k...+=.>.......k[..(....E....Zk.;..q.xu..?.H.t.*.N|.....].u..B/.TJ.+.x'.I..$@.)8.7..R..:9.)y....x...e...;^eP....K...H.G...#.)..t.=..>0..........I...n..,K|)8.....o.?.n'.....h......u.s_..`:A.....R.7G.v..$'..9w5v ,..x...xL1>.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\celebration_white_bg_color.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 227 x 161
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):129961
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.769772439114844
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Bcbqed21Gq2m9prSuHM+unzoCySEjsOOKnh8acQE:+urGq2YIuspnzoljsOhh8acQE
                                                                                                                                                                                                                                                                                            MD5:3EBE8FB664F1628C041FFDBB93589731
                                                                                                                                                                                                                                                                                            SHA1:A59297E734DB199CCEE82164069D1B86E598E987
                                                                                                                                                                                                                                                                                            SHA-256:79010FC6FAD8A3BEDC14ABE936AE3EC5D97CFA47D2B1E6698DBE595D68653D3C
                                                                                                                                                                                                                                                                                            SHA-512:6F53DCC48FA1CB703062BC4503979080E9CFB61B3E0BB175D5C4E7A53F569F171E85C31190B2A58442864A8ED13AC2B3A9ABD87651DDE0484D943100D6E247DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!..!..................................s.......).....:.Z....J.R.!.....1....B....B....k.1........).........c............s....1....{..J..k......{.:.....Z....c....Z.:.....B..{..c..........).....J.R..J........R....s...c.k.Z.B.....).........R.).Z....k....B.{..k.R.J...........s..k.B.......k.............................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+vI....$.0(.#@..IL8...b.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):287
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.630313782289296
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPZ2/6TsR/yxgwQwuAaLTfmSaqpnqJ7a4EinE4p:6v/74/6Ts/Nw99aLTiNFES
                                                                                                                                                                                                                                                                                            MD5:73E2C1063696B7A83E47689B4CAE1D45
                                                                                                                                                                                                                                                                                            SHA1:04E47994EC2A2AAA399EFF0EAF527E997527A0FA
                                                                                                                                                                                                                                                                                            SHA-256:93422C9A002E4662D8EF3D0F4A51B266C116132B1D58C025BA865CF48095F92F
                                                                                                                                                                                                                                                                                            SHA-512:ED73328E7C85EC369902A51E21F174491B5E7C1EA44022D87C1728F84CBFBCA02A8DB4EC921703F49D075B92021FB40AEA241BF0DA87EAE4816D6BFAABA5BB9E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a.....IDATx....!.E}..(3.#..mC.(.ls.0.#..@...)..SD.....o0...o=......?K)/P..o...~.ukm.9W........s....>.l....L..H.-..........T...........k......".~..s..`.7]:hW..x...ML)...5*......o..NU.6...m....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):312
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.773823438465042
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhP8AMx7/6TsR/Jr5OhJTtEEc+GbxMWMEHFGejHr5fDp:6v/7kAMx7/6Ts/Jr5GJxJFmxMQHFG8Ln
                                                                                                                                                                                                                                                                                            MD5:539828AA00E3933554AD071A88D2620B
                                                                                                                                                                                                                                                                                            SHA1:EAB3ED1CE4E11D3428840E48870BC138DAD58499
                                                                                                                                                                                                                                                                                            SHA-256:CEB6F6C99816B65716862B6353DF4D4425D9E023A6BBEF7180E63954BAFED91B
                                                                                                                                                                                                                                                                                            SHA-512:0982F97ADA2F432BFAA87AD0598F4CB5AE482A4E57D5CD81F4848B62A7C9783F988DCE1E8DCCDB2C7D0F16DEF28387BB702E91C33E65E6EECE365548201536D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............w&....pHYs.................sRGB.........gAMA......a.....IDATx.}....0....-.#...A..$.H&@....F.]..D6`.2B.T...d.X....>.g..)..\]h...ho.,.j....N.'p5.Jj.....0..Y.........<..1,.v.....Jj.wr...d0.....cz(..b......d...w.......eW...C'ah....0....`..3..b.)..R.#....3q........IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 44 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1620
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.801361627421433
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:y/6nDZIGswiTaw1GdSET4w+r3RMMzXVetutVp6ipbIlSmdTKS:ySn+UP4wGMMzXVEut/6gElS+
                                                                                                                                                                                                                                                                                            MD5:6432DED3B3287224306B81E0204B1515
                                                                                                                                                                                                                                                                                            SHA1:4CED825AC86462D8004F80FEB0D771A8BAB89D0F
                                                                                                                                                                                                                                                                                            SHA-256:41998FBE91B8B250B389D89D1AA80D5817E4F2D51CE929A7D89F37AE0093D8B5
                                                                                                                                                                                                                                                                                            SHA-512:25AD6EA2105CDFE64D7153DCBC27F6EB64AD2565ABF378F6B8E0B7B8BDCADC8F370962B843714137720FC290CF41277ED612EB4660A209C67B1C7B44A4CAE486
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...,...0.....j.......pHYs.................sRGB.........gAMA......a.....IDATx..Ml.E....&.*M..qZ...R%..a.....VH......ZG...PW.=.!..*R..'.........:.R...I.TD,5j..`;..M.;...7..^..H.K....L~y~...1.}..c..}.f..6*.r..;..05sei-bw.....@..Q.\..<.X..........C...A!....m.!.<....=.y.h_<...D.\.A. .q.....oW5mcn.o$..{..]...^..q..p..4...O..5..D.(g.Cv-^.O....fLZ.6[...A.5.EN..............6(.<.~.d.a.Yt...nX5.-V].R....?......l...."...x..].......~..Qh^I....,....S...u.....b.4...Z.j\8......_........_.W..<^...e{..8.(I..r.PPa0...)<."h4....g.$..j(J.....-J.;x.+......6...V..V=sa.)..R:#.........[...^.>K.&..J.V.....=.ww...5[.L...&.".b.../..e..........iq...K.Y...K,d.'.,b..c....a.A.9Z.j.c.^X......]1.\{......y..C.O....8..px......(\L-f.=..0..x)....?......?.-..k.e\c3.7'.N"..'..]....9..K...5...95..k."<.....&.a.Z..w.>........Z....&_SL....B7..FD...0.)J.a.O7....*.Bd...oU+.|Z.di......^.@.s.TF....u9.+E.|f^.K....u..K..v..^....N.n`%Z..>ZYw=6v.g......Q..._l.gFS.Yl.O.1.~b.^...s..~d.I.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 176 x 190, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18923
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9861701934335665
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:rRQZ43uKP67gxwrBM1vfj16druGvBBuf9aDGCdOGuQ0Xzu:lQ/KnnAJdy1aNdpuQ7
                                                                                                                                                                                                                                                                                            MD5:414AABA2691D865AF446A88F56DB10BF
                                                                                                                                                                                                                                                                                            SHA1:C7DE664C4AE999D4F31678C106C336A8AA12FEBE
                                                                                                                                                                                                                                                                                            SHA-256:A7B0B6B5834C71BF51DEA60B92CDB84692D7082D219F2FD460DA8B06D761B088
                                                                                                                                                                                                                                                                                            SHA-512:394AAFB7F371DF5A2456E4D1F478515099EA077E2EC3B3F749D1CF7E2EA1FF27BBF28DF369345D785A74D920A6829F2E11C27B380C94E175EA1221DF90638800
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...I.IDATx..}..^Gqf.....i.dI^dI.....&..c..-,38.@&..`.!...pfB..L.,..@..$.93$.r.@0.Y..`..[.-.................."..x.....]]]..uuu..}.=..Ax..1...S.v.m.h>e<....9B]....y..h1+B...]OO#.Z<s..t..*....2.Z+..pBhF..`.J...1u....R..d.OQ+^..\...S.3..I..b....a....V2..%..G.L$..e0..d.'*(e*xA... ..k...:E.B.........h.).%].!..&.&...y...<.......R.....]....k..P...|.X.[KUZ+..@`....h..qJ.....(?...@...NF.u*..<......D.Q..OXn.2.^6.N...tQ.]<......}.7. ....~..!"....%-.....e9....sA/*'.5..D....]...r....i.TfQ.".).d....E.&@.x..l..'7..]......$....+..... .P..<....r..2.1..0.h......?... ....E.@..[.n..<..y#..,..Eg.$.2.F~.K-..^n.3..S..x./}YHD......8..FI.gB..l.5.,..lN..C...S...'F.P.....a..-.a.p..E'.I\y..5M.;..'.........+z$'..x.N$u.m.`.`...+aHY...yT...$...j...G....P...N.....&n.nA...*....5....Z.^(`..7P.|.@.:... .......P.).C...^...Nc...J.b.b.....z.<;Le.....).V=.0.2.0Z)...;...:?r.Z..&.Z.4&..:O....W..kh...u.k...+....,.k

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_wa.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 176 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21212
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.98325864342395
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:O2GbDyxp4nQlUyEOZgtE0QsuSBmaibS7oiFaRXrDaLr:9SDyL4nOT9imai+7qXin
                                                                                                                                                                                                                                                                                            MD5:F1FBD29E2D0C3FAA510DA6A8397532DC
                                                                                                                                                                                                                                                                                            SHA1:FF5237B7D22A08182534B9083ABEDC36C0D3E349
                                                                                                                                                                                                                                                                                            SHA-256:7371BE7448704F7CFD6A8776482774791ECA122397006DC5841CE1D69436F065
                                                                                                                                                                                                                                                                                            SHA-512:EE496EC6F940CCF236FE8F86B7BAC8A62698049F2F310103A6BC4DCFEC4D2B3244762B844231A0326DC42197E3C851A82BF1E9E5D87A26B8EE7C5F686E4A2AD4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............J.....pHYs.................sRGB.........gAMA......a...RqIDATx....&.q.........f03.\.....^0.r%..D....k.&W.k.%..*V.7.P...I.+.....r7(KdH..eY.LZ.@..M..A.$.......s..w.?...U......;f...3.............:...!c. ^....R..g\.ri.....X..%..h%.B.....N%.F<.....X.~..\.^j.s...... ....q.:..IY).:YM....xM...L.......O.a]j.y..^.D..H..$........D.L..^..4>....8O......#B.y.8Z|JF.W....I.I.oD...2O...!3..)G.a.....J.|.(YCB>.,..*...f 0.|Xj4t..{.....!iQ~ i{.(...':......<.:H3B...$KezBs#.i.gc. .A.=...A.rF....cP.~C.|..!"...%}>..2m.2.y.,....B...."0.<....]...r`R}..%Oe..W.5e.....(....O...(..M(AW8..T.<.@z.......A..B9.....w/.IMx&4....!..r*.0&..t...8oe.j8...".>{...8<m.R..(.].Ss...O..5.+yx.rC>..q.....|HD......8.XGI.g..r.F...<X..<.....BL..B...C.&....#O.C...NQ.h$<.{^deM...A.I.e.c..r....|$..Ny.F$....r..)....C.E.P.F..hL.|..F.+y.PzW.....I.<#.....[.!...DCGe.,,T........TU.7#....5..0.<`(..E.r<...*...j.4F..u......Z8.e...T....."h5C..!........j...#.Uy.dY..D....7I.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 176 x 133, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13412
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.975594232205093
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:w0HE4jJ0oyx9ehCCmVEKtChcK6pRhXUPFLe1iU:5P0o00Ej8cdnCluP
                                                                                                                                                                                                                                                                                            MD5:12187FBB7EC8ADA4E6334B2297D78A6B
                                                                                                                                                                                                                                                                                            SHA1:9155356FDC70C7BB4C60950ADC4EF55BEE023B6F
                                                                                                                                                                                                                                                                                            SHA-256:05D775AC7CC5F970FA2A0DFF5A1F732B8DC43241F789242C17E39F4CF9AB39FC
                                                                                                                                                                                                                                                                                            SHA-512:55920F35FDA8F19C2372439774DED2B8E7EC61360DB81C8DB78B2A2F75F9FD10556203067E129F4D52F3BD1C9DD2B28788A12853DA15EEC9C2C18086FD68CC0B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............r@....pHYs.................sRGB.........gAMA......a...3.IDATx..}....u........;......H..D..-n.DK".."Y...P.*.TRN....8..*;.Sv.E.n)v,Q.(J"...Iq_.. @.............g...x.p...L/.ow..}.v.<..s..DH-......>..E...}....Q$....+K.....n.%..+<.N>~\...7.}.S..oV[.rx.@<..>.....R.Gy../H.Y..4.g..PTD.Ne.:.t=J:.W)...G*_nN..(1...$\Iym0.2..By..G.4.._H..."$4N.........D.t..Dg..U\..'.....f.D..rEN.".8.A@....]......$,..xheH.)..S.N@j..........x.b...kT....#.`............^...J.......c.u:.(/..^.Z.+G./.........QR.:..*...H.6....ld\.%1../.{]P.........D&..S.P$...u...T.2@.$r....<.j...t.R...t...I."%.9..e..!H=......'.-....y`.5[...L.B..... QI....6....uX*..`..}\.Ga...5..4,...2..?.<.K.B,.0...._..............N[.+R.-..!mc.mA.N$r......Ny.MD.O.K.1.O....G.t}.L\P.g...F.f{..S.E...d0..)......R*.-.I2'..HN#...@0.f:.A..lm.R......?y...u.w..e.d6.)..'..w. ..EH..>c .($..V.$...g.R.1..Vf...a%.!O.&.l.x.q...............>......J..\....9+.||.%...d..1#...).,<p..../..X$cVX......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3166
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.890916051269147
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                                                                                                                                            MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                                                                                                                                            SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                                                                                                                                            SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                                                                                                                                            SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 28 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16099
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.1119107535632073
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:R/6qMh8k29WJsEv+jJ/Zf9lnkouuJvBLD1LpKLxN+Y9rNGcfNGvsc5jq7LcQEdBp:RSB8kEWmjtZCxNXrNGQNGvsc5sx0
                                                                                                                                                                                                                                                                                            MD5:FE56C156669CA636CE71E5D23D9C685E
                                                                                                                                                                                                                                                                                            SHA1:6EF641E2CEDB274F9CE2AA2037697372C49CCA25
                                                                                                                                                                                                                                                                                            SHA-256:CD48CA4C27625C9286738652535097FCD7406C709371D85AD8297F8FEA19FF32
                                                                                                                                                                                                                                                                                            SHA-512:B82ADD72111983CAB0DB650F3D12D11E3E2CCC9681DB18484F2219EC4A8AD7F4E5BFEDEFBEE4362CD7CA03A17A025EA1E54E566AD2C458C1221F6EADAD099D62
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............Q.1....pHYs...............<AiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-05-31T16:18:28-07:00</xmp:CreateDate>. <

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 541 x 82, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6612
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943206975174219
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:jSDZ/I09Da01l+gmkyTt6Hk8nTMVKh4rpfjDXliiulxWYwu4vw3eP29VIaUz:jSDS0tKg9E05TMq4Nf4QYw43v9V2
                                                                                                                                                                                                                                                                                            MD5:13029396423BD78CCCBB0223EA143844
                                                                                                                                                                                                                                                                                            SHA1:D23C69FE2AFA8469C06CD31FC8FF077B415EABC8
                                                                                                                                                                                                                                                                                            SHA-256:9979AC854DABCBFFED54312E8EC33B5C0402E220E100E47F0A22852EC695F248
                                                                                                                                                                                                                                                                                            SHA-512:32D34F2FF23DDF24D387D8A3B8A4B1D9258F525B785807466D9FD88A4097C288F0FC89E6B1C5A010F51E5C92F6941189404E194D9A3A85978F77418AA53AB85D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......R........ ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):93205
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.288083612999653
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdW:fY8MaW2c+UELKUqnAdib
                                                                                                                                                                                                                                                                                            MD5:90FB2C3EB8241D4E59B0751972C609FF
                                                                                                                                                                                                                                                                                            SHA1:7BD0AFB3562851DC6B9376D6B1E14E7DE3FB003C
                                                                                                                                                                                                                                                                                            SHA-256:369907573BB02E2C8355F5F629367103A62A999A19A5C9F249473A6FF7DBB637
                                                                                                                                                                                                                                                                                            SHA-512:3EA7FEB856EAA7BEB4FB1D8BDF1C637605CABB43FE1F3E8462C8A1C394528E42CE6BC460287352CC05A2911FEFA7CB929F5448EFFDF1C30EDFC6C443A1C3AADA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 176 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14533
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978234763785096
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:vbRTZyLGqlTGW2+6E7JfwA1fKUCYhVwKqpU:jRTZyKK6E7T1SUCYhVwA
                                                                                                                                                                                                                                                                                            MD5:AD6E786595C48812BE2D9BC7FE5D1485
                                                                                                                                                                                                                                                                                            SHA1:E98E3B2DFA4354754EC58188D88F6687DC239E22
                                                                                                                                                                                                                                                                                            SHA-256:4715BA3F13FB3554D64542BA93605E87DDB8601301F2C15B9CD65B708FFFEE57
                                                                                                                                                                                                                                                                                            SHA-512:2C0735D80841CEA8CE8F4816E9548B5A9474530781B1510A1FB72951EB36679B43F4ED86025CB9C5B8E2E81432B356D3466ED5FFE5A783773A77B142253BB0B6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............~B.u....pHYs.................sRGB.........gAMA......a...8ZIDATx..}y.^Gu...M.V..kiY.dk.!v,..bl.c...c.....@&..0......rfB.29.....5... $..c[F.dc.,.R.%..t.....^U.......^..}.~..u..{..u.V...S..r...c../Mu..n..Z.8..@.......b5..Q=/.O.\t....r.TS.|.1......... ....`.J.s....~....$+...U.V./O..kf..t.g.*...x....J2.i.y.G..#...d.Z.5.(......K...o..4n.W....#G.>.<....'_.!.].P.P..*.._..=.ya...o..`0q...zd..T..f...7TXci.d6....1....9......._.p..9.i0......*....:..%.D.Q)-...e.u3.y,..:...<.VW_g..].....o.U_.n\C..8.kI...l..ux.Y01....WJ.q.Q.I&....C...J )..T....<.....v..b.u0..qv[.s0An.;..tC...S:.:XzB_G]....O.tc..1C!.....Ly.I.a.~xts.A.%.{....4...ln.g.)..........=y..@...:..QQ.]i...0....p........5K.xxTE.:.}...q|...pq.SSSX...5.Wa...hin...)N.p..G]H..O..j.F+.<@..x......F.}.[.F...2-...%...=hmiv...$f..a.4bI+...C;.L.6.iM.....G.......DH.}QO....|.Y..|.i.Y.....x.......e..:.eZ:t..p&,U..KL...AM.iw..7...T....t..\oy..2%.!..!.p(V... ..X. V......).,.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 200 x 200
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):61451
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.343059446968563
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:9fvs6a/gxRWNtTA4EOvbc51qb0zFy/Sc6mS8oyYVX3YeP8XFWZLNCih:9fkj8RWNtTA4EOzc3lBl58AdNCih
                                                                                                                                                                                                                                                                                            MD5:CBE8A62A079FCC257A6334A506A865A1
                                                                                                                                                                                                                                                                                            SHA1:B0135BD4B9A31BC7105111213C286FB3C06DEA7D
                                                                                                                                                                                                                                                                                            SHA-256:3A0F2212D503E07BE1246CFEBBBDEB40B642A44B4A3DEB959DFF78063A9822E0
                                                                                                                                                                                                                                                                                            SHA-512:C7AD87184B524C5908E9832675188DEC751484C849020031F91E5030AFA94AECEEB2DF3777657533947339A48A96A24C21D22D29C4A51C75BBF6000634993A05
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a...........2/.50.4/.4/.4/.4/.4/.4/.4/.61.>9.E@.HC.HC.HC.HC.ID.ID.ID.LH.UP.[W.]X.]Y.]Y.]Y.]Y.]Y.b^.jf.nk.pl.pm.pm.pm.qn.qn.ro.ur.yv.~{..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,............[..H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h..x...W..[Un[.u..j...}.J.,.*..N.#f.x....B..RF...;..x...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):343
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.9403490183632535
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPUp/6TsR/N7FDkQp+Fj4zBeQzdHLqOkNTcvKMK5iloCQl53fHKxgjTfv6Rp:6v/7Q/6Ts/N7tWAHdETeKMKsoCc53v/+
                                                                                                                                                                                                                                                                                            MD5:37F342F2D1658BF871B235B20CC254B5
                                                                                                                                                                                                                                                                                            SHA1:137F20C7685717B19BB089041AA03FA001601D09
                                                                                                                                                                                                                                                                                            SHA-256:432AF358A422B668D90A9B05D2329922BA20DE2E24F419232967601E7B8E77E7
                                                                                                                                                                                                                                                                                            SHA-512:B20465A790529F063309426AB878CD67823EA40FC5B464C5ABE2DCD7A26721FB57D26BCFADDED47CE584E0F575CC0FF922C29DA2DF6B8A18AECD567B678B5DDB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx.....0..[....n...&8.n .8....t...6...;...[z..../5..g(9.B..5....5..7..K...fk.....D.......~.b..'Od.B_..%....P.T.(Y`......i!.....\...l.F$....l...=.ab}.;.f......N..Y.K...ffy.(.g.....,.<.M..2..Gdio?..A.W.~w.....5...:S...S....3.Z.......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 7 x 7, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):535
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.070255751604191
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7nsXUyptiPCC0turztDt5q8j1Age/6TZ+RyxtWcHzSoLiKEMBLKBd:YynOf0tiztDt4yxe/6oE8cHzhmKEMBWn
                                                                                                                                                                                                                                                                                            MD5:78118351597A04AE4CC8D899475BBA49
                                                                                                                                                                                                                                                                                            SHA1:3EED037A8879EC6F84C2545CBC3D710494C2FF88
                                                                                                                                                                                                                                                                                            SHA-256:D9059CE8A29D6CE4FB46BBC2292EFCA3478FB5D2DF106B33D4A37B50E41FEC39
                                                                                                                                                                                                                                                                                            SHA-512:DB64A010162385441800F0CF0212C68791447EB5361793389BC632B7B14E15EEA3CE7DDA89987EBF7414334022FC64FBB1002816532EA106F0CD873D109A1081
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE[y.^y.^y.]y.`w.]y.g|.[x.ez.^y.To.\y.]x.]y.]y.Zx.\y.]y.^z.]y.]y.Hu.\y.]y.]x.]y.]y.]y.\x.]y.]y.]y.\y.]y.]y.]y.]y.]y.^z.]y.]y.]y.^z.]y...........,tRNS.............a}.C...l.3.>...=B. i.S.U-.`e<..*.>....bKGD,..q.....pHYs.................tIME......9.3.....@IDAT..c...g`..d.......``.....af`a...gcg`V.VTR.`PPQ.TSWe.........aa. .......%tEXtdate:create.2022-02-16T17:16:42+00:00.v\^...%tEXtdate:modify.2022-02-16T17:16:42+00:00.+......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 87 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1559
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.837839289025892
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:s/6yUlzHLuHwW1nx0MX/pET0ltUxHPJH3jT2M0wlH2s3R3LqyT7UFStz:s/6yOLP6vX/w0YlPRT2M0wlHfLjYstz
                                                                                                                                                                                                                                                                                            MD5:FA83BC8E14C9D2734DDBE84015E5BF3A
                                                                                                                                                                                                                                                                                            SHA1:2A863213DC1905FE82EFE6B1A5C4A039A34569B7
                                                                                                                                                                                                                                                                                            SHA-256:89F1D402046412A2921E41B0C4660DFCC9EE8C126EE8852CEE8B450038836B2F
                                                                                                                                                                                                                                                                                            SHA-512:3EEF9CC44509E74A4147BE230A372FC5E29E7A8AC85BB08B03FC584D9AEDECDBCB609208BA8951802FC770F70CA570159AC693C8BDF3F1EA2EC9F1F160A694C2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...W..........]B.....pHYs.................sRGB.........gAMA......a.....IDATx..X.j.G.>g....Mb.J6.&..(O....^Y~..O.]...].-...V. .U..$?A..........hd...v...=.^....\...F.g..|..9g.?.]....;..}..eD'.V,.'&..(.......MO/..J........8.7.o.6..h..4Y...T'.....MO...1.,....I.....f..yqr.?.s..../e.lIeo.B...7.&....P.bSel".Y..y..a..:+@*>g....B.j.E.X....l..;t.h.A.vw..FhbHq.*Z.KH2WA.:H^...@...>.p...:{,...d.M..^.$......-M..Gp.S..).\.r.........#.Q...Z...1..g...(!...'.7_m.C.T:=....8.....R........%%..@...q...1....0.}.?....H......)..5Q..x........i.8.$...i84J...&.lr..).....U@..H..eaq,..k..P....h...b.Ur......-gN....7..OPd.=rt.)\E7.kC8#.IN..}.7ol.i..%...\.=......hMy...t..i.#.........$..r...n..2 %.zG.@.B[=...;.....K....<b.#C.B.B........K...^.B....!...V.mw.M...d...R+.\.......t.. ..i..13.b(}.!#..6.B..qH.cn....Z.....E#[%..........P.06....B...3......;ba!...-.w=!.\......w.....&.....T,.:...i...Q.k.~..w^..S.....'.P.<.G....G<14.`.p.D7..u...#.:e 7..L..9V....r*.\R..g...Ml0d.d.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 112 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1940
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.870572433344458
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:XC/6ajsovRkZHy/em1P2FGb2bQ3t/3NJ4BNofx6yRQG4R:SSagovk+emwqQYbJIo0yRYR
                                                                                                                                                                                                                                                                                            MD5:2E6E7984268E9D344B13491198D160B0
                                                                                                                                                                                                                                                                                            SHA1:E88EED75E8E8CA8A2458761B561927B6DABB8C00
                                                                                                                                                                                                                                                                                            SHA-256:3EF3E4739C30F116531F7B40BD0E14D3A487C3F28C27B52C47EB04D8AB0B9C5F
                                                                                                                                                                                                                                                                                            SHA-512:E60EE5CE3183AEE8C157CFD0922F9310103F0B291254897FE504AC0F10C440F3F7D3A32AED6383E8AD63D4414BD8E27A0C773929B63012D9CEB792445FE5EDC8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...p..........M......pHYs.................sRGB.........gAMA......a....)IDATx..Y.n.G.>3.`T.\..6\d....d...O.y..U.6.5Hq..........^...^d..8i......~gw.....M....I.fg...3.9gFx.R[.5.:......t.J.<...2..V....mT:..N.v....]...,."../Ju..Q...v..k.....kB..$.<..s[.z...?.H.\L..E.bb..6.a2.._-.4{}W..M......._....e..W.q.!...!`H[x8....W.L.7dqD>....R..O.S).!...S.,pR.Pq.....wI.".d.M...bm.X\..y...f..:.`7{.e..*RH*.,.X.R...1.P.*...XD...2...]..{..S.S..V.5/.H*6.2eb..Xg.v....3...b..G.\5.|v;X.7.b..C.....R....LJ]..*...\..{..]:[....^../....Z..x2...M.]....jM..l.I....&4qF.bM.v:L.vE.'.Y.h0.."S...y93...W..;.........s......4C..H.t....n...((p.4k.5/.}V4..HF!8 a.k.........nr.r.j......CY.b.d.....H&.Y3f.$.4.J.Z....w{=6r..l.o.....V_>.?.'...x..b..zY..J....h...Ay/..s....o..*.I..c;s.\^..^4...U9...r$..\....l..m...1..6..q.........+.Y.V ;....|'.d...b.=..]....4Pj...BK..X..&..I......L_.m.`f..iQT... .....&.ou.0.'....c..;.=..t.c|f).....i01&R..7oZx..B.?.}....J3 .KTD..A!O<.....jJ..,cA.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 86 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2238
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.897965521812157
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:a/3bdLf7SAa7meAyze8p8XMnkL4NpP+Tl1TcVhCx4:qLddUJAyzVZnkLu6lF8hCx4
                                                                                                                                                                                                                                                                                            MD5:2B2ED7BD7CD047459628DC4AE1728E85
                                                                                                                                                                                                                                                                                            SHA1:F8F4933BEE5717D3CC67704F863896258EC023E1
                                                                                                                                                                                                                                                                                            SHA-256:1DB0EC3C7FFD1C9DDEB5F0E4217C1EF38EB02700E4A7F3A557D1F052092D4E42
                                                                                                                                                                                                                                                                                            SHA-512:B3CE912074BDE9758A93B18C6478AEB689A0AAEBC5F9D228A5C95F045C0BA24963FC7F32EC1E1BC93D50890132D3B1515247C9ED3DEFD99F517752A23BA7EAB5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...V.........G.[#....gAMA......a....uIDATX..X{p.W.....4,y.y.n..S..U.E.I`j....X..-.j..Gk.U..QFl-.p..V.Ne.hU..PBv.yF.....iI..I.$......../,.M........s..{..>vbAa...Tg.1....j-......R..M.?v..Vk..V..<.........y...t..%W|A.v..v..t:.......i........-.xud.!...\A.M.X.e...?0.7.w5..9......=1........~../#.wD(4.d./...-|..V...<f./l.Z..:..j].H.8..P...q....YZ....jsg-..I;'UqBJY....!.L..:......g.,.#W.4..y..f......=..<..B.......|..<..L.....G.uR.z.L..?L..H..al......W...4.3.......La..}.t_.".j.p.;.....'"..]yy5.... ......=.Q....QH.R...TU.I....f.......v{.V...?.{.......D,....}..b2..6.......^....nf""...\|.............w..J.i.W3!j....JCd...e[....$.U.F,OH.8....f.v.....z)z'.../...`8Pb....`xf.........^.7..`.K..}.c.S..7/z..Q..e.!9./..o..`.7.....v.$.'..X.v....v..".B._0Z.F..#......S]O..:.r.N.X..m...........Dx.....]....s"Bt.6.<..F.o+.z......B|..5DC..).,..y.0L.X.5$.Mh+.\].....Xq...~`..8..;YQ..t.{&....H.l.b..3..@(...#r..,......-...,..#..,......C7..6~.h

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 86 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1201
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.763272753991154
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:8B/659eWA6XuELEiVKshz96Ajxbd/ErBYPwxhYvjtcFpcG69X7VSkHVs6Lb:8B/63VXuELESZPxbSVYPwUvBcFpc1Dpb
                                                                                                                                                                                                                                                                                            MD5:A624A806CD38AA64130A0C228271DE75
                                                                                                                                                                                                                                                                                            SHA1:118201F6A512D67C5EE112CD0A0C4EBD5C66FAD5
                                                                                                                                                                                                                                                                                            SHA-256:A6E96121FE3D151FAFF5B247F926F93D27790250F9E2A27BAAF841DF5D82B6E1
                                                                                                                                                                                                                                                                                            SHA-512:D8C08C245A6F68FFC058D2571567034229EBB96A595B17469FC7B6E26F6BF47FDF34C2527B5800667790F88648CAE8C7F262677E53CCB713968A6C03B0D54FE8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...V..........W......pHYs.................sRGB.........gAMA......a....FIDATx..X.Q.J.n..b}["x"....dNr.."@....$"."...8.t.]>`G.2.n..w..t.j....v.@W.4......L.]..,......&.'TUGdL.|.r.....N@.XJ'.BL).&(........A...L. ...,...d|...`0,...8T...EQl.PU?.A...!..aZCL.w....^.....v ...xUuI,3.1......s.1....g.uj.#Z..A.Q...^.9ww).....Jz.....-..d....k...C.m.=3(....rc.'.avwKM.u!........%.._..;4,X.}vbh.r..s.W.4..o.3*.n.B...i{_..Z...7..}e.Q.\n.j2j}.T@"O....Z.B.....b/..l.[.....G..3d...&....AS.UG5..Q..)e..<.5....|...O....g..b#..Mb.B.s.t.........R..;.1o..`..[.a.,d`E.....9.oT.........9..}....Y....Vf. i.3.. .....]..&.)...S8..u.(u0.N|.....+.(........:.0.m<p(.[...X.P....`Hu....!..c...).Bw..|.F<".7..;..........fT.......|..P.........|..-l.E.Y....E....L....e........V.W.]....~\...j.a..8...G4J..uC....(.....W6.....\..FDk..1...n.. Z...:....C;.F...jvbp.).....n...r...w<.j.Z....Q..|...u....8e.(.M.,B...E'&1............._`..../....6'...VU.....amZ....E..;...Y....S..(..B.m..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-wa-logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 154 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2089
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.869800467961287
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:rkB/6Q3xZL5SraMMlkopWj0tAPMYZT8C3JwifFX7+6/g:r2SuR51hQj0tAk2ACnBg
                                                                                                                                                                                                                                                                                            MD5:96D3FBD61D479F4F188A025B53D4B63C
                                                                                                                                                                                                                                                                                            SHA1:4294806A93CFA7B232D82D805C26B368F111899F
                                                                                                                                                                                                                                                                                            SHA-256:DD62F1970E3DFF385709002AE676B93F9CC5D4C7AC37492C0F1E0752F9FFD057
                                                                                                                                                                                                                                                                                            SHA-512:7E8BEF427C4E798D2515168D0504B87487948E12916AB5F1EDF0D2C584DD9FBCFC785A37A8BF48DEBF5479ED10225B2FC1B8D81DC94E0E9C997779DDBA8E02FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............f.....pHYs.................sRGB.........gAMA......a.....IDATx..YAr.J.....W..,.Hy....'.8A...?..... ..&'.9...LN`....,._.W.....#Y..;..]%$.zzzz._..z.htZWW}...k.Z.Ry.7.....h......h...o..@.:.s<....}......vG.qM..w..~.....Q.qqV..;G.....8.......y<.3$O.@tD..9..uG.g.puT..)...j.\..{:.s..A...v.d.$....s..r0...R..y..Y<22 n].5...r.e....`x0..q....h....b.sF._....>{.\%....54|.k.4......J.d.ur6...{@g.t.z}...c:G..;P...B...x...,..D..|k.8.Z_..n......5U.t...y.d....`.[.,S..W.....n'|..5.N..."hM&.....?....|.SRrT.N..H.l.J.....W.....P..X*....u....-O...O.rA...Sn3.0.s,na....f<..8...1Fme....E.~.<G...b....\.F}=0O........D...^.T...a.B....WO...g)....u.....6w...F?N.Et+.ky.o.7..d....Q7...6.g.j.1.<..~q.s.^_.......+...v.......,.......__....(K.sJ".rq.*m...)..g..s..fx..N.0.v".P.....~.....C..`t.nx.;...9]..$:..T....h....l.C\8..na.S...4Jtor...r..h.<....?z.>..........A.Je(..Ml.'@.y..1C..........v..j.$..,.p'"v...P..].yu}.9.E'..Y.=...........s.ry.- ..L&....)...P.t. A.%

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2052
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.890065571351557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                                                                                                                                            MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                                                                                                                                            SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                                                                                                                                            SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                                                                                                                                            SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7205
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9471260512499375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                                                                                                                                            MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                                                                                                                                            SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                                                                                                                                            SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                                                                                                                                            SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):285478
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.4849077310090886
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:gtOQaZJ9Lhsvel7gsxdrTr8M4JnGirZTiAF9EOoRoQoPEgyY7oooxro:SOQaZJsvel7gaWNVx4AF9EOg5O7BAro
                                                                                                                                                                                                                                                                                            MD5:F7D9142AC3C0C7228507E927D05F9727
                                                                                                                                                                                                                                                                                            SHA1:7B8C9829534DF5B2BAAC806141F72B0AFDCB03A3
                                                                                                                                                                                                                                                                                            SHA-256:F91461D2F81839CB58DA4A9FACA47C51352558BB636C522F9272519F7D910E61
                                                                                                                                                                                                                                                                                            SHA-512:5C53D7B6496CFC4A855A7CA9F95D2F127139CCB812610F74790867F056EC48A4F3A6F2CB95574FCF0AE027B9B3497F0D80B1FF235828EA66C92D18603081E725
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:............ .h...F... .... .........00.... ..%..V......... .( ...:..(....... ..... ....................................................B......t...t:...........................................V..............u...t...t...tN..t........................j......................u...u...u...u...t...t`..t....................................h..tp..t...u...u...u...u...t............................T..............t...t^..t...u...u...t...................................................t...t...u...t.......................................................t...u...t.......................................................t...u...t.......................................................t...u...t...................................."..t...............t...u...t............................2..........t...t...t*......t...u...t.......................................u...u...t...t...t...u...t.......................................t...u...u...u...u...u...t................................z......t...t...t...u...u...u...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):195
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.068066723651005
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlJlawvlkV42/uDlhlp8Lts7CX9/Bxdzo1i9MsN2ocx1PmnCCj1vkxz:6v/lhP70wS7/6TsR/Dvo1oiPOnuMwkup
                                                                                                                                                                                                                                                                                            MD5:DC1EB36132B94A110553E31FB69B06C3
                                                                                                                                                                                                                                                                                            SHA1:B5E281F185E2A7159B4E1EE74C27FA31E00EDA03
                                                                                                                                                                                                                                                                                            SHA-256:237B2E4C1D42366B7EC89852F5C43C7D12C961D2A8990A87FE5CAC827C6C2FC2
                                                                                                                                                                                                                                                                                            SHA-512:3E51E41E82D903AC06A911CEB70861F49F682E6F22AB6EE07DE8FE4B351CF255F9D95FAAE7282C516C9226E56C6B7C8DF87135F0E7AC699F7179B4D176234E29
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............;.J....pHYs.................sRGB.........gAMA......a....XIDATx.....0.......A..9.....Y. .Kr..T..[W|@.]C>.q...bE.I.s..........TL*..V,.E.q......X......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):334740
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.49770045405099
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:vYW4/fFn7A4xnC0IzntmbG8B7doDbtYdLVYRWns6yC:vJCffC0Izntm6S7QbKDYInKC
                                                                                                                                                                                                                                                                                            MD5:83923FAC3D4E58231B7527BDFACA2794
                                                                                                                                                                                                                                                                                            SHA1:492C8D0F08203EB28A2999895B1B5994F51F630B
                                                                                                                                                                                                                                                                                            SHA-256:B6E7BDFA89B2445E120C0583BF97EFA915DFD43BB02CB129C2D9267AAF3BA618
                                                                                                                                                                                                                                                                                            SHA-512:A8A5B976417B19313C2939BD2BAFD9FB918A1F413713259C120A296BEA00B49D36CFFA1DE25A9C58D2987007FC9BBD4AE8D198C7D37448080C8E34D8EEDEFE54
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..``.... ............... .(............. .(R...#........ ......u..(....... ..... ........................................../C..0D.*@T7,AS..$-../<......................................-@......:Ri5Qk.=Yq.<Vm.:RgS5K^.(9F.3HZ......................-?.Gu..!<UT&D`.>]x.Ig..Jh..If..Gc|.C^u.>Wmd:Pd.;Rf..........#3.0Pn."=U@)Gc.,Li.Cb}.Rq..Rp..Qo..Rq..Qo..Kg..@YoeD^u.........%@X.$?V$2Oj./Nk.-Nk.Ji..i...j...e...^}..Xw..Om..B\rqHd}....._|..:Zx.Cc._Qs..Gg..1Qn.Uv..p...q...r...q...n...d..._{..........^...]~.,\...[~..^...Qq..Wu..n...v...x...v...t...o...j...m..v]...Yz.'\~..a...d...b...?O..&*..1;..CU..Vo..h...r...o...f...c..;d...Yz..^...f...g...GX..%%........R...P...i.."w.+;{.:Wx.Pr..i...`...Z|.D`...b...:Sr.,1..--..."a...0...1...D...x...j..,R.Op..^..Fd...a...f...<Yu..2Y./2..01...!U...4...7...:...~...w.Jh..a...`...\~.89Zz.:Z{.9Zy.9R.../..-....'...$....z...Q......!}.Vw..`...c...b...;\}.;\}#;\z.9O..#$..$$..&&..&'........s...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 176 x 189, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20549
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.986108821429097
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ekwMaIBryFTsB7sckuOrzdqL+0ZgDdNiC+Pjo0eiTGhXDEi0t+XKWDt:TwMaINyFQhLRizdy+06DOLjBemmzEFWh
                                                                                                                                                                                                                                                                                            MD5:0050197C4E3C6801D783762609EF6226
                                                                                                                                                                                                                                                                                            SHA1:5B1E4016652C53EE3729D3125EB3F231DD69A206
                                                                                                                                                                                                                                                                                            SHA-256:F42ECF07D3EAD5B48C1125B19F101FA4B3C6271F4FB43196876003615C31F31C
                                                                                                                                                                                                                                                                                            SHA-512:B527E6A611394798E8467D797251A094FD9E06686CFDD95C40545697E79308246C51C007D9EBCF8B6A5B56BF810A851A10DAED9AE1DE9995B757558DFDCE0F73
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............)......pHYs.................sRGB.........gAMA......a...O.IDATx..k.e.u.......0......`.....H..IP$ER.c1J"G.Rq.J?.r.........B....-+....T"..-3$%.,.!>.........<f...}..{...k.^.....pa.u..w?V...z....q?z...5m .D{..K.....hC..c.|\F]V..]u...O_.nK..*..N%~V.#oW..........5....".....D}.%_.....MHS}..._/.G......Z).c..J....>..zsz.6..z...*...^[...Xy.h...l2..IT...\..R=.}..0.P].8.N..6..V.i.|...O.ur.|..u=.....2.x..>...K...>.....GP.<.3...6.R..78..G)..x........6(. .3...Q......r.^.....x.......q..@...]/~......F.v.W...IJ.3}......n>....l.-_I.0.;u..j.B=.9.y.?.d.].lB.C.....xQ(..2..dr..'C...B.]._.(e.k..O....9..2..p...=...y2.".V..&.lk..P=.x..K....J4..%1R...&:.%ax........B.k.q)....p..$...B+..:Y.s|.B,hR...j.K......-...G.1....-x.(G..1....+5..?..#.......P_.....$/.>.e..l..c...... ......@.p...Z`I...5R..BV.8c.L#.\.... %..B....)AS.,.>..296...B...y.l.b.r0.O.D0...^e.iDL.5Xyb.RPf...a...MTL.4.x.t....\uf2).J.6@r.../....$gQ.X.r0hvrV.|J.%...d+..#o..._.....G..a....+,v@

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_0.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 173 x 174, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6169
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9459194185380495
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:dSEVdqkq8aVCRBai6cYQLO0lGHhzrYvET:c+dqkq8aVCRnYTh4y
                                                                                                                                                                                                                                                                                            MD5:779DFAA69A79BA66B20CAD0BD22F5EE6
                                                                                                                                                                                                                                                                                            SHA1:98226967ECEFCA769E6B653A54E8AF969CC329F4
                                                                                                                                                                                                                                                                                            SHA-256:34194DC7D094C4A0C5332A9688C938C83A31C8C37C4BD47A23E602997655A9F8
                                                                                                                                                                                                                                                                                            SHA-512:8B4A01D1E101600E56CBB1422D92D255515F5A044C09D4E89FCDE71E658F790FA6594B14702025115B817C90B3908CE76B021F089F503845A877EB21C0E10F61
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............D;......pHYs.................sRGB.........gAMA......a.....IDATx..]...u..3\.......m...~(....o..V+.-.Br?`[.....5`K.S%;.kK~(R.~(PX....y.-.(..J7..OQ.j.;.J...Z.h%k...7.....rI........!.\.....s.....R.T(............5.82bo.....1.U.o....{.Xg......2`....j>g..Z.-.r.b.......6........emW... .`Z.0..8.A.V*....s`p.hQ...R..u.....)(d9[...Y.q&E{..g...u..5..:..d^.x...L.x..d....j...>..t.. .QX.dE..-Z..n...b..l.D.Z...T.1........I...Y...l)....b`D.Q.*.u:..5.y..T.\}o.....o.....U.q..R.:.f.V.F...,..~.F.R....v.?.i#........!E.J.f.........R!Z......7v.....p&.~7.\..K..{.......d.-CbE[*}>&A.3V.o.W...I.......I!.Q7Q.5.5....Py#)}.......v^......k.J...|].....z],..5/De.C..Q7.q.Cn$...r6..U.&......*..7"1v!..u...].....q......KW..6.J.M0.c....'.d....T..........lF...A....].Cn...T.&......V..[..O.M.nv.~....;..H...3I.O....a.Rj......hQ...B..+[. OK.3[...9E+a....Z..eA....G......~....:uW..Y..\.1<.......-V...#qG.l.....I.A|T.t.sk....db.nl..Gg...g.).....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_1.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 172 x 173, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5131
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9309654446277476
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:lS5yoYOqOOEaiMp84+l5poeitPG7DHJwcx96N4W/BqKB:lS5y4qOOEaLiTHJj96N5
                                                                                                                                                                                                                                                                                            MD5:44FC2B1768487E2F1F04F95F14B8C388
                                                                                                                                                                                                                                                                                            SHA1:FFACC7F192C58F5B247A851984239D7C86304364
                                                                                                                                                                                                                                                                                            SHA-256:2F22DFA6EC29824123DF3861B7C654C49B3A7935511E9138E26F800483FD24BA
                                                                                                                                                                                                                                                                                            SHA-512:16B28760DB3B252B520397E1158862322B522B07E63BE85501269BA13DA88685C852580F72000C76C86F83DD078DEE7C32BF157D2739D247B1B73DF99F697ED0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............-m.}....pHYs.................sRGB.........gAMA......a.....IDATx..mR[........ef.e....<.@u..!u.0.@....1"....*....V 7U..G.\......*3P..9g.......Y..|.....@z..>....G.@pDbq.s.....s....KJ7.3.Yh4..{.p.....X.W3w..`.@-..{H.....P...'.N@u h..?#.:iU...S'..8.v.....%. ...Q.E....7.)..4....Z.m...e.L<.#PH3M..7.>>.........^........(."d.46BS.H....].........!R....#^..>.v.g.k....Y.|..H{`"/..c@o.h.r'X.Kg.6....^....t.{....@N.`.....h..<|Rt...V......d..f^.,..*...c y.nf..:9m...g....eN...E..)...no.2Y...(,....e.&dB..,OM.#..#..4.7......8.n.#..n.R+X.......O.NZ.m*.;...+.U.O+..h{.)!U......~j..H.).5.\..............= .X.H.....R#..?....SY..b4...>.S.T._/.C..Q...9{T-...........I...}H#...^mM.".B..G.w.].i....~.....?.&vI\..:s...gt..yN7%...5U.....U.a...7/.q....j..).....*.S#`.....ibl.B..a.c..S..m.B.d.U..HK........?2....i..Ho...i..f*...X...k.B.eE..X8.^'+.i....;...%..I.....R.7.KY.,....`J.@.6Q...>......+/.C... .LO..61.Z.".@R.H....p..m".MR..XG..E..m..n...]..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_1.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):942
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.531868737958494
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:9s/6Hwf01d5/znYDjqWy8Yi5x7fzO/eoTMO/0T3hQ:9s/6Hw81fzYHqWyyDzD2h
                                                                                                                                                                                                                                                                                            MD5:50A8EBBBE54E38389C31C82D126B414D
                                                                                                                                                                                                                                                                                            SHA1:C93D3B7CB702DE03C6AB2C8CF7C6520F45613FCE
                                                                                                                                                                                                                                                                                            SHA-256:B5750D21ABAD17B37896862D5B6598FABEEC4B45EB1C327ECFE4056CC2E890D0
                                                                                                                                                                                                                                                                                            SHA-512:E67712C56B2B5465BF9481DEFB814A98439EA9656A6F65A0F6A7355D30979C65093FA5325751F5753EC615E8EDD7BA604B9E3E7A5BD46F95179C6DA56012002A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....CIDATx...MN.@.......7.9A.B.r........i.u.m@..r..P.mo..u....]...:...i>....q.?..q...../D.........}...V...bzA".z....ZH.$...z................$^.HVi.Po.@......<.q+.N.>..o3...u;..:;zO.%.<..l.a..2.....$"A...Jd$..7....d.r....(RO..5.s.w....%d;.CCp...=.Z.<8~u...w.p.H.DN.............+..(."..W.t....$.;......pE6......Z.id`...Ob..O...C.yP..M.6o.......p.P..PB%..f........'...WT......%Jd...6...F....V(>N>#...P.....Y..Dw....&.Q._SN...G..?.../L.l.!Y?....:......d.g.]......c.8.O.l.B.1....Q.{,......|.=..,...-$..&L.6.~zL9m.>.F...(.0Y....$....!.M....A.uk.....X.....<..P..d..^...e.....Ku......#..8..<...%....\).(......F...eubo....<..........]..,..p.<.ZV....w.amk.V...%PT.Ff.<?9.2T.'.S..Z...$..!4.....t.g......"t....<@.....?I3`.\......p........?Hgj..>.?.....TQ.........<<.r.9...!..L..P....b).Q.......B.......f..#<a.\.X....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):936
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.559903053416362
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:9s/6BsT2qpwH99jdztSFrR1SZ5id3SBMKSb6b0oqqR:9s/6BsOjxQFr88SBTBYoq+
                                                                                                                                                                                                                                                                                            MD5:1380B82254D9056AE17D2C9C333BCD5B
                                                                                                                                                                                                                                                                                            SHA1:FD419D0EDF583E313F7F7F1BE565E7EB3F2519B8
                                                                                                                                                                                                                                                                                            SHA-256:FEECF9909347B956549A39AB182F367F78E9C1306CA2DA146638CBDD3BFBA285
                                                                                                                                                                                                                                                                                            SHA-512:9FC77FA74EA43F15ECC787FBC6299492196E8218FFCA1A6A4D750EBAF2A588FC14399D498FAD9B1DE5A3E0A316F3DD57350A1B2B0D67309CCA699BC96ACE89F5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....=IDATx...AN.@...7v.`...NP..h...z..9.,.v.d...J..$..n{...knP.........M...#.......v....L./".....X..^\n.f......kQ..7....=S......Z.%.#@..'.<.-@...WE......x.:..$#...W..A...v..z.G8.U..Xs.p....<.N.y.+@vG...T..0`...........~.....;c...{..P.......!5..x...J..DoN..!@........]n.Uj.....]{.5cd...V.n....r.E.3.~x17.. ....C<..;]..43...h.1.g.<x..=4l.Kk..........O.......Q....<K.W.T...S].......`..eDo.U....y(%NZ......J<\S.`...<....0..$.R$...J.8.....Q3/..,@....~U>d.@G.j0.\%.0vvy...5..|.>.@....]...........<.....z3l.<$.!.!..@E..P`...]_U$#....\.zSp..c...B+..B..l.ly.....(7......os.Y..u%..!5..Z.$....M.E..~.J@.A...I.AgC.z..g.?c.O.sh:....fQ.yh..h]..#..3 ........;..x..L.......9...wS.{2.M.N.5.&.y...y...-.{..._4..'%o]U........~.F.....|..@@.....3.........M.=7..yA/......<.N^y...8.F*........3.9../Zt..cA...<........V..c.iK4....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_3.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):664
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.3611901561562005
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/705s/6Ts/vZBGTY1vFn4D3brB0lG92JFFC/aE8Eq3b8jd7sNksCjz:9s/6EZBGV0A8A08WNksCn
                                                                                                                                                                                                                                                                                            MD5:FF3D7C0157D5D1D9A28E91FB2A0E6662
                                                                                                                                                                                                                                                                                            SHA1:F6B73B87D42B63F7BAA5A6CDE25961B6314CA913
                                                                                                                                                                                                                                                                                            SHA-256:D55C2405879639524333F7262828C370B5331C8A39BE070CCDB888BFB4F715B5
                                                                                                                                                                                                                                                                                            SHA-512:698830E86647EBA52042F0CCADA114B64C4462DDA153B563662AC6E91AE502A275B498649E3154C7A90CE1BE883C29DDC9AB8445F580562741A2E1C8DD4B309C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....-IDATx...1R.Q.....Ha...x.z.3....0..h%....T...!.0v..b...VO@G.$.w.d_.. .Vg7.O..,..;....E.....U.......=....l#9U.....).e...^_.........hs.)..$[.rqr.!.....B......i.X.}...S.d........D...........{pr...P...x.{.2.6O.v.i.<......P@.......%8... Y.L?..Pz..x.{....t.|.!.+...Pb..xE... ..V .YC@......C......wgnC...'..v....; ........"....,..X...(Ym....B.X....d?......w.j.T..f/,..^.uT.c.A.(..=8..E.5].e.\yY...........!.@_.sM'm...P@.........F....NtOflC....+.....~.?.z.|......O.....P!..x.{........$W....`4i../..../T.K..{.B.h[nZ_.-!6..Igk...l}.X...x......w..F6y....5....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 100 x 100
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15416
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.756586242434715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:eK1L3Lk1UyxwO8tIZrkr+8t4vR8O8t4vWn2x8t4yLO8iDd3TCqM1oOiOvL:P1nkKO8+pT8amO8aenQ8auO8iDd3TVMD
                                                                                                                                                                                                                                                                                            MD5:365D3E659634DF5D5289F14E1855E714
                                                                                                                                                                                                                                                                                            SHA1:51010713312E23DD9ECBCA17A57FE944A678576F
                                                                                                                                                                                                                                                                                            SHA-256:651598C518BC9F405F1DBDBACF89343D87B70DD2DFF93A01FD20F96C524E78CF
                                                                                                                                                                                                                                                                                            SHA-512:2243FEFAC77C3CDC1CAA5E17BB01057A6A343D1852B58B48F7F34610814CE8BFDD47E9E2D3D3D12C8ABA543786E1CEF8E22E42D6159F222F49534C03845F4D06
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89ad.d..?....)))............................................www...................eee...XXX.............................................DDD....................................................!..NETSCAPE2.0.....!.....?.,....d.d......pH,...r.l:..tJ.Z..v..:Y..x<..(.....r..@{...DL8...=..t[.....6JzhaG5#.....W....kI...E......V........C8...&.U....z.B,..$.T67..;H..?*.)>.T....F....T<.'.F!....G.J...G.F...K.t8..9J"..............c.....x.8..!Z..CV.r.CI..),........t.H...?x.....%L."..0..J.$.2E.7.&5Q.H".qS..1<{.4.a..aD0.h...:#Ls..8..X.G......F..j....E..g...0...!g....a...E..@...\h...em..=...x1..\.By.z,....X... ....U3Y.+D....+...y..H..<9.!....Ac.=lw..?.E@......h\[....c...q..Dpx..M...=..^.;...J...K....P.@......s......)Q...!@T..........Hr..w].0B..|P..,l..mK08....G...`...8.`....w....u..6.v.."LHD...1..C..X.l...T....'.GD.#d.I..*...l........h..X.".)....W..T.d...0...uc.Tn..BV.@.w...b%.e..v^T.U.).h...f.....8..........'&..X&......P.bC...`...$.f:.zi..&.,......B[.V...l.l........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_ext_on_guide.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 176 x 134, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15075
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.979399641440617
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:B80mK0kjvC93yIZ97t991dRVGJyjz4poyVIor28Z2ci:TmRkjkRr7z9lwJyOoyVIuy
                                                                                                                                                                                                                                                                                            MD5:2B183B9A55E2A55A566E6DF71751FBE8
                                                                                                                                                                                                                                                                                            SHA1:F5EDBACF9DEF16D0DF52888EA7C398BF51601AD9
                                                                                                                                                                                                                                                                                            SHA-256:6965355533AA0487DAC22F5D44CBD72BCA2C2ED2A75558DE725CCF5B8D1156D1
                                                                                                                                                                                                                                                                                            SHA-512:47FB4AE6DCE69854D78190797DA2536C21C04E34F47CC4CADDF4746CA6B86EC522A6ABD2BCB01D2EF26E378513AB49E97AD470EB2503B345A15A80475768DC86
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............}.......pHYs.................sRGB.........gAMA......a...:xIDATx..}i.].u..o..`..X.....I.+H.H*.Hj1Iy..E......e;q.8.r*..8.b.J.J~D.....r..Zh.2m.&ER....H,\.....`......>.t.}o@,#.g.......>}.t...s/.N..!c...sY..EgR.s..-^.#JK.3!s..Rt6."...zn:...f6%..:6.....g.jU=Z../. 0..,...L.."..K.W..9..:.|...j3.&.........Q....^<g3$.i.<..S..`.Z..?VA(..*-...__.0R.9..|..`$......$.5).T.....7.l ..>.i.x...|t...wMx.w:]..@:i(Hw...N[.l.K...4...8]...7..Ho/..@....T..x.o'.+.....Q|..2....&..u....P.......uC;......,..kh..mHDI......l.....^..C.OH...Hh.$..ei.C..3d...U...S\..V:.t..qH.d...2..A.&X...._\.P?/.......C} ...M.e3..3B >..v..0.._@R.4&.GB.(.<.%....P.y...I.'.T.].%..4..4....ZW.<. g.......H..H.........(...k$o...]...9.d..]7bna.....0= }=....4..NQ..$2../...y....XS.^..l...O.].:.)...E.iKH..S.....%...&"5.4..@M".N...X.(~-g......&..l.......Q[.....*.3.....M.....h.Q..r...0..G.M%.Z._...S.4F...x%4CLJ.d.y.........).V.(.<t.a.J..&=hSi..'.Q.d.l[.).. G:M...)N....l............

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_off.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 49 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1210
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.765526156253972
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:E/6VTSxUkuCt85lv4ufWEzeHjWbbUTIOg88TZ3YA6KvyJykQ:E/6wOHD5lNfLz9bba0v6z03
                                                                                                                                                                                                                                                                                            MD5:1B45AA1C87C95F01CD701E67021C8EE8
                                                                                                                                                                                                                                                                                            SHA1:C5F46E430683FAD4D9C8D97EB07FEB4B0AB05000
                                                                                                                                                                                                                                                                                            SHA-256:8AFAC0EF4E2A13909896CC2B0BCAD6A2D0C5890A0EE801A7F9F95ED3E788F65D
                                                                                                                                                                                                                                                                                            SHA-512:99042A14C120ADFFEECDED7FB9DEE60B0081DC586EE44D87BA47B7C1EEB0976CFC2ADE61E0AA7B90F30A69EEC1C30D95235C82E7743576F5CEE4B52BD57968A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...1..........f......pHYs.................sRGB.........gAMA......a....OIDATx...O.G.../{.1..E...9.!..,R.UP9..^8F.R/M.=..zk.. ..!U/U.JT=TJ...+.......cm....;..$5...*...eg.....3..;......=...'.._.....E....6}.....v..T..Q..)...b:nR..x.....a...."........L(.....h$..4`..L.RC..].V.........{.......Z...3..."x.......bV.v.b2..t../.....w...f.....*...X[......uG.D.....R3q.=...8..."r.......9..8.E..&Z[....H.... .B.)........{..ah8....pv...h6.F..:>.'..i.H.D.J3Z h..'B.>..x.a .. `.r..!...l.*.......6.&.UO....k.C..9,.. 9.A...o...F..'!.......bg..N..`H.u'.9.T.../J.*x.S.....E......bum...|'.mODy...<?.k....N.N......[..U..q..-.z.W.qq..I.....A.J....Y.GR...N.LF<.Y.BQ.Bne.3s.8)S...$G...........?.......@.4M.x..w.l{.^....LL....#..........!.M...'.<.18........a.....)..H.i%.}....f1K........$..D..m....}[.>.1==M.S..w.....4.^.....[..........^.{....=^....(....C......QU.o.l.C.$.}ahhH......X{*u.B_../[Z..Y.p,...3.. {>jY..b$.g.h..*.\&..j.MZ29`q^jeLM$..s...^9...Q......._!Ko..!..P..E..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_on.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 49 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1298
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.791073489480044
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:E/6mSAjeB9G+FMjdZy1nnvp3jRLalTO/c/PvJaHydaD6DYwlociHVLw24/QhH:E/6PAje5FMcvmvRaHydauBlol8IH
                                                                                                                                                                                                                                                                                            MD5:2CB18A9BA461F4EA1A627AC4457F310E
                                                                                                                                                                                                                                                                                            SHA1:2A482CE4421739A75EA57905F6C9417D67B0599F
                                                                                                                                                                                                                                                                                            SHA-256:3630AD753F65CB8FFE2592AA4DA02DBC54AD46F5E6BC14C9111E82235A739CD6
                                                                                                                                                                                                                                                                                            SHA-512:1EB92F13806C98324B7ACAA5F636D2E31CF94A330642B8378DC0DA88EF22D5B9D40F6660A74C719B9EDB9196258212D6214A079F9887A96243E74E292101E521
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...1..........f......pHYs.................sRGB.........gAMA......a.....IDATx..oL.e......Y....H.Hf$Ct{.....^L...H.{a|...E}.&..l..........BH&N....l...:.2."..^[.^{.......A[.b............w.= ...;Z...y..' >.....dP:H).T'.qeO.....|.A.`&~....{_.....E.~.Z....t#.l....2..+....[....x\..q..eL!S.m.'...R".:..2...@c..xg...................y.Fc.......[w.....!J...N4VT......x..........3"x.PA.d...W..x.j.n.:.F..w...Bd........,\7...G.....V?....=.f.2.n.,<.9aU"....G^.$.J...l..MDT...+1=.R[.....j.p\v.9.G...."X2?.<.X^.lQ..Y;.. ....o.........Y"(.yB.[..l.eaI...' O..f.j.i...W.K..t..sad...)....).......8...?.-&b3V8Qz..'.|.\.&...7d./F.....)B*..#.t.~@$..j...+4`..I.}......6A.....M...<..1..C.'..`.._.p.e....i./d..~C.......... V..NZ^ ..N).....b..l.#..N...]....85.2u.z7....2..O..J...........?..j..s..~>.....1.tSL......Q...\.(..g.>......[.io.......}...X....f..3O...B2.1....da<Q...m...U..r..O..&.?q.]C......r..w...R.`.#.}....O.Z.....%.J..E.Qu../!.,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_1_3.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3245
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9134385325834735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:5Sxtw6uF4h1IoiShJRcX3/okKqShNmdXXs8oG0S6Fc:5S3w6X+0XZcsFNS6Fc
                                                                                                                                                                                                                                                                                            MD5:42B15F32E9F2B2FE7874BC8B5CEC3FD9
                                                                                                                                                                                                                                                                                            SHA1:0095AEB7A50DAD717D5C831DA04FB692ADCED9F9
                                                                                                                                                                                                                                                                                            SHA-256:0AA2F6F56226AA14901D0FC02DCC9FE7B45A86F49725C1B638252F90117181B5
                                                                                                                                                                                                                                                                                            SHA-512:2113BDE6D0E5F0D96F55C1DC07A1351A697B0C1193FDCA41C5E452DFAE38B96E53D717C74A840793E53696D0C3503D8693B403639C30D56955B47DA0787C7866
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a....BIDATx..._l.G......;.v.Z.%.I.(U+..mihCs..@....T...P....."......H..!!.#Q.}JC.<..VT....RKJsvZ..N.R......;g..8N......}$.......o~;.3..B.!..B.!..B.!..B...YQ>;.\.S$..g.3Q.r,...F..Kf/..h.@O$.-R.$$.>..>...e....{.).q...D.-.5...0.Z.R{.a`......$\.rV.FLS.....%6.. B..|v2eD.G...M.V.r`2-Lq.0..m. .B....DOK..#..k.....)N..]C....k>;......).N.G.BV..K..t.T.T.t..BuZ+...Y=...c..V.....0).......8s..41..@-.P..7D.&X...s~..Gw.c..5..cA.......~..}hx,#.9...H_.k>{..<r.Q...Z><......h.1....X/..k..{Q'.>T.R....')T..T.8o.VS,..@R.....0.uPs..SS......E......Y........;_?5.i.g_}.....>.z.U.*.L.^.g..A.C.9.[...\$..>.`Y....!..j76?.....#.^.F.....h.U?%.....{.<...>*.3W.Eu.X..'P'u.T.^2:T..@l......hR.TU*..._.y1.:.[...w.K...U..q.k.k.|../..y.uR...BU..........1%..L.G..%X.L.q...TCu.....kU..0....L|J..........?.x..X-.......Gx...._..B.'.-..l.. .z...~3.f.V.>E_.^.=shk.k.^.@....[.y.(.dU.k.Rajm-......Tk.H.d....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4647
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.934941782690532
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:5SrHsLRJGNY3SJ7+U/I+TWVdFP8FFYTq3+Nas4YCiuSuWozqB1phz:5SrHaZ3k+UDiV7P8FFY6o4S/oO1x
                                                                                                                                                                                                                                                                                            MD5:06438B94B66EEB804C86F363C62BFBC6
                                                                                                                                                                                                                                                                                            SHA1:CF3D09AC9D952D6FF0A85D0AC9BEEBDA22CE0EDA
                                                                                                                                                                                                                                                                                            SHA-256:C879FAFA5892DA6841E0EA09F2EFC9F68762E5A4752D62ACA8C9B95828B6FEAA
                                                                                                                                                                                                                                                                                            SHA-512:38328E330AE12BC31EDEABAD908C86A1C486CEB0D14E9FF946E459D0E88243F3DE0EB603CDB6E31B4CA2EF6BF70428DB5EC54B3C705E3043C9FB0A649E11FDA5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx...l[.y...^.zX..Fvl..:Mj.[`...m..y...Yn.>....(..N.n..`..tK..v.4.....k..c$..Hj.(..nk.A.;.`Z.dG.P.eQ"y....EG.. /....`..i>t.....w.s..P(...B.P(...B.P(...B.P(.#..YI%..r?.b...l...#.~...7.h.......i.@K(.....8k.wE....,......1.~F......./.."e..+'..6].]BD.....F....w._:..ub.P..J%.[...sSksGH..F.x.i...C.me.eJ..k,1.R...&..>...c.4..pU..C(3.FX...6.c..hE.r4!...rq.@...l.nO..P....9...c..V9.j&.0...U`..Vzlx.7..\.5..../D.FX4..4....;.a.;hd.O.E`......^{...X...i...0....&..A.u,..W(3..]....0.t.k.Z.E..h......X...>.M?.Du#...i..Tb...7.......A.aXSS......8h0.g.U8..h8.I..........._.......^.+........5A..i.}.s.n.E7.G.FX..0pH........-..o....m(.E.N..7..P..o.vY.:c#....l.z.ZD.^...4.$=......n....a..\*...?..b'<.3.D.....-P,..q.K........k8...$.R.*..a.{..........C.....KT.;...#/...::.[R.cI\.j]....'.'.l..j`(.1..r%.{..E......2..XTR.....r.t.O.........i...8.7..=.5......k.E..JT..[.Eu5.....0.J..LS@<.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):37458
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.111529411681731
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:h9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZQ+:h9DDI6thXjez1jtnz+
                                                                                                                                                                                                                                                                                            MD5:A0C174F392DA4A589A64A76FEADB56CA
                                                                                                                                                                                                                                                                                            SHA1:18D782269341CB2989816CF22E301AF6B5A8EEBB
                                                                                                                                                                                                                                                                                            SHA-256:8A3B50F8B69B53CBA43ED8DF37B03B6E97125A9D4BA5CB417ECB5CCE0FE6FD15
                                                                                                                                                                                                                                                                                            SHA-512:0788ECF185131F87E21A50255394B29615F54C25530F40617975CDB3F9FC512425FDFCCAD7AD663FB8C48ED295EE0704CD62BB9B7329188BED48C8BC091C1C5A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Open Sans Regular */..@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXhv4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):34216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.048849970432671
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZZ:E9DDI6thXjez1jtnS
                                                                                                                                                                                                                                                                                            MD5:4021C294CC744AFE4F1B3C1B44EAAC52
                                                                                                                                                                                                                                                                                            SHA1:75274EC5918A435BF236802469DBCCA5F4E49C8A
                                                                                                                                                                                                                                                                                            SHA-256:5BC0BAF664DB184890C317ACCFD880E91E89D9FD73BB113CA98F1CBC0DF026A1
                                                                                                                                                                                                                                                                                            SHA-512:4C91404D7F573E944BEA5716301A6E35F74E1A52F26023035BB6F92E8628374B31BBA9CD8EDD134AC9011E08EBB73ED717DD9CCE097DE4F2C185B1BE6049D7CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26073
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.774925833703451
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:J+6T4vNmgN8t0+yycVCI6z0jG7RMDX4WUMRmvm/f:IDIyH
                                                                                                                                                                                                                                                                                            MD5:484A1F6A1EEAABB502E663A56F86EEE5
                                                                                                                                                                                                                                                                                            SHA1:36DEDA47425DDB9993B9FC7D5AC5BEFCA4D45FE3
                                                                                                                                                                                                                                                                                            SHA-256:D620F0CF97CD571F5C93752CB8E358EBF638B10735FA27D542AE1CE2D8639676
                                                                                                                                                                                                                                                                                            SHA-512:5426804CBF0F5E4356CF8BF3B74071CE090AAC045E34E818C08A762532DB1C9EEFDA502D78092203AAA5A46775CEE2F788DD19F99F9EF460CB172FC6297E2F55
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step1.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6397
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.947947094706784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:GSzkZH+IG8+1lqPrujYGCbSDp98cti4FSwgfYf3:poZHw1lNj9f98trfS3
                                                                                                                                                                                                                                                                                            MD5:4538CF17F5E72D4AB6748D921AAF47C3
                                                                                                                                                                                                                                                                                            SHA1:0721FB317398B3F389FC85B57D7BBBB5A5C8EAFA
                                                                                                                                                                                                                                                                                            SHA-256:CD03355615D11022E11EE57F35A0E994F42F60A03CF9063FFA7AC0321276129C
                                                                                                                                                                                                                                                                                            SHA-512:D9DC3ADB291EEC7CFCD317DB6D9BE5C662BB25DE22AC8056CEE7B16F710F119392A46CCE4250900DFF59DB4313A6B23FEBDE30240DB9A3244C3B008A49ACC422
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...tT......I2I.....B..-..[.GKJ...+.+.(.j[{..t......O...n..Zc=.........Z8TA..=U."2...7I..w..M.'3o...wf.{.>.h..L2.......K.....V.....S..N...9ts.>B.....Z.G::..e..\.....c.i ..`.....k.J...[.*v.v>.D<.?}..C..p./.@k::.@.S.B..No./.\...PZ/.X....7.[...?.....x.-..U..]PF...Qx:..Bts..\.It.............l.).I....LY..P.D.....G8.....#....th..JE\..^.:1.t..Q|^Mk...ek.2Q.}V.o;..E.IR.#........u..`..!.....n......`=.)..N..2..ex?.. ~......y.......`M.0..a...m].J..k,ik...W.....Q.......O..0.m'H[..X.LP../.z.......y.F.6.E..l....`......K.H..1.6.......o.....9W...-,"&!..[9.....w.......=.f.......(......2Jy.l.F..7.U?.......>.u...WY.][V.F..j7.:`.X..g6.[.Z.Z|E.....)kk._..X.....nx2.2.....6v..V....b...\.Fn....W....[.::.%.?H.5.H.C.....X..h..1.d..3...gPb,#D......I....K....#~..*.....>\..=R.9~l..D......w..2P[..%..B4\1..+.... ..@..c.9@.....iG!........d..'}..F.D....m.(.....=v.lz.:..N...F....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5418
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.941310197666969
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:GSscx0y/nkoEVlqHdvygby9KULounF17qTN/Sxgn7ylwgwIMyce:GSscKy/koGlCdv29hLJqxiEybYyv
                                                                                                                                                                                                                                                                                            MD5:A1373F9C03567C27AF0DE96E770E45B7
                                                                                                                                                                                                                                                                                            SHA1:A97E90B04460E4AF1D8425A9D9716782739C79B5
                                                                                                                                                                                                                                                                                            SHA-256:EE56D3790702A7A91CF1BBD73326E6852CDF648C77249876D8D4410D5E1DD52E
                                                                                                                                                                                                                                                                                            SHA-512:D65BA6F131F7EBAD0267FEF9BD555121429852DDB58F1D51CF3CBC800114C93BD8BC50CB06437BA999B7B585E943930CF7AB8A65632C1B9BBACBE5627027BE3C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...S.Y..3.........A...6,.{...{",..a.=Ll.,.....8b.....=..r.eo....o{..........U..R.T.{U.*.O.m\.!.2_.x..4#.._Z8......C...U.M(.4=....St...S..<!, ."".....-..6.#P..j@X..*.QG....sU-V....+:h.../....F~8.."..NU....|......L..'D...t.....Wt..V.&...@.v..$.s".8w..d.E.{....A.p.G6..2.Bt.....O.h.F....4..f)3%D.d.7..,...d.a)..r....r2!...El:....)...wMi@9.V2.Bl...L....r....c+m.L.....#..J...*!j.....\%.L..9.iNSYT%..fh.k.$.5.....5QZ+Mb........D.X!zIhsWX.E.(..:]y^...8!j7..I...$......k.F...s..*<O..@b,bZ....u._.M...k=+.M4..i...D...t..o..$......E5Q6.....3].i..o...}.3...3...1......;.(..|./.U#.b.h.......Jy..XT..0f.....Sm87..?l|..Y._.k../....?.AY.,.x....q...=Bc...X.... .2/...pQ3.j.........N.n.C..E.s..e.O......Tr.'. . f.(-":..&J.n.]..........K.h....$./...B.E!.".H.).X.8..Q.?.c.....|.h.-d...?.5........K...1....<..:_...d..d....h... ..c.BlUJ.c)........... .T..1Q.1R!.'.l..ai...Q.1R!.&..R...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 261 x 265, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32309
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9804976554334655
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:7NFP/8lSUsE2h18x4Su69ZU+VJpszMXneyg5PTg:fP/8lSkLd9jpszGneyg5U
                                                                                                                                                                                                                                                                                            MD5:FFEBD5099333A2223979DDC7AD6E75E4
                                                                                                                                                                                                                                                                                            SHA1:5BE640F0A871C4B1C9B2858ACDB8795B96F44586
                                                                                                                                                                                                                                                                                            SHA-256:4F80FA15BA8934B3E4612BAF88F1DD2A633A1368A18F4F592D17FBBFCB635851
                                                                                                                                                                                                                                                                                            SHA-512:359A50BDF3CAC8AA7B4D8CE42CB83F52CFB61AA969EB8B258F09B9BF1311C0B7FB3B974CEDEA72A0B94FDB0055CDF1F7489390E492F07547DEBE75B2EE5FC728
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............T2.....pHYs.................sRGB.........gAMA......a...}.IDATx....\e.6~.[.^.g%...t ..H*.#::iFG.uh..7..3.gQ.HG....F...g.q!......."J.i...v.$.....{..9oUu.;.Iw...._..[.}....lD...0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.!..9.e..."O.B'..6M.."(.rQ8..E..9.....\.*.........:.$.Q...C...{C!2p.. .9.....o.I..D!(.k.A.L;....&.s..).Q.-.}+....B.....m!.s..).1..A.;.o....T..)b.a5.M.....\.fKA......Z..M../X..?/p..H..%...R.#`w...3\.G....t.L...Kkz..!20'`....[....U;M?.p'.....{.....T=.R.rp.....!......07`..U....)}.F........k.j(d.j.LR.l".."..d..aX.U..6.z'.B..Bu....&...,. }#..Z..B....D..f/"..X..0......P....N..~....@U. ...>u)..!.J2P.0H.....c({.q.......A.U.].z....z.202.R.>....).A.U..0..L1.R.:..2``.a.B...9h......)T.2...:|.........t.&.U........H. .._....7.........3.6\&..[.^;.....d.*a&..FA%!0V_.,].x<q....w..[7..%3S!Py.9c....0H....m.#.....v!......xa....... ..z!..@Z........F......w.&.....K$Q.U......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-bg.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 300 x 584, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):32345
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970403798736529
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:b4L2222222222gBS2222jbjKQiIlGtteBfKZiPb6++0SqnQcI:bybjbBlGzCCI0qnDI
                                                                                                                                                                                                                                                                                            MD5:EBE97C44DDCD9F77F1BBA3B2438385D5
                                                                                                                                                                                                                                                                                            SHA1:42648E15E7B62FCEE58CA5EAAF0CBD81A63E35C2
                                                                                                                                                                                                                                                                                            SHA-256:26EF082565402F86EB018C87E41473F4FB2D52EEAC73B9CFD8FE81D51931AFE6
                                                                                                                                                                                                                                                                                            SHA-512:552D36347A3943830B04A4DE2D0E4E2032A9A108203E824ABBF16595781A2A19CAF36FC813422AA6F4FE74F4B219ED376305D424E0CF17332397969E26DFC5D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...,...H............pHYs...%...%.IR$.....sRGB.........gAMA......a...}.IDATx....-.f..k.c.........l................RO...x.@..A.R.......Q....\.*......j>.HYVdCuv.1.#;.y..W.zg......De....|.gE.,+..:-.......<g.e...>..._._a...V...+.@F...6hJD..+.H......m..+.H......m..+.H......m..+.H......m..+.H......m..a...U......l..6fW..~.T.J...zy.]zX..(...!.*.g./ _.9#......GPH.#.....(?#..c...k.6o.-..e._tO.Mk...'.B..W...V+.. ].N5xW![.y...~.vx$....U^K.....~.I..GQ&.w.{ye.l.6.hug.ff<V.HD&....e..r..Y..L.F.j.....I..9..+u..@...._..lGWN..l..J.H$.F>%L$..A:.D"q...J$..A:.D"q...J$V.O......wbm7...g..\..5............a...QS...*..k..4....3Y.:..ioq...VN./K.b.S.../...r.o.]Z.(f........(.........p.#...E'...J......j.&.......AG+....X.}%,_.t5.......T_.C.<...!...C<.>! .._..#....3./K...#.Q.@.b.iz@..U...h....&.5nD..UEFQn<.nu..qVz....k.-......)q..+..0..V.E.....h/.....w..+.xu...t.D.Y...5.(._f..Jg.......;.8..".....C.j.f.U$...tw........0.H......m..+.H......m..+.H......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 200 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3472
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.914294719380596
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:0BOO0xiRfpQu8pTvaIyE0E+y2Y5NTIMDBoY9I6ZDS9vH8C9SHZ/R0Jjnjc7xa0Dx:CryTvkE75NTLOY9IuS9vcCnU/DW2
                                                                                                                                                                                                                                                                                            MD5:DAB5B1667C76E51B013C1C4AD2F7D532
                                                                                                                                                                                                                                                                                            SHA1:49375ECB91B075E06624BFB5FEDB3A0DC4F1935A
                                                                                                                                                                                                                                                                                            SHA-256:A4B95F7D7A776BBC6A84997A601993D3D4E0EC66B48F7D1DBB816497A248A24E
                                                                                                                                                                                                                                                                                            SHA-512:843E8852408E5962C9FE62EE2441E3A41622CC929CC22AC9C692B5B9C8CA9D912AB143BBAF274899C59132A429B9032BDFADA51392E221F6F98E25C3DF0119B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......(.............pHYs...%...%.IR$.....sRGB.........gAMA......a....%IDATx..]Mo...~g).,..]... . ..(P;..T/..R..z.....Ut.n*..\b.?.q......-P.P..P...X{..@.AW.Lq..;;kQ..~S.e>......pv.y?g......^...=.Gc#%..v{.>...pbb.n4V.{{{.E...2gl...iA...I..Z3L..O\.|....9..^..Y..ax.....'o.g....1........-0$...-..i.e!......6....u.u.I}."..A.....xI.......~5...~....|......L......y..iBB...w.^...]R(.y.q..T...}.3.4.pf.Q.A.)...../..kmp..$9.Bg.?....."...=....G..W_..?.._M....;H........g5....r..g..... .....jA.($.o.y...7*)......c..)..T7.h....W I.{.5#I...|. .].p....Op...\.q.,.@.@.r7.Q>......5{....O....."...#.L....]..-.U..\,iZC...|.......i.s..-d.R.....4...(B."51.MB."..g*.'.<....e....8..'...!Ks,....i",A\.D.............{.U.0......:..x........~.P3.x....x..o...,..-....3-.{..Q.+y..+m..!...m.$..|..U...H...O@...8..rQ'.J......@....^..P.vvJ.....L.......m_..s.$[...dK.}...L...~8...../^|..U...x.De........>..jk.r.saK..\.:..".....3......S. &:...}....T(..?......k....Q".....^.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 227 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6759
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.889394285207192
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ZgNNLlmxVJnzXmgYshy0/MMA+SJ3zjaVDRL3Y9M8jX10ZYUQhyG:Zg/lmrVXnPVkzJ38dL30M8X14G
                                                                                                                                                                                                                                                                                            MD5:F17683FB6249E0FD8188AB2844EBA5D2
                                                                                                                                                                                                                                                                                            SHA1:A084098F96F87604F96737B202935BB1AD023F71
                                                                                                                                                                                                                                                                                            SHA-256:A0977CF048480EC62B8CF0BE174466A31612C21CD57C20A28DF69EC7A465E8B2
                                                                                                                                                                                                                                                                                            SHA-512:3E2406EE7F4BC41059D4F5ECEDAEBDD0377906EDBA31423AFF86163C217DE47181201272641688AF52FCD00F10BC3F0D90A819D5F48868F598941A4B8BED32DD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......-........<....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx...{.T.....~.L......pI"B...M...j.+HRV...T6Q....M%Z...U1.....q.&fAQ.a)...DA....0.# ....=.......3w.=..{...p...L.t.4...9..;.^"....:u.Ot...D...[Hy.\..<.!...R.~.#...;wP.j........P.....Cy#.#..m...y..o..F....w..]..uS..u-.,.Fs:.;.|~=..].R>w...g=Z..%....4.....x..9y2.....sC....q<.......P6.Ea...k. .4.:...r|..._..~.0..`..@3.y......,..u.#.O|].....ty7.7.SU.^......... ._....~!B...S.p...].~...y.^.s..$D.......O.g..z%]...............~.n.t.^:0Ju.X..n....sd....0H..:6../.q........?T!. ..8s.~..HM?.......)?.....dB...xt..i..;. ....A.d.|...........)A.^..?.1G.j.R..&.........w|..0.O...._...8..9..0....x.(.:..^=.....3.5|..B./..`......@..vT:F.k...!..}..... X.P.<6,......S...t.d..P..J.;..W...|.."P.....S........~k.........._..W..T.fr ..z.=...^T...T.u.}.qEu...=.}.w..~.&.x..jm.VD=A,..V!.G..g..".~..}^R#.Su..S...8.z'..0.....@...@....8.. ..6..@...@.^..r.....Um...~2.....1M...a...a...a...a...a

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9632
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.044650677147693
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:jUSSVnGzSsn2hwPYeTZK+GzoulH8OJo6Jbtyxo9+jRusFRLLDeWn4bOP:ASSVGzSoJweTZb6JbwkEukZ5P
                                                                                                                                                                                                                                                                                            MD5:775FD5DCD8E0CD4D8009C07228D075F0
                                                                                                                                                                                                                                                                                            SHA1:19192F5CE908451C4E06168B79C3D7B652E40332
                                                                                                                                                                                                                                                                                            SHA-256:83381874CEBCDF7D54FD6B05B0E5AA090D768965043D321E5EAD68E43DD68F3C
                                                                                                                                                                                                                                                                                            SHA-512:F9FCD868E5243E3068A4173F360D10EB4A23C2DB41047EE4F64DD65133F0D30922B74DA49BA0BB6EECC488C3DA016DFA3B0494FECA7E6ACA37F1E7B924B9ADDB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(op

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4238
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7815083801911604
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:kZ2B5nzQw2n95lN1i1BMHiKHzReZDeVBvwCi:kZEe0fIpHNeZDQBwCi
                                                                                                                                                                                                                                                                                            MD5:DD69B540B8A24B7A867F90FEBADDE188
                                                                                                                                                                                                                                                                                            SHA1:01989194CFC4A4FCAD0F475081944374C7CEF4A9
                                                                                                                                                                                                                                                                                            SHA-256:364881CE564CCA36D76FDFA21B9C18F44991DFAFF629585E7B94A82B1B16C365
                                                                                                                                                                                                                                                                                            SHA-512:F20D2F70753106ACB07D911624D2403BFEA0D0A09E908BF4BDBB77CE003631EE6729F574459D56DC81007E3CE070FD29FAAAC5CC3B767B329F8406014002AA92
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html.. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3395
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.880811480479431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:WS0DKX8AWw5a9tRVEGCtbiHX+VGIGW09iYl1Avo:WS0DnAH5YRVItSLjIYDco
                                                                                                                                                                                                                                                                                            MD5:E423607709409638253C24C3688A88D9
                                                                                                                                                                                                                                                                                            SHA1:8ABC653F71614F6B707B01862449FC800D27EC61
                                                                                                                                                                                                                                                                                            SHA-256:3B7849200BA0C2EAF22C3D111DAB6A630A00EA4A6EA968344EFB900E79084E4C
                                                                                                                                                                                                                                                                                            SHA-512:BF70D4EE71BB441C7C36D0AADBB73C68B089D7E431694E54FC1606FB5CEEB8A30FB50F28FB5BDF5815EEC600364B0AEF98F57C23C8C160FCC704728918886259
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a.....IDATx...r.G..O.H.!..6..@Y.[..[./r..\lQ[......x..'`.....r...T..\d..m....X....56..K..9c..}.4.fF..U.I3...........B...b...3..%....c1.<.....x.7r..s...`./..<...WK&.......0v>?.2.%..4..y.....9. S..{y].9s&..#...>|.......\.Ry.4.G.3..9.=66....F........c)..Y.o.......b.....w@..-....q.....]....`,.bH...A.&.)....\7....79]...b..(....5.W.u}v4....!........:*....."..]c.*(`.)..u2F...).m.+x.f@BF..67.&&&4....@..;mn..+'...."..~.....T....[.......5.._.@u}o4..,..Ao.!.?.Gl...,f.......[..Uo$...'.{KO=.............,x.'...~p`.&...I.Psqcss.V...0..H$.O.A.......@.{...\..4.O.,.W. ..3...m.H.w..D.H..T*..6LQj.....UE...w..|f]..Z.q].Q3...rN>.....J]RU.F....q...~......./p...c3......{......L.+..............9v._..:..h..@o_....p..9.3......p...?....G..F=z.X.....#.1..A.?Rz}..I:....T}7..V.?.R.....X...Z.....H.C..OU...Fl.....a..?.......n<.VWA-.~....x.......{$..I..V..X.AU...^.|Ys....T...c.`...hg.......vy...{.v.......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15448
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.445278286827052
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BZwBjyfDzRj5csy4h11lidEaCaNz46UcEm7dO2qSFZC9OQ/K:Wefpj5csy4DIE3oU6Um8y
                                                                                                                                                                                                                                                                                            MD5:01D345EA7E7FEFCC2A0D9CB61601229E
                                                                                                                                                                                                                                                                                            SHA1:764D861B2617603BE11506C7D422B6239A0DBC33
                                                                                                                                                                                                                                                                                            SHA-256:69A6D0AE75D82D8F820853D030E704407876465AEB94409EF51433C1132B9765
                                                                                                                                                                                                                                                                                            SHA-512:499B11574D54F3E73F0842C9C0B239A550E07E70FFC404B09F29AF6FAB88D3989473648789C762B8BBE208B357A6C330BBAC9EF3A2846E0D92481073F8BD1126
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_),.. pscoreToast: (typeof _pscoreToast_ !== "undefined" && _pscoreTo

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):558
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.494810764492959
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                                                                                                                                            MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                                                                                                                                            SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                                                                                                                                            SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                                                                                                                                            SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):785
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.380231936591206
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                                                                                                                                            MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                                                                                                                                            SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                                                                                                                                            SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                                                                                                                                            SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):327
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.1140535970703365
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                                                                                                                                            MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                                                                                                                                            SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                                                                                                                                            SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                                                                                                                                            SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):272
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.591404605834916
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                                                                                                                                            MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                                                                                                                                            SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                                                                                                                                            SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                                                                                                                                            SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):428
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.367179920202989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                                                                                                                                            MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                                                                                                                                            SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                                                                                                                                            SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                                                                                                                                            SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5361
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956335361585333
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                                                                                                                                            MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                                                                                                                                            SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                                                                                                                                            SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                                                                                                                                            SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2938
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.909981061900822
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                                                                                                                                            MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                                                                                                                                            SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                                                                                                                                            SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                                                                                                                                            SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 175 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2517
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.899112131446941
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:/O/6MOvIltQSb2EVW6+mjuOR6aPFUCJou7qDnUa+oNWsYFKaUCBmb:2SrOtQFglR6a9U2f7qDMoEh7UCU
                                                                                                                                                                                                                                                                                            MD5:C5FFDD4032AA96D998DF4BBE0DFD49D3
                                                                                                                                                                                                                                                                                            SHA1:46BACEE7C5C587024EE25C2E900C7580B1F12FF9
                                                                                                                                                                                                                                                                                            SHA-256:010AF7BF170A9355D191C042768D37E4E8559EC4384F27EEA39A79C4BD1C3AE1
                                                                                                                                                                                                                                                                                            SHA-512:BD89D324B107FC6B7806B3E5C098ED19C7D19DE47430D68C903F632A4471DE2C00B4290F306366C51EE71819AB8E4C9897C4827846EEE604F7F6539DCC38B6EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............`./.....pHYs.................sRGB.........gAMA......a....jIDATx..Z.o....YJ"...[$r.(P#Fc.\."...^E.....=.:....@.9.....d.^...S4.6.@..D,."Ll.....Y..!.T. z...3o.y.W.....O.yrq....b.l......u.z............O*....uZo.]..A.xu1....M..c.+!6.N{,n.P..{B.<.....9....~.W..z-..#.1..q.7p5.._%ja....w..\.W..H..........By.%.?....CQ.Z...j......bV.f.....c.](..6..d...|)..hTe6.O....X.\.:q....^.I..fZ.y..q......}!.....v........U..x....].e..o...P.]...u&A._........c.<...P..3..cO]...z...:bFh.~....`......1V..&.......4<..{.*..t....S..j.S.s..Q........'../..b.PRn..P......`p.......@...8T.P.Q.R{..A.\.).N.i0...+.=<9...k+K..vz.DL.M.^.7......O.. .o...@... ...wU...m.3....x....l.|u-...2.M.N{^i.d.......s...R.H.`.09.;.....U:..c(.D$.N.(G.P.2.....T......r.W)...@h..1<..CI...<........M...X......$....[S..#.r..C3..y.R.P$z..).n....Gy.W......d..H{.3.q}....q....H..T._~...@..5....U......n.......1.)..'.M.x...Ab...x..=.<...&.x...k.q_.4#...l.6.i9.;.C.9

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 175 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2146
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.878767198815235
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:X/6uYit83CnCOqfU1paiFTeUpKJX9+E+orrs30ocDx4/OcrG1:XSXi6SnChfypRFTBpu+E38kNxKOcrQ
                                                                                                                                                                                                                                                                                            MD5:39D8F472934136936FF3FEE841245A9C
                                                                                                                                                                                                                                                                                            SHA1:812281447AAE48A891F8A5FA9CA63C117E5E9ED1
                                                                                                                                                                                                                                                                                            SHA-256:DA9F72BF2AF97A5A1D5C8884F8D5BFB2CF232A7026CF9123E02F5909AAAD2F70
                                                                                                                                                                                                                                                                                            SHA-512:7C3791E59F161A31486E36F6FB6A23E0589286342FE4A11D9DCBE975194ED0EC0EF223478072B2360E3CA276D6BA5BE0C4E2FE64FC82BC646945965E03556447
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............-......pHYs.................sRGB.........gAMA......a.....IDATx..Z.Q.J.m-.....G`9...?..".C.^"."@D.D..........8..........>==.HH.k1..v..y..zN?.d.?..nA.?.......L.M.o#...f.GOK|m..O...........KW_.P%...*.k.X.........;.v...|.|..KH.,.@4.....d#+{(WcN....... ......C..).CG~.g..M..*.jQ.y-S.u.}FA....4........b..9.&\.../)=&.3MY6Mc.5.SS.r.rI..NX."Q. .;PH.@..$....3l.(.1.x..|=...CE...*......Q~.J.......r....d.$.9...\\D.x/..;.%>,.p|.EO..].4"r..i......D..Z..%.-..bQ....m .~...k.a..n..lR...>p./(.f:-.k..lU.!.7..]Ut...~\9.....@...L...|...h.W..R..e..PV..vt.x_..I.h.4...]<...G..K.T.V.)...w.....,fv...^..)........)..........Y....@.8.....[..|x.wYYW.9.X..C...p..nP......p+|.-.q.F......>%........FL..s..?.J.%NH....;....b.dy.HN.13^.y.3`.zM.0.....u[-.....A.|e...4..P.3o1r>.y.`.gM}...H.R..;..F...<.zT..T..[.+.P..Q.>QS.Y..aN .>.....vc}.?u}].c6}..y...y[._....Z.@....P..o.S...^...yg......h....>.jB...+.1?.&V..V....<.O.......|uX...m...::..9...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1627
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.826159192497283
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3F/6TZYDTDiZweTZamTAaTJ6r/OIQz5URWkUX:3FSCXi6elamQ/Eb
                                                                                                                                                                                                                                                                                            MD5:E6797831954D0AEADF1E7CD268F4BE8D
                                                                                                                                                                                                                                                                                            SHA1:8CDEAC8420271C46DB443A03C58AA2E039EBDE50
                                                                                                                                                                                                                                                                                            SHA-256:9EE5FC5E12400AE65711B9B664E75EEB3273C051E29FADF4FE2104B59C89437A
                                                                                                                                                                                                                                                                                            SHA-512:EB53492D4B7BF87E09D049006E8759A87C4062950A9F88A636E7B7469AA5937DAB463DCA22294FE64A09DFDA19BDA711A6160E7762F147E5D2F5A95E3EEDE984
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d.........{.......pHYs.................sRGB.........gAMA......a.....IDATx..X]n.F..%.@F.V)b[z.OP...O`...O`.H.j..h..>A..X9....A....E.Kv..H....7.%..(J.%...@.........n..DGN.sH......B...w[Y..R.....]..'......3.#...+........q|..).*.....$e.M.d.;..w...*.^C1.Z..h....O.o.X||.,.&A.....>).vF...p..S)e......./.y.pW.Ph.Z_Hy*.h..LG.{..,.b*..4.."~].qg.Q....(dx,..5...sFh/.n.0. ../....y....K*.......\F.R.....R.. 8z+....7 ....[b..dS.^.vQ.X.+.B....W=n.b.m.,..q.?...<....l.H3..V.a....r.V.|?XP..t.E$._?..k..[.x.].E....5....^y...b..6.9.u......e:....<@iV..-C%W.....8..C&M.o....!?KY.\o.6gr.j....../......@p......r&C....D.v:....[k}.X.l.u:..vv...Ve.....:.....J.@.~G...^4.M...4-W%....p.z....[.D.J....0....K.K.Lm...K....@J..vvgd*..Iyf........O''...%....MS....V..2.\2-..O.y.iLe..x....k~~.Z..6.H1.h.@:...;PF...l|...}.|v..)3..q....nw...6{...i3iM......}pe4..\..... ....d.]....D.`.a.C....FD.!/...s.4%.I....|S....-...nK...D....&Ov....a:H..V.&..."|.......:#.S...|..u....H.:..../...a4j

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_increase_bg_left.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 276 x 283, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):46909
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.985537981297596
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:QMJyYB6qa5O8KgieNFdjfsA8dh5+7xOBkgZuC02S11anRxHsogCdCsf6NL4EqapH:QPp5LXieN7Qdz+7gygZuC0B11+RhiQCp
                                                                                                                                                                                                                                                                                            MD5:B3DD8F8E04608CC298018AF91FC7A0AB
                                                                                                                                                                                                                                                                                            SHA1:6EEF374ED0D7A0E6AD13531186D896276370B943
                                                                                                                                                                                                                                                                                            SHA-256:E056F875F8782046646E871CBA23BD89BD7926D2397CCBDCDADE5E75D5891148
                                                                                                                                                                                                                                                                                            SHA-512:128D618645427B816C6C68D0B72C6EA0815771E3058C14A37782F1E6EDE9C6E0000727B4E8F54913A516746D9E17BDE62289D9A8BAFBED1F6A5421BBC475FD0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............&{.....pHYs.................sRGB.........gAMA......a.....IDATx...[.-I.....s.s.S..3....4....A$ H..(.A&..7.z..h..IF.... .^.LOwWWwW.s..p......AT.2##..._xD...._..../.#.?5......S..G.{.....]..-.....:.......>y..Be.I..F?..E..]........<.zmM?n;_[...8...)...?.O.%/....39;.b...@?]...DWpL..d.Ua9.|.yoq....Wu:....5.;Qt.4...9.0..Zt".fPw....Rxg..I...R2.U.C....fN.i.H....L..J$.v....3.bnoe,..g01Y.K..._'.dA......*o.{.!t]..G..2...R.j.hF.Y.;ig.Q.....R>.1..P..\.#.G...9..L..........Su..4?..&...0..U=.....*.Y..$.T..F..'Eb-.X.Z%......g.....Nv.]M.......|j.f..}..!.<.....Q.{?R.O.&.e..h.Q..)9.&}..:~Vd......h....3..,...%.o%....4..0..]...S.~v.....&9...r.hi,...p..U..<..jq...8..T-5....{.......IE8.c..nV...^.....0f..%..1cG.....s...j....eo@...d.W...j.|L.......I....m.2M...*.`*.&8.i.a..L..j.........j..F#=...-.@...C#.aM.......b..<.<..a`3IP......ee.r...jU..&.d.;.P.P>3;u'SI.6.....C..86n'.7>.....a{...s..y.>.z....e...\).G;..S_.D..._.|...'..2...@..JD*

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 572 x 565, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69604
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978415362384725
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:QXPNryf1U/w2kW7qSIxd1+2yfystvuxnkyWkCE6w:wxyf1ewf2N2SydkwCk
                                                                                                                                                                                                                                                                                            MD5:241BC522B02EF7A35A2CE7E1185265AB
                                                                                                                                                                                                                                                                                            SHA1:B4DE10905ADCBE62C1ACFCE168F91B614CF21183
                                                                                                                                                                                                                                                                                            SHA-256:5C7B6C5A87A3DCAD175D9C0DFE0D885BABF22227B5BC161E7C478779AAF2AC30
                                                                                                                                                                                                                                                                                            SHA-512:4DA6920BCB0A57CEEC14F68058912A1785E434A1487EC8B7DD6FD6EEFDCB50A7E17EA25995CD3844D7964851068D3C22F56E8AFBF737ADB0AA32D3AAD11184AC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...<...5....... R....pHYs.................sRGB.........gAMA......a....yIDATx...,.q.x........9.G9....h.(..Y@....@r`.Z@..$...t@.X.p.`....U...Df.7....y...2##..*N...........p~7...o....M~.m.:O..m......K..eg..^./...A.g.{../u..1..F.v.u.w..l......o.........p...K0[|......5.y...e3.........e.-[..r.3......4...H.~.S.te.H.^..!....=....b....O..M....v....e5........a....hR...._a....o....%.).F..0..<f.F.c.....Oi.$q..:...."......-[.l..+".}?SUgq....f~.%..@........cF..0J...r..,Q....7H.#T4..g....:N...l%...Q..y.1.Ro... ...I)v...6n..4%l.....c..G,..9}.q...g..-?......e.-[..b..;..w`...#...u2.0..).........P.......I.5?.....i:f5M.m.S...2"i...!......E.......`....f.;..i4.di..|C+I..Q.z...'...|..W.e.-[.D9<..oS).sJ. F....A....a...I.]."..7.*.1.1..&.S....U9., ..(........b..J..erz...q.b"......3.e.`0. ..25w.L.U...#..L.38z.c.....~.z.c...l.e./Y.....L..og.1..kR../.......X.b.X/..bf^A....|}..N..[..l%...'G.4.).~U|..Mb.-.cL......N.M..8.h.x:|.>..j.2......#..'

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_bg_v2.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 572 x 565, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):84857
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9803219968216474
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:CaRkLhrM2oTVEtv9ES5L6+t1QLtb3v9hPi4Aumb5AVU4QtOWjal9U9GZnf1eT:8Lh/oTV09ES5e+tAtb3jPIumNA1H97Tq
                                                                                                                                                                                                                                                                                            MD5:F038158CCF02E238051E916E68C43F53
                                                                                                                                                                                                                                                                                            SHA1:81A63F396EC4593E1BD0CBEF520C1A40F4D35D50
                                                                                                                                                                                                                                                                                            SHA-256:4AB364638C2771DB7C9EBBD40E8EBCD1AC7C92A9D4D08E616391831426B01C21
                                                                                                                                                                                                                                                                                            SHA-512:98DD7A5C127FA1D00DFC84EDE548E4D4CDCEDA3F7C97A2815DAA24858DBCDB230E6FC6DB82DDC31E8F96467B141ABE402FBDF0BE86F9602444D0A4790C20EE9E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...<...5....... R....pHYs.................sRGB.........gAMA......a...K.IDATx.....u.q..UM......'..Y...09 u..o ..... 7...B..9......H....!.$#.#...(..H*[...$.......T.......?]{..Zk..S.s..OU...........QU..{......c....CY.c.S...N.9=2.]p.;....}...>.^...+.)]..u..(5..W....$.{.@u~|.T.....(.].OK....&{;n.....b...... \#e......|.i.e........._|3..9r......e...mx.b@&....e.[Id..y....O...|.R..Z..R.r.p..).........@M.[.q.W.x....a._i.B.....~..........'AF.......V:..p..>Bm.6........Q}:..C.X.y.&.j..Q..*m&..:.....#G..9.."..w..6U..,pR.$.=.\#.A...:.......`Up.V...5..,N....)..V:.2....Z.b.>.....3...s...#.n&....(-`..4f\.. .....r.i.......%.a0i.UXjAMN.._@....y..a+~...G.....#G..........g.m......qK.Y....h..r.ELP#...%P..,.%.o..7.!i..I..nt...4..N..k7..:48..B...T...z.~p....l.d.}.JP.Iy....AF.x...w..R..2.Zt..!H...32/..L{.8>....7...8r..#G>a....1-.r81..........E%c.d..$..+m.7...A.0.{f.....@.P..@..J.T..=i..X.'..X..d....(..5....@Z..v....>o@$...BK.)... .b....:.....J@..:.@.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_good.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9327
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970469640393894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5SAlgBGtPGIcDO3cUWjPvAiL8zG3vRG+e40rH9qlGIKZSA:gAlUrs2VP3vRGcUHwoUA
                                                                                                                                                                                                                                                                                            MD5:F88AF81EA6E8672EDB7044DCF877EA91
                                                                                                                                                                                                                                                                                            SHA1:7B51E57EE82590B5B22F03D0E88A10A7B0DF4993
                                                                                                                                                                                                                                                                                            SHA-256:CE6BE399C30F141E790638A21721D0040C415375C1E2E79BAB0D3A5E5895D2FA
                                                                                                                                                                                                                                                                                            SHA-512:C52923E9563FEA752297AEB14E66246CA1DE3240D4F7F659177EE03295698E32BD38D76F5F7A95416727A12B29D0154F03E98C6EF91FD7B0F0D32DDBA53CFF5D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a...$.IDATx...x....3...5q.8N"C..p......r9.&.n.1.eK).dwK...;...t..P..9t.8.v...$t..e.@i(.8.$%....cG.J......dK.l.F#.N..3.n...........<y..-H.s.r{..RD.Q$y%..c.+.... .{$...^.E....].I....)kZv.8dS."I.H QA.pdw..$C...$.k.!...d.$e..E.x...3JXJ.J..L....nvQ...t...-...$..7mE...Wk...Z......6.....S.....w.....w..p...I|.8...e..&.V. ..K.0&;N$.<...kwN...#,.F.R.@....z........w.....'!l."..BM..R.l.%..-.U].m...&.{.....yFjE.Q.O.B.;.;....u.dnq.......U."..ZX...~...m..z.o..3....%.5>.Rz.....k2..&...Sj.?>D.R.(.I.$:1.......^..3.bc....O.9...:.%0......`].J..Z`I-..b.a.y..|W......v.6..M8>.E.zaQQc../...Y..b......S.6caE.UOBr...4z.f4m."%..{.UjdY..j.,.....FL..rM......jQA.Zp...F.p....|.h..z;......!..q..e..nz..Y ...?Gv7...%..._.-,vu$.....|R..........X<$.....A.2r..T1Y.......z...eWIb../.l&..%*.]..d.}......V..l..A.....:.x.K`.`{........]...puz.4...$......b..:....B....oX:...q..[...39..&1Q.B...Q1O<!5......&.m..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_red.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5806
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.947492621878631
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:5SJ+1CjtZfXEe5cDU4mBmhX1HNx6EkdEQ1Qqx49JrywZAtwRygSHGkJWWPTupdgw:5SJf/sUMhlHNx6EULExytHRgdgZ+
                                                                                                                                                                                                                                                                                            MD5:3988A50B6D996F6455E9229A53E1DE2A
                                                                                                                                                                                                                                                                                            SHA1:094BE688DD8DF4CB8D355501EB11A4FD335C11B3
                                                                                                                                                                                                                                                                                            SHA-256:1B081F386B0FC37D1415F9D38E71C43F60E2FF493688048DF9CA4ABE65683782
                                                                                                                                                                                                                                                                                            SHA-512:CC9ED3FCDF6D0A48999B32871D9360F68176ACA3E7C0CE0F4C37B1362DBE6E1BA6E5CF0706AB6CA8CF756AE740D5C65BCCC26457CCDB549CC3B17AB0FF0609CC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a....CIDATx...l..y..w..d}Q.,.#.i)..G......t.vp..N.tM..v.......t)..2.bC[....[.$..,.....4H.M..n='..'...m.-Y.......</E..(.w<R$.....#)........;@".H$..D".H$..D".H$..D"..E.H.#}...l....5.....(......4.C....(>..A..c.T,.A".s.....(....v..F....&......S.....B..Co-..n..$....b.7.auk.2GDl!M?D....bA+..y),...J..#m.ux.U(^.Z+..W.Ydy#,....[m6l.>1MEDdA-./.Bf...........5y..@.@.....UT7#..Ya..]..l..q.dQ.......E^.(9'...T<.WU..(...$g.%.;[..j m.".`.."sBX..{w.z..:,..\..Y-,.{......S....^-.....Jaq..........$..+.#..`Y',......:...L..*M..g.....;u.Ms;.2Jv.^*.....=...2..VUg..."f.D>e+=..}...M.qV.....m..l...K.*}pK.YZ..f.Y...U.Q.4;.v`.....2.l.+...J......zI1P\<..gI\.....9...A=v...*_.O._...^W........B...>#..3.........8$..,,.........}....2"..@.......P...t.!A.........~..a<\PQu.. ..Ly. ...u..?..G........]...G.31..Va....B...dfXTO......d....3.6*..i=.6mc...C..df..SY,*......r....Q{x..L.e.9...$q<..e./.,...FE...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_toast_main_yellow.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6192
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.953945165570691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5SzpWPgS9/QQi/AZsf5G9qTxAS58Eb9hXXHS0gg:gzpIQQVsRG9epGEb3HS0gg
                                                                                                                                                                                                                                                                                            MD5:B034C9F982264AFFC7A81122732ADAF2
                                                                                                                                                                                                                                                                                            SHA1:0DA8E840BCC6CEDB79E2D54697ED25A3BA8147C5
                                                                                                                                                                                                                                                                                            SHA-256:D124043692362003A48C4DC875B7014ED3AACCAC452522B32C5BD98E253354E7
                                                                                                                                                                                                                                                                                            SHA-512:48239CF4BFA708B7BC7A46EEE4F692828C54D4E0B887D2C38BEE60A513007363EE4B54BE409B59EF72EEBC76398BD3FDED6AB493958D1E660BCB048859E0928B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx...p..y...w..tB....d...#.U.9<.....L..uSd..t.I03..t.E..g.4.q2.4....$...Wl.d.....;...... .I:}...y...t.n.vo..7...j.........}.]@".H$..D".H$..D".H$..D".\.(.@....Oi.bX.U.A.........%}....oA...=...T.KZ!.....C8.'.]E/W.!.E..ZZ....VDB.Jec...y/,..\...RWSt..W..3.......lq...V<.y...]...m.4JB...*...........d..&C.Y8..R.......N..Md....+e....;....9N..+..5...b...rNX...f.;9,...V^G...A...)W.m..+/...b.ZXZ.gu.!.Zy..._m.R..1d1Y+,m...D...K{...q8.&[...,.......D..RTS.....X..nB..U.K....n...U...,"k.%S_.dYj.T..}.E..4.(O.^D.,.qa.?u).;3..z....8...xR)Ai..z\J.R|..8.#..Utw.6(..gV~..x.n..8....2....(r...K.?)..A."'..T(.:.0$..5f.B..E,QR..r.%....D,......<$."......b...%.......u.oFNp[....G}....M.Gl.....<.-.C9....1x.Fl.X....L...~..%|....n%i..[..F..B.G....a.R....@....@U..F..a5..5.......>.$5..kq..)8..K.p......fl.c.B.~.z.F..bb.L.Y..^o..x.i.A..H...O-.X....[.^......u........yr....iC.F7..~..a...=...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 18 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2902
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8683772202551845
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:i/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODW3O1:iSDZ/I09Da01l+gmkyTt6Hk8nTb1
                                                                                                                                                                                                                                                                                            MD5:E4C0EC02D11F61DA1A702B0EFA2EC744
                                                                                                                                                                                                                                                                                            SHA1:F4E64300F14D0BEA27129A72BE91A668A9B9FB9E
                                                                                                                                                                                                                                                                                            SHA-256:2AC30B35B0BC163BC18B3B4B2982A6EE4095202FCF2EF8E35BCD415D8FFE04A8
                                                                                                                                                                                                                                                                                            SHA-512:6E659358DC715D700E4FB9BED2B8054408D3BD79AF8B492D6197D53038990AA12558957CA9C4BD436D83C2507DF165C55F2F0FB4E93C13480DF932E58E16EED1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............".L.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 5 x 6, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2816
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.867254837776759
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:/h/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODM:/hSDZ/I09Da01l+gmkyTt6Hk8nTM
                                                                                                                                                                                                                                                                                            MD5:59934A5C534B8372CC2ACAD83B1F55E6
                                                                                                                                                                                                                                                                                            SHA1:8285F5654E3A077445E73685ABFD638BE7F1F4C6
                                                                                                                                                                                                                                                                                            SHA-256:130541A07A3D9E2050A6AC15D659E29A21F080F6CB1D7DB2800255FF94FD8310
                                                                                                                                                                                                                                                                                            SHA-512:37D1BA15D460F33B62FEF40B32DB95F136C268727AEF5ECFDFD3ADA471D26C78FE89438D0BF13FD966E19FBB7A9E06BD3FA27DFC326AA42699330145AD634BCE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............TK....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 4 x 18
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):376
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.513362384873133
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:772Q1kVEn88d0e6FEVU5drwF0cVe6FEVU5drwF0cVe6FEVU5drwF0c4e6FEVU5dH:772LVEnl6FEC5drwns6FEC5drwns6FEM
                                                                                                                                                                                                                                                                                            MD5:BFE2AF9C7C0433C86314783E61A437BA
                                                                                                                                                                                                                                                                                            SHA1:4CB221B2CC8ECDE82AA813C3E136DB749BFCE3A1
                                                                                                                                                                                                                                                                                            SHA-256:0DD3C3D9570BCA1ABC663C5E301B9CC8025F92EC0C12B6781A8A521663A8DB75
                                                                                                                                                                                                                                                                                            SHA-512:22E3EBE60BCBBFE6B728885CAE1B16BDB8D980B1AA80F931DDAC4020EC13CB7F3AE80CCD0A1A7465FB513D1AC70AEB59B12FB5E88CF6EC809EB178CCA2DB5405
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a........2^.q..Aj."Q.a.....Qw................E...!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!.......,..........#p..$.u24.K2)....0..d<..0.....h;.3..;

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 13 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):391
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.968282594262006
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7Y4njM9CusK7SWlR4oPfMrjbi7voD7:0njM94QSWlR4oP0XbVD7
                                                                                                                                                                                                                                                                                            MD5:A85D5FA023FD935DDA508A42B9DFECC4
                                                                                                                                                                                                                                                                                            SHA1:2EE82A16CE7120CB2B211A3502E63023DD011C4B
                                                                                                                                                                                                                                                                                            SHA-256:A47F084F275C50D52E4E74E44E554E4810210029337B13DCE3E98EF29FDDD35E
                                                                                                                                                                                                                                                                                            SHA-512:1E07CC1A5CB220AE4C3FFE1860DA715C2C9E569B79A61818B4FCC2EDD4C9C6D05EA597DDAAB20B37950A005B642CBBF995AE809C0774D2D8584D87D2C366BADB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............&.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.10/1/14........IDAT(....DA..._.V.%D.h.(x....(6^.+(<..3H4:...S*..M&...2.w.f.w.sNf"...s....0..6...8.~.`....u..(.0pU.~..X.&Nq_xn".6:..a.......SJ.6("V.u...H..]....\..X....k5z...Z.q..X.NhR..X,f.....Y+0...jhXC)..`0X*..}~..&-..J..>.:@..;.......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):449
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.31532155890383
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/74/6Ts/MYcGVkHcafQ2ueaTxpJz8mbEYST43v9u:x/6C3VkHnQ2vcxputYST43v9u
                                                                                                                                                                                                                                                                                            MD5:DE0508D8669FC70B4D92B58076D288DF
                                                                                                                                                                                                                                                                                            SHA1:AE206B763654EEEB4457853BDBD46A510A693ACA
                                                                                                                                                                                                                                                                                            SHA-256:2ABBD585797B5DCF4CFE7908B5325E51CB5A0A5EEA117723A78444D484C1B269
                                                                                                                                                                                                                                                                                            SHA-512:212BC0318562BED2CEE66C6BA4855F9F4A6A69125B869859AEE7BDC3F08A02EBAD9C6F5C432E6DDB3C091E4D8796FCF56AE6F2253A0C40DC2DDE7F97F49B3413
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....VIDATx..U=N.0..R.....J`.1...%6...#p....M.'ho.#.7..ea0...*M..8.*..>9...s...=..~....+..1.....R.-...t`$.si=....W2...E..,...$gh..{.j....<.T[..O!A<.?..&<'G...!.M..T..|.@H....N..S...K.8.Z.p@....|M~...(Lc.........).......E.....#....C..]sxlS.}6=....~.._.?.;.K..5..)r7h..nV.E.).=.F5.u3.2i..)`......*.....$@.}..] .9W.7......8w...y?....r.OW../c;.v.^.....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop-features.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 276 x 278, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):35407
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.981941276020834
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:EpdvcuDHkWJh2y4Aw9aT1hHkXQmyDyrXl+diVnF62TdD:CJx07ihcQml1kilD
                                                                                                                                                                                                                                                                                            MD5:60A3D8470E34C3481A68B76078BA192A
                                                                                                                                                                                                                                                                                            SHA1:8789F29DB3FE5FD262B2B68D8B98FF9BF153C19B
                                                                                                                                                                                                                                                                                            SHA-256:1D23EFAC84950F046E1D0A7E9D1F483BDB73655023832071EC98314A690E651B
                                                                                                                                                                                                                                                                                            SHA-512:A5EAEA04EAB134EE4722A2F5C756FCE51B4897598BE1152958E6530FB5C952AEE0A7D4FC34590EBB9480A7EABB73D640D41B695FF2F5110476C19B9312533762
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............hr....pHYs.................sRGB.........gAMA......a.....IDATx...`T.y..~..i.K..16`..68vj..nv..'...i..M.t..z..l."N..v....mZ......8.n....v.....Kl...s..y.....@...y.y.3+.{..}....&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a...&L.0a......L...+o.5@9K....0B...Y'.01.LB1A....... ..w.\.)L*.F.8.2.}..!2a.LB...r..A!..B.M8..4y..2..... .W4LB....%."-r....)...!sb...n2qE.$.+.......l..E{"+......P...l...U....G....[f...Z..`....vq."._.N2)....b.k.;......LT4f.L..i.8.>R.`)...;@&*.&.T0..c.O....C..4I..a.J......Ds.L*5....{.?C&*....Hh..F`...t.m.h...H..R.XyS..n.F...;,.t..M...(O.a....I.B..Xf.T.L....Ms.L.~.%.J&*.&.T....4/ .d..`.J....y`.( .LT.LB. ..D..~.s.DE.$..A.B....zx...;..q..$..A........g?.....$...AZ...4#. ....P*...;..D..$......... 3...`.J.@JZF..R.&.T.LB11%X..j2a.$....&.o}...K.q,.n2QQ0...eaAs...i..~W..Ky*.R...0..R).4L3..L.L.^..}..q)O..........,PI3..d..........Qw.<...V...i..l!..(....R

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\women-on-laptop.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 113 x 113, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7099
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.958625906013775
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:hScXQ1iy1L6kmI8NAtleZD+tr63hju2FxmXQv:IcA1iyIAtle9gr6I23mXm
                                                                                                                                                                                                                                                                                            MD5:9E8923E6EE072C4457C0CACDFFE05D46
                                                                                                                                                                                                                                                                                            SHA1:511DA86AF72017DBBBB1E327DC0998CA5A777616
                                                                                                                                                                                                                                                                                            SHA-256:AF6C1FCF4F7FAD2F7599D3E1243A726EE02FD3F9EA2718537ABDE91A7D3AC8A6
                                                                                                                                                                                                                                                                                            SHA-512:1A28C928788A0F5F8A499154817981EB5936C6A1C4A0D3B27F6C84380DFB335A6B0D23303ED1B9201BF1C0B0FF74AB998FE3A4AF192A0D17FEDF384114A1D0E2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...q...q......~L.....pHYs.................sRGB.........gAMA......a....PIDATx..]...........{.a.......;v0...;...c'...+.....gW......D..5d.l...(..v.Y.|l........1f....................=U.......6n.6n.6J..nR.}7<<..D.q-{8...e.p......2.^Zs.x%I....x.6...\..p.cQI...Ou.S}.$...._P....$...S...1.7P..g...S......P!..x...+..!..vW.A...($2..v....,{.?.M..k.V........ ....a?T8.J.n.T.......s.._."8.UPF...*..J......U....h..C. 2.........hO.]vW.>. .Nb..w...(...HBE.....L.KI axx.~...."........@.7........{.1.....>.EF..7<.H0V.9n..........i..OM.z.Z0.....)%...U...v......s1..8I.mP V./..l....T.......Y.-P ..\..qvv.*.L*..>..I.CH|.+_~.+0-.b...s..[.RW....dl..b....$F..}.{....6...jk...T..?...n...K.....y.z}.H".(!.@L$..}.ep...l{xd.C..l.H...........$..........>..sMH...d....#.......m...A.I.....j.B.Q2.....H...=<2.Y..F..........k........EF.I.?.b.DH..!$..O"Q...i...uv....I..-L._...7...".g.7...j...$$&$.Ee.....7.~.^.....&.`...~.;X.6OQ..~...R..?.._.......3.......\._......Khk....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\edge_search_events.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2903
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.662194865121631
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:WKu+pGOk0nlP5OVkfJ8ZcS0JtSTXNgP8XoXy4XKGm3kqZQuoS02bQouqePCZT:VXpBkkPcVAc8yTXNgkYXymm3kqA2bQsb
                                                                                                                                                                                                                                                                                            MD5:94239623C0D96EAB6755AD75BF896094
                                                                                                                                                                                                                                                                                            SHA1:4579D824E6313CCD780DC5E81141703264F265CE
                                                                                                                                                                                                                                                                                            SHA-256:A98467A77C8D7737E44BDFC3696E8B0F444035E5563C5BC33C91F08297FAE414
                                                                                                                                                                                                                                                                                            SHA-512:FDB86CC91FB086D82B3E18E447B8B334344888DE44B576A57864307D2BEA270EB1D5249822AC4B7EAFEB103962EC56F73AA92F96CDC59DDE5850BB967586B09E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...7...7...>.......T...4...7.......7...%...>...'...H...4.......7...)...+...'...>...H......GetOption.settingsPpackages.edge_search.search_ext_popup: web view is not enabled or installed.info.log!is_web_view_installed_and_on.common_utils.utils.corev.......4...7.......7...%...>.../...G.....Cpackages.edge_search.on_search_ext_popup_coachmark_exit called.info.log.core........S+.......T...4...7.......7...%...>...G...+...>...4.......7...)...%...)...>.......T...'.......T...'.......T...4...7...>...7...%...>...7...%...>...7...>...4.......7.......>...4.......7...)...%...)...>.......T.......T...4...7.......7...%...>...G...4...7...7...7...>.......T...4...7.......7...%...>...G...3...:...4.......3...>.../...G...........tooltip...balloon_type!edge_search_enablement_guide.ShowUi.EventData....onExit<packages.edge_search.on_search_ext_popup_coachmark_exit.UiTemplate..UiType.overlay_ui.web_view2_ui_templatecfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\edge_search\edge_search_ext_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2174
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.879639004160988
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KEaWZxvG0vSdK0buxf58X0NyzG5hRCQRETK0xxPUwkLr:LaW3d6dTbuxfM0KGHRHaK0xSN
                                                                                                                                                                                                                                                                                            MD5:751F431EED69732C5001AE06809001B1
                                                                                                                                                                                                                                                                                            SHA1:7ADE8C647942A70E7B06B017F8EBDF976A81AECC
                                                                                                                                                                                                                                                                                            SHA-256:4F0877EE9793285CCEE77C23110D12F05DE3027343018446AC239B67F8C961EE
                                                                                                                                                                                                                                                                                            SHA-512:1F1A52A00BF2030C39D987A77017FE86914FFF3D5237A6F1098CF83CEE26F4A7362B4638E78983A353D5553213BB9A7C583BF8A2216DD72B82627A2F7ABB8554
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..:.......4...7...)...:...G....checklist_showing.mwb.packages.........3...:...4.......3...:...>...4...7...)...:...G....checklist_showing.mwb.packages.checklisttype....ShowUi.EventData....onExit#packages.mwb.update_mwb_status.UiTemplate2wacore:mfw\packages\mwb\wa-mwb-checklist.html.UiType.mwbChecklist.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\mwb\wa-mwb-checklist.html......$...7...4...7...4...7...7.......7.......>...=...4...7...7.......T...)...)...F.......T...7.......T...4...7.......7...%...>...)...)...F.......T.......T...)...)...F...4...7...7.......7...)...%...)...>.......T...)...)...F...%.......T...%.......$...4...7...7.......7...)...%.......$...)...>.......T...)...)...F.......T.-.4.......7.......>...+...6.......T...4...7.......7...%.......$...>...)...)...F.......T...4...7...........'...)...>.......T...4...7...7.......7...)...%.......$...)...>...)...)...F...4...4.......7...)...%.......$...%...>...=.......T...)...+...7. .F...(...4.!.7.".>...........T...)...)...F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 95 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4147
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943867399456676
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:rwd191zRv2ElL3+eYGSRCvWC7P4cHALED9gqwptnaO6:rwdXjv2Yz+mbuuZ09qwnaO6
                                                                                                                                                                                                                                                                                            MD5:96E5352C228F18132282903C3CA79F35
                                                                                                                                                                                                                                                                                            SHA1:9D7D72FB9134B222D7FFE36811FCC82FAB5FE0B1
                                                                                                                                                                                                                                                                                            SHA-256:64BDF768575AFA7B3ECB4786F55F67983F5EFA2A8882D1F0131F8C28F646F5EA
                                                                                                                                                                                                                                                                                            SHA-512:992F49CFAEE0692705D769F906CBCF7479FD87D2506D95DACF198E3457D6AC5A91776C710312405A7B5FF651B8C97CB10DD54B5D86DA202B8A1E9CEFC7D53955
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..._...H.......).....sRGB.........IDATx..\.p.......n...G....D$.b.H).2.tl.Vgj.....L[.N;c.T.vZ:.b[;..C<PK....$*.p.B ....{.....mv..Hv...!.?.....{........i.g....~..hnu:...l.B#....4........6t..........$^..|..l.M1u7$....8u...hYy....#..Z...|.u.N.?$..#...n....<..O..j....d*&......*...^x.?.9}...=..^.... ''...J.;.8....]...Lo.\tvtb....gW.k<....._.c.........2.k....NG.....F...FBBB@A._$se@.?}.c...._{......o.l.5%.F....@..:<......._.'.[...$o.....X.x>./X.}.......M......;.a%zzzQtCA..P.<}....B.#..C.7....*|...a...L.-m8..)....V...|..sf*q.j..RPp.r_s.<..:.am.tZ./.7"7;.{..Bcc..-..7.O......^....Y.i>q#.I.>.[.nG]]..'.I..i.............&..o...uy.::....r.8q..a....1.............y4._C\.nZ..{..7.|..u:-.W.Sz...2...[..G...e.7q...\......]{QT...w.q...q.....<.}..QTT..^..?..If#..{..ErR"j....^..9..9.=..x%.lCFZJDeH...d.....9........p....>.C.......q[i).>:...7....#!.=.....V..N...;.........O...C........W....y.ts..x..188.GC%..q..G..-PDSV.....E...47.lhh..5e..+....N.|..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10945
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.489053914140562
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:b4H4SSJczePaYszA15HyXnTMAFdOSVwqA1zHS73j1S4UBH:MYSSJesvyXnTDqSV4BS75S40
                                                                                                                                                                                                                                                                                            MD5:6163499118B76997FBA6E3F442299913
                                                                                                                                                                                                                                                                                            SHA1:E8A45ECF6BB34934E7669E71C772D11C32A50B3E
                                                                                                                                                                                                                                                                                            SHA-256:3081AB1715ED65F1966B9FD6DD9804052FB355391FF0A367707F1B3BE968898C
                                                                                                                                                                                                                                                                                            SHA-512:244CF5725F4CF90A39AA1C4744782CE4228D18E924FE6FBDAA6D4A047EF82BC1924FD19738F9BE201913889D1DD8BC076A8461A2C1CDFBD51D1DADD1D0452E8D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = _window.getBrowserType();.. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = _external.getInstallDir();.. if (browser === "FF") {.. wbShown = wbShown + "_" + browser.toLowerCase();.. wbLastShown = wbLastShown + "_" + browser.toLowerCase();.. }.. this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.get

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2500
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.948428041546053
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3OTFbMv26ITWDE5g2CFqOcqehQORDVtEr:EaE6qOcqiQqByr
                                                                                                                                                                                                                                                                                            MD5:2DEE7215DA12D80D92596D8E299ED39D
                                                                                                                                                                                                                                                                                            SHA1:603B0F6B97D1E0AC6B7F2166BE234CB270FF2DD5
                                                                                                                                                                                                                                                                                            SHA-256:5F2D71BBDBF2BD09E1E3C8B17BB17D9EA0CD79BAAAE1DA9B58CA5EC7E905C0EC
                                                                                                                                                                                                                                                                                            SHA-512:CE796EDE8C6F9937E1582E3ABCF8A0101DAB2445BB44F4C57E5FE8A81DFFA7C74F92087B4862FE38697ECA62E755347DD3CDA96E47A5A5710FEAD5C8A5AE2CC8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-webboost-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:m

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):435
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.339595422017506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7op8DZNN+N/mjoPou/d3mFiRWpK2NV9V6/v7CFmP1:lwwN/fPouV3mkWvn9VSmMP1
                                                                                                                                                                                                                                                                                            MD5:17F00098D9F726B994583103F81EB7AC
                                                                                                                                                                                                                                                                                            SHA1:18DF2437F9019ED8A7E111EEE48E1CA17F3BB19A
                                                                                                                                                                                                                                                                                            SHA-256:71983847EA4F7014741BD89DDF4A33AF884A7636414E55912077CC00959199B9
                                                                                                                                                                                                                                                                                            SHA-512:2BD4C0C36B43B61E1544C99E4B8B7C46789EDF91206929EF7EB1F7E5E5B810439D2A673E3EDC200BAC295003D544B9B9B94275AA29D3DDE9F5585E550553E6E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...............-.....sRGB........mIDAT8...=K.A.E.1...&....X..(.....V..h.O.....J.l,l..t.je.."..Z....B.DD..d.f...f/.f.{sov.%.T..a...p....R..6X.O0..;.w....7...,K=V .n..'*C....D[..ds.N.4...W..C..]..}0uM1.. .^...C6..O{.3....8....\...t.#.Fc..eks...x...K.....W..o.}@.N.pH.l..H.E.....ix.....z.1....=....P.SG.y..]CL.p....=.@..`..^..~/.8.,k..5(B.........di.IZWi..t6........&..n.c...4.'..e ...]3..........[....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 70 x 69, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3947
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943205117846418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:XpIVSotMeomWtuupLHgHzDJhbpmV3G4fNjirxU:mSCJodtwTDJhFu3G4fNWq
                                                                                                                                                                                                                                                                                            MD5:744E7ECE73DE770613033AF4C28735FE
                                                                                                                                                                                                                                                                                            SHA1:F7598A712AB76AFBFC8B880FAFA9C307D0942952
                                                                                                                                                                                                                                                                                            SHA-256:7D324265349E5DF77B3A3A56112E5D13B7A1C9827C4B886205DAB99C279B19E5
                                                                                                                                                                                                                                                                                            SHA-512:2BB6285603F134BFC6B3B0AA9B4F97B4156D354558AC3B73CE5661988D3A6516528D79DBCA1F82996BC395FE780F41AF7CF144ABAA3CAFC951C0D3FE0A08B165
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...F...E........*....gAMA......a...."IDATx..\.l\.....zw...^{.qpBB...........KA..Q.P.Am.......j..E .r........P..BI...hP.;.......|....}o.y.g.1.d.y....7.....f....C}........f..gE.Y"t......I....d.>d..O,r.&.d3+.x%..G.J...$...P8.....FC.4!..0A`.fk.a.n4....A|..~.@,..'....7tF...Q..C........d....Y.&2..29.HR"..Fs..L.J........<sZ..0..f..[M.A........?w..FcIJ...l..A..l.H.h.L.Fj...+...L.g.....)..x.f..M]mQ&^.Q........-^..v.....n...Y.-.pN`..j!..N.#..?4*g_.`>.s.h.?I^. W..E.K$ a..M.Dc.....{..z8.."...40..v.+.f.......C..Hb?.H*9..1+.\N./_K...082A...(.%...;H........".....n...=.#%+.&.b`...wP...e.t.......X.......:;..+......../.N.............>o.*Jb.#v...>..].j9g5_.....;8(f.).....V..V....J.Q.g.........>.?.p8J...v8..,.$.>.n..aE..;.m#.t.J.t....wkKY>...\Q.e.Rg.....1.....Dc..&EQ4.....t..."......'.?.&.c.I.....I..:.i...:...9..UUg...z..kw9....7;.O..xVq[...s~{..`.SO..E.....n]..gv..w.ib:.F.>...Uhi...z..p:r.].+]...U.m....ZB...P..1mm{....9.a.c...:..l.....=v.g..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):301
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.008936185757553
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPfAlD5bn3S1bu/6BIMYE00yLbOxD/WeahrkSiuBZ4dp:6v/7HAthII3MYEJ41lBiuBiz
                                                                                                                                                                                                                                                                                            MD5:B437E1CC057558224FEBE4A96FE66CB7
                                                                                                                                                                                                                                                                                            SHA1:DECA512775F0FF42BB1B6F734BDDD07DBCFA0AA6
                                                                                                                                                                                                                                                                                            SHA-256:5F233229050143BA35B24A5DA5E1DB5F2ADCFB0E0F2B78707FFEAF39DAA19249
                                                                                                                                                                                                                                                                                            SHA-512:EDACD7B9B7674FABB02BA5CB3B2BB5156C992C95715A71D6415353F9B62E9936335F490D2AE4CE7D58DBA68AAFC583AAEAD482D25DFAC459879CF289E2EBDB0A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR................a....IDAT8....JCA..?.[...$..+.........|....BD.....i.*..V..h..+.>....*...X.s...f ..U..X}..B.U.s~SX.}..2..=.........0Q...D]U{.M.?../..}....... .eu.x..~.6..3`% ....y....+..BP../..8.)pm..\..M.h..Q.....-..Y.....u...T....S..0..e..%....u.8].^.........1....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5999
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.756922019320659
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:7QqFHpklH6mmFbtk/LDTOrKeVDL4feMR8RhDV/BOOTCuYeHHXExCDI:7Xf+cJVfKeMRku1eHHXExGI
                                                                                                                                                                                                                                                                                            MD5:0AFF0DEC4273481F2D0231212135AFE1
                                                                                                                                                                                                                                                                                            SHA1:AB75F3D552D257FAB4BF9ED4A786381E46DC6B1E
                                                                                                                                                                                                                                                                                            SHA-256:1D50F00A5FA9B6808326A246731AD7DA0E3BB9C0B13D7770F8E2DE39C87E686B
                                                                                                                                                                                                                                                                                            SHA-512:F94190880F9639A9E2D1E7E982737817FA0618E585C477EB11413E6150D0A49D143C9E1F049B28A6C65A4AEBA2568DBA374B32F3FDC6BDE4DD1807FE7DCAABDD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...)...:...4...7.......7...%...4...4...7...7...>...$...>...G....tostring*[NPS] packages.nps.isSurveyShowing = .info.log.core.isSurveyShowing.nps.packages........#4...7.......7...%...>...4...7...)...:...3...:...4.......3...:...:...>...4...7...)...:...4...7.......7...%...4...4...7...7...>...$...>...G....tostring*[NPS] packages.nps.isSurveyShowing = .isSurveyShowing.triggerType.shownTimes....commandName.showNPSSurvey.ShowUi.EventData....onExit$packages.nps.UpdateSurveyStatus.UiTemplate2wacore:mfw\packages\nps\wa-nps-checklist.html.UiType.npsSurvey.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\nps\wa-nps-checklist.html.nextSurveyCheckTime.nps.packages![NPS] TriggerNPSSurvey start.info.log.core..........4...7.......7...%...>...(...4...7...7.......7...)...%...)...>.......T...4...7...4...7...>.......:...4...7.......7...%...>...G...4...7...7.......7...)...%...)...>.......T...4...7...)...:...4...7...4...7...>.......:...4...7.......7...%...>...G...4...4...7...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (458), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27277
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.105662248972763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:toM7vbmeEzk/beyLkwi1y42ykBkbae2vxDqkDd:+GbmSil1a
                                                                                                                                                                                                                                                                                            MD5:A6730922F020B8FD2993A248853ADF39
                                                                                                                                                                                                                                                                                            SHA1:BC811EBC4CB7299DBDAC37B756260BCB526C0BF7
                                                                                                                                                                                                                                                                                            SHA-256:863DC17C079133F1B5054894C6FC2B5AB0C38471F07D3750C2E8E7EC87419498
                                                                                                                                                                                                                                                                                            SHA-512:AF1EF5082182545C1B469B40871F834051EE34A266363D102D7CBA6FDC8F5ECF601520BA1618527EED8EB73C4136F4BA7983E6FBEC8CCFD5D15E0A77A96EECAB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.getArgument("template_args"));.. if ($(window).height() >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2495
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.949159025637677
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3XTFMv26ITWVMgZgAFqOcqehQORDAudGm:LcqOcqiQqt
                                                                                                                                                                                                                                                                                            MD5:5F980A075503A74502F4B5B94F1C4B09
                                                                                                                                                                                                                                                                                            SHA1:DCC3FBB974E51B139706040598770917E8B7EC54
                                                                                                                                                                                                                                                                                            SHA-256:89D58BA9880BA965CEC5CCAC221A54FF011FE84FB471F7FF1187E217307A70EC
                                                                                                                                                                                                                                                                                            SHA-512:10B20806F1D5C4A9013C733BB169C2117399E21C97AE11323AF7EAFEB4468804F64CB2033F0B31C79E3B2F996A4E904C50110351F44CE076617FC1A69E229263
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="wa

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_horizontal_header.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 300 x 378, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23888
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972575063100117
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:EUB3ty3llPPn9q8h2pUKKvldY0LnnP4iNn95BbbYaEyuIrHkMwx0knasAJ1gZ6IS:EUFty33E8h2Onvv3LnQyTBAaJzrHkMhT
                                                                                                                                                                                                                                                                                            MD5:C3BFA93D5C7DB61C39EE0964408A9652
                                                                                                                                                                                                                                                                                            SHA1:0BF196BA363A55386E34EC578FB998434DFFA76E
                                                                                                                                                                                                                                                                                            SHA-256:A2DA83CD9A0EE76F8030EA0A98A132062D3715D314120FFBF15E7E5CF6C07C5F
                                                                                                                                                                                                                                                                                            SHA-512:262713F8063DE027CAB620F5752B3BB7A9C52F55643644570BFF84E877B7EE292257B32F34515FAEE6D00707368480F0039668F649979F2E07F1D2F68CDA33E4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...,...z.......e.....pHYs...%...%.IR$.....sRGB.........gAMA......a...\.IDATx....$U...".2+k_..z...fiD.E...u..Ft...WgFt.....qFg...gQ...Qy#....* ...6...M...k.......yo,..Kd.o..32...._.s.7...%......~..e..Y.z.u.........<.R.V......~S....Q.......G-......;..r.i.............o.X.0......a..".0...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aBCm.:i3..H..b.&4.`1...X.....,X....,.aB....0.....sLg.w.e............u:..r..H..{=.cr.Fu.N...w.a+..9.=...s.Z....i....t...D..&....9>..G.uD......p8n..n..2......k.......2...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X...Z.w8..uh..aG5..}.S..w......8.}.^.>./...P}'.....a..nu...@u.t.<..7..s:....t....t.N.[pz..i.....2....q./.l......._.+..@Ue.l.k.n....t.;m...|.y]..>......).{...>..'....w.r.~.%.....r..9fr)[...]B.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aB....0....a.....0Lh`.b.&4.`1...X.....,X....,.aB....0....a.....0Lh`.b.&4..z.E.qz...<.p...7.k.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_mcafee_logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 230 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3442
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.917211786885695
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:1/6S6av9TkhLdTA7EQcAQWgDDJMB4bcpdQA7xSxygZAW1swGfru650YOydA5Yv3z:1SSdlx7EhAQLJbcp4tzf65xA5ef7gC
                                                                                                                                                                                                                                                                                            MD5:857F7BDFB5EB00AAA643F1288B5A391A
                                                                                                                                                                                                                                                                                            SHA1:7D58AD880ED35E794A5D3EB6AFF43B25986E348D
                                                                                                                                                                                                                                                                                            SHA-256:E62646B24CE91D1A91D423A9579F67674124CDE0E76CEF490614588D0859EA2C
                                                                                                                                                                                                                                                                                            SHA-512:910A14E7EF21901A6159403F98DB37866AEA7DEA6386484691C688AD1D5BFDFD7E43D1DF88D419E951511683E00FA28A6B50A335DE9D3EB51FE45F90E616FAC3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............<.eb....pHYs.................sRGB.........gAMA......a.....IDATx..]]n.H....[.&..`..O.O....C. ......0;......,.....@.........5O.q......=foU...2....l...Xj.Mv.W]U].d.f.m...`..........}<....<..m@......|...a.....f....B.|..o<........AF.z.....~.......r..O.k.....8?........C..Baq.c....z.q....N..N....Y@8... h.q....=....gO..a}`......?..l...@.&.;.r.fs.8.U.8.Ji3l.6[Z:.~..m..RT,......{.......W. ...15"L.H.v......:...i6...quuO.$..4..\.IxE.h...M..ip0.p...|.....i..%........._...e.r......Fd'.s..A......_AA R..Lq....s..P....w....xs.w...a.Y.E..Bu..-..(P.|P....Z.9...l=%).U.}.s...A.T....AZ."!...}.wO..."T[...)]x.@'.......r...Q..AZ...-1#..9.,.*.:..>!B.....`.j..<.Ic.5..0..}.........O{.ybQu....kp......K-.....K.3..(.q..|wvft4H.....,....*.@9.N<]!...py.!/.\[%..G.\.{%..H...A0..Y!.Z.t.y..!"...>.+.~9....6..8..UI......!..'....q.ps3l}.t..B.d..a.x,.[..,..c=..A._.N3......L..^p}=.F...h;...:.K..J2.y....H`.G..bF.IB..z......j..'.u8.*...<4#9.2.`...s@..(../

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\pscore_vertical_header.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 350 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12414
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971836009107372
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mSwhyWo8nM3LYKcNcMEt2VHCk4pH4KjJBOh16ExrZLYTicctW1MUwPk1:JwW8M3LYVbA274pzNBS16E7ET31twPw
                                                                                                                                                                                                                                                                                            MD5:401311D74B22F9A58BBB4567A9035C62
                                                                                                                                                                                                                                                                                            SHA1:3C3AD0696E506D1D51B823CD0FA3E13CD2F605C3
                                                                                                                                                                                                                                                                                            SHA-256:79D6B5369F72EABBB18D444363CC5A345F91538696238CDF03952975E51162C2
                                                                                                                                                                                                                                                                                            SHA-512:791E332576282688F9F74041DCD7A27DC8C81046FB04869D2F08C0E88325BCCADED9346F696E6F4D8BCD4AC5EA1F8DD18488B1CAF9DEE1E6CEDBBD28940E7254
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...^..........c......pHYs.................sRGB.........gAMA......a...0.IDATx...x\.y.....W[....66`v.....p.m..4I..$i.....i.$.mC.K..i.%-$i.CY.....,......*.,i$.....F..f.3G.....f.....{...}...@2..a.F3.`..a4...0..1,^.a..a.2..h...a.FcX...0...e...../.0..x..a4...0..1,^.a..a.2..h...a.FcX...0...e...../.0..x..a4...0..1,^.a..a.2..h...a.FcX...0...e...../.0..x..a4...0..1,^.a..a.2...>0L!X...2.......c.3ya.2L.."Ss.....$..`.\...$S`..(..?.....v.T.....N...q.r.T...#h~.k.....+.e5.F..u.....cL.`...up..;`..80$.O.8.v:....S.K...z..C0..;.....8z. .....n..[......h..F-.x.EH7.3.G.".\..r.......>..1!....G.6"...."..L..Q.A9&....p....DBMI.v....~n$.......u&.?..J............J\N..6.....y{....+.Z.0....oB- .v.J.&.;.....G).Q*.G....".....-........+..}.{.#...)..m(....1`.....K/.....RX.v.hK.:......E\y.e)Q.c.x.......2].V....7.......[.]tG..8.h.}.HIO.v.....E........w(..#..}X.$.|.2I.....ar.W.....A.H..K...u%I.~..E.7lO.I.q#../..!..w>..5.|sAr...2[...E.T....]vya..$,..).....DV...}....[y.. .x

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\score_ui_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):619
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.668282672980567
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:vLFlllOmDXC1DgW3Wejgq+Tu5zIRcgYS2DZRQAb2X+0SJI55gH+Lkk+ZpYR86:RlllOMC18W3Wejb+IzIRkSQ12X+0XOA7
                                                                                                                                                                                                                                                                                            MD5:C661D30E85956665C33E220221DEEAF2
                                                                                                                                                                                                                                                                                            SHA1:EF10DE4F818C7564399A144F9F5E93921507887F
                                                                                                                                                                                                                                                                                            SHA-256:34B82F206E615EC16C68600781BB8B1C37D9542EBFCEC025C4C1269556F7CB1B
                                                                                                                                                                                                                                                                                            SHA-512:4453BDC0F7DE3D6A3DB0CD68E7AE422F117853658976DAAE8EE1F97F7ABB22DC3D9DC5C7E4F6C1509EEA4DF5C342932128AC6A0D36EB3A59CC0F4CB32A0F7262
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........3...:...2...%...:...(...:...7...:...4...........>...G....ShowUi.template.UiTemplate.transparent_color_key.upsell_toast.UiType.EventData....UiTemplate............$4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...1...4...7...7...>...7...%...%...'...>...4...7.......7...%...'...%.......>...G....Builtin_ShowScoreToast!EVENT_SERVICE_ShowScoreToast.register.handlers.ssToast.upsell_toast.RegisterUiType.GetInstance.UiArbitratorHelper.core..builtin.packages._G...//249BEF837026BE076FF489E245B9CC0B4F28CB2B02D0C4B26CDB2EB4BF0ABAC2F63D7A5C943BDBC3C9C503A76A3A59CA589B0663ACF6990F10F32C24CCA7E54E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2598
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.041489344653342
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UQXxoNKNv4spv4aj0MuoZv48Nv42EkGxvyxs0M0oLpxMIcoPP2u0pq2uD:xExd4847hk4a42Eyxs0VExkoPOvw3D
                                                                                                                                                                                                                                                                                            MD5:C1BA351DCCD82433C6C43D67BF4B26C0
                                                                                                                                                                                                                                                                                            SHA1:CB0382255255C55B10A397E20CDAADA160DF7D38
                                                                                                                                                                                                                                                                                            SHA-256:4F4A1183F9B19BF5173E34B0473600650D20B7FB0CEB79FAD010B9C72F83AF76
                                                                                                                                                                                                                                                                                            SHA-512:2DF9A456AB796FC3D6027D8F38605A94D647113F27905B119254106D8AA5491D60E66E2A92B24CE4DDBED6679339D3993DE0511333DC83FBDB010D626A51B1B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}.....main{.. position: relative;.. width: 525px;.. height: 189px;.. background: #FFFFFF;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;..}.....header {.. position: absolute;.. width: 150px;.. height: 292px;.. left: 0px;.. top: 0px;..}.....header-image {.. position: absolute;.. width: 150px;.. left: 0px;.. top: 0px;..}.....content{.. position: absolute;.. width: 375px;.. height: 188px;.. left: 150px;.. top: 1px;..}.....content-middle{.. /* Middle */.. position: absolute;.. width: 327px;.. height: 134px;.. left: 24px;.. top: 30px;..}.....description{.. display: flex;.. flex-direction: column;.. align-items: flex-start;.. padding: 0px;.. position: absolute;.. width: 327px;.. left: 0px;.. top: 0px;..}.....description-heading{.. /* Heading */.. position: static;.. width:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-h.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2121
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.114460372689897
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:fgn2sYswbZbMGNVMz7/VMz7EVMz7VMz/VMzEVMzkLVMCqGJKY0Zf+PGQ4xrzTHwR:YabMuv26zgiCgFFm4xrzTHwaM
                                                                                                                                                                                                                                                                                            MD5:8F9FA9686249C702BAB360FFEAA19E8E
                                                                                                                                                                                                                                                                                            SHA1:EBD4761032A32E3868AB27CEDEEC91BC4732DE03
                                                                                                                                                                                                                                                                                            SHA-256:21F33807C6CFC69EF35A2D412B65851E1F1050C58F85D6103D0183EB73E2D989
                                                                                                                                                                                                                                                                                            SHA-512:FA98B795F79A0295EF2FDAA7225B5F6B925170F9666A67D6E840527FCBB0E5D0858E26F00061DBD6CFFE670724CCF29FD67B81E4D866088447D3E4685C584805
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Horizontal Pscore Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&family=Poppins:wght@600&display=swap" rel="stylesheet">.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\tests\\score\\wa-score-toast-h.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-pscore-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\tests\\score\\w

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-v.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2850
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.091946426041461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UQXxxxvmyI2Muoyv4yoEkMVGvgQ+L/MjoWEOM5RchYubipqT/MIM9m+2oHy:xExxZjhF4r8wdU0xz6iFiwT/0EVoHy
                                                                                                                                                                                                                                                                                            MD5:9B6CF471B268F3785466CA6889880B67
                                                                                                                                                                                                                                                                                            SHA1:FFE049A5B7373A8074C3D2D09059FBCABD1388B5
                                                                                                                                                                                                                                                                                            SHA-256:66B5C4B40BE9D1590ECC6B56A8E82DDA4073AAB95817C310F7C10179CB54D020
                                                                                                                                                                                                                                                                                            SHA-512:9708511E0B957839713B2D0864D6E1D2E88B84A6C224DA20F9B1BC4C24413C9391D7E1F1E54EC1A3BB388E35DF2278A64A88C4F4BDEE0E96727462212CADCCDD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;.. border-radius: 24px;..}.....toast-container{.. /* Score intro toast - Vertical */.. position: fixed;.. width: 350px;.. height: 486px;.. background: #FFFFFF;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. left:0;.. top:0;..}.....header-image {.. /* Image */.. position: absolute;.. width: 350px;.. height: 200px;.. left: calc(50% - 350px/2);.. top: 0px;..}.....logo-image {.. /* McAfee/Landscape */.. position: absolute;.. width: 100px;.. height: 19.63px;.. left: calc(50% - 100px/2 - 103px);.. bottom: 245.37px;..}.....main-description-container {.. /* Auto layout */.. display: flex;.. flex-direction: column;.. align-items: flex-start;.. padding: 0px;.. position: absolute;.. width: 309px;.. left: 22px;.. top: 253px;..}.....description-header {.. /* Description */.. position:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast-v.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2176
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.183650115675611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:PKn2sYswbZb2GNVMz7/VMz7EVMz7VMz/VMzEVMzkLVMCqz0y5kAEaAPHRHheSfV+:qabOuv26zgiCU15+lBRfV+
                                                                                                                                                                                                                                                                                            MD5:6F0D34D207FC45B9BF3B273EBDAB57A7
                                                                                                                                                                                                                                                                                            SHA1:4B7A32847CC0485D657960AEE37B61A7A2A9985F
                                                                                                                                                                                                                                                                                            SHA-256:4B8BAD13FA6CE19049D9EC2E1E0C5F52727DB922C98141EF15706A23552BDD2B
                                                                                                                                                                                                                                                                                            SHA-512:3F5CB535171C85A5A522DEF14F1537BF652458E534F33D062AE670ACA6CE831D31EBAE8A6AC63C07DC6CF7D5100A31BAC1A8597CB9DE45599F3F6AD25B3D5805
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Vertical PScore Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600&family=Poppins:wght@600&display=swap" rel="stylesheet">.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\tests\\score\\wa-score-toast-v.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-pscore-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\tests\\score\\wa-

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\tests\score\wa-score-toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3537
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.941587827298674
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:T4dKKNAuahTxUATiX3JGJuCEsyU4Im2OmZiK:UKKNAuaNPaZGJupvIm2OfK
                                                                                                                                                                                                                                                                                            MD5:B7770CD5996EB35DC3E728671EA67CB3
                                                                                                                                                                                                                                                                                            SHA1:028FC16A24A9B6D20EA1533419A24C87318A87A4
                                                                                                                                                                                                                                                                                            SHA-256:E85CF4E09A0547FBDF7D1E570E13945935DA3351B684BCB39815AE653A703912
                                                                                                                                                                                                                                                                                            SHA-512:A08C4D1A5E3E317967C755A363874D2DFCDC2030FEA67160B36A31277FD40ED3234931B3D81EC456CB3FA7FE38B267570ED51C6DE44A5A235E6B6B26CBD8E9A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Protection Score Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... ui.pscore_toast = function () {.. var $el = {.. description1: $("#description-1"),.. description2: $("#description-2"),.. acceptBtn: $("#accept-button"),.. ignoreBtn: $("#ignore-button").. },.... show = function () {.. _window.ready(function () {.... // Get protection score cohort value then set size toast window size based on that.. var protection_score_cohort = _settings.getSettingScopedWithDefault(1, "1", "protection_score_cohort");.. setSize({ width: "364", height: "500" });.. if (protection_score_cohort === 2){.. setSize({ width: "539", height: "203" }).. }.... // Get settings data.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.PSCORE_TOAS

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):477
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.351051330229087
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7y2VDhNOYjroguA84jleUzz0BDdbNSp42duo1:wVlYq7kC02yNSp5Qo1
                                                                                                                                                                                                                                                                                            MD5:8DD33EC0D498CB6C2FAA490D5FFCAB72
                                                                                                                                                                                                                                                                                            SHA1:E278EF1E92293D41820D83E115A7195E30509BAA
                                                                                                                                                                                                                                                                                            SHA-256:C43CDCDA1172EA4E55CD6725B5FB3B0F2ED9F8AC2C3DFAB3CB5A927550C00492
                                                                                                                                                                                                                                                                                            SHA-512:20257C6B39D94376C69118E91480F101B96E168E0C1AE599E505E76C4785A08C7CEC0297B84B8FB99EC690C16FEBE8985C8558AFEE13A7503D053760FB52B242
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d...ZIDAT8O..1(.a......QJ1... ....2.3..`R2.u...*.h1. ..,.1...=..9}.........y.._....E..M...%;j....}|.Z....m5........;..,.v.l6...X....^].F./{.q.-V.0.sGaf...\.S.*WV..7.3f{U.A......Q.....L..%.Q..\.'....M.Q.lOn~.;.p]s...j.....5G...c.QV|a..(....1.+..W:.2l;....b....)7.3`;.....Z...Y.....KY.V...Jx.V.G~..V......+.!..U,.........|.O|.s.`...'I...-Ps4m."....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):621
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.440301212402691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7y2VcCkoWVpXHvC+N3Pei2PrEyBvatOrED0uapdvoXP:wVZk/9/ei2D6d07m
                                                                                                                                                                                                                                                                                            MD5:CAE22AF422FC994E24E8CCAE7ECDFCD2
                                                                                                                                                                                                                                                                                            SHA1:E237654EE11A51773BBC840A27F79D6EB2DB0000
                                                                                                                                                                                                                                                                                            SHA-256:48B34A024F5B925DFB6B8973876708BDD49B363712E74981078661D638E8440B
                                                                                                                                                                                                                                                                                            SHA-512:8A818292FB67F81A7339DC2866EE5884DBF5DD97707F6567F4B1A6DA7CDD8FE8ED8BBEAB04CA610FFF2C1B80C36A1873ED331187FD9A8BA8734DBAA401076379
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d....IDAT8O..1H.A../!Q....@@kI.H...AmR......w.'.W(j..UHa%H..b.(....R^.B,...!M .I.B....x'..`.._.....y....U.e.D.4.D..Z..Z...I.+...B...i~.R.=.2.Ci...3.zw.c...;...n.ju...(.G.e..(}..<w...Y.R.b..v}.='0.V.^.tQy..,rf"T.B.Ry..&..._sQvw...%g$p....8.8...,...R.I..........'......g..m..^F.7N..Q.i.....<..O.8....y..<"..I}...,...*...<R&...s..;\..J.'8.G....f..o...l .^...(e^..;..t.._.....F%...k$.......:.'..u.n..g....@..N...E.....m....4M.\Do...H.b^?...t....}.......}Ahl.G....~..>.@..3g..U(\.Q....L......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\badge_unsafe.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 52 x 52, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):957
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.697613181319463
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:A/6SFlM82TeEtptDqNrmcMg+nv5eYIIHUVcIFOuIvEvKZiSGtvml:A/6TRnONav7he5FBIvESQSGAl
                                                                                                                                                                                                                                                                                            MD5:BCF5ED81D209242E53EF15C8F0CE28F9
                                                                                                                                                                                                                                                                                            SHA1:DA551082C031F0F532E61953479EA7BEED4E1068
                                                                                                                                                                                                                                                                                            SHA-256:D7BBC3068A4447D0B6AB734C9CD0AE5E13393152FFDD51E6CC6117637F9063A6
                                                                                                                                                                                                                                                                                            SHA-512:0B51D2BBFA103E53E7C7E204DD815160B0AD679218099AF9C8BDBCFBA83A6FB1FF480651D2B28DE690C222B2A8B74D44823BC5E16CC46AAE1E725E9694390B37
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...4...4......x......pHYs.................sRGB.........gAMA......a....RIDATx..OR.@..npeie.%:q.F\."s....`.....8.s.9.a....eJ,.Ci.....I......$...$$..z._w.n..Q.....R....E.v.&.k=....xyy@F......T..T.K..T.B"..J{Uq..i!@...,a...~#.K.2&$."...9....2.%..,....5....Rm||..`0Hr{"Ajo.F.r.k..b.k-..D..i.|v.H..(h.y?......t.b.....:.a....t.G....T..6.Y>.....o.~.....@>.l...tu]'.[.C..2p....c..O..U.O(....;.I.B..e...P...... .j.F\........9....1..BB.wH.-..@.".....2.Rh..(:<'.H....O0!.....Y..Z$......I.g.,Pr...9.E!-.R.,I@.!-.%......>..!.B..A.........x....2...4P^.\.....:(.Jut.D....^.....&.7YG<?....-Lqu5.).9\..-.O_]d.g|....8Qb.RJ.Qz..-..\...7...b.`|,.D.p.onF.|lB....0.9..8.. k....b.`..N...0..1.j4..:..A.-..FQ..W...Y...*.....w..[[...1A........r...t]'.:c..{...+X........../.7.N.n3X...||..O..X/......oC..m.4*..X....7.'Q.G..J.l#!......a...>k.TZ.7..<.~{....<^..:.."....7..v.,..fNj..}.-=.'..._!C.8.kha.....h.t.....j...5...A.S.......IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-checkbox.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2269
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.231778970674772
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UoZJx7MdDjTPWfx9gczwPpCRulmR+VPeKz:xArx7M5TPWfx9lzws+1eKz
                                                                                                                                                                                                                                                                                            MD5:AF28F4D0EC0F1BF3AE024C0C78D3B468
                                                                                                                                                                                                                                                                                            SHA1:9D44E422F0F26CDC56EE0A2656C4155A8DC9B158
                                                                                                                                                                                                                                                                                            SHA-256:A2763FEAC3A5EB5E9DFE26A88CCA1E3ED9A221FE6D5C5DBFE4D08F63066C907D
                                                                                                                                                                                                                                                                                            SHA-512:7D8591A44973A44F223393DF04F7BE8DC6CB407A12100AB8E8E7E1035BCCFE951D1A6D22573C184F1E7990332AB2D6DFFF0FC180AA22940AB9F8ED380FC56CDF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 16px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 16px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. paddin

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-checkbox.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2337
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.204519131162209
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:AswDjY49GNVMr71rAVMr7EVMr7VMr/VMrlqVMrkbAVMCrmglBkkEEvURFWS4CicV:DOjllTneCPIHCT4QSFWSO7QmqPOdE
                                                                                                                                                                                                                                                                                            MD5:9C0748B7C60CF9D637F7B21960981FBD
                                                                                                                                                                                                                                                                                            SHA1:7BA486136C58F111A6302AF1CD86B2CEBB9EC981
                                                                                                                                                                                                                                                                                            SHA-256:1B798281A4DF16E549AC8C4A0C06652EBBC01E98D600A0885E6CDAF1C6612979
                                                                                                                                                                                                                                                                                            SHA-512:9EF091FD3DED626EDB6277DE6DC70FABD3E7BA01CEF38629B0FB1C800E18D30F5341DCF609DE3A994D258AE5A93D1FD4BFBD9F820132FD64F153426BA281A67E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>....<head>.. <title>SS Toast Variant</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-checkbox.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-checkbox.js"></script>.. <scr

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-checkbox.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4550
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.052302310512664
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CAATI313XsdWNR8jEcYw1TwVVXK+0OG1rAVXX0fFFXs1:lAGJsA78jEcYwFCVXuOGuVXkffX4
                                                                                                                                                                                                                                                                                            MD5:1489AF8CC75A33BDDE32FC2FA2974206
                                                                                                                                                                                                                                                                                            SHA1:1543A86BD9F9D2DF2079E777E27F31EAB9A5DFFA
                                                                                                                                                                                                                                                                                            SHA-256:816B368F1272C3C9052FCFEABC32068C037C1986EBF05582CEC111DF7868A3EF
                                                                                                                                                                                                                                                                                            SHA-512:E889C48FE019EB705D02C2CB3D12718FA010F713CE43ED293A27E70D394AE5F7997B774C3511A5E9B744C6B4FB2C9CB7F906A0CA97CD0A9504B596CE95357405
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. };.... function fillButtonText(btnText).. {.. if (!btnText).. {.. return;.. }.... if (btnText.length > 8).. {.. $el.doneButton.attr("class", "button__unfixed__width");.. }.. else.. {.. $el.doneButton.attr("class", "button__fixed__width");..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7069
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.114929053169035
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:OWZxXMHRMroWa7b6xEgPGquAED+YhAAA8b89Y/5Pbqx51E5hh565/M7buH0eFDeL:OW0H28Fguf+y89K2kCdMunbK
                                                                                                                                                                                                                                                                                            MD5:9D573A8B481942D094BEEDC60749B60C
                                                                                                                                                                                                                                                                                            SHA1:DAB289919E0445695EFE5611A7D5E6D274568801
                                                                                                                                                                                                                                                                                            SHA-256:6C027DC8F2928C0B0CCFB0C50095E9C2CBF34E3897F72A324F3B16D6B0EBC973
                                                                                                                                                                                                                                                                                            SHA-512:496818CD811DC4461556AADCF6046FF38E6FF012CC891B609DB1399FCBCCF5C5BB6389BF5BB613E3664A24A6AB82FD8EAFB184CB9336B3DD03B00A4718F8D408
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;.. width:fit-content;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* v

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3755
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.082899657840597
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:jMsaeRv26XbWgHZNG50ybUYoA1gPeaNS6cD2QXIan75NMlr:jDbLNw1AYomgPeaspDfXIandNMlr
                                                                                                                                                                                                                                                                                            MD5:4CBB1BE0AC333369E33FC50D9EBEC4DC
                                                                                                                                                                                                                                                                                            SHA1:393FEE09211EC329575974F33BE6935136B239BD
                                                                                                                                                                                                                                                                                            SHA-256:576E6DC9F4400FC723D2CA46BD3F9DA1FED37E5AFAAED232828A240832CD0161
                                                                                                                                                                                                                                                                                            SHA-512:6302C5B6DA2AFA66EFCD7DC8B82045358352F471A0F3485A174E9223FA049B4FB96C8DDBD1FFD5345125A36353F55FAD4272BD8CF5056EA3CDFCF87B3FDA7A90
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\pa

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8089
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1197479924618285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lAvUEJU5h6wFCVXuVdDE6hYkBaWPwT0JrrvG10qAvlGuVXkfldXt7:mvhJYDCV+fEGIj1sVUdt9
                                                                                                                                                                                                                                                                                            MD5:5A31A78F0F3F9306FF37812DD9B8A9CA
                                                                                                                                                                                                                                                                                            SHA1:F1BCCB3A762C6DAF44CAC4EF61C9CDD9F1F956CD
                                                                                                                                                                                                                                                                                            SHA-256:E63990E32728C39F413FE9EEE5E297C462834CA47F72C272252C680C78A8B57E
                                                                                                                                                                                                                                                                                            SHA-512:67D454A6B1E382D1ECBEABD4E9E18137109C85EFC9DBFE7AA575ACD135A46A0270D8D1A67D91BA667F834B73C412699DB5679FB126063E689EC301D3B5D3C5DD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. version1: $(".version1"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. feature1Label: $("#feature-1-label"),.. feature1Name: $("#feature-1-name"),.. freeLabel1: $("#free-label-1"),.. feature1Desc: $("#feature-1-desc"),.. feature2Name: $("#feature-2-name"),.. freeLabel2: $("#free-label-2"),.. feature2Desc: $("#feature-2-desc"),.. checkboxContainer: $("#switch-se

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1238
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6916067450305725
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ytKnKkHvUTkKUY94bXSx7ngIdMKWF8gGX5pb+IzIRZCUTm2X+0XLGGjj2:ytKnKkHvUBUNXEngJKWqgy0CUTvxXL6
                                                                                                                                                                                                                                                                                            MD5:3EA2071874713D503BFE15FD05D6B5E0
                                                                                                                                                                                                                                                                                            SHA1:FB3F23A70B2A89363F8A52F91779F6E9BEE5DDEE
                                                                                                                                                                                                                                                                                            SHA-256:D2F0F76C8ADA689A203598B8B3DECFD7BC470E1497D639C5EC79355AE4B6C963
                                                                                                                                                                                                                                                                                            SHA-512:80ADC2A00D9FA01CA1764EE794D821DB27AF0643C70B18867F8A06F5049119C42AF4CD64C16C2A4641686E36225BEFF1B2ED75F6B64A5E30BB6A628344F9FEF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........J7...4...7...7...7...7.......T...4...7.......7...%...>...G...4...7...7.......7...)...%...'...>...'.......T...'.......T...4...7.......7...%.......$...>...G...2...2...7.......T...7.......T...7.......T...4...7.......7...%...>...G...7...:...:...7...:...7...:...%...:...:...%...:...4...........>...G....ShowUi9wacore:mfw\packages\webadvisor\wa-amazon-upsell.html.UiTemplate.EventData.amazon_upsell_toast.UiType.toast_cohort`amazon_upsell_handler: amazon upsell requires toast_count, amazon_extension_status, and url.err.url.amazon_extension_status.toast_countEamazon_upsell_handler: amazon toast upsell is disabled, cohort: .amazon_extn_toast_cohort.GetOption.SettingsDB9amazon_upsell_handler: amazon upsell only for Chrome.info.log.ch.BrowserType.BrowserUtils.utils.core.Browser........$4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...1...4...7...7...>...7...%...%...'...>...4...7.......7...%...'...%.......>...G....upsell_amazon_toast.event_amazon_upsell.register.handlers.a

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5495
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7918712287312095
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:OBVUGptMZMVHwyeMKfH+ge8PplOIrfjBdnGtY3XAquLbWQY6guNx6EzO:OBNGGHwn/+gz+IrfjBdnGteAnXPYduN2
                                                                                                                                                                                                                                                                                            MD5:90C8D812D17E803514D04AF0D322CD53
                                                                                                                                                                                                                                                                                            SHA1:86A143CF3D0C0763F5565D6987AD0D861EB0E3A5
                                                                                                                                                                                                                                                                                            SHA-256:CFBF67319BECCF51105A140435358EDC7863CF7A1DDBB3224D9CCB716C1E839C
                                                                                                                                                                                                                                                                                            SHA-512:85FFADBE511D09689F00ADB0E2BBC576C818B8C3B9182A05B7694F5A83B75F447DCB165E880101098723CBE7DDF72BAE563FD90FBEA3F277F92695ADFCC0091D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........3...:...:...4...........>...G....ShowUi.EventData.UiType....UiTemplate5wacore:mfw\packages\webadvisor\wa-checklist.html.web_view2_ui_templateJfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-checklist.html.........3...:...4...........>...G....ShowUi.EventData....UiType.downloadWarningToast.UiTemplate3wacore:mfw\packages\webadvisor\wa-dwtoast.html.web_view2_ui_templateHfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-dwtoast.html........U4...7.......7...%...4...7...>...$...>...7.......T...7.......T...4...7.......7...%...>...G...2...4...7...7.......7...)...%...)...>.......T...%...:...T.).4...7...7.......7...)...%...)...>.......T...4...7...7.......7...)...%...)...>.......T...%...:...T...4...7...7.......7...)...%...)...>.......T...%...:...T...%...:...+...%...........>...G......checklist.showChecklist.showUpgradedUserWelcome *DisableUpgradedUserWelcome.showCryptoLearnWelcome.*DisableCryptoLearnWelcome.CryptojackingDisabled.showNewUserWelcome.commandName.*DisableNew

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\chrome_extension_push_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1651
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.581763094422424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2b44px4rgAij/pL4eMQIhzLRCziQGePQ6NNL9B+Izdg++U/h4t:ypWiiQGzAtGaHtjj/hm
                                                                                                                                                                                                                                                                                            MD5:E3BFCD80D24E6C3442D4B9868649C1D4
                                                                                                                                                                                                                                                                                            SHA1:5FD488AF5BB6EBE0C169D2374E7D1BB4F335EF88
                                                                                                                                                                                                                                                                                            SHA-256:B3F5D82E554B072B0FF00EFBA18150A233147F1C0F202D8ABAB68047727571BE
                                                                                                                                                                                                                                                                                            SHA-512:AE998F522FA9740AA3D54416E56DF7A9CD2A71B589321ADE719BF29B7FA6872667B9FD5D1026FD5384B9DEF45C1438676C4FD47A8DE4792B6A6F3ED091075E8B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........&...4...7.......7...%...>...4...7...7...7...7...7.......T...4...7.......7...%...>...4.......7...%...%...>.......T...4...7.......7...%...>...G...4...7...7.......7...)...%...)...>.......T...4...7.......7...%...>...G...4...7...7...7...7...7.......T...4...7.......7...%...4...7...>...%...$...>...G...4.......7...7...4...7...7...7...>...4...7...7...7...7.......T...4...7...7...7...7.......T...4...7.......7...%...4.......>...%...$...>...G...3. .7...:...4...7.!.....7.".....>...4.......7...%.#.....>.......T...4...7.......7...%.$.>...G...4...7.......7...%.%.>...G...!chrome_ext_push_handler: endRchrome_ext_push_handler: Failed to trigger LogicMsg browser start on browser.OnBrowserStart.encode.json....IsExtPushTriggered.., no need to engage1chrome_ext_push_handler: extension state is .ext_no_entry.ext_enabled.ExtensionState.ch_wa_ext_id.get_extension_state.browserSettings. is not supported.tostring&chrome_ext_push_handler: browser .ch<chrome_ext_push_handler: chrome extension push disabl

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 170 x 167, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5286
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.918352410896778
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:VadOXrG7NapBuqn5EVYrylb7le57jdIt5X/pu660z4GKbAkhYaPQGflW1:B7smri6ryhGGX/JNzoAkhjYGfe
                                                                                                                                                                                                                                                                                            MD5:992B99090456FAE196C91BFCA1630D5B
                                                                                                                                                                                                                                                                                            SHA1:5079D7427DB7384162CFD4917A87D1B9C3235A55
                                                                                                                                                                                                                                                                                            SHA-256:F86960D443E848E83A2BA3B27B68EE488623A6E6E80E74594E69802FC472AC8C
                                                                                                                                                                                                                                                                                            SHA-512:80A8DACF479B444979889F0D9B5DDE429AA794D8D7E1430B4555571513FB3FB5F6F950B2FD989A7DF9B4EBAB7ADE271B5C8A635C4B247FD9D3D97EA96FEA0AFF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR................\....pHYs...%...%.IR$.....sRGB.........gAMA......a....;IDATx..{.T....{.a......GO6...*E..`.n!<$+L$.ML...X1.qe..V........M\.2C.v.'....uf...$.Vx..0.. P............}o?.....3}ow&...;...HA.ljYLzj..:Q.........(."I.LOj........Q4q..)-2....\..>_.^."K.|.f))H..F.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF...'.V5..b.G...4.Qv.a._..21...4...=...g...WD.....\.......d;.....6......D..N$2........3J..2J..2J..2J..2J..2J..D.r.t.-T*..n..OS.......C. .....r*..^5...E...n..%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%.[..fc.....:.g.0..Su.%^...kkg'.Z]K[...).?H...N|z...[..v.z..........x.>|8UVV\y.....X..xf..g.....5v.r..?_@..K..N.(g..?....o...cFSuu.F...kcE..V.....o.LRY..9j<...i.>...>S=.n.i.x.....k.......VB#.ow.b.X[...^.3..w'.#......P....}.....<.T.F.b./U;.n.{B.8.v..t....rA.W.....[......h..5T...<U.Pg.Pk..5.~v...J'.B.5;.ijv..vB.Q.?.-.3u...R.S..kj!].....H.T..o<Pr..PE.eO=).H.I5 l{..I7.d../V....N.Q.P..E...u..E

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1228
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.769756694162712
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:WnJZ2cCsJdPObNlpwgMT9CFbzW3Nhb+IzIRQs2X+0Xlt63UV0K:WJ8czdPCFM4ba9xdNxXlYkV0K
                                                                                                                                                                                                                                                                                            MD5:C7CC6D53BD51DF951F397FC99D62E1C3
                                                                                                                                                                                                                                                                                            SHA1:831BD7BEC40ADF0027C517C7471F615CBB09C099
                                                                                                                                                                                                                                                                                            SHA-256:6A38EC3EDDFA2E17FD6F6A7C1C868069619AB849D5B5628DDAADBA39C5C0D200
                                                                                                                                                                                                                                                                                            SHA-512:FED60776DAE1A87F18714CF76B358783E30796A8801AF95FE0AA4BEBE64A394C4D135409C1B3626EA042BDE0767871D0D100FB6F6898D5EC42DD7A0FE73678AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........<3...:...%...2...%...:...7.......T...7...:...4...7.......7...%...4...7...>...$...>...T...%...:...7.......T...7...:...4...7.......7...%...4...7...>...$...>...T...%...:...7.......T...4...7.......7...%...7...$...>...7...:...4...........>...G....ShowUiEshow_ff_extension_install_toast: got implicit close event name: .implicit_close_event_nameRfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-ext-install-toast.htmlCshow_ff_extension_install_toast: got custom WebView2 template .web_view2_ui_template.web_view2_template=wacore:mfw\packages\webadvisor\wa-ext-install-toast.html.tostring=show_ff_extension_install_toast: got custom IE template .info.log.core.UiTemplate.template.extension_install_toast.UiType..EventData....UiTemplate.........$4...7.......T...4...2...:...4...7...7.......T...4...7...2...:...1...4...7...7...>...7...%...%...'...>...4...7.......7...%...'...%.......>...G...$Builtin_InstallFFExtentionToast*EVENT_SERVICE_InstallFFExtentionToast.register.handlers.ssToast.ex

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):407
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.1407976551071055
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/74/6Ts/+smsfwZQlyCzDSkG+ZlfDN+y9X:x/6afkRChDZ1DEy9X
                                                                                                                                                                                                                                                                                            MD5:52488EF2BAA65366C96F39947B5CEC32
                                                                                                                                                                                                                                                                                            SHA1:580C1612E3D607EA8C3C83B03285ED6B5E5AFC23
                                                                                                                                                                                                                                                                                            SHA-256:C0E9102EF0C19E55052516B7B11F95E96A13A93A19DA66328DE5B66740CE4A4E
                                                                                                                                                                                                                                                                                            SHA-512:0D54D10933E441EB624CCE78C293162AF8150134199D7C2AA54554476CDB70983A3CC069B23D3C93D736612C80EF6C31CA1842EB72385FA4BE359A40F36A5B67
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....,IDATx..k.P..H.....;.P:..Z....[.QG.I\..]}L...... 8..........1W1\|../8.....|9.;.r.@>. ..(HZ.%'p.Y..;...[..r..m...Z..&.l^.....k-B...Pk...~?.....{.....b...f...}...ty..C..`...@<..,.]..R<u~.{@f=.w.<..x|.zsjq V.......I.KC<.}.....V{.l].Lg2..v..m!c....@g..-.>...@v ....L..l.y.>.)....."....%....P*........IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 148 x 50
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1686
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.777921392960299
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:I/sUg09pp/qKHlZpbkXt8K7n5bTh5lTdAiwy9QntZ9C:onJpp/qKXpbU2g5DlT+i9QnY
                                                                                                                                                                                                                                                                                            MD5:DFD80EC6F7EE421AEAF3F785922438EF
                                                                                                                                                                                                                                                                                            SHA1:DD3FCFB2BF921A6C67933093B1AE64CA23E1AF26
                                                                                                                                                                                                                                                                                            SHA-256:FF31AC8E9802988BE162D31CD350711F460E8AB292CC45950C202ECD1A8FEEAF
                                                                                                                                                                                                                                                                                            SHA-512:8391CD280487F73F7FDF5529BB6677696BC815DC99ADD5AA229EBE1B569B94C1D8C5370A86C0665F5F20CF918325B23338EAAE347FE441550C0758A687297C06
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a..2......'.....-..&..,.."..,..(.....-..!..&..+..(..5..)..(..2..$.....!..2..&..*..+..1..&..... ..%..0..6..*..&..+..0..-..:..5..+..0..2..-..5..5..;..@..6..7..=..?.#<..>..E. C. >.#@..<.'H.$E./K..N.*S.,J.6I.,O.1K.+@.+N.1N.)W.4W.>J.9R.;P.6W.=Q.:V.DW.A[.GW.>].HS.E^.J].Bc.EX.Mh.Nc.J[.Re.Pg.Mg.If.Pb.[h.Ls.Mm.^o.^u.]p.gt.dt.jy.g}.qz.u|.{{..~.x..{........{.............................................................................................................................................................................................................................................................................................................................................................................................................!.......,......2........H. 7Z[<DX......#J.H....3j...a...B..)O.?~.....J..........8s.....@..MP...HM..._.. 4x....X.j.:..Q."..S........a.*.p..I.(.....O^...6..Pu...}............A...3kF.x.g.'..........`.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 27 x 50
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):369
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.019028949718389
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:aPd7Wm9a7S6xP+rDzujMhsACN1brSF+dmz0fmBDbf92buPamIPW19mW:aPd7Wm9a7zGDu91Ppdmzka/f8bQasX
                                                                                                                                                                                                                                                                                            MD5:3D32D5CBF24BDCC2C74E876AAD4C19A0
                                                                                                                                                                                                                                                                                            SHA1:E4F405F07DC0D870A2CF4E5EEF48C91393676290
                                                                                                                                                                                                                                                                                            SHA-256:7456A5B53B0E7BAD980926BA86EF437ABB19F5C2D397031C83B27198DEA3C5D0
                                                                                                                                                                                                                                                                                            SHA-512:DB97E6E8E062B75FE46D49558BDA19674AA574476F85458A22A536FD07384618524007342098E5FA095532A2D8CFC2612CAD0AD77AC406E5C12029E48F112830
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a..2....................................................................................................!.......,......2.....".di.Y..l.bp,.tm.x..W...`.B,...r.l:...tJ.Z.X,e..z..xL....tZ.n..pxdN.....^.........................................'..#..................................................................................................&.....#J.H....C..;

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 2 x 70
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):361
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.510176350874939
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:DvjkRhk/NruDE9Q0QVlMjlFGCyzVwFECgVp/R5i9pNoj3f31XoB/fNfkc/:zjkRiFrFQ0QELV8VwFELjZ5ii3f3No1z
                                                                                                                                                                                                                                                                                            MD5:2D1CCF8BB4F2013151F9BEC12542D9A5
                                                                                                                                                                                                                                                                                            SHA1:9AFEE504C285A2FD7B09BA3AA745B3CD4AEA3ECE
                                                                                                                                                                                                                                                                                            SHA-256:8CE5E1DE817FCEF6618DC2279753936423A975ECBA3C28732FE0CF0DAA52E1D3
                                                                                                                                                                                                                                                                                            SHA-512:C640B6921D144E76417CCB433CD7B0359FCB8298E546454AA31067FF70D4356DB86A223C83E70F2C43F46420CC4D6554834D3998150DD2D6257F65F8F7708942
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a..F..2...$..$..$..$..%..%..%..%..&..&..&..&..&..&..'..'..'..'..'. (. (.!(.!(.&&."(."(."(.#).#).''.$).%).%).%*.%*.&*.'*.)).'*.'*.(+.(+.)+.**.)+.*+.*,.++.+,.+,..........................................!..Created with GIMP.!.....?.,......F...q...).V..+...0....XX.j.J.P...d2.H..H$..@...C.p8..F..`.........................................................A.;

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1059
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.24710843903647
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZR3xQiD3RJMZcUhiLKyFc43bZd6zO:xmp5UoZJxBTM3Q3SsKO
                                                                                                                                                                                                                                                                                            MD5:4EBFA698055250AD70A0D01B6567BD9A
                                                                                                                                                                                                                                                                                            SHA1:582AE5C5DC0BA9FE23A0FB07590FA59444DA95D7
                                                                                                                                                                                                                                                                                            SHA-256:AB574A980B59756A01718E36CD9E059F1F8B585EEA0D9EB84AE011060986784A
                                                                                                                                                                                                                                                                                            SHA-512:CDE9E10889EFE7DBF2DFD7D88455E339A662CED82C976E818F43E245E2DBDC9DA4C24A2A7303C3838A49E0CB1DEFFF334241C06B95B7109C58A8A556E1B1F818
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}.....balloon-chevron {.. height: 20px;.. width: 20px;.. border-top: 2px solid #E6E9F0;.. border-left: 2px solid #E6E9F0;.. position: relative;.. top: 10px;.. transform: rotate(45deg);.. background-color: white;.. z-index: -100;..}.....chevron--centered {.. margin: 0 auto;..}.....chevron--right {.. left: 337px;..}.......balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//F8203F1B480FD23E30F9EF9C8143E0441CDFE8A7C67E342386A05F6AAC515E97242CF2B

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1687
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.267092910222507
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:LswDjYlGNVMr7xnVMr7EVMr7VMr/VMrlpVMrkANVMCrNM/QogXORMoBK0w7jP:oOjmxuneCKIJCEQxyG0GT
                                                                                                                                                                                                                                                                                            MD5:1DD634B3D908E091797E11EA7757598E
                                                                                                                                                                                                                                                                                            SHA1:D639148A0069ACA3DCF6E63023796DF530BE876C
                                                                                                                                                                                                                                                                                            SHA-256:974ECB6A7AF171CC03DF8B183114AAD0E40930BE37915FFD2E391B99068C6B3D
                                                                                                                                                                                                                                                                                            SHA-512:8516E056CF395382057FF4817A5F6D0B84137B971C1A6430B5A046EF31A5DA0707C5CB7749CA44B5E624E759F0B5591D979BA2A8D15635AC235E594C5A9EAD4E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.js"></script>.. <script type="text/javascript" src="wacore:tel

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4438
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.059293842931067
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:T0AmdonK4uoNDsVgV1PixEeB0NufP9SdaQbXkhrZq:AATK4bNDAg/jeCQS9bX4rZq
                                                                                                                                                                                                                                                                                            MD5:9DDB8BF9200F2F164DE64736E4937518
                                                                                                                                                                                                                                                                                            SHA1:2EE1D0C1FDB084DB19EF31299D102CD2C74FE08D
                                                                                                                                                                                                                                                                                            SHA-256:D56F84BCBF12115359961C54E174AC8B66132DD7063CF036C01E13E837C63DAD
                                                                                                                                                                                                                                                                                            SHA-512:8AA502A5A6F8D6022F58E698613B5788A0D91D586D5D75CD2AAF90057744B21A2E9581AC1CC5137A0A14B6CF67AC2FFFD0908C804343FD40057D9EC1DD1432C4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1660
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.240808975100474
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZR3xQpx4yViOolwM4ZRVcWlX2KPuxvX/bIbZjwvpslYrctLCiIw0d35bFO:xmp5UoZJxwqqZlmlXMwWlYAlCiIp4
                                                                                                                                                                                                                                                                                            MD5:D2401F66D63DED61A50664CB438089C2
                                                                                                                                                                                                                                                                                            SHA1:D1C6971AFEE75BE6AABD65AC701A15D9260B5E2E
                                                                                                                                                                                                                                                                                            SHA-256:8A3A1738A85D5946180104AC006D285F1F5354B955D7769FDA0322ECC944AE3F
                                                                                                                                                                                                                                                                                            SHA-512:CB17B5D1A96C549997C249FEEE3B68856ABAC4AD63D262053BD4F28D0ABB128E6D795933358E180E877766F47404FE8AF661C3398BCE5BE1B61A6179608791D1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. height: 255px;.. width: 505px;.. border: 2px solid #E6E9F0;.. border-radius: 24px;..}.....balloon__card {.. background-color: #FFF;.. height: 100%;..}.....card__content {.. height: 100%;.. padding: 24px 20px 24px 24px;;.. ..}.....content__images #wa-logo {.. height: 17px;.. position: relative;.. margin-bottom: 10px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. padding-left: 24px;..}.....content__text > h1 {.. font-weight: bold;..font-size: 24px;..line-height: 32px;..margin-bottom: 16px;..}.......card__image {.. float: left;.. height: 100%;.. margin-right: 24px;..}.....ca

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2132
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1833388289802675
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:oOjIxneC4WCInHCFy26qAqIMImqIu1ZO+z2L:XmE6JJmz2Z+
                                                                                                                                                                                                                                                                                            MD5:DC04991A8EC7B94577449A18E6BFDA03
                                                                                                                                                                                                                                                                                            SHA1:C62D40B0CA534C53F2435DEDA9BB5F650B7D6491
                                                                                                                                                                                                                                                                                            SHA-256:275E7B777958EB91B331989E0D657D92B095DDBFCBCF4C14D421B97CF11117E2
                                                                                                                                                                                                                                                                                            SHA-512:E66F6672759EA6BDF8C21E5A31A77EAEE31B98EA5E8449FF68F6493D18BAC7850CF97403CC619DC5E616A87C6F71ED5EEA28D54A477126574F75182956B3369A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\new-tab-res-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.js"></script>.. <script type="text/javascript" src="wacore:te

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4066
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.129675491970433
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:n3AXKffHguIKz1hauWSu0RVflDh84bXkYRN:3AogosHiVfVh84bXR
                                                                                                                                                                                                                                                                                            MD5:70946D65EF40959C8CCE060EB65C9FB0
                                                                                                                                                                                                                                                                                            SHA1:EB7C9CD3B302A363A8205D3EEF514F84E9AAAE46
                                                                                                                                                                                                                                                                                            SHA-256:D5A9C65624D31C152741D61701D2509024CC870193BBF9EAD8251F0220E60BAC
                                                                                                                                                                                                                                                                                            SHA-512:E58EBD2EBCD2200062A2CF35CE8F4726AF1C458307EF064D1F92ECAE9B34136EF085A2EC90A9AD06A3589C725555DDD43FB95EE6ED03BA662133C5523E0827C5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new_tab_main_logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 155 x 252, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9836
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.914414293589123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:4SzlM0MAc3Z+8WM/h/Cl3oKSo5i1TL999zhgwfnt1ztUOTGgz7dEM:/zYcc/Cl3nSoIxL9XuwVhtUOTGy7dN
                                                                                                                                                                                                                                                                                            MD5:89FC18BBBA9A69CFEEBFB5ACC4E9089C
                                                                                                                                                                                                                                                                                            SHA1:1FC704BA2ED65674BC9DD7B7D882D8F588C1F898
                                                                                                                                                                                                                                                                                            SHA-256:DDC5EB8EEBD2874C5774A4266EBF0A064FCFBF94A34686839B3FDF7E73235F62
                                                                                                                                                                                                                                                                                            SHA-512:12099A1DA49A4AEA5A5BEA2E41C94E8151743191B48AD6B0F099B43A3532FA57ED7D335C9A2748BAC7F43C11212C04CA63D42E38B0D278C20A3A0D2DBB49A632
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............`..n....pHYs.................sRGB.........gAMA......a...&.IDATx..Y...y..........")..J",J.ER..(mh......a....~X.F...v..z..#|...."%..D..i.4...%..@..qc....g.3.*.2....{.s03.lTu.=S...jr..9..b.. .!Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1R.....Jp...{.S....c0.~.V.(.ef..4<.....k'l...y.v....jDG..=G.Y...~.7.........|........m..+4.........`..b[&..#4.7..YX.........Z....m.8v.| ......J..f...'.."..J.lX.0....?z....n'..}...dPl]...S.....`%.n..p+.).........../o.l*d.;...>4...._.".tPl]D....3{...<.....eVA...f......{.C..Z.nO?.*.tPl]......F.....IB\^|.......n%Pl].$4n.U.lb...,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\overlay_ui_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8640
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.66679634912789
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:S99vW2voaBQcfxGtMOA+kyahqBvJariCSuQzf25c3cOtxo:WvWQrflBIYiTuwo
                                                                                                                                                                                                                                                                                            MD5:FB5DB39050C93843DFAF2013605E5A25
                                                                                                                                                                                                                                                                                            SHA1:97B437714FC5C8F0A3BC1123060A4EE18A68EFE7
                                                                                                                                                                                                                                                                                            SHA-256:954A7F581C3E6149EEFB20C2DA14F2C735331D9FD3EC84C1FA2B3D1C9FAF756A
                                                                                                                                                                                                                                                                                            SHA-512:FE004A26F0BDAC99F2B8746F15867FFA3A80C910CAEFC68980A209BD71D3DE679225928169DDC23EAD8A9D4E73403825338D56B16E86434E81FEF6959E1F90D4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........+...6.......T...4...7.......7...%.......$...>...)...)...F...4...7...7.......7...............$.......>...).......F......GetOption.SettingsDB.utils3overlay_ui_handler: Not a valid browser type: .err.log.core........64...7...7...7...7.......T...4...7.......7...%...>...)...H...4.......7...>.......7...>.......T...4...7.......7...%...>...)...H...4...7...7.......7...)...%...'...>.......T...4...7.......7...%...>...)...H...).......F...Doverlay_ui_handler: edge onboarding from process start disabled.edge_onboarding_option.GetOption.SettingsDB,overlay_ui_handler: Locale is not en_us.en_us.lower.GetLocale.utility,overlay_ui_handler: Browser is not edge.info.log.edge.BrowserType.BrowserUtils.utils.core.t.......4...7.......7...%...>.../...G.....Apackages.builtin.on_search_ext_warning_coachmark_exit called.info.log.core...... .v7.......T...7.......T...4...7.......7...%...4...7...>...%...4...7...>...$...>...)...H...+.......T...4...7.......7...%...>...)...H...4...7...7...7...>.......T...4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6119
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.813476328214718
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:NfZOYoxSEF5scqC3scUO9YdEVe1iT/zAbWmxqWFc3ilg9gN0dKrUfIvhKxfaYanS:NfXmSEjPN1zXmxqWFo9gN0dK4fIvhKxF
                                                                                                                                                                                                                                                                                            MD5:3B4D5B6CBC468442247B75F171C930C7
                                                                                                                                                                                                                                                                                            SHA1:A8A29C015BA6D9EEFF733C662380D56152407A2A
                                                                                                                                                                                                                                                                                            SHA-256:BDDA44DAE7D108E04F494BD8F85012653515FBA0D5D002B030A796426E8B7376
                                                                                                                                                                                                                                                                                            SHA-512:F166AAB2D9DE362AE7AEE93E62CCC3B3883D605C330153F9E61E029CD3470CED64491E34B89FFB25DE7358FDD396FCF474F16518B273CBB1356A4742B554BEF2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........!4...7.......7...%...4.......>...$...>...4...+...>...D.......T...+...)...9...4...7.......7...%...4.......>...%...$...>...B...N...G...... removed=packages.builtin.updateSSToastStatus: toast for browser .pairs.tostring6packages.builtin.updateSSToastStatus called with .info.log.core-.......3...6...H......._ie._ff._ch._msb._edge.........3...6...H......2Global\{8DB68CEC-1C6B-46B8-8808-90838C14CA3F}2Global\{F84F0E05-209D-427A-A977-A5AEAA90EEBA}2Global\{64C7DD73-FBD5-4B1B-8A82-B49950F36A97}.........3...:...4...7.......7.......>...4.......7...%.......>.......T...4...7.......7...%...4.......>...$...>...G....tostring:Failed to trigger LogicMsg browser start on browser: .err.log.OnBrowserStart.TriggerLogicEvent.utility.encode.json.core.Browser...........H+.......>.......T...4...7.......7...%...>...G...%.......$...4...7...7.......7...).......'...>.......4...7...7.......7...)...........>...%.......$.......T...4...7...7.......7...).......'...>...T...4...7...7.......7...).......'...>....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):379
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.24199845007647
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPW/E8kQoywGZy2QuloYCnWnXmYFOwrMFOfzs9fOPrmi/MsTjWnDU4p:6v/7uMpQoji+YCnWn2lwAAfz/jmiU8SP
                                                                                                                                                                                                                                                                                            MD5:0D006D29C298D5D75780C5514DFD7E02
                                                                                                                                                                                                                                                                                            SHA1:47231ADF89D53E452EEBA1A7A4F6F51697B93C4D
                                                                                                                                                                                                                                                                                            SHA-256:CC72D82ECF19CB08D92F5EA6A612A12FD54B86D8E6AD1019D3516CAC0E90353A
                                                                                                                                                                                                                                                                                            SHA-512:B35A08D6FB781DFEEAE99CA78F70C85517DCEC702E59A920967AD146C38B06442C95FDE021EEBB47901CA9D8B4B3DE3E2192DCA910C68497D5D4F5E721B5F35A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............V.W....gAMA......a....2IDAT8....N.A..GLL.....U.....Di.....k.m.S.<..`.&.....M.u.c.......~.........N....\.x....|.....z.X.......)(..?vDzF...q.h.B..r..S.....j.=.`@8.A....F...g...._ .E..*!.Z...aV.IL...z...?. r...q..j-..0{r3Y..M...m.)....Z..^....$|..... n&.....RB.1...v..~.#..t....4..k...E.........~M...S..>.S..&6t..oB.Y......C.Q....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):366
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.181473502943194
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPUyCfW1DINGm00Q6GhmVMWW5tDGMYmw3H0zPsXFdCkhY1+8EtWmTp:6v/7yfW1i700sMVI5tDGMX0VdCWY9EZ9
                                                                                                                                                                                                                                                                                            MD5:808F5E9FF7B694D5926CE6CFFA336085
                                                                                                                                                                                                                                                                                            SHA1:58C5D8F14FEA91E715F8B3CB9B84421FBE99317A
                                                                                                                                                                                                                                                                                            SHA-256:5331E5CCC4E6F8082F7AAC9492FC3DF5CB810087E6F0CB71D99B1582E233A61D
                                                                                                                                                                                                                                                                                            SHA-512:E2DC4A40D8BD68D7DD31A002F480F3D0C5ED7433D0CB6F966EA11D437FD38A2B12C3F9CFC057DA9118E05BA5E81C1BC0896C5844D78F256084AC81554FC89A82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................gAMA......a....%IDAT8...AN.0.E..`i....+.-.....(..E9GO.[..._e....P!.....x<v.4...m.<v,c._...?.....*.p..p.7...d..-T.....B..p.G...m=a..Y3.qm.B..m.WWq.p.Q.C..^.w......&bd....^G..W...TMM.....R...~])...]$.#.jA.Qq..<o.....*..-.M.-.j.k.8..>..b.....w.-.Q..|(.&~..M..Y.>..=.:..Y..n.....S.&....)s.c.T...v0.%..!.Y...J%....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):617
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.536368903712138
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7y8A6KCbdR+rqKuKRLIRBG9EtiJjt+KxqMK:R6JrXe+BGkiJ4z
                                                                                                                                                                                                                                                                                            MD5:112768C9A06EA1AC8783E7EB786450C3
                                                                                                                                                                                                                                                                                            SHA1:15312DD4FD8F87FD23725531726261CFD73888C9
                                                                                                                                                                                                                                                                                            SHA-256:3AA7CF0C447D88B8CE2C2FC0B50E80E49851217D0CB3BB7D4E38FC22209DEE03
                                                                                                                                                                                                                                                                                            SHA-512:87E13AA38498C7E76EA9B017A893CCEF4819FBC13EB387C8A4946C721EAB176A44A5F3B181FD23AC2D16943D12B452EB8462FE7A57F6572EB047F3876BD2CFEE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.....................gAMA......a.... IDAT8..S1k.Q...K.H...p...TV...../'v...6V.U..PP.;q...H%.&V6...!.i...;~.[&..q.,taw.....f.........z.G....j.Z..Gg.dg..F.l.I.oX..H2.t.\T+...A+....vD.\...6X.....\.R.-.v.{..>....|jb....@7C..Q l.]....A.47.....O.X........$C......p.*_.d&.......M..?m.!.,.C.a......../.8...@n8gw.....@7..1.X.p=......._67.V...a.)...V&....a..R^.b..eN.Q.>?.j#4..A......_C+...A..H?....,o:.>........g...[._...d=\..^:.~.?......A?.cN.,...B.q..M..h.7.I.pT.T.4[.o.o..*.\..m".. ....6.0jk1..../..o....J>..6...C.6l.q.)1..N...s.....^..Y6.p..7......,.....:...C..y....IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1523
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.849513030462221
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:4V7JCN3mFRJOJsHKyzBNqS+s6snN326HGGeV6CouULfX7GBo6Bqy4XoRE8ndBAQe:507Zzas6s9lH06EUSBnBqy3dBAPl3
                                                                                                                                                                                                                                                                                            MD5:0A57D1C2AF64AE52DF0CC5AE10897E72
                                                                                                                                                                                                                                                                                            SHA1:923C6AEEA726F5BDAE43F4837C7FFFFE34E90B90
                                                                                                                                                                                                                                                                                            SHA-256:541865D3715C481C1C111ADF0729928E0F6DE4A6B8E1687BB2DA2D26166E8C57
                                                                                                                                                                                                                                                                                            SHA-512:2466E5EC410C6A9484A792B5F431FE3A527A04C01127CF11DFA6AB2ED49860FA052DC84C8AB61441359E03E2DF62341CD7E05F3CD94612AABE1E37564521CD38
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X[lTU....;.N...R(}D.-..CA.1.T[.`L4..5~k...*.|..~.eI0..DA..H../..6..VZ.J....:}..{.......bO.....Z..}.>C.P....F@..Zi:z.X..v.!.-.*'.*d..=.%i...m.d.}.d_].E'..}.J..t....c.......7M.T-.$vF.. ....U.....M..2..}..$.P}.....:....[9|..KBx>7.=l2..<ZS.O..fQ0.M'..iht..........".zV...xB....-.8..P&.....s.B.8..+..ris.......s~.M.......{.<^.M....a%a.<...5.}*......y.|.g.OW.QmU..qu...E....$T....."...e9. >j:.*';.=...7>YJ..+\.NU..z....x...k.dB...!'.]....P.......$.....A.[...i...[....M.|#......K~.|...H.;.@ei!m.. .gd......QLz..S.../..'....^mr.......(..|.`.sf!7...E...M....x<C.t2..:e.n^.D...SiqA&.......a...?.i.....D....}.q#....p...I...nl\...|j..s.s.w").a..Wm...$x.A......8.)......_.i..a...q..$!gb...U$.%...o..X.O....D./.....4.[X..yG]../..:..d.%....................-.g>_....h.$.%b...l.....|7\..>.j....[_6'aSs.:n.'...l.|.z.k..h....yu...TU.r;Yv;.F.b.38b..s..$...L.5.....r.9....)+.C....K......'g(.....P....,#..C..F..!

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1568
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.855339992904692
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:URY+DGIp5LXcjQxWPQjWqIiU27j2NbCYv0WGYKmUjDeQuksU:Z+DfdXqQihAv/WGYBFQuksU
                                                                                                                                                                                                                                                                                            MD5:1CCDA19F6B165F0487EBB6C65E870492
                                                                                                                                                                                                                                                                                            SHA1:3CB6473AE58648F9E6365DDD44EB6A24529DD55B
                                                                                                                                                                                                                                                                                            SHA-256:8A3C7A2285AF72210C4CEDEB87701596B05C96A435E200A1BC3F0FE1947DB566
                                                                                                                                                                                                                                                                                            SHA-512:D681758B205597B043FFF6F8BE779B5D05E37708FBCC9C08C88DA963B2B4681C33BB3E3B5912E8DF0CAB819A89D520BF1D21DE1C7B7499B5738AB0D557329C57
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X]l.U.~.um.....l..!.i"..8...J.@....+.....41A\.K.B....;.:T.1(.B......(l.u.l.m]...k}.....n.vr.....<.{.s.{..[.(..........w#.z.....F..)8...T.pL"V.e....g]...C<.....K..eq...0.o..S.g..T.E\.I.3%.....Mh1i.3...O......fG..Ez.J.....g.t.6...O.H..J.W...;..P........?...,.......H.......$..V$W....B7Sn}..e-.'i..=.....k....3::.....8.p%...6.g)1OT,.L..W.84.....u...7v....!$E.-....j%L....C.T.....&.-~N.b.wZk.y.......:3.W....s...w...1....a."..Z...n..1!........J&/x...b@.=..}.U..rTF.a.....N...A761?q=..~ZID./..Q8.s8....U.m%......3.x....D....2.7V..C.....}..Mj..y....\e..`1.`...Y..i.*I6....o....5..?.kzz.dN.*.......9.........8,o.%...5T..o..cH...j,o...5.Bz.;......<....x.x.._nq...<.{V..o!..!.....S....tx.\.U............u$j.>.....4.....H....F.,..b.Z...R]2}WP.,1L...m.........W.....R)..a..Nl%..s&....9S....F..:q.`..1....b......j%..S..<v\J..]..5z>?=65.Qf)....hd..rx..QtS...pR....r>..G.J.Qj..]Yn........L......L<*..T..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\toast_impact_close.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):245
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.356933018581735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPe/6TsR/h2Ogt2PfVuymklNXULhg+/qp:6v/7m/6Ts/NutyJlNn
                                                                                                                                                                                                                                                                                            MD5:BE47EB430418C03DF89E2CA140BC1325
                                                                                                                                                                                                                                                                                            SHA1:A099F0ED4114F8476D6558BAA30E3DDFDF0512C7
                                                                                                                                                                                                                                                                                            SHA-256:F651001BDF0AD41D9BFB7D5942F136CE75ECCEF744752EE72934980B8ECFFA4F
                                                                                                                                                                                                                                                                                            SHA-512:AD150D115D35F1F796BB0E24C61FFAF72401FE2857A0A4475A2CB7E36325A5130CAAC1F167628E26C7AB6D053B7A3757D57EA3A07C71FC14FC848CFD2771232E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx..S...0...$..F....J&.i..X.b...w.|.pXJi*.N.|..-.."s.Y.`...MX...._.6.mU..aD.0FY*.T.O.....@C.o....&A...Y..C.Z..G...D..5:....9...s..............IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):473
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.236375221337779
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/74/6Ts/fWEpw+mmdlVkAV7AnpSvLkXfwtelX8EFQgdPjSTFN:x/6MWNmXVfV7opSYp8eZPev
                                                                                                                                                                                                                                                                                            MD5:640A9A68216D3ACE0A04C70F745760F9
                                                                                                                                                                                                                                                                                            SHA1:DEF457CF4CC59B638CB4C988652925CBBD7A972D
                                                                                                                                                                                                                                                                                            SHA-256:40171CFFE5FB5BBFDA44569BBF7BBCB3848ECEF6A975CCC237F475B3141CCF4D
                                                                                                                                                                                                                                                                                            SHA-512:A1CFC930207C1F468D423F072CB80CE6D6BC2FE6E8ED54A8A21386445882E9A922BE55AE627330E7810EA3BEF6108F06B4A2E0A3E62EDC659E1992046FD9D8C8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....nIDATx..J.P....&........8...... .=|.}...y.....A.X.5.N.P.&1.{.X...B&...$7....O.c.,x..D1x.@q..P0..a...:.Zb..%.........%y..Gp.X.9...ze.$p.UQ]..~u*Nt6,....3YX..F...2.....O6..]...]+#r...`[TzyP......c......Py.... ..j).......5uD.c*......?..1.;..3.x..P.gA..3..=.M...ns3...C.U.L....VO(.............tq....WJh-.o....0..y..0..-u%.+.g......Z@..V...-...P..{....I........IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3796
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.626027437423178
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:vc/g/EYuAiL44bppDPG621D92KCM+ew/4txA:yi7uAiL44MD92K/S/4txA
                                                                                                                                                                                                                                                                                            MD5:0DEDEFBC128A295EC7DBB31400BE5493
                                                                                                                                                                                                                                                                                            SHA1:06732E7C01DAD49616E8F8D0FB5F7D2D55DB3DAA
                                                                                                                                                                                                                                                                                            SHA-256:FCDE33DEF156783CDC5359EEF3C5B8BA0A5F1FB897E253D024F1C68773AB1C9D
                                                                                                                                                                                                                                                                                            SHA-512:BB67D30847FA644D218C1141B1D5D512585F09BA97A68C87E15481CA4CFFE4C8B609A0CD87255687C7D5D80C7932550BFDBD413D6ED7566F0CA0D02E87853C9C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..X...........T.......T.......T.......T...)...T...)...H...)...H....new_tab.browser_launch..........D4.......7...>.......T...4...7.......7...%...>...)...H.......T.......T...4...7.......7...%...>...)...H...4...7...7.......7...)...%...'...>...4...7...7.......7...)...%...'...>.......T...4...7.......7...%.......%.......%...$...>...)...H...4...7.......7...%...>...).......F...Hupsell_toast_handler campaign one: show campaign one - take_a_stand., do not show campaign* equal or greater than xml threshold 9upsell_toast_handler campaign one: client threshold .threshold_take_a_stand.tracker_take_a_stand.GetOption.SettingsDB.utilsdupsell_toast_handler campaign one: Only browser launch and new tab are allowed for campaign one.new_tab.browser_launch>upsell_toast_handler campaign one: User has WSS installed.info.log.core.is_suite_installed.utility......&...7.......T...4...7.......7...%...7...$...>...)...H...4...7...7.......7...)...%...'...>.......T.......T...4...7.......7...%...>...)...2...F...+...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 150 x 314, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42124
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.989049214597359
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:LJZubuFGvQ0hVNPAb14MPMrY0iJyMXbAjw15AIJgW/8QjzastNBmwQ:LJsbu0vQ0hje14M6iJy+sE15AegW/8c+
                                                                                                                                                                                                                                                                                            MD5:6F1B48189D2C835EC68CC9C30BA53360
                                                                                                                                                                                                                                                                                            SHA1:93D78939DA261C4D7CC06E8B8341D9B3D93CEEB3
                                                                                                                                                                                                                                                                                            SHA-256:29ACC284AD48147B1B5FC3F6F8E79F8D7481002E12B7D0B631DF91D9D22E5749
                                                                                                                                                                                                                                                                                            SHA-512:D47ADF288217FFC8AE2F6D9DE1A2FF5E240355EEF3E31F3B204C16A226ED7470D60021E23F155883A9F77275FD1712994565B58392694CEBDC4E28BE7F3AD1E3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......:.............pHYs.................sRGB.........gAMA......a....!IDATx....e.U...}.My.%.F..b.fK.%..........H..@../$|.../...~.. 6.d06`.{U..{.......Y..g.....7..aKo....*......7?@.B)....|...w......}..X..Q......Ju{.k#x......sm...G.@...R...)./m().Q..mwM..'............w....z}.;Sk[Oj\;G........A+....X....g.U..}g%.?..z..U"..A....t.....F....i.4e..X...4..L..LZ.b.. _/J."..6.~.QJ.8EuB.."A~.....j......%VU.sF.i..;....m....|@3.vJT.6...R.S.[.I.m.....=..D.6?...h...]...^^.........X..[.Z.0..BT!<a....TQ.xr...2K.......D. ...m...).xf..<.D.#.J.K......qY.;f.h.U..yfZZ..J.p=...R@3.E/..8..U.:t..W}.4.g=-....4.G7'g.:.\....5J&\4..Ip.....Pk7.........l..f).*.G..yh.D...?~p.0..k5_0.UT..E.L\T.8q..\.>..Y.r...o.B..k.n...jV{....!...YH{U..Y't...b5.A...5..........9zZD$T../.F..Kue.....z......un.h..G..J.!$ru..2......0..n=........U.0.....Qu_.....M..7.@.4.v..3bQ..Q5..zB.}..0....^.L...V.!,.*...D.^.3..._j.....t.(PC6.... ..c.......M.P....H..A.x...........J.#

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1957
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.212141203881511
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UoZHx4Yli5FZSFIuMDWlYOlZiIpd3bF:xANxhi5FUAWlYOl5TrF
                                                                                                                                                                                                                                                                                            MD5:DD692612791E9902321E69520CA83411
                                                                                                                                                                                                                                                                                            SHA1:C8E39D38860B2C338E07E0F5E3042C1890906B1A
                                                                                                                                                                                                                                                                                            SHA-256:23E24EEB8A43278E474647D8E4770A5465F54496FDC5352416B4A26CC22ED294
                                                                                                                                                                                                                                                                                            SHA-512:92A2AD440D40B9047556BBA067CB64DC9DA9D9BD23C4439DE3206246A738CB563548B9324C0E671611D4E970AE37AF2B63EEBAA73EA4B0B1EDE97953B23746CA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 16px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. .. width: 510px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;..}.....balloon-I {.. height: 314px;..}.....balloon-II {.. height: 370px;..}.....balloon__card {.. background-color: #FFF;.. /* height: 314px; */..}.....balloon__card-I {.. height: 314px;..}.....balloon__card-II {.. height: 370px;..}.....card__content {.. height: 100%;.. padding: 16px 20px 24px 24px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 16px;.. line-height: 24px;.. padding-left: 24px;..}.....content__text > p:last-of-type {.. padding-top: 18px;..}.....content__text > h1 {.. font-weight: bold;.. font-size: 24px;.. line-height:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2077
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.280508932997895
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:oOjEJneCWIuCFf7P7d7DtIrINqIdmB9mbk:oAcNz+V
                                                                                                                                                                                                                                                                                            MD5:F36002858C28DDBF02C7EFB286972047
                                                                                                                                                                                                                                                                                            SHA1:B0647C8CE8DA0683B46EF517C2C3A87140058B02
                                                                                                                                                                                                                                                                                            SHA-256:6719C3CD7C9DB80B42B7D270EDEE309AC2884D1DAB4051A5933A9DEE376D4081
                                                                                                                                                                                                                                                                                            SHA-512:11DBA261422A07C24D038F6571ED63DC74E8B67CDBBF631857F83793D69188E5C44249AC120424C2C34444EE027C3318E14C1B61CA79088E4699D3DCFEF5658E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.js"></script>.. <script type="text/javascript" src="wac

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6225
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.847675462142375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:4G3AXPfTEzni3R4uISETACySbd0SE13z8acglmVnIJ+BH/jyjsHbXkbXy:4oAmMR4FfCSERz8k5ymIHbXn
                                                                                                                                                                                                                                                                                            MD5:C012CC180C8F5B3A7927D3A8481593EB
                                                                                                                                                                                                                                                                                            SHA1:75A379A2F522B800826DB997AF5C150840F88AB7
                                                                                                                                                                                                                                                                                            SHA-256:4424BED81BE3722C57FD6C1A2054F8020145BF2D7D9BF5EC66AC001259DDAB60
                                                                                                                                                                                                                                                                                            SHA-512:0A1CA75E27127F1DA0EF0CD3A36F91C228F8A0A0181D7C083681AEE7C6A00F33D41E4D8176956751C2A9A2DB12A82AE3C81177795430097C57F5988929B2758A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Amazon Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. contentText2: $("#content__text-description_2"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. footerLegal: $("#footer__legal"),.. };.... (show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("toast_data"));.. init(payload);.... _window.show();.. });.. }),.. (init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.UT

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1484
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.242517342858763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZR3xQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUMyoSh:xmp5UoZJxDHF3uBjFloZKY+YfnHcQeyL
                                                                                                                                                                                                                                                                                            MD5:64A921E97406C4660A986850A21FB935
                                                                                                                                                                                                                                                                                            SHA1:49F37F64873371F6C55218E57CC188AD2C1292A8
                                                                                                                                                                                                                                                                                            SHA-256:2C2A3C2B850C9E76D5C2A8072119D95F24FF990572EB22F963CFC49B24EE7903
                                                                                                                                                                                                                                                                                            SHA-512:E53F03E44C9F7EB6EF515AB567A13145C6308E2C643F20F8528C33F07D79B5BB5ECEE3C36FEE88F617A606AF43A6674F8DED691287580377B9422110C49DC18E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1951
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.235542540075188
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:+swDjYARGNVMr7xnVMr7EVMr7VMr/VMrlmVMrkANVMCqAedml3+u4wXRMaHDdt:NOjXxuneCnIJCa63+WvHDdt
                                                                                                                                                                                                                                                                                            MD5:B61C8F46ACA1BFC4D4E07B06FCF28784
                                                                                                                                                                                                                                                                                            SHA1:FD6AFD39202DCCDD2FAC0FE1D7E73CDAD3C99CB1
                                                                                                                                                                                                                                                                                            SHA-256:948931080B10C81F6F835F424828AA5F242C5B17C2DD1200164B9C199B56DE30
                                                                                                                                                                                                                                                                                            SHA-512:98A30D148CDC380F1111683C570E35B14CA4E4E000EC700124DF8E45E03A65DF996093DD47D9961574DC8F4CE7348F6918E98F51623DFF811610EAC7C94DD8EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.js"></script>.. <script type="text/javascript

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.14848258279732
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cMAozDAQV9PqREed0kMTJo9QV9PKgMaGXc9d:vAODAQnTeurQQnzMaGX4
                                                                                                                                                                                                                                                                                            MD5:45195EB555835F68EB10AAB176E71A4E
                                                                                                                                                                                                                                                                                            SHA1:27F54EF5B10CE2CF3D61D9854CFA369DD01F4655
                                                                                                                                                                                                                                                                                            SHA-256:7F1EF8B41CAD8DE79598E9F630967077DFE43D47CDA7A5369E19061D8AB128CC
                                                                                                                                                                                                                                                                                            SHA-512:BD529FA92E219B8F36E97FD960FC2CF9F5293C5E0830B6FB2A4B3EE8F99D31D6E6C76959C472027F23DAFB98E2E9251328337591FD8D57D18B9C53ED10AF3ED1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. },.... show = function () {.. init();.... _window.show();.... // Send telemetry 2.0 for dialog balloon showed.. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(_instrument.getBrowserTypeCode()).balloonType("WAOverlayOnboardingOpenExtensionPage").Serialize();.. _instrument.sendTelemetryEvent(telemetryEvent);.... //Send Telemetry 3.0 for dialog balloon.. var browser_code = _instrument.getBrowserTypeCode();.. var screen_flow = browser_code == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browser_code == 'FF' ? '300.1.2.1-w

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 20 x 20, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):743
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.485906014360001
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6v/7MRUwaBLht3zHOuVKg7/6Tnpb+R2pi5IDyc1RX25gbhbzS5/IEMS:kwaZht3zuKKC/6jptpAIeEoglbzegEMS
                                                                                                                                                                                                                                                                                            MD5:1ED7DBC29E984E621DB85633607A39EA
                                                                                                                                                                                                                                                                                            SHA1:77CF88D52CB9A32A8EE377E37DC2CA70EBC79143
                                                                                                                                                                                                                                                                                            SHA-256:C364887E094D6235A4FD5774D7CB5D9631A2983C8626998BAD8CA294BC446A19
                                                                                                                                                                                                                                                                                            SHA-512:57CB41F770F5586041F9FCD9E934FEF894301AE8DDF8EFC498E2743FAD006D5C0D4AEF7D2A2086A9D3E60FC08B02AD2505D02E95B039786555522015EC9C41FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............W.?....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE............................................................................................................................tt....WW.ZZ....[[................................r....%tRNS....#BSR$.7}....~9.k.....l.y....z.....>....bKGD...-.....pHYs.................tIME......*..uk....IDAT..e...0.D%....;f.@ ......,`.r.]..J*.Z....jl.3..D...M..q.....(b.."I.6MD..=E...e;..{.<*..X."..$..}..r.el....-..z%..(.^#.f..H...07Up.S0u...a.8.r&#<.N......r9..H}..R4...R...]Y.).3...S.....U..TW..+.z.).3...(.....s..m.....5..3m8....&1@.....%tEXtdate:create.2022-02-18T19:30:12+00:00z.a....%tEXtdate:modify.2022-02-18T19:30:12+00:00........IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):285
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.92410222781354
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPW/ETnWvTVFX9ls1mDf0J7KzAvC7gnh+i25wp9M+S+N0XXnTp:6v/7uMTWrVFtW1mQJe7ib2uPSjX9
                                                                                                                                                                                                                                                                                            MD5:527825CC6A463D4D1A8E7019B4773D02
                                                                                                                                                                                                                                                                                            SHA1:C58CE479BCED1BA8B47339D6A9867E3D75A96672
                                                                                                                                                                                                                                                                                            SHA-256:87A2C49BEFA3F59750E91A1FCE86FB9AC9BA928A04D4ABE1A7BDFFB25883EC2C
                                                                                                                                                                                                                                                                                            SHA-512:38DFD2D59C8D8A9195BC9D45E45A71FAAA69AB3E7C4777F3A448C31A95D44AA3E97303EF3FABAF13B3BD4F7DA1BCC6269B8A6A668EC758E28EBADCE2F949D0DB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............V.W....gAMA......a.....IDAT8.....@.E.I@....V.AK..K..[.`..zQ<X...EP..&.a3D../..cg...a...o..v.38@.s.|4.....`.;....a.G....k.m".....w........&...`.{..C.2q]jx...l<)OC%4.....'../H.+!y..S].,A..J..stM.^.M[.....2....^...T.(J..7.?.....t.QL..r.........IEND.B`.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2631
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.989770706687156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3OTFMv26ITWBgkqlgPgOCF/ehQORDa0cYL:IKy/iQqzcYL
                                                                                                                                                                                                                                                                                            MD5:B9246F824BD1F6FCD28F70F7B4937E9C
                                                                                                                                                                                                                                                                                            SHA1:538CA595E196EAA7F142B470BA796984E65084FC
                                                                                                                                                                                                                                                                                            SHA-256:72C05079CC566DAF5FD495E8F3DE971C4978A0A60E03A037045545514D58E6A7
                                                                                                                                                                                                                                                                                            SHA-512:9ACC7D32442ECC10552F08E0C03BF954FC5602D2CB8764296626FACDD06BEAD28C4D6B5EB4C45C6CAF49D58883D46428ABCAE51D0E8A6F114C36BA8E0D49AB0A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="w

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (339), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23342
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.06976604696877
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:cD3PO1JLwhGbm4Ny+e8yfCwh/ZfiuLeeYjYWUUQo6La+Z13ej+:Y3PO1JLLbm4Nylj6uiuLaM5ZRj
                                                                                                                                                                                                                                                                                            MD5:FA182E2C6E5D81F6CA957E3E644D353D
                                                                                                                                                                                                                                                                                            SHA1:38EFA10933A885A1ED38F2C934EE3E1EAFCE14E4
                                                                                                                                                                                                                                                                                            SHA-256:D77ECA3908B54D794DBC0E10D5C467EF4E293348A4BA3B7E8085FCD9E32FD9EF
                                                                                                                                                                                                                                                                                            SHA-512:7490B997007D4DEF922B1A73BE3B256249CAAB9EA1BD1570F7A6DD778785295D2F3BA7F44831493DB155EE0BA1E2DAA0BD3F1A18236DEFA66E6ADCEAD0801B85
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "wacore:mfw\\packages\\builtin\\white_timer.png",.. alertImage = "wacore:mfw\\packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):802
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.289665507031782
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZR3C3dDUUhiLKyFc43bZ228vatP6X:xmp5UoZJkxQ3SdrCtCX
                                                                                                                                                                                                                                                                                            MD5:0A392CB49EDED69460760F2E14375D5D
                                                                                                                                                                                                                                                                                            SHA1:12A5402D5EC3B9E5C0AF4D4387BC93CEDF08E303
                                                                                                                                                                                                                                                                                            SHA-256:AF73B0DF11ABE67A86099576F2709D4D3B64D186992E2D02F0A54A4503E60C0F
                                                                                                                                                                                                                                                                                            SHA-512:56C08E5CC4F400ACBD21E27B354E1565AAB7D1784F70D73226ADF1787E5EA943AAA1BD11DAB3A4B2DC47DDF45FAB55AE0AFDBF42064C5B9AB577957CD6EBF382
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//29CE803FB5103E397E0003270BD0BCCB5C47673C28797B871F6050669D6D4BAB078E01AA46F80C9002568CA51EEB95B613DCF70521A61DE7A9D38D94BBA473BE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1888
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.257526954195077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:+swDjYI2GNVMr7RHVMr7EVMr7VMr/VMrlTMNVMrkANVMCrnr8ymTQogY+ORMaWyZ:NOjPOROneCZNIJCzsTQ++yVWk/
                                                                                                                                                                                                                                                                                            MD5:0C1F54FAE8DBCAC66A71B6343A5DCFAD
                                                                                                                                                                                                                                                                                            SHA1:7E0C6A9130D01B159214DF09C280DF0E9785212E
                                                                                                                                                                                                                                                                                            SHA-256:4A9130C4B7273D7FAD124751FE9AB577DAC65879763F3774DE7C8FE3226BB56E
                                                                                                                                                                                                                                                                                            SHA-512:BB3E87DBF37BF570AE05E314679ED693AD933CF4E839E3B728FBBC5DCF6CC0121626DFD041C36F835375227381A5A2AF0FEF6A3D01B3BAE0589C003C108C7D53
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-dialog-balloon-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dialog-balloon.js"></script>.. <script type="text/javascript

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1653
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.932366159294594
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:3JYmsL0yXFeRZ7kkbslksjsjjGbb+CDBXRDDNEVRK1tzZtg77OgKqDmvN3Q9of:9ByXIcrH4fGbaYTEV6tk77OgS3Q9G
                                                                                                                                                                                                                                                                                            MD5:BEF81D30CA0EE6C4DEFCA2DE2465C32D
                                                                                                                                                                                                                                                                                            SHA1:2A4338EC124911D4066A5F1BC1F4E16C27658D26
                                                                                                                                                                                                                                                                                            SHA-256:7D8BB7735A2BB4D72E91C6EFC3CFFADB707B7F162C40EA48DE9971DA144BF94F
                                                                                                                                                                                                                                                                                            SHA-512:CBB077098CCB22DF4A78A27A365141498B9C4E37BE3EB4DB2EF605D143B4B4438B2028A7F13DDED65FAB138EAA79C9557560138569A33DC57035F87811271610
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:#wa-dw-toast {.. height: 245px;.. width: 425px;.. border: 1px solid #B1BABF;.. background-color: #FFFFFF;..}.....header {.. height: 20px;.. padding-top: 12px;..}.....content {.. border-bottom: 1px solid #E6E7E8;.. height: 132px;.. padding: 12px;..}.... .content img {.. margin-right: 8px;.. }.....content-header {.. margin: 0;.. color: #EA1B24;.. font-size: 14px;.. font-weight: 600;.. line-height: 33px;.. text-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.25);..}.....content-text {.. min-height: 32px;.. width: 99%;.. color: #53565A;.. font-size: 12px;.. line-height: 16px;.. margin-top: 8px;..}.....content-footer {.. color: #53565A;.. font-size: 12px;.. font-weight: bold;.. line-height: 16px;..}.....content .body {.. float: right;.. padding: 0 0 0 0px;.. width: 99%;..}.....footer {.. display: table;.. background-color: #F5F6FA;.. height: 56px;.. width: 425px;.. padding: 0;..}.....logo {..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1693
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.120047875792636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:V2sY0TYttGNVMz7tVMz7EVMz7VMz/VMzlGVMCqEjIYc09WY:3XT0tMv267CjjK09WY
                                                                                                                                                                                                                                                                                            MD5:B420BDF71D0DAC0D9A4EF89A6A4173EA
                                                                                                                                                                                                                                                                                            SHA1:4A18AE3FDA9DDB6FCB55B9B746700F5601A0FE30
                                                                                                                                                                                                                                                                                            SHA-256:5C6671D6C9EDDF8348FD70C77B447304B4416B441790D2BEFF81AC9B70B01EBB
                                                                                                                                                                                                                                                                                            SHA-512:DDD026B82A57B72D55A252E7C0D3D4F375CF81E95616C1B0B4EBFCA798BF0B95BB2EA7154EEE0622A507641097BC5512E06F261B3261FD3054E2BA2C68EEAC26
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body oncontext

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2137
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.910977970641668
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UUzf2hkRg/q4HWcJ5/VFeICFeI75jYKubJsbnbIeIpqqJZAG:Uh2gy4HWw5/jC75jYbJUba8qT
                                                                                                                                                                                                                                                                                            MD5:A6DD19A76697B102F36324FFB94FC19A
                                                                                                                                                                                                                                                                                            SHA1:131D576A3C41CF088A453854DCBA0314EC67120F
                                                                                                                                                                                                                                                                                            SHA-256:FD2BCDBB2AFBE916C4C3897EE389E4954AD61315167D8299212FD0152F723D3E
                                                                                                                                                                                                                                                                                            SHA-512:7CD50686BAA93A21828F0B021F9909509234756100D90F20706EB7ACC5F23FBAA43957D2855B2A6FF434FE3A2F1CA3C50D58677F99746D7EB98CEAA5B5430D44
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;.. }.. .. h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;.. color: #383434;.. }.. .. p {.. font-size: 13px;.. line-height: 16px;.. color: #454545;.. }.. .. .main {.. text-align: center;.. background-color: #ffffff;.. height: 210px;.. }.. .. .main-logo-container {.. display: inline-block;.. }.. .. .main-logo-container .img-wrapper img {.. max-width: 105px;.. padding-top: 32px;.. }.. .. .main-divider {.. display: inline-block;.. margin: 7px;.. }.. .. .main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2618
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.083708862824626
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:V2sY0TYaGNVMz70VMz7EVMz7VMz/VMzl+VMzk8lVMCqX+Q7hc8A5TTD14KtYJCKG:3XTL/v26Tg88ChnR+5WbeIwEeIYOzN/
                                                                                                                                                                                                                                                                                            MD5:DD87915E00002516B9ADB64C67828D86
                                                                                                                                                                                                                                                                                            SHA1:95DD004E6239349314D597BD6CC25ECB17EC47C5
                                                                                                                                                                                                                                                                                            SHA-256:3F417EE606B9CE80207A5B8AEF4D66D81446590BA4102F06D99AAC391F965639
                                                                                                                                                                                                                                                                                            SHA-512:EE214C46BD8DB2DE0476BE156E83D06D494BD40688F479A2955D9554641FCFA3BE8BB9B9A113C580B876F32DF0A382F0B5965FB4D71DE3125AE28945BF8B7C0A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ext-install-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.js"></script>.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4309
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.296651216965151
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:nPT2likC/JkhmmVkH0zf6lui5TF2csEzkb0WDnt+lkz0tRZU77:SMvuhmmVXzf6gah2cBzzWDwlvtc
                                                                                                                                                                                                                                                                                            MD5:22EFCDB954C2BA653B57648D0FC63D02
                                                                                                                                                                                                                                                                                            SHA1:600EFB885BBF48EED64C1A089D2786324BBDF91B
                                                                                                                                                                                                                                                                                            SHA-256:96B9CDF3E2C5740DC345787C3803B528253E7FC47B59DFC1C4DBC63F1946577B
                                                                                                                                                                                                                                                                                            SHA-512:DB99A3D3120E433921BE44C3FF9020C9F37A04E729325D6A866DD3F483AA4125F1D89CEC3AAAFB4CFB1BDCF89DB457C019FBEB3935B51DC56741640CCD746155
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,... _instrument = wa.Utils.Instrument,... _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.. var $el = {.... header: $("#wa-sstoast-heading"),.... description1: $("#description-1"),.... description2: $("#description-2"),.....acceptBtn: $("#button-accept"),.....ignoreBtn: $("#button-cancel").. },.... show = function () {......_window.ready(function () {..............// Set toast window size......setSize({width: "485", height: "265"});..........// Get settings data.....var toastCountSetting = "ff_extension_toast_count";.....var toastCount = _settings.get(toastCountSetting, "0") || 1;............var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.. .....// Initialize toast......init(lang, toastCount);.... _window.show();.......// Send telemetry for toast impression.....var settingTelemetryEvent = new Ex

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 126 x 104, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5630
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.947897963110471
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:QSToxeyGItzC74o5BBiMAxI0Roty8QTzTuWjP4IMqQidjQFl1JuKOrzmdc4z+S3:QScxeyDtMzPBiMAxZtqIXQ6QhJZyS3
                                                                                                                                                                                                                                                                                            MD5:F5D9337BD302C183FFE6B9613EA4E236
                                                                                                                                                                                                                                                                                            SHA1:6C622ECF659AE65E7F6ABFED4FA831D230B51A02
                                                                                                                                                                                                                                                                                            SHA-256:DDC6EC93BB8B7AE8C90D42476ACCC47CB7E9EE28B01A312346462AD54206151C
                                                                                                                                                                                                                                                                                            SHA-512:40270893584E34AD27B7E89DE9466D08464A4A869D96D5CA414FADF7332BD02B7AD1F28725FA82D7EF8AF4A0973494CC8633A202F58F0A2E60933CF482591BF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...~...h.....7.D.....pHYs.................sRGB.........gAMA......a.....IDATx...xT...G2..$<B...6.@?E...#.~U..b..Z.j......E........\...,.......A.V...A Iy.H2.y$s..g.'3.sf..$.{~.w..}.L....Zk..(A.....Q.&...`Q.n.@...j..Wz..2.I*.....f...q. .%..[..x.:B...:.....F.a.,\....O...>.t:....`.Ut...Y..34.O'q.%<..b...B.I...q.%3.n....k..#..=F.J.5.9...;o.R.^...D.N_...9...i?..~A....k.%..l.kiU.\@....`...M.`.....9.L.n.%....t...9..;YK......aT......4-......yq.D.8...>1..."...v#.....]t..i$S..$..H.C)$...i-n.Q(5];S,.Utc......6.....4.WOr..%...-D6v.\.m.m.....r......@..6..1..fQ.......`z.e...J....I...At...0.;..B......?...,...0..8.. ...n...Y..o*....r.6.b.......V...M.....v.J.d.K..y.Hq.|....~...e.=_....x.t...x.x.z.i.%4..~.k>.n..$.&..^.S4s.c...!r...].3..}9M..Mz......u..\..6....=3N.=.#.N...SQ..i\...I.<M.~AdP...G.o....A=.}.L...N.R....N..[nQ<o.8..V.&...,......MMt..a...r.[^..F'9.Ix..t..N'.q.....N8.!.8..%...t...Q=..U[+..Lcs3..j...:r.\I.'S..."9....:Q...YR.WP5[<.w.A.m.0

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6632
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.86774813786894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:yH5SvRvxVoY2bZ8/C0jBkY52Q5YsYmgdFZR9q:yH5EvxVD2bSq4BksV5BLgd32
                                                                                                                                                                                                                                                                                            MD5:4FAA17C049F9EE1C25A2E06E1CC815C0
                                                                                                                                                                                                                                                                                            SHA1:F9BBC2D5218DCDC68D6E0B5BD6AD6CE5236E5AE3
                                                                                                                                                                                                                                                                                            SHA-256:7EE350878A12F783E99F0FF8E2F8757281A83A0AA12747B304DD565207D6DE10
                                                                                                                                                                                                                                                                                            SHA-512:996A91C249DF410A9B059EE8200F91A77FA8FC87120C05950CE2FB22BB75D9F3C092A448BC53AE2079B7EFC2B13E1B8849E60CB990B99BE786C5D33DE923760D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1526
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.25199376932693
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:csY0TYJGNVMz7UAVMz7EVMz7VMz/VMzlQVMzkCZVMCmFgtHAXW:3XT8sTv26ZgzCJtHT
                                                                                                                                                                                                                                                                                            MD5:FC23B2AECB18FCF70F32AFB398328863
                                                                                                                                                                                                                                                                                            SHA1:77DC98239A37EBCB4762E5D86D24C4E932F2EE6C
                                                                                                                                                                                                                                                                                            SHA-256:139C913F875D9AB3AC17B2C03A77506BF58DA5ABD6D925980AA197D10FA62DDC
                                                                                                                                                                                                                                                                                            SHA-512:3142B94D7DF396EA4384ECED7BF2E2E6697882DC5575391768914BFDAE0FA4FC1533406CB6E0E08BDBB58532A35CC5A8394FE1763BB5AFFFF0B51B73F70F3C31
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-options-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-options.js"></script>.. <script type="text/javascript" src=

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1594
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.198054220050235
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZR3xQpxsVecZa95p4H3rn39UDSyPVhilb39U0M3JtEN8vWZRVcoPuFRnD8:xmp5UoZJxRVXw9n0gA3uBHEN8vWZwDm5
                                                                                                                                                                                                                                                                                            MD5:0BCFF0C285E288A9B4174F7A6C1EAF46
                                                                                                                                                                                                                                                                                            SHA1:13A9941025E337F86D68EEC3707B1D78ECC2F99E
                                                                                                                                                                                                                                                                                            SHA-256:6F3DE5DE455235FB0DA93CE37755789B1D06CE8E4ECDC4EEAC037E5548F49ACE
                                                                                                                                                                                                                                                                                            SHA-512:F85E5CBB3EFD9FA465047F70B4A6EF77F4CC067839BF4542375CEB2AAF444613827FDF9B4C8763BE67DC4141CC902FBF7E3A7ABF6F4F0146900C4EB663AC628C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}..../* Arrow pointing up */.....balloon__arrow-up {.. display: none;.. position: relative;.. text-align: center;.. top: 8px;.. width: 440px;..}..../* Arrow pointing to the right */.....balloon__arrow-right {.. display: none;.. height: 130px;.. line-height: 130px;..}.....balloon__arrow-right img {.. display: inline-block;.. line-height: normal;.. vertical-align: middle;..}.....balloon__card {.. float: left;.. overflow: hidden;.. position: relative;.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. height: 130px;.. width: 100%;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. ma

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2157
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.210456042351339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:+swDjYiRGNVMr7xnVMr7EVMr7VMr/VMrlwVMrkANVMCrAe+xdmn56+u0INBeRMJF:NOjPxuneCNIJCO06+PCBCg8pw
                                                                                                                                                                                                                                                                                            MD5:173E708C6B6191E3E1D5C85F2ADA18EB
                                                                                                                                                                                                                                                                                            SHA1:29FA373724F56219DF8929CC4EA0B4CB4DD540BF
                                                                                                                                                                                                                                                                                            SHA-256:DB76348308821AD44E8EA90F1276A4EEE2D959CBEA3B539ED311E87D3E4FC928
                                                                                                                                                                                                                                                                                            SHA-512:DD1BDE025B4613B8CD09A589208B0CEB032403AC8598794EC353CFC50A2A76AF11A2CBBDBDB0A7E0C5C587C7E84CE02B0A1120100D02CFCE5B5076356D6401B6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.js"></script>.. <script type="text/javascript" src="wacore:tele

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10010
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.210901249991467
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:2Ar/3qYFqFmMKuhiXdeRh3tFuznLe7Q9HKmX5vX:7SVIIh3tFc4QJr5v
                                                                                                                                                                                                                                                                                            MD5:88A90AD0437DA01E1F6E72E791CECC9A
                                                                                                                                                                                                                                                                                            SHA1:000CB8022924070FA7DB0A4AFE435A09F565B6FE
                                                                                                                                                                                                                                                                                            SHA-256:E55C4B1998DADA80B3E3F157A8162285E7F180D080BE678690053A1FBB2E80A2
                                                                                                                                                                                                                                                                                            SHA-512:D1FA4A54FAFFDA1214978C014442364ABA677D3BEA31F0C18D11682DAF9A55DEADE4174A8FFBC072484E701A28485063CBD810C90CE944EFE5BF80D2B49637E4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2101
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.234199060438722
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UoZJx7MdDjTPWfx9gczwPpCRulmtI9:xArx7M5TPWfx9lzwsH0
                                                                                                                                                                                                                                                                                            MD5:CEC0B43F52220714A9BF8523F4FB420C
                                                                                                                                                                                                                                                                                            SHA1:8C719251010F5C45EA6276AB3E8FA3ABE7B170AB
                                                                                                                                                                                                                                                                                            SHA-256:A4BAB9BE53BB6A6D13B4BDC6642D7D366D4D291D615DE9409592D16CA0041D63
                                                                                                                                                                                                                                                                                            SHA-512:858B0A8A422C7CF7124509488E55DA806A0DFE6786F844E6DD48E47D31C6F0BA6B9A4AA02A689B1D403B6008EF86D0EE3B92B2C91063F5A034F2B57904535381
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 16px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 16px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. paddin

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2197
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.208280007666155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:AswDjYEZGNVMr71rAVMr7EVMr7VMr/VMrlEa0VMrkbAVMCrmglB7vURFWS4CicmR:DOjNlTneCp3IHCTRSFWSO7QmqPO40
                                                                                                                                                                                                                                                                                            MD5:3F1EF9262ED6F138063AC7E729DEEF10
                                                                                                                                                                                                                                                                                            SHA1:BE601EC6C612A7202335C2A5AC68CA06633AF951
                                                                                                                                                                                                                                                                                            SHA-256:54FD9E2E0A67DF097F13B36F4DB0E49CF493ECB03921246B6C779B0BCBA3C884
                                                                                                                                                                                                                                                                                            SHA-512:51A26B80601A3467D6E29ADC84C66411169499EC25897D67B32071BF3853AF86A24DFE5EA18E9885EF9BA6CBF41526EDE0E32E10097210647B1FF483CAF222F0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>....<head>.. <title>SS Toast Variant</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.js"></script>.. <script type="text/javascr

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11776
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.988591826978154
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lAGSRh8MezXoRYhsCSRyTe7TSlR2R1pUnoKWERjW18jEcYwNNGifX3H:m3hFezXmYhncyTe7TSjg1unoKWyq18jH
                                                                                                                                                                                                                                                                                            MD5:3B83DE1E085361A216A76526831DE1E6
                                                                                                                                                                                                                                                                                            SHA1:CAE72DF0217D68846F7A9802CC4478E2D1D60E29
                                                                                                                                                                                                                                                                                            SHA-256:2BF28A37424DDE23EB4658715CC27237EB1D8142DF57E394249D26CB40E8B335
                                                                                                                                                                                                                                                                                            SHA-512:B24D505991F02CF88AC8992D017325B01AE84E3C602E43A951F5406E719F76445B1AF5A99171ACAB2F758715D542880B07D03B9AA3A1CF40581BE384446C0884
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION",.. Label: "TOAST_VARIANT_CHECKLIST",.. ButtonText: "TOAST_VARIANT_BUTTON",.. T

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1615
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1069674598184385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:UviN/rbeh3kskClt+GSq1lPDgrertqIKV5bZ0CrYk6nLK:UvitmrJpSqbb9AIKV52C8m
                                                                                                                                                                                                                                                                                            MD5:3468BB5D8F25BD605E9942EF470B89CC
                                                                                                                                                                                                                                                                                            SHA1:8AC0C54512A397CC61541DECF3C5B1D003C2D427
                                                                                                                                                                                                                                                                                            SHA-256:E990B637B475C34803E127F86EE76AD98378A0C9A5F3552622AD952244F6CCF5
                                                                                                                                                                                                                                                                                            SHA-512:E7B74E04ABED95203A7022AFB45CA069D91662392A4845E9F5EFE8B4CB148F6BE36A71315734E3951D2D4F1448F571338FEE8546488CE911F57D60C3BDCD2D0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(wacore:mfw\\packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(wacore:mfw\\packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px 10px 10px 10px;.. font-weight: bold;.. font-size: 15px;.. color: white;..}....#wa-sstoast-content {.. font-size: 11.5px;.. padding: 10px 10px 0px 10px;.. height: 142px;..}.... #wa-sstoast-content table {.. height: 132px;.. }....#wa-sstoast-content-caption {.. font-weight: bold;..}....#wa-sstoast-footer {.. padding-right: 5px;.. padding-bottom: 0px;..}....#wa-sstoast-content-check {.. padding: 0px;..}....#wa-sstoast-

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2922
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.612475101351718
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:x2sY0YYkGNVMz7OAVMz7EVMz7VMz/VMzl1urVMzkbAVMzkizVMCqU3jOB3+7f6LS:jXu4v26mCgHgiKCe3BEdrOq
                                                                                                                                                                                                                                                                                            MD5:FB3CD2354A31654DA1A9AA3043BF7E46
                                                                                                                                                                                                                                                                                            SHA1:A4A33D329189B822BE136A34ACB59056097F4EC7
                                                                                                                                                                                                                                                                                            SHA-256:C07FE72F45035547ED61166FB99EC6C1D734E34E030AF0AC1447E32DF0441E17
                                                                                                                                                                                                                                                                                            SHA-512:7B53FF47D2C2009B2AFEDA404A586AF0D745D9CE06B81BEC0A3DC352960443F6545D10F84A9BFB50DCCB12E5EC51E2A672D2AFAD91705DBA72BFBDD3BE283C93
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast-bing.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-bing-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-sstoast-bing.js"></script>.. <script type="text/javascript" src="wacore:telemetry\\serializers\\Secure_Search_Toast.js"></script>.. <scri

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7462
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.110198202407823
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:OWZxXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cg8:OW0H2zFguf+c9Ug9K7aO9Y1bATW
                                                                                                                                                                                                                                                                                            MD5:5D5F968828D3902C6330FE05A74F1404
                                                                                                                                                                                                                                                                                            SHA1:16F7156F26C96490D39F344758F92DF694FE820F
                                                                                                                                                                                                                                                                                            SHA-256:A18E71847BCDB9DCC64031DFDB08B6B3EB9399A38B4E476894144E51FA84FF6A
                                                                                                                                                                                                                                                                                            SHA-512:1AEF023CEDE2A358728B4E5A8F1CA7F855DAFF2C39B1F719D611772C59063403C21BA0751C9F7B50C6D2E87FB430C792B62D43C33EE28723C530A8BAD7529657
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3957
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.044347286271276
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:jMsaURv265bWgHZNY0TUYoAzgs3CZ4ea9S6ghD2QXIanvn+qm:jjbLe9Yo2gs3JeacVDfXIanP+qm
                                                                                                                                                                                                                                                                                            MD5:9597835F22EA601608E34147DBD4E746
                                                                                                                                                                                                                                                                                            SHA1:1F28848FDD87FC3E09D4D3AEE9ABD4C1B2B60953
                                                                                                                                                                                                                                                                                            SHA-256:F84AF62D264204E6060226841F6CAD19E4C7FABCB043781A2A29FDBAF4FCB8D5
                                                                                                                                                                                                                                                                                            SHA-512:316424172895CE633CA9DE2F8BD40DB1F85229C312A3A1E5A4D071A2F73262C09DFE3431E44A8B7851DF06A6A97518C51F93567F958379F505D80F05FD14EC07
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\weba

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9376
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.149093107358449
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lAZ3m0aWPwT0JrrvG1zuLIhHQnJC16wZ+3Fo65DcwGWlgXE:mZ4j1yDJG+1opSsE
                                                                                                                                                                                                                                                                                            MD5:45F33C4938D3B42EF320BF46139E323F
                                                                                                                                                                                                                                                                                            SHA1:39D9A197E646F86860F9911C4E0551F547571A5F
                                                                                                                                                                                                                                                                                            SHA-256:349FB95F09C00EE2EA8DE892200D4C12870DF4D716278DAFA07CD731CEEDF91D
                                                                                                                                                                                                                                                                                            SHA-512:E97674C531A5CBE58F4DDA867AD0E18A275A0898F2795B3BC215C4146EF702D15085E2A1EA89879F492DD5B37F30B504ACAA247AF2AB1D1C322DACA713447F77
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContainer: $(".feature__1__label__container"), // dynamically change container if text is too long.. feature1Name: $("#fea

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2118
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.175275994007074
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UfqttN0I4H0m0UY60uR60BFvUIFaSvU49xRstVOWD:UfqttmhR3F7aSp9O9
                                                                                                                                                                                                                                                                                            MD5:8B8DF7AE2C61CF5A94AC4E63DA6C7675
                                                                                                                                                                                                                                                                                            SHA1:736868A5B7CDA40D4C832ABBE85358A0EFC1A8F8
                                                                                                                                                                                                                                                                                            SHA-256:75D8B91E0248B8A11455A44AE0E60A7F08F8F526D0EF26CCFCF3DEE0300C5C0B
                                                                                                                                                                                                                                                                                            SHA-512:49F01D666EF0317B9428E09EE86B9A9F852B7E5C2DE46C0B43217F8358F028BEA9BACA99CAEDB8EBF17B6DBFA2A8A8F058FB79F428A2BF702269251A4F4E458B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(wacore:mfw\\packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(wacore:mfw\\packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px;.. font-weight: bold;.. font-size: 16px;.. color: white;..}....#wa-sstoast-adblock-content-subheader {.. padding: 0;..}.....main-content {.. font-size: 12px;.. padding: 10px 10px 0px 10px;.. height: 118px;..}.....main-content table {.. height: 108px;..}.....main-content ul {.. padding-left: 13px;.. margin: 15px 0;.. padding-bottom: 10px;.. line-height: 17px;.. font-size: inherit;..}.....main-content ul > li {.. padding: 0;..}....#wa-sstoast-content-caption {.. font-weight:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5592
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.097832398384123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:m2sYRYkGNVMz7eVMz7EVMz7VMz/VMzl5VMzkbAVMzkizVMCqU3jOB3+7D/6LG3BW:SCxRv26GgHgiKCe3GyfZ9jey
                                                                                                                                                                                                                                                                                            MD5:761897E62CE42167789F2B5054EDA068
                                                                                                                                                                                                                                                                                            SHA1:60F146DB26AA13F59DE3901B15A3C8CB6E9BF275
                                                                                                                                                                                                                                                                                            SHA-256:6130CA64C9CBAF1DAB705A261F2614A0999AE8F62ADC16960632AA6A9356915E
                                                                                                                                                                                                                                                                                            SHA-512:D0BB7A6ECBF86CB6D7E827E76BC25E203E393FBE23579653177676E5A1735CC6AA5CDF25E1D68B68BC16FB1FE76D13C065184E0FC84569FDCAF52A5A0857454A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=8" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-sstoast.js"></script>.. <script type="text/javascript" src="wacore:telemetry\\serializers\\Secure_Search_Toast.js"></script>.. <script type="text/java

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3342
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.667565337590142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:B4j7B2AacfdwtxqA5JBbIVXjQB6UQVVPhPkzYOEbFQO0HR/1xRzi1CePNXDdbq:scAa+dwtDDRgVVPCxEeO011xReXDdbq
                                                                                                                                                                                                                                                                                            MD5:4BF37C9F82106ABFB3A401AC09E48E77
                                                                                                                                                                                                                                                                                            SHA1:000AA1564C982782229C71865FA9CA66644FCF15
                                                                                                                                                                                                                                                                                            SHA-256:737CE9812E00E315B1B1792A4D31CBC35E1738D4FA0F55C13E6BFAB7C1C5926E
                                                                                                                                                                                                                                                                                            SHA-512:E94855251E4B3B6C526D4D2B69A9D729AF447A7F773BBC6D39E9AA37D0E0C4DBED4FF7EC48C5DBADADEE765B282B6CABFA365D0119305AD82C8DEC68A6B76AA5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. button: $("#wa-dialog-balloon-button"),.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $("#mc-dialog-arrow").. };.... var telBalloonType = '';.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... _window.show();.... // Send Telemetry 2.0 for dialog balloon showed.. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(_instrument.ge

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2413
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.804134666249459
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:H45ikVjkpq/nWp1qgVsk0HuKAh51nhXjK:Yjk+WlcsBhzK
                                                                                                                                                                                                                                                                                            MD5:2733864B6469F425B14BFA4A33E2346C
                                                                                                                                                                                                                                                                                            SHA1:057319741D42D78F8C73D10C61BB558EB822FFAD
                                                                                                                                                                                                                                                                                            SHA-256:2F718A0EC1E1B88ABCD18A2A7F94C3AE1BC086F0491A3435AF801F225DAA7B82
                                                                                                                                                                                                                                                                                            SHA-512:B4B3D39D30E9718DA4A8BFBB4F2494B065A8411D18F1E8EAF98FE65C2E3533A08A832545AB63AA928C0E1CD26BB5BCDD5722A5B5FABBDC42D66703D7F4E2C8BB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. var $el = {.. logo: $("#wa-dw-toast .logo"),.. status: $("#wa-dw-toast .status>span"),.. content: $("#wa-dw-toast .content .body"),.. block: $("#button-ok"),.. allow: $("#button-cancel").. },.... show = function () {.. _window.ready(function () {.. var domain = _dw.getDomain(),.. fileName = _dw.getFileName();.... $el.logo.append(_wa.getProductLogoHtml("wacore:mfw\\packages\\builtin\\mcafee-logo.png"));.. $el.status.append(_l10n("PP_STATE_TEXT"));.. $el.content.append(.. "<p

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23745
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.894439750463326
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:LravuBFTv2stBHDiF9ymq4pnU5rnXEBF15hZOmvYkydOergIN:PavuB92qBHDdmRBU5rXEBF1VJy9EIN
                                                                                                                                                                                                                                                                                            MD5:A57CF446268BF7CBF054BD9AC1C0618F
                                                                                                                                                                                                                                                                                            SHA1:3F2C8577DD899964257DB70B69E629B8290AFC37
                                                                                                                                                                                                                                                                                            SHA-256:936B11ABC02D2D8E81B07DE4D0A7B8EE73BAB15AA1ADC29A8CEF57E3E9CECEC3
                                                                                                                                                                                                                                                                                            SHA-512:156FB6883E94BA18C1C1D269A7D324E623294C82E7402443254EA79EDAC99ECDDBC2D06A36B24188FE667CC0D282D003C320DEF0152FF661E07F385E95B9D3A1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast-bing.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3660
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.763560730421771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:445jWijMxhfOx/2NdFobmZ5oncCl/QSt/QBmy/Qe5OOQH2:bjv23F2+5onCFOOQW
                                                                                                                                                                                                                                                                                            MD5:0775613E8CC154D6497DA2BCE384316E
                                                                                                                                                                                                                                                                                            SHA1:EBDF7207F54B7C32637692FA6CEED167CD55960B
                                                                                                                                                                                                                                                                                            SHA-256:82B79AAC799AF42F4A1F54B621F7AE63FFBB73CFF8E1C469770C233254D62851
                                                                                                                                                                                                                                                                                            SHA-512:BB192025A3FC8EE30720064E973E0DC4DA4168E146D8698D78F426FF87C4A7A7DE84AA21EC0BE6CB1E0A6ABE9732395E97FFB3679E8EFD7954EF31CA1A54F747
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window;.. .. ui.SecureSearchToast = function () {.. var $el = {.. header: $("#wa-sstoast-header"),.. logo: $("#wa-sstoast-logo"),.. subHeader: $("#wa-sstoast-content-subheader"),.. caption: $("#wa-sstoast-content-caption"),.. subFooter: $("#wa-sstoast-content-subfooter"),.. submitYes: $("#wa-sstoast-content-submit"),.. submitNo: $("#wa-sstoast-content-bing-no").. },.... show = function ().. {.. _window.ready(function ().. {.. var toast_element = document.getElementById("wa-sstoast");.... if (!toast_element) {.. _window.close();.. return;.. }.. _window.setHeight((toas

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15681
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.871446512282397
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:QODJo/vVNYs2ebppb08qb1WAWxJK8ku6sI098/CdQkrriKSpKKBS6aYSQwuHcBzR:Fi/vVNQeo8yCdI098+oYupqv
                                                                                                                                                                                                                                                                                            MD5:7F112450EA576AD7FBE90043325E6A79
                                                                                                                                                                                                                                                                                            SHA1:E4081C7EDC1E351DE0BBAF6AF54375945CA6353A
                                                                                                                                                                                                                                                                                            SHA-256:AE5F1E9522DB83351156DBF18475801F0920CD9D67027514C9958F376DF12E7D
                                                                                                                                                                                                                                                                                            SHA-512:E24B115FCA81149C7FAF74537A12DF5973B450C16B07274E5DC8D3EBD8AAEBDBAF800AB0FAAE208210DCE6CE0F0F8612996CA0BBDD42180F13AF9814FFCE1967
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var TOGGLE_COUNT = "toggle_count";.... ui.SecureSearchToast = function () {.. var $el = {.. header: $("#wa-sstoast-header"),.. logo: $("#wa-sstoast-logo"),.. mainContent: $("#wa-sstoast-content"),.. mainAdblockContent: $("#wa-sstoast-adblock-content"),.. mainMavContent: $("#wa-sstoast-mav-content"),.. subHeader: $("#wa-sstoast-content-subheader"),.. subHeaderAdblock: $("#wa-sstoast-adblock-content-subheader"),.. subHeaderMav: $("#wa-sstoast-mav-content-subheader"),.. caption: $("#wa-sstoast-content-caption"),.. captionMav: $("#wa-sstoast-mav-content-caption"),.. label: $("#wa-sstoast-content-label"),.. labelAdblock: $("#wa-sstoast-adblock-content-label"),.. labelMav: $("#wa-sstoast-mav-co

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-danger.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 210 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12312
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.968450241648148
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:yRBdas2d1PJ4BYvAHpw+9zCUu3lsOgtPaITUL:6UdVTUoUTHs
                                                                                                                                                                                                                                                                                            MD5:4FB51E8F6008C7C9C8F0A1075BED12A1
                                                                                                                                                                                                                                                                                            SHA1:39C35D6482BF2D7B8A347991BC99F4EB408B7FE7
                                                                                                                                                                                                                                                                                            SHA-256:866910A9732E353EDFE938958BF6F4B6FF03FFA6B90589BD03C44011D2E41C37
                                                                                                                                                                                                                                                                                            SHA-512:6C39FDEB9036823547E8515A7F0505B41A519F5F70D55A1D2B51A10B9FAC6D8738EB3D78D2DE2BEE55666C5712A4753D72450760B69836C7F1B71577760FD99F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR..............4r.....pHYs.................sRGB.........gAMA......a.../.IDATx...|....vyU.xO.. ..8.%!.8.PJ......t..RHx....@[.......@i...-.<..H..%....x..y.l-3.+.<.G.i...~>.F..5.9.=.\.,,tp.P...rr./~<...h......a........A?.i.m.R.y?9a.y....".......0.,0-........LS,!Y...al...G..k....V.a.NGQ....p8.o.A#..<...<...0.+.`..0.....!...k..Y.x..ax~-....T.8w.t.T^...`..&.a.#.h......}Z.8...(..4.^L2.....&X.M0<.....B.T....d..62......`....,...'f...I<R.....!..t.T..(,.e.."......x..9...Z..(0.BH.]...2....lS.D.'".h)$kU.. 0....:M...z..6`..1.1.|.VI.%.9...3.B.NS&......i...G..i.mS..M...f....x2!.5.....:M......y(......V<...,.%....!.W.d........s.:.BJ.W0...WO.!#.b.E..Z.fP0..r./.j.....lq....M.u....L....3.2PLD.O.Ao.!,.!?.....2...iR.D..[Y...-,. ..d...cC[.%..,,..a..U.m.<.4!%D....`aa..d.L..%".."_.......,.YL.d.|s{gp.L1.......Qv..I....38.q......*pH...j..0!.u..,..XXL.SV.j..p4..1...w...k....$.s...:.e^.Dd..`...g.>.dr......U.b.O.....&.Drr.."_..C..MV..."a\.V.."?.B`.3y.y....E.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 210 x 197, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9639
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.959929359756836
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:8Sx+XNV33b9KE2nQId+RaxmxmDzMeRPGUhtGrnGyzcgJSzJKlkY+BjJJnjYdSPay:7SX9KbIRARfvRtklzcgJS1Ukz7hjYdJy
                                                                                                                                                                                                                                                                                            MD5:0960D91DFEAF52DB02812BF775B62C55
                                                                                                                                                                                                                                                                                            SHA1:125D3E9976B984B6BFDD698140626CB92D393722
                                                                                                                                                                                                                                                                                            SHA-256:9E7C4BF9C4911967D24A948BFFE7268F5925A1B1E3DCD5D9CBEB7721DF32DF24
                                                                                                                                                                                                                                                                                            SHA-512:C2AE53F305F34A3E6B0EF8E29A1E21A477C4A62F6AD27A69A91C7F1CD601A94DA1012341169F7E11C293D12AEC9B07B14CCB23185829A8C7F05FE0EDC718B681
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.............!J.a....pHYs.................sRGB.........gAMA......a...%<IDATx..{t...._..j..%...`.....!..q.....&.N^..$....Hrv.....v...........l2I&..a.....O.[......l...WU...[.wwuwU...9..]...T..=.D".H$..D".H$..D".H$..D...DR.}}.@.-.iG.k...D........RH..\..&.*.r.M.|..j:.M...a......a..Dkk....)$I.I.pU...w.C.P].p..ok..."bA....>..T.r.!\.&.....R..8..9...8.(..F........;..K..wp.N).rB.){...\gk0....$..]twd..#w.\...Bh.0.....j(.R..*\....7..8.o!..B2-O=.g.}..),.0.....5'..{*.).i.ZW5....UBrP@9..`w.b-....6!.]..O.B1.o[h..5B........r"\A.]..]..B....S{..|....6.\(^B.4.n.o..g...Y+7.q]...N5.R.Hx.....H.Vz\?.....$3..l....Xr.....Z.{.bj".Y.=.v+d...z.J\..1;2...a.(.`].r....U....8..S..../{d1.A/@V*..z..,.o-..MF....&.(.S'..p...V6.w..7.N7.z..i.Lx...vCB..P.(".,..K5pe...l<$q#....B.P..+,.=.H....d..fE.......].FL..I.H........7.G..$...W..>..D..EH.X....H...'....FT]H...9....[.|.5..1.Yl...!...C.......TMHT..*;*...Z....:......q..I.I...G.N>TEHfrA..I.C...G. ....(.K&.$....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-wss.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 142 x 114, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9195
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974458734523204
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qSgxF7Rxse5mfaPumPCqZplpMCwhsoYl6Va1uaOyplM/0zPMyWEu0:lg77RxsRaJCqD/twhsFl6VaD5KyWEj
                                                                                                                                                                                                                                                                                            MD5:985990E7B49221E68CA85928ABFB55B6
                                                                                                                                                                                                                                                                                            SHA1:A625326AFC180A99526B9C1E36C85718A8AE4E53
                                                                                                                                                                                                                                                                                            SHA-256:6FCA27CE0ADD2712EA1CBAF52291BBC2C9AA3E5B8411348DA4459082E53D456F
                                                                                                                                                                                                                                                                                            SHA-512:AD415F9B2242675A26DFD9FAB9DCC9E2BA02191EDFB4B938C688458E92379263C9E1357EEDF8E97D4956E3A28E69D59A80C6FD23777371A33CC1A02D2AF45181
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......r........j....pHYs.................sRGB.........gAMA......a...#.IDATx..].`TU.=.M.d..R.%..{...*M...(.k..UDqw.U..]uuw]...H.^..RB...u..3...L2.2....}.d......0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0~.h.v..W..#..%....]..M....e..rA.iI.>q8...E......qI.Y...T. ...Hr..]..{.V;.....G...S.J.........Z.Y.6...(...Dv.%%l"`..`.%X...m...a...J.#...,.....G%..:]...I.^9z..-."#.......B...%(a..0:t.0.`<.@.K:?!G.@...42.`..%..X..\>z.3R..N..}.b..%..:A.N.B..>...d.H0X...C..H0"...,..m.EQ...t....N....Fi.v.Z"y#SE..U?M.....mv...S...T.[.7*.'.T.0<.,..E..%:.ce.Go..g...&G.U.A......;.m.E.k6...%..2.tt..#J.w...|X~.R)h.g.a...6.(c........U.UZ..$.1a.........Pq...+.%....`....p8.6..ZNoWl...8.....$.#.$I{.m4.+`.7...0..B...SC.e............2....;..E..A.H3.^.}.W..E..9.....).Bs.b....K.. .q....q. (...... ..........`.....*..s.........C s..6oJ..Q...F.I.&..Q.N;v..... M..~D..P..Z'Ga.<..{%.....<l...')....A..."..ATT..x.z.c..B...A.q.k.....;...M....0....5.6n.P.7.......w.(,.%..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2407
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1459059903374795
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Uk73uxPuaasQ8+FQv2xfdleIileIjOmkRlYWBheIpJqqeGzeNeIp5eNeIIBl:UDj+aOxf7KjiRlYWBxadt+t8l
                                                                                                                                                                                                                                                                                            MD5:FBF0A828BE698A31C40E6423AA7BBAE8
                                                                                                                                                                                                                                                                                            SHA1:294F9EE458E0FA6548489B240587F3F46AE0FCAD
                                                                                                                                                                                                                                                                                            SHA-256:9C8A4056E8F5AACF05CEA95FFFDB09C7C4F28C4BC52F34FC83455718C52C3FCF
                                                                                                                                                                                                                                                                                            SHA-512:A3FA178A81A7EA81BD9E78F0EC6C9076CADC1AD9841F47550E6672BB4B7D8B2F7739C333F0E232FB27BFBC7A0F4BC80A233DBD989A972A4DF1540572A97E8494
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;..}....h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;..}....p {.. font-size: 13px;.. line-height: 16px;..}.....main {.. text-align: center;.. background-color: #ffffff;.. height: 220px;..}.....main-logo-container {.. display: inline-block;..}.....main-logo-container .img-wrapper img {.. max-width: 128px;.. padding-top: 32px;..}.....main-divider {.. display: inline-block;.. margin: 5px;..}.....main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position: relative;..}.....main-description-container p {.. font-size: 14px;.. line-height: 20px;.. color:#000000;..}.....main-description-containe

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2634
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.071554417168856
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:c2sY0TY+GNVMz7OVMz7EVMz7VMz/VMzlKVMzkHVMCZ+CEv7hW8AoDF0qXRqq5VbP:cXTxBv26HgOCe8+DSSqoFbeIwEeIYuAg
                                                                                                                                                                                                                                                                                            MD5:F704F7D07DB4FA86719D0D5B7B3C44BA
                                                                                                                                                                                                                                                                                            SHA1:3CB37F84F5CB68AE703B6350C73E8679498A3EC8
                                                                                                                                                                                                                                                                                            SHA-256:F1CA18CFF09A5A6C2042DAA71EE27D4A0FA601B060D0F95251933316F2C7A346
                                                                                                                                                                                                                                                                                            SHA-512:143C6ABD886848232AAB2B21A64BA83FF39A9B1CEAE66E933866142E288FF03EF06A0F4A918B2D279DFDEE4A492DEDBC0F7C7FCD707042F7A2B67DD8B4F43B05
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.js"></script>.. <script type=

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12796
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.056756734166245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:80/Pf4lTvqz3NbDdvSNOsxyVVXMT2OpbNg/0r:JPf4lTvECBxyHcTRfX
                                                                                                                                                                                                                                                                                            MD5:27A31150D4884BFDD9D59424B4F2D42D
                                                                                                                                                                                                                                                                                            SHA1:DA3A1997E082EE1D8439DD9C1D320E864DCDCA66
                                                                                                                                                                                                                                                                                            SHA-256:2A55074FBD372A59236735C3017B8C55A01EF5FE0496C23F807319400791E473
                                                                                                                                                                                                                                                                                            SHA-512:FAFF1565E6656A5C65E5412C2E209A934FA22C9339D39CDD343CD1B5E7CA1E594E96AF423B5731DE291A70A7A00EFF6FF0E76C39A53128E2E7F6B8677A1682AA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function (toastData) {.. this.data = toastData;.. this.lang = wa.Ut

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 47 x 46, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1793
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.876784630522941
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qaOARKiy6Zk/fIEJo8VsjZhQ78P49eiQgPO4sP/ulgafKd6c:/OATy6Zk/1x0TQg+wvPmlga1c
                                                                                                                                                                                                                                                                                            MD5:0649B7E9A67DE6931312BDB5BE3FA6D6
                                                                                                                                                                                                                                                                                            SHA1:285B792941D7CCB34ECC8749A367CAFE4A51D4B1
                                                                                                                                                                                                                                                                                            SHA-256:CBB5964B1888A95703984990FBC9C71448ACBA8A5E19BC0A96E626C2129F7E22
                                                                                                                                                                                                                                                                                            SHA-512:12B8E6C4F3EBFF51BA6CE1FE66D737461CD0C30F0B9E65443256886DDBF9E1518E3A26D9186CD8F2CA95EA09D35F910372558BE1C997073E0E26603C4DABC22E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.../..........|p.....gAMA......a.....IDATh..Y]l.E....R....?.y.A@1.mi.)F.....#J.F.'..O.Q..#Q ......>hPH...X....b[b+..@.Q @....{w<g........W...9s.7...93C...7..e.b..\.d.....d!..'......G.....k...2.1J.a.6.1!.{.E.0..r...D.....I.5k.../.@..&QD.*j.oW.....6...}.2...\O..,..f...q....U...1.....Lf..U....bs....:.0!..?Q...j.e..;...X...qN.JM.[..../....=..2T....T?..VcR...qFl.._.T@.s...rP.....L...3!1...L.Z..xlh0.....Tr3..D..V......^.^..t.....3O.ED....8j8....k.E.`...{.>....v8...R...@.8.R_.. ..|&C..?.....rG..( .y....}.z.p.28w.....k..v.7.~.......7F|.. .@.8"..,..L...Q....7.a......oI*.z.f.{.j...`......}g.....!Y.... ..J2p..IJ...2...X..G8..Y.. N}..t...26.....M.._.....c...fs...{....)t[.,....e.&............t%.PX...W)..%..........t.`>.....7...H..s.CW..........u}.nS...~...&O..1...C}.....#..G.IH0.mjj(.._....M...=..C2..==..V&...~1..?...en..M...\.Q.%...B./.g.S...... .#.(....*..q...jb......p;../5.m.T..-...SE.h..(.|le...[.**!...=:TJ..!m..q2..CI.$

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\custom-checkbox.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):292
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.423375006466325
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:KYCutJFlCutfwEr+gCutF3GHw+amFgqMjMr7aMSSqkQ9c8:lCu77CuuSCu3X+aUhMjSeg4b
                                                                                                                                                                                                                                                                                            MD5:1CC4FFC09D4B9E7A300922BBAC8D6FEE
                                                                                                                                                                                                                                                                                            SHA1:7DBE9BA09919D2469B64EE2A6F2E549E3A482D73
                                                                                                                                                                                                                                                                                            SHA-256:F89990B5E6732FEC83D4B256DEAFACD7970DB66C2D704A27C46C6D22B81DA82E
                                                                                                                                                                                                                                                                                            SHA-512:949801819C752CE8ECCAD82C167E6D537C0025CEB5BA50C4DBE634D6BA5F271E54D8EC71A732F8EE160547999E4EF58371CBA6D6C8494318E2991E7C40FDD0FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:input[type="checkbox"], input[type="checkbox"]:checked {...box-shadow: 0px 0px 0px 1px black inset;..}....input[type="checkbox"] {...accent-color: white;..}....//9B82EBE6370F4B62F2CD4FE6C8CA239703814322D57250385EED612B1ABFD68A874252A76D6AD6BA81DE62A16C1B65392F137A55ED025299CF7F549146A84CFF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\jquery-3.6.0.min.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65446), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):89637
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.297690436754969
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v/:eIh8GgP3hujzwbhd3XvSiDQ47GKh
                                                                                                                                                                                                                                                                                            MD5:712FE08D558510EAE764484E8589C725
                                                                                                                                                                                                                                                                                            SHA1:4BF8E520E80B803946557166AA91055508363B94
                                                                                                                                                                                                                                                                                            SHA-256:B2CDF00864D1083020AA779B7A977E5BF38FE5913BA6E4C0B2E0B71674AE6D14
                                                                                                                                                                                                                                                                                            SHA-512:F6F50DA112D767B94AD62AC21309F23228A8D52BC8B6568F0398E96814635DA835756DA4F649246A4614859D8B3C9DC303AC5242F0AE6137D620A9CAE025DAF3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):34187
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.04775948163756
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZ3:E9DDI6thXjez1jtnC
                                                                                                                                                                                                                                                                                            MD5:F91D87301AF75396584604BAA4A45A23
                                                                                                                                                                                                                                                                                            SHA1:A9FF08BE83C44731AEEDBD3A594C80A6EE3166AA
                                                                                                                                                                                                                                                                                            SHA-256:772AC52600270A43EAA9494087096A83C4CE8C8CDFD82770F546EE1FCB54CBBE
                                                                                                                                                                                                                                                                                            SHA-512:099B43A60A2F42768BA7340BFB9C634B9EDF7663FFD6BFA4D5F408C297D14F01BB7C4A7DB2D38BF6EC4275CE66212C217A2AB5791C1F02F91B875228E71723D5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):853
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.332212183702675
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2B/hPp825C8dJK5VKv5iP5h158qESea06/AXJ:Y/h2P8dEnjPESTIJ
                                                                                                                                                                                                                                                                                            MD5:A9D8E519E059B0395A0637969214F326
                                                                                                                                                                                                                                                                                            SHA1:D1BDF66B7A5E3D185BB03CC95F93FE0354CF91D7
                                                                                                                                                                                                                                                                                            SHA-256:D429A5E4A16B6E1801921515B59B1F706BF9564667F5EC224702ADE90749CCFD
                                                                                                                                                                                                                                                                                            SHA-512:E5FECED82E7D90383FD526E14073F0A6FC0A6300531BD697FE624998CCC3CFA9E1FC7F68820AF74FF7198E10C4E37BF2F8ED5EF3284B7936761F1B9449F6B18F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa) {.. var common = wa.Common = wa.Common || {};.... common.getColorAndStatus = function(score){.. .. let color="red", status="WA_ST_SCORE_LOW".... if(score<400){.. color="red".. status="WA_ST_SCORE_LOW".. }else if(score>=400 && score<600){.. color="yellow".. status="WA_ST_SCORE_FAIR".. }else if(score>=600 && score<700){.. color="green".. status="WA_ST_SCORE_GOOD".. }.. else if(score>=700 && score<850){.. color="blue".. status="WA_ST_SCORE_VERY_GOOD".. }.. else if(score>=850){.. color="purple".. status="WA_ST_SCORE_EXCELLENT".. }.... return {color,status};..};....}(window.WebAdvisor = window.WebAdvisor || {}));....//2F9F7075A941ABE1C0AB0710F1D9280E8104D4FC90258B062E8C2F9436F7C39F95DBD73EF0D4B7F2054DFCA3286089732CE5A621EE238CD993EF63A62D616793++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-core.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23487
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.123179029687177
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:GZCfU5OMibTTqFf3+CyZRCDqRkaPUEgpLS5ueJw+dc0cbT4M/5cWal1fGoy:GZCfU5OMiLqFf3+CyZRCDqRkaPUECLgM
                                                                                                                                                                                                                                                                                            MD5:E7984550A5EC9D0660F3DCD30D73C08C
                                                                                                                                                                                                                                                                                            SHA1:581B46B50B0A696411B2ECC370679E310DB93C55
                                                                                                                                                                                                                                                                                            SHA-256:1B0264EDF2BA956924D727FBDDA0D8ADEB48EF83D54A3E2A3981535A4CCBE226
                                                                                                                                                                                                                                                                                            SHA-512:EFADF30DD5D682438615AABE4E2B42014ACA47FF710F7D780009A2164F65B50F3345787CFE3BC1F8FB3AACE30CD52A47F7FE5FB06B073F6ED658E8D02E921A6E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Core */.(function (wa) {. var core = wa.Core = wa.Core || {},. _settings = wa.Utils.Settings,. _external = wa.Utils.External;.. //Component. core.Component = function (name, status, key) {. this.name = name;. this.status = status;. this.key = key;.. this.isIgnored = async function (key) {. var isIgnored = false;. var startIgnore = await this.settings.get("startIgnoreDate" + (key || this.key));. var ignoreDuration = parseInt(await this.settings.get("ignoreDuration"));.. if (startIgnore && ignoreDuration) {. var today = await this.settings.getToday();. var startIgnoreDate = startIgnore.parseBasicDate();. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);. }.. return isIgnored;. };.. this.isInFixGracePeriod = async function (key) {. var inGracePeriod = false;. var gracePeriodStart = await this.settings.get("fixGracePeriodStartDate" + (key || this.key));. v

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7998
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.697678020464664
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:j8KiNn2zKMXjRIQIeTZmY2OToGF/8OJISRjla0mo9SWLpmUtpdcSbFn4zN:IKiN2zKgyTeTEZzSRjg0jScmcdva
                                                                                                                                                                                                                                                                                            MD5:B3E1EE6486B1A4B9129E992ED2DFEF20
                                                                                                                                                                                                                                                                                            SHA1:ED01784F5B330C4A0C387BF1B8AE428A777DCC5D
                                                                                                                                                                                                                                                                                            SHA-256:9760D164416EBBB611C4DCB333EB39B3C61C09A93DE2B311A4743A37FE616516
                                                                                                                                                                                                                                                                                            SHA-512:75FAA2CD9E4FC894E9DAA634B0B0D473AAE70EA3A57674A290AE6563BEE71B5A2A7B779F4B2A56F0294F3A0B45369F888E75ED03CC689E807B23F62CD027E357
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(options.message.text).. el.$messageImage.. .html("&#187;").. },.... setBorder = function () {.. el.$checkList.css({..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-dialog.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3536
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.497799855004851
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:kZGJ5nzQQenlzN1vylhovKKHNLzpCZjeVBXfoifB:kZ8W0v8RHNLlCZjoJfoiJ
                                                                                                                                                                                                                                                                                            MD5:0AB97B4205078265FB7504A5B4BF940D
                                                                                                                                                                                                                                                                                            SHA1:E82B266B7B9D7FAD710434872B539DB6077480C0
                                                                                                                                                                                                                                                                                            SHA-256:94F25897C89EA15E2D506228F120B42BADC12C2049ABC67917791745656B4D08
                                                                                                                                                                                                                                                                                            SHA-512:8A309B6C71A4C0791909DA3DB66A74BA5CEBE4E3A5C15622A93A6580DFF47684729A57D13FB2536D9EEF40A23B17253628D2835D44C5C2A17C10E0D6AE150A75
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html,.. tabindex:"0".. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content",.. html: options.content.html,.. tabindex:"0".. }));.. }.. },.... createButtons = function () {.. if (options.buttons) {.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-utils.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17296
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.480889556991821
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BZwBjF3z+j5csy4h11lidEaCa3z46U2EW85xFYmah2OY9c8o9OQ/r:WJyj5csy4DIE3mU6URbFYmafj
                                                                                                                                                                                                                                                                                            MD5:D7BDC589D438DF5A5CA04EDADF62EF1E
                                                                                                                                                                                                                                                                                            SHA1:7D4DCA5943FEBF146A58A6EEF80CEC1E354C6E32
                                                                                                                                                                                                                                                                                            SHA-256:1F1C4E7C6EB1149FB9928AB594D343C268CC41191990072A01C560B9B7103E9C
                                                                                                                                                                                                                                                                                            SHA-512:C3FAC1FA9B8627BE71BD1211C6263C6CA90D09C4460A567073D7BB63ECEF21A4FA7E886A8064586DD5AC4ED8E4FB9402DA6E4D7C248DF27DEF3E0C713CEB53D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9676
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.9173568605310845
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:O4n4gMn8LeQ1EU/AF5kSS3zwgFdliSQyglzMiqXjAMfxE78:p4gMns48SS3znJiS0miqUMfx7
                                                                                                                                                                                                                                                                                            MD5:01528F3D6F98A8B53CD0A3C5129CB11E
                                                                                                                                                                                                                                                                                            SHA1:0C3AC682FCB9DE055845BCABF2C4921966F47725
                                                                                                                                                                                                                                                                                            SHA-256:C505DD1B8ED7E21CFB1802B30669CC1E0404CFD29CFEEDA61D651CD4EBEC43E6
                                                                                                                                                                                                                                                                                            SHA-512:EC6437BB197E07267B67B398D748DF70406DA5DFF02DA0B64FB5C0EE05E394ABBE5F7849E81FCB753AA0F413127E54B6D77CDA87DDB1E4B16832E97EF258807C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = ""; .. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = "";.. .. this.update = function () {.. _window.ready(async function () {.. var args = JSON.parse(await _external.getArgument("template_args"));.. var isInitial = false;.. browser = await _window.getBrowserType();.. browserCode = await _instrument.getBrowserTypeCode();.. installDir = await _external.getInstallDir();.. if (browser === "FF") {.. wbShown

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-mwb-checklist.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2727
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.129074309662149
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3Ox0xsUa3l363kKk+kUTkikfE5h2CYqOcqe5QORDOXGA:32EAqOcq6Qqw
                                                                                                                                                                                                                                                                                            MD5:7422D78DD95DFA6FEBF9BD6790829B50
                                                                                                                                                                                                                                                                                            SHA1:DEE658C5552C743A12D54F8E27AD2ED170D90077
                                                                                                                                                                                                                                                                                            SHA-256:78FC494C1BE062BB335CAF4439BCA8FE1E59FEF7E2C9B91F9FEC054DF034C54C
                                                                                                                                                                                                                                                                                            SHA-512:2F6A398093471E96917F8AE53D3B70EDA1843FCF4F5A8A3456EABBDEDF66919B41E936F0ADADCF4A446EF5AB0CC58ADAB028B008D7D050EE1CD834F39950DF73
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-webboost-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-controller-nps-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (452), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24334
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.49466804246202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:CYEzX7WKuUDfpG7I85C6ylu6MJcDoGeDbC9dDMQU:3e7Wa806+Q
                                                                                                                                                                                                                                                                                            MD5:B36CB3DF5176263A480D43E4B4959ACE
                                                                                                                                                                                                                                                                                            SHA1:F888A6628F2342EE4DDDA578A9768BD43C3EFDCF
                                                                                                                                                                                                                                                                                            SHA-256:1D191A5516AFFEA85237DE3EC1998666E18BB1B9CD955BE3238A873DD38DB98D
                                                                                                                                                                                                                                                                                            SHA-512:14FBCB79E8E67239726604F6D20C274BEDC7F528C2FA1BA87F8F857A2AA163185610DC9C941D0FC5F0D4DDD9B61FD157BB3BD18E59A10A021B64249A1B0B085C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.. var browserCode = "(unknown)";.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(async function () {.. browserCode = await _instrument.getBrowserTypeCode();.. var args = JSON.parse(await _external.getArgument("template_args"));.. if ((await $(window).height()) >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = async function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-nps-checklist.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2636
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.12509061942106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3kx0xsUl363kKk+kUTkikChZhAFqOcqehQORDvM9:O6qOcqiQqDM9
                                                                                                                                                                                                                                                                                            MD5:226A778BA5FAE5B6205318E2C4EED48A
                                                                                                                                                                                                                                                                                            SHA1:2F379A05215C9C707A3FD0FC96A6E4A38C96C631
                                                                                                                                                                                                                                                                                            SHA-256:C442FEAA745966D3F60B801454BD916A692A071DED6A27B2855DCE188912FC96
                                                                                                                                                                                                                                                                                            SHA-512:20CB2D7A78FC603A3E6A58C5D3AA80C763E042D1BEEA05EBBFE62E6A5DED137D242B32A9B199E3329B266107949C6C1029FBC52BEEFFB18D6B95EA889C2A3A5A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-coachmark.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1990
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.453293982433959
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UEWZpxtrnPxwqvUw0z5Nqui1l5NqFpW5NqJd5cF5Nqc55N1B+66Q:xsWL7xwdNXWN9NgcXNrDNL+6J
                                                                                                                                                                                                                                                                                            MD5:EB2EDF2F1BAA834ABB9717C26EBD8BB9
                                                                                                                                                                                                                                                                                            SHA1:B44DFE226BC050D12CADA0E015AE673882AFE399
                                                                                                                                                                                                                                                                                            SHA-256:78B96327559957F24F677C9DE51A7D2AEA76A189EDCF0946B9109A5DC3F61D1A
                                                                                                                                                                                                                                                                                            SHA-512:538C302EC25E3521FA74EDB46574CC381CD4D612DFF6A4BF072A7CD98B4C83B5D0F4458CBBDB3152779CB5A59D3512F117152C10FAE7409F63E9DA1F5EE2D9B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....html {...position: absolute;...top: 0;...right: 0;...left:0 !important;..}....body {.. color: #212934;.. line-height: 24px;.. width: 485px;.. height: 250px;..}.....balloon-arrow {.. margin-bottom: -6px;.. background: url('file:///[WA_FILES]/mfw\\packages\\builtin\\balloon-arrow.png') no-repeat 57% 0%;.. height:54px;.. width: 585px;..}....#toast {.. display: flex;.. border-radius: 24px;.. background: white;.. box-sizing: border-box;.. border: 1px solid #ABB2C3;..}..#card_layer {.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\card_bg_image.png');.. width: 150px;.. height: 198px;.. border-radius: 24px 0 0 24px;.. float: left;..}....#card_layer > .tooltip-a {.. margin: 36px 18px 0 10px;.. width: 123px;.. height: 127px;.. background-image: url('file:///[WA_FILES]/

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-coachmark.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1747
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.399701178335765
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:1sYzxdk+IQ0NVMz0+WrVMzQzVMzQXVMzQdk+4VMzlQsoVMzQdk+2jVMC9rap0aqM:uOxZlg+3kKk+kvhD7kCaC9y
                                                                                                                                                                                                                                                                                            MD5:A9E8256A573FB58C772268B57B5ABC02
                                                                                                                                                                                                                                                                                            SHA1:3CC3A5D587F1144D1751AD60EBBFBF7738A44083
                                                                                                                                                                                                                                                                                            SHA-256:5B2168F868D3064082494DEFBECBAC5B412F75577D706C0F4765F7AF8733903B
                                                                                                                                                                                                                                                                                            SHA-512:CE97472308FD57FCAE23463373170A7313F4F6B4F515A35960462C0A9D43386D727AE729E0B9907EAF6B7DDB3041D0EBD769CC45D7ADA91775244A42CF656BD2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\edge_onboarding\\edge-coachmark.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\edge_onboarding\\edge-coachmark.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/telemetry\

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-coachmark.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3120
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.203659322910627
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:uMADc1eQ6rQgiOsbxYuqrHWwXDXjZXGzz:xAS6UdlS6wXDXjZXGzz
                                                                                                                                                                                                                                                                                            MD5:7F24769C85C484BE4A8594089EB439D0
                                                                                                                                                                                                                                                                                            SHA1:DE879BEFAA2353453E1E1C5682BF11F9EB417EE4
                                                                                                                                                                                                                                                                                            SHA-256:214C5A47F2328BA05091FF57E0F966A560816BD1CCE1AA67C7FBB44A0F31EB8A
                                                                                                                                                                                                                                                                                            SHA-512:BFEFA08289A848B2EC33A48456EC5F1CBE6B9CB3F1CEA2900091076DF329484BBD86EA8F7B773D058D14EC420CB905DB3A7DE9F89537D5FA8521036CF5490928
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... ui.accept_extension = function () {... var newToastDimension = {.. width: "585px",.. height: "250px".. };...... var coachmarkType = {.. toolTipa: 2,.. toolTipb: 3.. };.... show = function () {.. chrome.webview.hostObjects.wa_external.log("inside show");.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("inside ready");.. var settings = JSON.parse(await _external.getArgument("overlay_data"));.... if (!settings.cohort) {.. return;.. }.... init(settings.cohort);.... await _window.show();.. window.chrome.webview.postMessage("draw_background");.. await send_onboarding_telemetry("Impression", "ToolTip");.. chrome.webview.hostObjects.wa_external.log("_window.ready end");.. .. });.. },....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2987
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.351261552243215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UEWZp8xgC9WqJfW05NqIEp5NqIr+5NqUuxkxrxSrMq6x8zOGFqkmiZEqPeIO:xsW0xghYdNYNb0N1uxkxrxSrJ6xRGFq5
                                                                                                                                                                                                                                                                                            MD5:88D3B2A223DC9766B8B36C3C68D251B4
                                                                                                                                                                                                                                                                                            SHA1:A0B662FCF6944A92E53C3C87B85AE5F1D73B5C4D
                                                                                                                                                                                                                                                                                            SHA-256:D327FADDB6EC98B50AA598D368CADA2A51CDC8656F471F72D03ADBC55E937159
                                                                                                                                                                                                                                                                                            SHA-512:741F6CB27BB87BCEEFA8D22D118AFED47C1919C6DFDFFD366B2C0B52DD4D5E198C0D503668EFE3D07997336767DF8988FB12164D746EFFA349FAD48F9860B07D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}....#dialog {.. display: flex;.. width: 761px;.. height: 565px;.. background: #fff;.. border-radius: 24px;.. border:1px solid rgb(0, 0, 0, 0.12);..}..#card_layer {.. background: transparent url('file:///[WA_FILES]/mfw\\packages\\builtin\\women-on-laptop-features.png') no-repeat 0% 100%;.. width: 276px;.. border-radius:24px 0 0 24px;..}.. ..#progress {.. width: 173px;.. height: 173px;.. margin: 52px;.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\progress_0.png');..}....#progress.enabled{.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\progress_1.png');..}....#description_layer {.. padding: 35px;..}..#logo {.. background-image: url('file:///[WA_FILES]/mfw\\packages\\builtin\\mcafee-logo-1.png');..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2219
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.306608102736013
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:5srbbqNax+k+CQ0NVMzWWrVMzLKWrVMzQ0VMzQeVMzQ+k+2VMzlQsoVMzQdk+2jo:qaaxily363k3k5kEhD7kCaCNcCgSTPy
                                                                                                                                                                                                                                                                                            MD5:4E2D61BC1BCE66111BCBC8EDF39844A5
                                                                                                                                                                                                                                                                                            SHA1:9A89E0987E4D2D08584ED915C506C72E649707C8
                                                                                                                                                                                                                                                                                            SHA-256:9B16BA12BF54FB940546464A6C2890659E70973F5DA4D6E0AB3F3FEC4C63F877
                                                                                                                                                                                                                                                                                            SHA-512:17518B017C5CDAD79F4186AADD8167FB2C8956EA9FF37F0516FCF6D4D990D99262FD59B79A3E80D0254FCEA8F7F74F91D57E51F7639A54452100257C42B4DD43
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\edge_onboarding\\edge-ext-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4043
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.157709269203089
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:lAFMuLlxkllDE3zG6lsg9EYcvrEPwSYlZXoPq:lAWuLlxkllDE3zG6ls5hrEulZXaq
                                                                                                                                                                                                                                                                                            MD5:305E4A878E0ACA697A85675A427BD235
                                                                                                                                                                                                                                                                                            SHA1:F70CFB677050DCFFEAE3CE53702AACF2EF4FB299
                                                                                                                                                                                                                                                                                            SHA-256:C0DAFD1A4C5222AB87330998F70A2DC99643509D5115F8B1133F63609AA00EA2
                                                                                                                                                                                                                                                                                            SHA-512:4A4512DBAEB5E06E02C5B60584D041DD147D16D83791DEB338209DF203816261835A4F23F71426212C923C8E3B4A051C64A51C2E7BB757D67CFA49F05978C9A0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {... ... var newToastDimension = {.. width: "761px",.. height: "565px".. };..... var $el = {.. progressPic: $("#progress"),.. checkboxInput: $("#set-web-protection"),.. title: $("#title"),.. desc: $("#content p.desc"),.. featureName: $("#feature_name"),.. featureType: $("#feature_type span"),.. featureDesc: $("#feature_desc"),.. doneButton: $("#done_btn").. };.... var stringMap = { // check for correct string.. InfoTitle: "SEARCH_TOAST_TOGGLE_VARIANT_1_HEADER",.. InfoText: "SEARCH_TOAST_TOGGLE_VARIANT_1_INFO",.. FeatureName: "SEARCH_TOAST_TOGGLE_FEATURE_1_NAME",.. FeatureDesc: "SEARCH_TOAST_TOGGLE_FEATURE_1_DESC",.. FreeLabel: "SEARCH_TOAST_TOGGLE_FREE_LABEL",.. ButtonDone: "SEARCH_TOAST_TOGGLE_BUTTON_SS_PROTECTED"..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge_ob_telemetry.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):369
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417141120443004
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:2EmuogRreo9LClyqZy+cPupMrX9ElbFmFvH5XCgyoXzXf3BnRkXYJU6hkKkckDJ0:2woUrXAyXprOlJmVJbP5KXYJNQOG6
                                                                                                                                                                                                                                                                                            MD5:801817972C6F084A79B4064F89B04CE2
                                                                                                                                                                                                                                                                                            SHA1:AE9DA114866699BC2C9ABC34D550E9882CC73772
                                                                                                                                                                                                                                                                                            SHA-256:D7DBF4FE76374CE5B88CD6B521D536F9FAC02A5E788BFB6D63095E2AB939BC06
                                                                                                                                                                                                                                                                                            SHA-512:6546431F0DDAD4DD6776FF445D4C78546E0F1D95F3AA9D944B4EF829F6778CEE99EC1102F247071869C4B5F51D2C70BC5D9883293B2563FED08FC53D47B1FAB0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:const send_onboarding_telemetry = async function (action, ui_type) {.. const event_obj = new EdgeOnboarding().action_type(action).type(ui_type).Serialize();.. await window.WebAdvisor.Utils.Instrument.sendTelemetryEvent(event_obj);..}..//08EC8063108F5EB45D8F002B59813DCADFD21B1689D170117BCBCC7870A548FF529C61B3A4008E1A5F3728B850CAC23B77C7BF4454A3B1B31127755B9C0250A8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1497
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1680557791116355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UEWZR78xQ/0elV7k1Ze+fkMFE1g60q30iTxhxs4P0Fu0xx0j000sT06bw0Sa:xmp5UEWZp8xo0uOuHMFYg60q30Mx70Fi
                                                                                                                                                                                                                                                                                            MD5:D3248BB45A93E1AF56514F3B1FE847F5
                                                                                                                                                                                                                                                                                            SHA1:0CE2AD1D8B3DAA528ECFB6165E7B85EAD1C03B11
                                                                                                                                                                                                                                                                                            SHA-256:97DCC7385DC27E8BD8DFCC97CBEC3702C53A3567F8E7D507426A14798D8FA9AD
                                                                                                                                                                                                                                                                                            SHA-512:A3CE254CB550DCDD14802360477C0F971E64EC84A33366B35CA2ACEE2CAC649B62711AE410642DED23C869A8D1B463A0A2E8FA13F6FB4129DE6BB7D28B0050E1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}.....main-container{.. width: 656px;.. height: 392px;.. flex-shrink: 0;.. display: flex;.. flex-direction: column;.. position: fixed;.. bottom:0;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. align-items: center;.. padding: 0px 35px;.. border: 1px solid #B2B2B2;..}....[class*="flex-item-"] {.. display: flex;.. align-self: center;..}.....main-container .flex-item-1{.. justify-content: flex-start;.. align-self: flex-start;.. margin-top: 32px;..}.....main-container .flex-item-2 p{.. color: #212934;.. font-size: 20px;.. font-style: normal;.. font-weight: 700;.. line-height: 28px;.. margin-top: 14px;..}.....main-container .flex-item-3{.. margin-top: 34px;..}.....main-container .flex-item-4 p{.. margin-top: 32p

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3191
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.32780796167714
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:wjRaxDlg+3kKk+kgkah2Cm5wEsCILQq5wEsCI2A5wEsCIIK1bY8:wjTdsT/dsTdsAD8
                                                                                                                                                                                                                                                                                            MD5:B82D3682B6F5308261493430D1593AC3
                                                                                                                                                                                                                                                                                            SHA1:364A8DBF50DDC8CEAA85ACECB934C83D55D7F5CC
                                                                                                                                                                                                                                                                                            SHA-256:774F2553B59F8788AE275EE3E4EA5F546C179A0154A5DF507C7C8FBA82304586
                                                                                                                                                                                                                                                                                            SHA-512:EA374C683751D388D6697D7A3B7D5EF373F85811420E75CE5B28668EDFD220C2D0093042CD313A8BE0EB2C44315444E6B9640ECD55194AC94925D4B467F11753
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\edge_search\\edge_search_ext_coachmark.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.js"><

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4447
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.888905733808312
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xe04JN7xWXXZ8NQK8E3NQKbk/5XNmsN4qBNINHN4qPdFe2FX1YYtuK1H6ItuNn1D:EPoHvOGX67qPqP2k1xafsmWa6Qiah6rO
                                                                                                                                                                                                                                                                                            MD5:CD30752F47FC420DE12612756E942473
                                                                                                                                                                                                                                                                                            SHA1:C12EB5618AC222098D7589706FCDF26C18048B3C
                                                                                                                                                                                                                                                                                            SHA-256:39190A440A75435388078DDCFA121C521995FF738025DD9D289DD87D703E348B
                                                                                                                                                                                                                                                                                            SHA-512:7BAB53B80FA0D291030D520FC9F3060D5C4AC4B6180D81983364FA8C9423569AFC5B62035678F1AFFE58B477C0E458C6C9CF96D3AF8897CD3AF5C9B3FCB03162
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch edge monetize phase -2 */..(function (wa,$) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 392;.. ui.SecureSearchTooltip = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. .. _window.setWidth("656");.. _window.setHeight(windowHeight.toString());.. .. let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.OVERLAY).get;.. .... chrome.webview.hostObjects.wa_external.log("inside ready");.... var json_to_parse = await _external.getArgument("overlay_data");.... chrome.webview.hostObjects.wa_external.log("after getting overlay data");.... if (!json_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1839
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.465981594523217
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:+swDxNxulQeNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdpVMrlANVMCrNM/QoguKORML:NOxNx1/Y+3i3cKc+cGpJCEQgKy4SqyO
                                                                                                                                                                                                                                                                                            MD5:F428431EE41BF998512A71594315A827
                                                                                                                                                                                                                                                                                            SHA1:12AA1E7862E8F0896A8F5DCBCF734095010C6B87
                                                                                                                                                                                                                                                                                            SHA-256:313AFFD1EAA2EAB32D632A4B77A66FA7ED5231E9580245DC0878D5CBC158CF70
                                                                                                                                                                                                                                                                                            SHA-512:EB569A4B665975F47E03CD1F4636088D2531D79C464FCADCC6BB5999CB5D8A561B788CE3A692480EFD92FA32A181F28252371162AA359B668C54F18E542B06C8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4434
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0619550875446455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:T0AmdonK4uoNkCsVgV1PixEeB0NufP9SdaQbXk2H:AATK4bNrAg/jeCQS9bX9
                                                                                                                                                                                                                                                                                            MD5:8C44F3A5D1F2C5A0FD89C6447BBBFE51
                                                                                                                                                                                                                                                                                            SHA1:F1A6E3CAE873BAFE530A7BCF64C254CDD4769F6F
                                                                                                                                                                                                                                                                                            SHA-256:887DC0B58A17B74743A43A6038E119AB65177031DFDCD888B2D3CB7FC7A246FC
                                                                                                                                                                                                                                                                                            SHA-512:A9C1BA4288D75D1F0C1C888AEA9C48C30B80951AE49674B0F6788E315164E39605324D92D1E19EF431377855B9C8D63EEFF0F9E9C12817A265B598EF48AB0E68
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2295
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.353370396572987
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:NOxNxj/U3i3cKc+ccWCpnHCFAf2PKqAqIMImqIusux:chkiJJmz5ux
                                                                                                                                                                                                                                                                                            MD5:FFAE7F223EDADB44303A8E4D9DD882FA
                                                                                                                                                                                                                                                                                            SHA1:7B264C8AD82401D716857B4EFFEE4E30F3E53395
                                                                                                                                                                                                                                                                                            SHA-256:3E06B0F26AAE778DB53448290B3FCD5DCCAC198266B45404B05EABC6A2FC5C42
                                                                                                                                                                                                                                                                                            SHA-512:2B13CCB03A8BD3CA493913FC03F1A337AD948C657BD4170DCB08B45405ABFFB240A3E0A2226AFA1A7BB66FAD4E1C2BBEE3A1BEC6A4CC396A41BAA208932CC05E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\new-tab-res-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4089
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1348183661160425
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:n3AXKffHguIKz1hauWSQ0RVflDh84bXkgX:3AogosXiVfVh84bXV
                                                                                                                                                                                                                                                                                            MD5:196B135F07AA22FBB15A8508AED71CDC
                                                                                                                                                                                                                                                                                            SHA1:C468F1A87C388E7E017B31ABB1FFB653B7AD10DA
                                                                                                                                                                                                                                                                                            SHA-256:52F91D4BAB84DF1D662DAC2C72052A1411EAD487E8149EA701B4D10F673F4EEB
                                                                                                                                                                                                                                                                                            SHA-512:99BD16F46F3D9E8EF306444E5BDE2DD3121891BCAF438F1F6FDA89AF834A277DD2B17C32254922FAE29F107C4C773A72EC6CBDDAF4D1903D8223F3956DE1647F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1604
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.262918468096288
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:rp5UEWZp8xw942MDIjLMI6dSEkf3cdbOFv:LW0xwa2eIjLd6dSX3cdbOp
                                                                                                                                                                                                                                                                                            MD5:439FF5DF150153E5A1858D146E1BF41A
                                                                                                                                                                                                                                                                                            SHA1:444267714C2E2D17CE7EF6D017782C65EF4AB3FA
                                                                                                                                                                                                                                                                                            SHA-256:8B2B3C43628D8075875C61F8CCB9AF1CB25F82C8E057B1F597B8D443F572CFA8
                                                                                                                                                                                                                                                                                            SHA-512:BAB1FC5E849C1CAF923811703528CD1E9310C7148DEFA30504AB27A95500CE97558FC79E0F2318AEFF10C5E06C92CCD2DD7E514C966DE3DB3EA1DECE915E9AA2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}....#wa_score_toast_confirm.main-container{.. display: flex;.. position: fixed;.. bottom:0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.... width: 365px;.. height: 326px;.. align-items: center;.. flex-direction: column;.. flex:1;..}..[class*="flex-item-"] {.. display: flex;.. width: 311px;.. justify-content: center;..}..#wa_score_toast_confirm .flex-item-1{.. justify-content: flex-end;.. width: 100%;..}....#wa_score_toast_confirm .flex-item-1 img{.. width: 13px;.. height: 13px;.. margin-top: 16px;.. margin-right: 32px;.. cursor: pointer;..}....#wa_score_toast_confirm .flex-item-2{.. margin-top: 17px;..}....#wa_score_toast_confirm .flex-item-2 h1{.. color: #383434;.. font-weig

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2144
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.416061725646171
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:JjRax0x3m363kKk+k3shFhiKC+yxi8mG6yMm+A7zx:JAm2ie6yGa
                                                                                                                                                                                                                                                                                            MD5:015AB91EB06DB5AA9D9CAC8F4D43A24A
                                                                                                                                                                                                                                                                                            SHA1:52C707275B73B75CE56B507BF1E9223E5735BE50
                                                                                                                                                                                                                                                                                            SHA-256:F9AB057A883A9C6DCBAA906339A4BF5423C8E0336D27783743F704F9DEBFA852
                                                                                                                                                                                                                                                                                            SHA-512:E69E64D078A140F7CA864EC716AE21C60898FE1C37F8F10AC0B94094FA25EC754BAA0A6D72FC719DB47747020274F1B2631BB7724031567C3D20A5B10157B71F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\score-toast-ui\\wa-score-toast-confirm.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-score-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <s

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-confirm.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2765
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.074954727516563
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Yj4Ji7xWXXRMNQK84lhNQK23NfGTNkAYi/zNQmnOtw/7tT/Bztn6TYOYEfNgpbjY:YhoH/C0Lln8qmncw/RT//D7EcPcvgd5g
                                                                                                                                                                                                                                                                                            MD5:BEE2A9AB120F04B5815F05AAEE963C19
                                                                                                                                                                                                                                                                                            SHA1:20053CCB54001D54E5CCFB200EA987B27D85BCA9
                                                                                                                                                                                                                                                                                            SHA-256:8120D2F7B9B0DA3140AE0304181C0853D1530ED889912A91E44CFC024DD3C999
                                                                                                                                                                                                                                                                                            SHA-512:1878959248EB14CB52DF564610A895F7E410E5F1D722E2AD43492E09F82DB69A302761CDCB4C5A0F0AEA310388167A81DEAAB5B67E110E38EA4DBEBF42C3AC2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Score Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window;.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.... ui.SecureSearchToast = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {... .. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.... _window.setWidth("365");.. _window.setHeight("326");.. chrome.webview.hostObjects.wa_external.SetDraggableOffset(20, 50);.... window.addEventListener("resize", (event) => {.. chrome.webview.hostObjects.wa_external.log("draw from resize handler");.. window.chrome.webview.postMessage("draw_background");.. });.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... chrome.webview.hostObjects

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-increase.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6113
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.974400810754339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:xkWsYW9FbqA1eR0/DJgltvLtDmwJVNUNYNnYFaYoty55u7Y:xkWXWbqA3FgltvL5mqVNUCC3oku7Y
                                                                                                                                                                                                                                                                                            MD5:290F3D6479ACBBE88DB79A1BF3DBB160
                                                                                                                                                                                                                                                                                            SHA1:847ECB66686924790D3709A7C055AE14B5B30483
                                                                                                                                                                                                                                                                                            SHA-256:8AD189406B63222B1C9D403F1F6E52215B7BF15466AF3F4EE5DA0BA9D36D29A6
                                                                                                                                                                                                                                                                                            SHA-512:D432095136F1C7DED06FD4953BC74229241546D1CCBB1925D8FFF0732289509413DB79407D465C6B1E76512F77C8BBDC4B2B732A72F33C33176A14DD8AA9CDEC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;.. }.. .. body {.. color: #212934;.. line-height: 24px;.. }.. .. #wa_score_toast_increase.main-container{.. display: flex;.. position: fixed;.. bottom:0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. .. width: 761px;.. height: 283px;.. align-items: center;.. }.. .. [class*="flex-item-"] {.. display: flex;.. height: 100%;.. }.. .. #wa_score_toast_increase .flex-item-1{.. display: flex;.. width: 276px;.. justify-content: center;.. background-image: url(file:///[WA_FILES]/MFW/packages\\builtin\\wa_score_toast_increase_bg_left.png);.. flex-direction: column;.. align-items: center;.. }.. .. #wa_score_toast_increase .score-status{.. width: 205px;.. height: 60px;.. ba

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-increase.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2770
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2936838336178536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:JjRax0x3i3363kKk+kgk3ithFhiKC95ix8LStjLRjxk+ann43iAR:JseqjiHjtjBinY
                                                                                                                                                                                                                                                                                            MD5:5EEE9EF93A59076585970A590542FEFF
                                                                                                                                                                                                                                                                                            SHA1:5D9EC0E5E394D12ECC79166E6E1AEFF86AC00B6F
                                                                                                                                                                                                                                                                                            SHA-256:1604FCA3DE43E3799FB8BD71FD008410E8983B0940F52AD171EA7ECD37E580F6
                                                                                                                                                                                                                                                                                            SHA-512:D540AEBD5922587B23185F9CEC3FBD19628817F631F233CAB3E65C9C10160876A2F3F3EA6AD1C0DD872F6862EF348914DC0F18437EFC376F3E420E59DEB5C283
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\score-toast-ui\\wa-score-toast-increase.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-score-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-increase.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5026
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.955118503603607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YuoHAOGj0xqGgrVTWm03Sk457EcPQvNQoxVRzZgC:JX4k7RTWmp57EcPQvN5/RzeC
                                                                                                                                                                                                                                                                                            MD5:0F24B27A49EE1FB03B060E0B7E1985D6
                                                                                                                                                                                                                                                                                            SHA1:CD1F02C24140D396BB78FC8C46D1C14651E36DFE
                                                                                                                                                                                                                                                                                            SHA-256:0CB8661D1BD9071BD601B5C8BA4D55B26DA6B3E990A1A8D81A5D2C6B76C6CCDD
                                                                                                                                                                                                                                                                                            SHA-512:0D4F66A214CB363303AE4DD0D559923DAC2CF146192FCBFF5ADEAA0ABB08A0F7BADAC1B1497B31C74BC3D333D25317782962A1E01CCCE463F10AAFB290224254
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Score Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 283;.. ui.SecureSearchToast = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. .. _window.setWidth("761");.. _window.setHeight(windowHeight.toString());.. .. var toast_data_string = await _external.getArgument("toast_data");//json with score.. chrome.webview.hostObjects.wa_external.log("ready: toast data is " + toast_data_string);.. var payload = JSON.parse(toast_data_string);.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... chrome.webview.hostO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8459
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.154566859405699
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:OW/al9Sqd0++Jx0ZBSaLR5YDm9eHnqWNRX/:OA+AaLR6HnqWN5
                                                                                                                                                                                                                                                                                            MD5:BC356AB30B66E093B0BE7917FC6A7B3B
                                                                                                                                                                                                                                                                                            SHA1:440521B8730E1488A88061DC0062197F5C32C683
                                                                                                                                                                                                                                                                                            SHA-256:4FCA469CB603F4A0C4FFBF7D30D55B6BCFB68292704F72FA4B89C3938C4E3020
                                                                                                                                                                                                                                                                                            SHA-512:2F0A318D92BA1899A7E6CEC7EEFDC6F1AFFC270B67EC69285957E61C38E663A4561624F477ACC9A2B0156C1210B690FCE04D4A1AD6503E9EB9B02CCDCD568E47
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}.....main-container{.. display: flex;.. position: fixed;.. bottom:0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.... width: 761px;.. height: 565px;..}.....left-container{.. width: 276px;.. height: 100%;.. background-color: #F5F6FA;....}...right-container{.. width: 484px;.. height: 100%;..}.....inner-div{.. width: 100%;.. height: 100%;.. background:url(file:///[WA_FILES]/MFW/packages\\builtin\\wa_score_toast_main_bg.png);.. display: flex;.. flex-direction: column;.. align-items:center;..}.....variant_2_bg{.. background:url(file:///[WA_FILES]/MFW/packages\\builtin\\wa_score_toast_main_bg_v2.png);..}.....inner-div > div{.. display: flex;.. width: 100%;.. align-it

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4418
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.036576331067931
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:JjRax0x3/363kKk+kgk31hHhiKCOGmBmKbTlVRWJ0IRVXhTAhc9CRj7SO1CCR21M:J+xmfb3Re0IPhTigCx7SOgCgKF
                                                                                                                                                                                                                                                                                            MD5:4C524597D97FE10760CE23E6FC2A8267
                                                                                                                                                                                                                                                                                            SHA1:A08E7BAD91210E850C086E2DD2E4FB49FE77FFF9
                                                                                                                                                                                                                                                                                            SHA-256:3899AA66F66FAD00FDC573356D9B37B9C5CC864807A03E5CC21041933ABD6C97
                                                                                                                                                                                                                                                                                            SHA-512:F68CDB978BC6BF6CFF334D721A6CB18EE44B5656C88FDD01AD7EF2E131066CDF66E2F614EBE5CDD84F45D9A5474FB83D512C327B905DE45FE302D568A5F7BD72
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\score-toast-ui\\wa-score-toast-main.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-score-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <scri

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\score-toast-ui\wa-score-toast-main.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8673
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0198551982962245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:N9T16teT2I8GkkA7KQ23LGhmPvHVe7Ela7MLuLULxLQLnLJE70:N9T16teT2I83kA7KQ6LGhmPvHVe7FMqh
                                                                                                                                                                                                                                                                                            MD5:34CDE33335C79A1E32DAA62169534FF1
                                                                                                                                                                                                                                                                                            SHA1:5145B0536DFE9E7C5CDB0C336EAA579272F299A6
                                                                                                                                                                                                                                                                                            SHA-256:DEB3271DB9D1A06516D4EEDDC450EECD9DF8B0A4C6338018004E08380EECE4D2
                                                                                                                                                                                                                                                                                            SHA-512:E9FD1EA8E105B7CD36A6F6F552E3E4FDCF568AFB38162B0588FFEC952AD91016C696AE2FDE2D1932D2C469510E7268D183B958A03616BA084F9F9C66A23AE50D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Score Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window;.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 565;.. ui.SecureSearchToast = function () {.... show = function () {.. _window.ready(async function () {.... chrome.webview.hostObjects.wa_external.log("ready: begin");.... var toast_data_string = await _external.getArgument("toast_data");//this is json passed from logic with cohort and score.. .. chrome.webview.hostObjects.wa_external.log("ready: toast data is " + toast_data_string);.... var payload = JSON.parse(toast_data_string);.... _window.setWidth("761");.. _window.setHeight(windowHeight.toString());.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... chrome.webvi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1454
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.24591805737482
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZRqxQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUMqdnDsK5:xmp5UoZwxDHF3uBjFloZKY+YfnHcQevy
                                                                                                                                                                                                                                                                                            MD5:9947BCD2630B5E879AB269045822F018
                                                                                                                                                                                                                                                                                            SHA1:65F647CAD10AB11518FC1026886DE5C3D3064A57
                                                                                                                                                                                                                                                                                            SHA-256:F6BA409C3D93B510C34B291B0C50BAB90C4CD566F2D6E0656B0E7A8455142FD4
                                                                                                                                                                                                                                                                                            SHA-512:54370957642D14237E1918091FCA28C1444E3BBEE4070ABB3342CA481DA2F37BB6DC577534F3FBD0B9269D51FE8E49ED8B593BF433098DDE88F762DE69458E9E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}.....content__text:last-child {..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2054
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4033231852984045
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:+s8xMxdARQXNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdmVMrlANVMCuedmlOK+uEra5:N8xMxtUY+3i3cKc+cjpJCX6OK+punGV8
                                                                                                                                                                                                                                                                                            MD5:E56175F83354180DF530F286C5AEEAB1
                                                                                                                                                                                                                                                                                            SHA1:F8182B3191F3F0A011BD3C0AFEDDF3CDAD7D15A9
                                                                                                                                                                                                                                                                                            SHA-256:8149566911CA065A5F9D1A0B8D3810F2800145255975458ACC7BCB2FF12BBB0D
                                                                                                                                                                                                                                                                                            SHA-512:35FDDCB72EBCBD6E8E3FC44423433C535F0364D8C16EB5D2B0D07BC8E1CCDFEB3F677F8DD2EBC8629F96D1D734DC9F0DED571FFDCCB1863BB069FAC4CD1A038B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3609
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.138883412600274
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cMA4qOTkC/pV9WqxEz0TnMTJo1CV9WE6KGXwZ:vAUr/pubwT8uCu1KGXwZ
                                                                                                                                                                                                                                                                                            MD5:F85038F00A727AC02818213E8B148281
                                                                                                                                                                                                                                                                                            SHA1:A16850B771C3B632E99CE252B9090B1AE289581A
                                                                                                                                                                                                                                                                                            SHA-256:907CBB86E26AD171968BF27A08F1C09582368A75C10F50084B0F5EF6F2B33D9B
                                                                                                                                                                                                                                                                                            SHA-512:8085FA113F65AFAE0CCC5191553289D981C53978CE0D9E95C80F143CC3BE5D93ABCEFB1241E640AE61D5A854DB8A27C072C7165EB1B5D3B8FA7D3BA49DEFB552
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. };.... let browserCode = "(unknown)";.... show = async function () {.. init();.... _window.show();.... browserCode = await _instrument.getBrowserTypeCode();.. // Send telemetry for dialog balloon showed.. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(browserCode).balloonType("WAOverlayOnboardingOpenExtensionPage").Serialize();.. _instrument.sendTelemetryEvent(telemetryEvent);.... //Send Telemetry 3.0 for dialog balloon.. var screen_flow = browserCode == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browserCod

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-checklist.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2823
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.165745326024714
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3kx0xsUl363kKk+kUTkikthkxhlhPhOCCv/enQORDAfVSB:OP8v/WQqUf0
                                                                                                                                                                                                                                                                                            MD5:889D072565412C576AD60B5375272473
                                                                                                                                                                                                                                                                                            SHA1:2D36DAAA7C202F67F4C37B0CCE91BE0E095A2CA9
                                                                                                                                                                                                                                                                                            SHA-256:17703CDCB2E0CFEF1F70C65581CECF4898D1103DA5AF19EC67809596B0B9DF27
                                                                                                                                                                                                                                                                                            SHA-512:29D1B6F83A7F2C9CFA974AE99987EECB5CDCA2650D20A41BCD41D0E5D1FFD5077F247A0A0DE967C01253E2B5813B9184EE6D5A1BF96880DA38F5C156ED11C608
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-controller-checklist.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (333), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19476
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.751230911570333
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:cD7PaE5bXIDT2o1Cm+kYNTtazx/6x5o+72vY4jQWvHDsRFLFmZlP2Su:Y7PaE5bWT2o1CzksTcY5o+7GREjYZ5S
                                                                                                                                                                                                                                                                                            MD5:02358545377B8B456A32031C47CCE72F
                                                                                                                                                                                                                                                                                            SHA1:A35997D408567AD0BCA133C22A39C0CD712A2395
                                                                                                                                                                                                                                                                                            SHA-256:625856A571BB6A04B54ACEA683948DEA1DD43A3127C9AE68C176FFD33BA65916
                                                                                                                                                                                                                                                                                            SHA-512:A8953AC7B9EFF14E0C5827BCB06823404CACEF8E73323B312798261279C318DA51C31946AB25FF8F4139DD777BFCB39FB941951C330B7127B1FF4E0B860C084C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* CheckList Controller */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. let threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "file:///[WA_FILES]/MFW/packages\\builtin\\white_timer.png",.. alertImage = "file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },.. self = this;.. let browserCode ="(unknown)";.... this.update = fu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):772
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.273790105266564
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:xmp5UoZRqC3dDUUhiLKyFc43bZnoBngix:xmp5UoZwkxQ3ShBg+
                                                                                                                                                                                                                                                                                            MD5:2A18B76ABE7BA857FFFD71F1E6EF7EAB
                                                                                                                                                                                                                                                                                            SHA1:F67137802D7B2F33F082463BB3EC3B877AC4DE03
                                                                                                                                                                                                                                                                                            SHA-256:F39CF4BF2A67FC71522ADE895C96043C4BB579B2204222BC27AD9D634E4A24BC
                                                                                                                                                                                                                                                                                            SHA-512:CCBDCC0B0201CC76A32BB12B0C02A8104D431CC818CAF3F259D896F25A481F10E61DAD6C0163CDDD82CC90537E51FDDFFF827A96AAF4A33BDE6E701E644B90D8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//4E48995CDFA9B08B2A839A7C17D589D77E3EC0DD3FADA9A48AFDF2ED741B92822DC1F2D250D2B099953186247A945145F02E720E8B85DF37BD6097EEFECE7477++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1945
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.434187038880688
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:NOxMxG75Y3i3cKc+cdNpJCzd+TQgT+yvgXcn:w7aAMTQI+ns
                                                                                                                                                                                                                                                                                            MD5:F868BB08F22DB29530B8E73E07388230
                                                                                                                                                                                                                                                                                            SHA1:7C96855C34DDDB94834DF6DF948238D4AA8225D0
                                                                                                                                                                                                                                                                                            SHA-256:4FA314BC8841562C129FE700D12C4D36081EB37DBB77C1181239217304CEBC22
                                                                                                                                                                                                                                                                                            SHA-512:6F3EFB7F0FEC8F2BC15B654FD51D8611D01DC69D6498C499046B58394EA2C87059162C50A9D01913016FCBC4173F1E1CCECB606956FC69275C4A260F085D34A0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-dialog-balloon-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dialog-balloon.js"></script>.. <scrip

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dwtoast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1617
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2771505087232216
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:V2skx0xutt5WrVMzLKWrVMzQzVMzQXVMzQdGVMC8jIYcaNJ89T:3kx0xi7363kKk+knC8jKaNQ
                                                                                                                                                                                                                                                                                            MD5:6FD4D0BA7A717161A260B8A674A8CC96
                                                                                                                                                                                                                                                                                            SHA1:C83FB3197E7406790E20ACFA2DA29C8E58A7C683
                                                                                                                                                                                                                                                                                            SHA-256:955012511DA9CE9BDE539F6421F397B04B9DD45C2D46A1E7FDA3C77E057FB11A
                                                                                                                                                                                                                                                                                            SHA-512:E5F2BD0845CED4A84FE948992AC08907B9577AAEECCF0442445E0A906BA78AFE059273A1746D0E4E0FF3FEFCD91DDEC0E63CFBDB88F5651FF7A07ACFA408E7B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body>.. <div id="wa-dw-toast">.. <div class="heade

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2608
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.227789851308056
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:7kxtxC363kKk+knh88CVr/R+5a5beIwEeIYOzN:U/Fb1DR
                                                                                                                                                                                                                                                                                            MD5:CE85459872AC8BC2FA48DE062EA5D7C2
                                                                                                                                                                                                                                                                                            SHA1:712BE0AA2DF90C4308F41A6E4CA61FBEF77F3CE2
                                                                                                                                                                                                                                                                                            SHA-256:67BAAD77BC312B0752329E9535699284C7735638CAAE4561358EC38296B84CA0
                                                                                                                                                                                                                                                                                            SHA-512:8D4166D6293D4B89E00D639C4DAAC1E266CCDFD1682C659F33D8F9440D5E7BAB43E5DB26D52FE2D2B709371A4B8F09ACB029C331C29EABED7B937F9EB1DD9A12
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Download Extension Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ext-install-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ext-install-toast.js"></script>.. <script type="text/javascript" src="file:///[WA_F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5566
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.856364699105961
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:1zDsTVq7EIkY+0vTkE0oN6El4iTZTzMuFqEFDk00jl8arkM0d7XV9hn:qc7EIV+UTq06ESGZ3fFq2DajlJryd73h
                                                                                                                                                                                                                                                                                            MD5:CC4875E5ACB06FEC27199CBB3766CC7C
                                                                                                                                                                                                                                                                                            SHA1:B745C4405DB3CA4A581E834CC1F92FE528AC024A
                                                                                                                                                                                                                                                                                            SHA-256:5C739D1A4FF478931D62E1713922547247999C7AF43336FE14C45D65798853ED
                                                                                                                                                                                                                                                                                            SHA-512:AF80086190DDB56A05A240B149A7B28165382311C85D696CE1675087BCF7BE03B75C544A037C2C06781C13A9ACDBE53EC94CD8198CC5C388BB973273FD03DEB0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Download Warning Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.... let browserCode = "(unknown)";.... show = function () {.. _window.ready(async function () {.. // Set toast window size.. setSize({ width: "485", height: "265" });.... // Get settings data.. let toastCountSetting = "ff_extension_toast_count";.. let toastCount = await _settings.get(toastCountSetting, "0") || 1;.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.... // Initialize toast... init(lang, toastCount, document);.... _window.show();.. window.chrome.webview.postMessage("draw_background");.. window.chrome.webview.postMessage("set_focus");.... browserCode = await _instrument.getBrowserTypeCode();.. //

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6769
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.973225248749686
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:yH5SvRvxVoY2bZX/o0lhOY52Q5YsYmafFZR9f3:yH5EvxVD2bJQChOsV5BLaf3D
                                                                                                                                                                                                                                                                                            MD5:F39F2A3071840E2CF85785BD610F9CD9
                                                                                                                                                                                                                                                                                            SHA1:8FC5EBE0CB0C954B6D01A7B6E07666A428C785F3
                                                                                                                                                                                                                                                                                            SHA-256:8CCF82E348D644CFDCC35A365A6D9519DD91F17CEAD9337CBB53B1ECAE42476C
                                                                                                                                                                                                                                                                                            SHA-512:27CACAF6107A83D8E4776A41B6DAB1D35174AFB13C894FBE38E3B8E9421175CBCC5C39A5D368492F255CEA1A89A0D0ED92E789161C0DECB504C2C6F32F3F9218
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1673
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.426748262408819
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:csY0xtxdJQeNVMznWrVMzLKWrVMzQzVMzQXVMzQdQVMzlCZVMCmFgtHQS51c:3Xxtxk/r363kKk+kNhzCJtHhY
                                                                                                                                                                                                                                                                                            MD5:37A8A0FB8C135A0ECAF7DE4E5F0B4F99
                                                                                                                                                                                                                                                                                            SHA1:344645FD132A2582744B102D6596E6ACB9557B6C
                                                                                                                                                                                                                                                                                            SHA-256:CD5EFB06928D501A740F7EE13429B94FE49AD4EDB35AE34BF1C44DAD988E8A8B
                                                                                                                                                                                                                                                                                            SHA-512:882FBE3148D4E486A25325EF6392DB7A75BA1A70408942727746AC4AD490320E688EF1B7930DF7C959F66D2FB550E4B6228298BBB41D74A54FC6446CB5ADBF68
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-options-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/java

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2339
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.391157063631918
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:NOxNxS/Y+3i3cKc+cppJC3W0PK+ptCHJCC6/7Rgm6W:YFi2CozRfn
                                                                                                                                                                                                                                                                                            MD5:582AD59BA2DFC629436FB875F001BF85
                                                                                                                                                                                                                                                                                            SHA1:F667E63B5B2F23494DE85BBE24BA5965EE51D328
                                                                                                                                                                                                                                                                                            SHA-256:3AADFA5C03F8D58167C48728AA2371B0A13D2EF096D88E6338748EAB6BF57B90
                                                                                                                                                                                                                                                                                            SHA-512:9B80C4A4702C32609BE0A9A88A72877D027038E62318700AB22F3FC5A01DAC854546938C20EC57096EF36D41D36AE6B460A611AE6DA22A2FA8D161548EC5A68D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:/

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10070
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.234843937749983
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:2Ar/3q1FNFmMtuhVXdeWG3trDCpnb+LwlY7ZmXE:7Q8XPG3tPqoQqUE
                                                                                                                                                                                                                                                                                            MD5:B1558925997E35AC69C615A183348DDC
                                                                                                                                                                                                                                                                                            SHA1:883100BCCA24950541B1C1270EC1DD57C09F65F6
                                                                                                                                                                                                                                                                                            SHA-256:B7E706A8AC69F5632D4B6C43CE32B2E6C3454117D57F031BC3C4C8C2DC888765
                                                                                                                                                                                                                                                                                            SHA-512:FFED2985935D9B4131D3C29EF1A794AF48279D8122AD4FA06B16AB0B08525E03601CE131E5F3F3DCB5B19F26790421E790D1C12452B39691003309FD651EAA60
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2773
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.21697974460176
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:xmp5UoZwx7MdDyTgWfx9gazwPpLDqELO1CX7EnulmQt:xA2x7M8TgWfx9ZzwRqzkh
                                                                                                                                                                                                                                                                                            MD5:B20212C06FA27F99B7E1057C4A9A4C64
                                                                                                                                                                                                                                                                                            SHA1:3AEFE9152B08C8BC38EA557FBD0122F9FEBC2AC0
                                                                                                                                                                                                                                                                                            SHA-256:0EE31F5A4E7EAB47E286D656D59D578E9FBAA84746C8C58CDC6535AC404F9970
                                                                                                                                                                                                                                                                                            SHA-512:15DF14A2CB81942027863A767456F6248ED15F71FFFD520B1648E96C730AC7E359E8E2F9C864D1A442BF22C7F4DEB2430CA88B810D5C5F49462D99215297141A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 25px;.. display: flex;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 15px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2674
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3441295562655045
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ekx0xeexvU2363kKk+kF3hHCeYYUrOFfp6NnSmsPzV6e:5kCOFUNnRs4e
                                                                                                                                                                                                                                                                                            MD5:69DEDFF8DF221668D3C901EB656F5411
                                                                                                                                                                                                                                                                                            SHA1:07402A18CFF64FAED058CAF1061B0EE192210C4E
                                                                                                                                                                                                                                                                                            SHA-256:C82CDBE52633789FC60857DDC11D82DF1D9881659CB30911FA4B176211EBF334
                                                                                                                                                                                                                                                                                            SHA-512:C42B247DD00FC4CDE90EF48F0F32501378C240C6B6963FDE54CB727C99232C981FBF05FD47DDC869DD138AE447CE2644C0AB9AC2E6BFC4AC4209ECDA6214A1F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\custom-checkbox.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ss-toast-variants-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_we

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15842
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.048082538667245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:pBhtOz/WohfMaTGrTaTe1GXoK+iJIZ4t8g8BbLHLXDK:nOyoiammeYokJIZm8g8BrzK
                                                                                                                                                                                                                                                                                            MD5:230FD93014FDBF20FE89B6DAC9876B01
                                                                                                                                                                                                                                                                                            SHA1:1BBFC1B16AD6EC7CDDB71E2A1289ECCBFAFBFC7E
                                                                                                                                                                                                                                                                                            SHA-256:0784E8120BD1EB1E4DF5EF1B4B88E9D7AEC27BBF831446ADF2CBA3B6C020DE3E
                                                                                                                                                                                                                                                                                            SHA-512:DED202FA6F18AB4983A048859B5F5DB1F5DA28B5BB15D83B49E12800468953E6E85F67D003864EDAF3459FCFB133BD341E8B11C5C318CBDE208777E7EA811DAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:./* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. closeIcon: $("#close-icon"),.. labelDiv: $("#label-div"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-bing.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1677
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.18513436315057
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:UviN/rqfueEfu3kskCl8uGSq1lPDgrertqIKV5bZ066v0z98XQge:UvitOoWrJkSqbb9AIKV52jY9Gk
                                                                                                                                                                                                                                                                                            MD5:2396BF484CDC6FD8FA5AFF6F6C936D88
                                                                                                                                                                                                                                                                                            SHA1:3D4199754481211BB844DE51EAC3EC5EA0A47BDA
                                                                                                                                                                                                                                                                                            SHA-256:C72B1AD2769F740660CCAD6AD49EA03CC1DEC56EE09B60E5EAA991A2FFF7E168
                                                                                                                                                                                                                                                                                            SHA-512:BE07C1DECCF59E955021E726A0880DF71EBFB827A24FA4AE897253CA382DEF080F70240B677A967C05D0D6AED2A73987A5A08ED17E615F15C5AF91C20A3D8328
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px 10px 10px 10px;.. font-weight: bold;.. font-size: 15px;.. color: white;..}....#wa-sstoast-content {.. font-size: 11.5px;.. padding: 10px 10px 0px 10px;.. height: 142px;..}......#wa-sstoast-content table {.. font-size: 11.5px;.. height: 132px;..}....#wa-sstoast-content-caption {.. font-weight: bold;..}....#wa-sstoast-footer {.. padding-right: 5px;.. padding-bottom: 0px;..}....#wa-sstoast-content-check {..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-bing.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3058
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.764366004498787
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:x2skx0xdYk3WrVMzLKWrVMzQzVMzQXVMzQd1urVMzlbAVMzlizVMCy3juOB3+7qm:jkx0xT363kKk+kSChHhiKC8h3BTeeI
                                                                                                                                                                                                                                                                                            MD5:D73CC8A250ACB9D323303CC465B960E3
                                                                                                                                                                                                                                                                                            SHA1:27EC3931A08D253D9EBA944C8C4A96DFCBAF4739
                                                                                                                                                                                                                                                                                            SHA-256:2A407EA27651B81F9644C5B012ED173D2D7446AB6B9C5A630EABD04F971E0EBA
                                                                                                                                                                                                                                                                                            SHA-512:AA42E9065DE9DDDC807BE7EE744BB8B9D75DCF8C971B544BAEE0DF4B8FD05E21DC6B1D1FFE3D3B81ECBE5823F08C7716FEF19C586E77AE116CA87C194A93F343
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-sstoast-bing.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-bing-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-sstoast-bing.js"></script>.. <script type="text/javascript" src="file:///[WA_F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7450
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.105117402821277
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:OW0xXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cgd:OWlH2zFguf+c9Ug9K7aO9Y1b2wiZ
                                                                                                                                                                                                                                                                                            MD5:DE2BAA68497400489C52148705C1533B
                                                                                                                                                                                                                                                                                            SHA1:F50F8E385F009F630F4255CD596E85E12A73D625
                                                                                                                                                                                                                                                                                            SHA-256:A374F11F1261EAB580DF90194E646494F3DCCC7E46DD5380EB160F56D9192E71
                                                                                                                                                                                                                                                                                            SHA-512:5E8558BDB29C676715657A4AEE0AED4E08E6AFE81527AB9F65220C24A15C63FB822632827C34ED9A9C3F435AC304D4F15011C022DD30CB2D2A234581900A5BED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__content .log

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4163
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.143740743073978
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:raaxLly363k3k5kabWhHZhuvT0/qUYoAxT75CZUea9S64hV2QXDUanjLSh:fbYhYGYoq75Heac7VfXDUanK
                                                                                                                                                                                                                                                                                            MD5:A1CE70369834FDBBE1D7D2CCE1A5F815
                                                                                                                                                                                                                                                                                            SHA1:B0A39034132A7F96A0587E19DA7B2639B753C1E2
                                                                                                                                                                                                                                                                                            SHA-256:3DFDE9014C271F57994F3838283106FE431314F2D6222BD9B57DAF92E4DC7AF4
                                                                                                                                                                                                                                                                                            SHA-512:929F49ECF7CEA532C38DD6EE7B901902E381FF43B13073E25ECA93E46CE6CCC7D6ACF7FC45C1A25704F899668A7BCC4630EED86F990266F830DE21F737EC4AC0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<html>.... <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9943
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.154118609499005
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:TAf3m0aWPwT0JrrvhGzuLIhHQnJs1a85seo65DUyIrEzU6lgXg:8f4cGyDJgseoYIrasg
                                                                                                                                                                                                                                                                                            MD5:BB10D141B88D6F7FF17FD2A7AB00B9B2
                                                                                                                                                                                                                                                                                            SHA1:25B50436D6349DC11041C95A79E99C83C42BC474
                                                                                                                                                                                                                                                                                            SHA-256:A459E27685B364CFDEC961382DFEC43ECA3939667A1DEADA2564D2D51A50591F
                                                                                                                                                                                                                                                                                            SHA-512:0B1C47AFEC99D23BCA5AA7C187BCF00DE7231D34D595CC600E6E33AA5BAE93745E9B04313E33494B068BB95F7CCB9F6DA41507652D2DCFFDC29A0DE427BE3248
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.. var browser_code = "";.. var provider = "";.. .... ui.accept_extension = function () {.. var $el = {.. version2_3: $(".version2_3"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContainer: $(".feature__1__label__cont

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2195
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.238575560954958
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UfqM+IFN0I4H0UJ0UY60uR60BFvUIFaSvU49xRstVOFwFLj:UfqMXm5R3F7aSp9O/
                                                                                                                                                                                                                                                                                            MD5:D01ECBCDE38DE69FC802016704CD2478
                                                                                                                                                                                                                                                                                            SHA1:EFBBBE4E521A22098D7D3D90C6BAC8F1B9E5D0BA
                                                                                                                                                                                                                                                                                            SHA-256:00C3BFD394F9F3CDBC8E83C9C4AA8AF736005D68BF06331496136B12ED14EF25
                                                                                                                                                                                                                                                                                            SHA-512:5C03CAE6A7E691AB491E6B038CA60DBFE8BEA608648D430403B20C54F64F2018C59543DFCC4814EF1DEA850785DE8708C206BA54F470D28AB810C291716AD3D6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. cursor: default;.. overflow: hidden;.. margin: 0px;.. padding: 0px;..}....body :focus{.. outline: none;..}....#wa-sstoast {.. font-family: sans-serif;.. border: 1px solid #000000;.. background-color: #ffffff;.. height: 270px;..}....#wa-sstoast-logo {.. padding: 4px 0px 0px 10px;.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-top.gif);.. width: 100%;.. font-size: 17px;..}....#wa-sstoast-header {.. background: url(file:///[WA_FILES]/MFW/packages\\webadvisor\\inst-warningbackground.gif);.. width: 100%;.. padding: 10px;.. font-weight: bold;.. font-size: 16px;.. color: white;..}....#wa-sstoast-adblock-content-subheader {.. padding: 0;..}.....main-content {.. font-size: 12px;.. padding: 10px 10px 0px 10px;.. height: 118px;..}.....main-content table {...height: 108px;...font-size: 12px;..}.....main-content ul {.. padding-left: 13px;.. margin: 15px 0;.. padding-bottom: 10px;.. line-height: 17px;.. font-size: inherit;..}.....main-content

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5845
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.257206108102919
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:AkxeexbUy363kKk+kihHhiKC5h3ugfj2U+1:+q/an1
                                                                                                                                                                                                                                                                                            MD5:A983C9757FA8A501362E3FDFB4EEAAB3
                                                                                                                                                                                                                                                                                            SHA1:78AA46558097B9A39375119DBB2C3F2042CBBE1D
                                                                                                                                                                                                                                                                                            SHA-256:23494DA44E48403FE479A024A1E9EF7DD64FCDFF8ECA5C630987E8697E84F059
                                                                                                                                                                                                                                                                                            SHA-512:011E1173087C6180EC199CEECAFAAB6C9CE3C5CB1C4A131C4198C600DB5C29F5C6C73F6D5AD82ED892DD0C7C097EDB12CDE76C656E4335142EC39C4AF1254BD6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. .. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\custom-checkbox.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-sstoast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\w

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-av-report.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7884
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7126591083785545
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:qkKi/9YE8TRrGQyvEy2oWp2Uop1VacU2/BPZnn41/qQvC:wCR5JBPNYCv
                                                                                                                                                                                                                                                                                            MD5:2300D19D925BCF132421D60E59C2149C
                                                                                                                                                                                                                                                                                            SHA1:AAF7928916704E474C24D8F87E205E91DC197996
                                                                                                                                                                                                                                                                                            SHA-256:ED3DE5BF13921F3E0F41946EDFDD17AD8C379860ACF6D2D9A503BEF27D6A00A4
                                                                                                                                                                                                                                                                                            SHA-512:0E9B8915A84110E12E204898C0120516B66EB73364D911721F88E1543E54021C885FC8EC5F51FE444715D1E95A4E6CB6F2CB669D2B7440E50288AAEB183A7D61
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.. _lrt = wa.Utils.Lang.ResType,.. _l10n = wa.Utils.Lang(wa.Utils.Lang.ResType.UT).get;.. .. ui.AvReport = function () {.. var settingUrlBad = _settings.get("upsell_url_bad_scan", "1");.. var settingUrlDefault = _settings.get("upsell_url", "1");.. var url = (settingUrlBad == '' || settingUrlBad == undefined)? settingUrlDefault : settingUrlBad;.. if(url == '' || url == undefined){.. url = 'https://www.mcafee.com/consumer/en-us/landing-page/direct/aff/WA_MTP_StaySafe.html?affid=1523&ccoe=direct&ccoel2=campaign&csrc=wa&cctype=mtp_test5&ccstype=mini_vulnerability_scan_91277'; .. } .. .. open = function () {.. var data = JSON.parse(_external.getArgument("report_data")); .. showReport(data);.. _window.show();.. },.... showReport = fun

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4537
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.720335976330073
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:+cAFwUkCTaVVPCxEeO0pv1xRsxIE3BXDXjZXGDq:hASUrTafjetptxRIXDXjZXGO
                                                                                                                                                                                                                                                                                            MD5:529154E8B4A35679BF7B49FD627BD9EE
                                                                                                                                                                                                                                                                                            SHA1:A6A731A7D826AB19AB20C4A1828036D4A82F4962
                                                                                                                                                                                                                                                                                            SHA-256:1544ACE0943C70B36C73E3BF98E7F912DF9EA3CA4BE8458528FCE4026FD4C47F
                                                                                                                                                                                                                                                                                            SHA-512:A12518BAC026261FC03A11F380189F39B775185FDE679D99B2CA6A86E160580EEB674EF72CD6B951DF439EBA692C44FCE5A2DDDB020179D1FAC41E2DAA6185DE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Accept Extension UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var telBalloonType = '';.... show = function () {.. chrome.webview.hostObjects.wa_external.log("inside show");.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("inside ready");.. var settings = JSON.parse(await _external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... await _window.show();.... // Send telemetry for dialog balloon showed.. browser_code = await _instrument.getBrowserTypeCode().. var telemetryEvent = new OnboardingBalloon().interaction_type("Impression").browser(browser_code).balloonType(tel

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2708
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.980858893880424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:N45ikP03NTwwiIw0X+Zgleg0q3nwYfwR3AhYeYEfTiNAE1ed1RNA69Glkhe:RdUl3GsKirE0Sd9Wkhe
                                                                                                                                                                                                                                                                                            MD5:9B5E65E23760BE613ECB6168930361B0
                                                                                                                                                                                                                                                                                            SHA1:27BA841C5A44C7564BE9A8508463C3B36F8AD2AD
                                                                                                                                                                                                                                                                                            SHA-256:FA15612596E04A4932980D4850D31E808DF0E21DBFCDA9E056A4CC0E9687D283
                                                                                                                                                                                                                                                                                            SHA-512:54834B2BF1466BB85323BE99226A0481B42273B6388874960CB85FEA1EDB7F867E09ACB0ECAD8599578E565E096F84F980BB376520D71790BC75F23FEBDA577E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Download Warning Toast UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. .... show = function () {.. _window.ready(async function () {.. let domain = await _dw.getDomain();.. let fileName = await _dw.getFileName();.... document.getElementsByClassName("logo")[0].innerHTML = (_wa.getProductLogoHtml("file:///[WA_FILES]/MFW/packages\\builtin\\mcafee-logo.png"));.. //$el.status.append(_l10n("PP_STATE_TEXT"));.. document.getElementsByClassName("body")[0].innerHTML = (.. "<p class='content-header'>" +.. "<img width='20' align='middle' src='file:///[WA_FILES]/MFW/packages\\webadvisor\\warning-icon-toas

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-options.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23757
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8947324393432465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:LravuBFTv2stTHDiF9ymq4pnU5rnXEBF15hZOmvYkydOergIEG:PavuB92qTHDdmRBU5rXEBF1VJy9EIEG
                                                                                                                                                                                                                                                                                            MD5:CCF736E58F9FF952969CBC9C855EEC5F
                                                                                                                                                                                                                                                                                            SHA1:917A1B1567B94036D29B5B3654EE187FA45ACB8E
                                                                                                                                                                                                                                                                                            SHA-256:14713CBCFCA2C2166BEE32117FB825084388C1E1CC2F5B9B00C536CD0E280C5C
                                                                                                                                                                                                                                                                                            SHA-512:8664EC9C42B70D7ED9F8C6E3347E7E0DF708BD9F64A3E3D82082FD620E911012F65EDBDAB2588EF6D75C95CE553902B77C1372FBDC5E0FCA28779C161A6A0C72
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-sstoast-bing.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3213
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.16255334901329
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:84J7WFAUE+tg/eQKS8HJhMfNANKTBd5cgEXQ6c+dTYOYEfNg+cQBcZ1cxuOQAWI:YyDGhp6xz5clQSa7Ezl7QAWI
                                                                                                                                                                                                                                                                                            MD5:887531106CB563F49BCA2D44538965E7
                                                                                                                                                                                                                                                                                            SHA1:C49887CDFDB8BBF1203E3F6F58E2F394BCF1C120
                                                                                                                                                                                                                                                                                            SHA-256:169C1072D7B3F7891196E0743D007CFEB8D8BA3FC7170338881920B3AD7907FB
                                                                                                                                                                                                                                                                                            SHA-512:F71CB055747912AA3E5F24AE8B445A6D64EB833F8DDA1C7A92E8C90AFA92BEA3E67A2018846DB7AF769F6F99E301A6440C601247B6284813C2B803C542E92ED4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window;.... var browserCode = "(unknown)";.... ui.SecureSearchToast = function () {.. .. show = function () {.. _window.ready(async function () {.... _window.setHeight("294");.. let productLogoHtml = "<div class='logo'><img src='file:///[WA_FILES]/mfw\\packages\\builtin\\mcafee-logo.png' align='middle'/>";.. let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.SSTOAST).get;.... document.getElementById("wa-sstoast-logo").innerHTML = productLogoHtml;.. document.getElementById("wa-sstoast-header").innerHTML = lang("SEARCH_TOAST_HEADING");.. document.getElementById("wa-sstoast-content-subheader").innerHTML = lang("SEARCH_TOAST_SUB_HEADING");.. document.getElementById("wa-sstoast-content-caption").innerHTML = lang("SEARCH_TOAST_BODY_TEXT");.. let subfooter = document.get

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-sstoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14386
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.956394882069799
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:bEO/vVN2LiepMLoN07fVLE09/6H6HnHSl:bJ/vOLWL57FE09/E
                                                                                                                                                                                                                                                                                            MD5:8B4FB9167F02E78A74D4CF0524202F19
                                                                                                                                                                                                                                                                                            SHA1:BFFA2DBB3BCE17AD7AFDF5EC8254336F6EB4D770
                                                                                                                                                                                                                                                                                            SHA-256:51569EB3FB9B3EB44727086DEE914A3D897C89FC5C6F6D717C3A5E448BDBAA17
                                                                                                                                                                                                                                                                                            SHA-512:9C63ED727D1C4935764FA02A13023E0796D70952DC7F292F521CF176BEEF085992FABB7667C6963859933E7AC2705E8B2FC3E709736B4444F77D2D447D72C42C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. browserCode = '',.. provider = '',.. metadata = 'render=web_view';.... ui.SecureSearchToast = function () {.. var $el = {.. header: $("#wa-sstoast-header"),.. logo: $("#wa-sstoast-logo"),.. mainContent: $("#wa-sstoast-content"),.. mainAdblockContent: $("#wa-sstoast-adblock-content"),.. mainMavContent: $("#wa-sstoast-mav-content"),.. subHeader: $("#wa-sstoast-content-subheader"),.. subHeaderAdblock: $("#wa-sstoast-adblock-content-subheader"),.. subHeaderMav: $("#wa-sstoast-mav-content-subheader"),.. caption: $("#wa-sstoast-content-caption"),.. captionMav: $("#wa-sstoast-mav-content-caption"),.. label: $("#wa-sstoast-content-label"),.. labelAdblock: $("#wa-sstoast-adblock-content-label"),..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2797
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2437907468207285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3Xxtxc/4363kKk+krhOCe4T+DSSqor5beIwEeIYuAOb:X8ztb1B
                                                                                                                                                                                                                                                                                            MD5:48C805803BF9BFBA0666861496312EE4
                                                                                                                                                                                                                                                                                            SHA1:C9B4C0FE8B2470F3D2D43EB302036C72A35F528D
                                                                                                                                                                                                                                                                                            SHA-256:D9D77D386785B7A9CCF37FA9E2DE40BCD06AB88CB694CE498E97AE0C083B3F1F
                                                                                                                                                                                                                                                                                            SHA-512:05D0A493DD87FE4468259C779A31A2274CAD69CB1A8F541F396CC2F576436712DF5680E05BDFAC256D365ADB532CD16F8D247922CDC4D67175FAAD4713778DAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-upsell-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script t

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15936
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.109504251999366
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+0/Pf4lTvqz3NbDdvSNOsxyVcNvKTvY6TdR/OsxTtwXMT2OpU0g/0/:zPf4lTvECBxyuNvKTvY6TjBxWcTRxj
                                                                                                                                                                                                                                                                                            MD5:C5E8C67CF2548A53BB80370BABD2A9A4
                                                                                                                                                                                                                                                                                            SHA1:1B9D11D0544D22FCF6393721A0A9594F0725E802
                                                                                                                                                                                                                                                                                            SHA-256:6D144EBD075E1487AC6416A0DFF422D7FAC602271D5D51B53F978D2FB8960674
                                                                                                                                                                                                                                                                                            SHA-512:80A1D6B7BD4B4E08E056A198F24AF3F5D8F30A6DFFFA6BB9EC56D7EB17ED05B5D9D5528D9EF1D7DB55C470FD89D30689FBB83ACA23968182E32A9B29D15D1C53
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. case 3:.. return new ui.GtiUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6413520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.444560384990914
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:ZCex3L2w5wQXqY1bvdwN4WOmQ9GAZoCqMZr6IjYvJHEt6QD2yyTjK/HR3cwmq2PT:fYqi7K/xME48v7HHvY9hMqVL
                                                                                                                                                                                                                                                                                            MD5:02B1A23AD3418C300F3DFECCA3EFA4C5
                                                                                                                                                                                                                                                                                            SHA1:784ACC4AB3CDFC17761681BB992D493907FF2A65
                                                                                                                                                                                                                                                                                            SHA-256:2AD0071B73253068C7989E756C3744D15926D330CCB6314E804BF46EAD7C16DD
                                                                                                                                                                                                                                                                                            SHA-512:14892A15121048D9F6431FA665B9AABC48E55CAAC5CBA25DBD3C512470BDAFE051426FD00DAF41053363DF332DE3C390D6E3BBEADD93FCD18E76383D2249C119
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................x...........!..L.!This program cannot be run in DOS mode....$.................................Y..................-......................................3...'.......c.......&.......&.......r..............................,...............,.......w.......w.......w./.....w.......Rich............................PE..d....j1e.........." ......H..........;A.......................................a.....*.b...`A..........................................Y.T.....Y.@....p`.p.....]..G...._.......`.@z...R.p.....................R.(.....M.8.............H.8...H.Y......................text.....H.......H................. ..`.rdata..8Z....H..\....H.............@..@.data........PY......:Y.............@....pdata...G....]..H....\.............@..@.didat..p....P`......R_.............@..._RDATA.......``......T_.............@..@.rsrc...p....p`......V_.............@..@.reloc..@z....`..|...Z_.............@..B........................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticscontextconfig.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2847
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.514384237722885
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:TsOmHLD71uGMX0A7tCOCGcmwo+AauFCGLjMo+hOQnL80kIXzoO9MlBa5E5HPB6R7:rWFTAJC913AauRM3hOB0kIXzr9MlwE50
                                                                                                                                                                                                                                                                                            MD5:3929A3BA59A1580459FDB9B4B0F50EC8
                                                                                                                                                                                                                                                                                            SHA1:BE7A6E0B90A1B2F2A59BDE2C68358B5CE3773BF5
                                                                                                                                                                                                                                                                                            SHA-256:EFEBBAA78ED42EA5ACFF80C20A506412DF6D0A9CC3840720BCE15A231E08E700
                                                                                                                                                                                                                                                                                            SHA-512:63ED1DFC84CB605840A48517C48B01CA8FA54CB88F7E3F1EFB1D629F53E009B6E1F46E9B2D15E14B390927EABD0A204F0C5AC1098F9CFABE9CD90863DC7356A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........0.>3.-.3...3...:...3...:...3...3...:...3...:...:...3...:...3...:...3...3...:...3...:...:...3...3...:...3...:...:...3...:...3...:...3...:...3...3...:...3...:...:. .3.!.3.".:...3.#.:...:.$.3.%.3.&.:...3.'.:...:.(.3.).3.*.:...3.+.:...:.,.:...5./.4./.H....context_config.contexts....user_account_id....key.account_id.setting_name,CloudSDK.cache: GET /account/v1/details.handler.AnalyticsWPSSetting....db_name.vso.handler.WSSSetting.property_name.accnt_id.hash_id.IDENTITY....setting.context_user_account_id.handler.AnalyticsWssWps.product_productkey....key.product_key.setting_name1CloudSDK.cache: GET /subscription/v1/details.handler.AnalyticsWPSSetting....db_name.vso.handler.WSSSetting.property_name.product_key.hash_id.IDENTITY....setting.context_product_productkey.handler.AnalyticsWssWps.product_package_id....key.package_id.setting_name1CloudSDK.cache: GET /subscription/v1/details.handler.AnalyticsWPSSetting....db_name.vso.hash_id.IDENTITY.property_name.package_id.handler.WSSSetting.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswpssetting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1281
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.708701964310632
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:HMnJqaQ63dSl1PmIyE6TNCfzMIZRH3GD/TxlovL953K4J1JTRdDGul:HMnJqapN0eE6TN8ggRHK1+vLPa4J3TRJ
                                                                                                                                                                                                                                                                                            MD5:E11DFC3FAB38D35E34E5F0EF13FA94D0
                                                                                                                                                                                                                                                                                            SHA1:BD70D6527B8B4874891D32BF971EBF0EB8D44EFB
                                                                                                                                                                                                                                                                                            SHA-256:0D68FAEE3B9586C1C9D2614842AF850A911C414C909E03FE869E37761CF7F9FC
                                                                                                                                                                                                                                                                                            SHA-512:2ED1389513A4B0855941E667363EA3ED3CD12C6ECFCF7D71DF50DA8FD96E88AABE126A3AF09781CE47CCDAB2C655EB7D72B45D72B5842FEA4E917D70BB77554F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........P....T...%...H...4.......7.......>.......T...4...7.......7...%...>...%...H...........T.-.4.......>...4...7.......7...%.......$...>...4...7.......'...)...>...4...7.......7...%...>...4.......>...D...4...7.......7.......%...4.......>...$...>...B...N...%...6.......T...6...4...7.......7...%...4.......>...$...>...4.......@...,AnalyticsWPSSetting: value returned is .NO_WPS_KEY. = .pairs,WPSSetting: parse succeeded. Json keys:.decode.json_parser%WPSSetting: wps json setting is .tostring.NO_WPS_SETTING WPSSetting: wps nil setting.info.log.core.get_setting.wps_utils.NO_INPUT_SETTING........H..........."4...7.......7...%...>...+...7...)...+...7.......T...+...7...+...........>...+...7.......T...4...7.......>.......+...7.......>.......H..........format_output.lower.string.lower_case.key.setting_name+AnalyticsWPSSetting get_context_string.info.log.coren.......4...7...........>...1...1...:...1...:...0...H.....get_context_string..format_output..new.ContextHandler.........4...%...>...4...%

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswsswps.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1308
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.555240500179305
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:RCdga9Mnjr4dpenfKAdoCsqXRb7UcVzoFsqXRAKJDMOrDMM1QmJ1HasHOKDWQ:RCdga0r445oeXRJ1oLXRnJDMO3MADJ8c
                                                                                                                                                                                                                                                                                            MD5:55A3F518235EC84983CFE8F1D6313601
                                                                                                                                                                                                                                                                                            SHA1:A97F0ABF1FB1DCD75FE12BCF4180123E14F98C26
                                                                                                                                                                                                                                                                                            SHA-256:814D010212DE3EDD8363E3E0668137DF6835724ECBCDC6F3911900E953F1C294
                                                                                                                                                                                                                                                                                            SHA-512:F152FD38ACFFC1097A6069F3272DCCEF0EDA4D4C01AFA4166E9603AD99A6E9AACAF753A1A1F1C4A781ED493A2776BEB5FFCA2389BCDFC3BFF3DF79CCFF63B6D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........m+...7.......7...%...>...%...4.......7...>.......T.0.+...7.......7...%...>...+...7.......T...+...7...7.......T...4...%...+...7...7...$...>.......T...7...+...+...7...)...>...7...>.......T.=.+...7.......7...%...>...T.6.+...7.......7...%...>...T./.+...7.......7...%...>...+...7.......T...+...7...7.......T...4...%...+...7...7...$...>.......T...7...+...+...7...)...>...7...>.......T...+...7.......7...%...>...T...+...7.......7...%...>...H.........]AnalyticsWssWps: Expecting wss subconfig and wss handler in context config, but got nil.:AnalyticsWssWps: Nil wss context handler encountered..wss*AnalyticsWssWps: WPS is not installed]AnalyticsWssWps: Expecting wps subconfig and wps handler in context config, but got nil.:AnalyticsWssWps: Nil wps context handler encountered..err.get_context_string.new analyticstelemetry.context..require.handler.wps&AnalyticsWssWps: WPS is installed.is_wps_installed.wps_utils.$WssWps: main get_context_string.info.m_loggerR.......4...7...........>...1...:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserinformation.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4159
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.854237386324809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:/LdYNlo4+7L9/FbBD+ZV4vJ2j5DXHyqeIhkgpe:/Lr17LNFbBD+ZV4vwdDXHTqR
                                                                                                                                                                                                                                                                                            MD5:75691F87C5212F0F69A15C15E934E7CD
                                                                                                                                                                                                                                                                                            SHA1:455D775EB3D29AF6F818C0595ED762EC17CC342C
                                                                                                                                                                                                                                                                                            SHA-256:035B7B989B00B7FE7C52E04DCDF36DFEEF63CEA2A6FBE6FAD79CB3C1B8A39757
                                                                                                                                                                                                                                                                                            SHA-512:26C93A299C00BF85C647705C40394D78BF000C5C519F0F4162012132CAFC0558F2CD500DC0FEB95A5D4B043CAF97A67ABB0FCD2F025C90B2B50F4CC683BA5B4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........(4...7.......7...%...>...3...3...:...3...:...3...:...5...4...+...>...D...+...7.......4...6...7...4...6...7...>...4.......7...)...+.......$.......>...B...N...G..........SetOption.settings.value.key.get_browser_version.pairs.reg_info.ed....value.version.key(Software\\Microsoft\\EDGE\\BLBeacon.ff....value.CurrentVersion.key%Software\Mozilla\Mozilla Firefox.ch.......value.pv.keyNSoftware\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96};Inside Browser Information set_browser_version_setting.info.log.core........-4...7.......7...%...>...3...5...4...+...>...D...+...7...4...6...)...>...4.......7...)...+.......$.......>...+...7...4...6...)...>...4.......7...)...+.......$.......>...B...N...G............SetOption.settings"get_supported_browser_version.pairs.browser_ints....ff...ch...ed..CInside Browser Information set_min_max_browser_version_setting.info.log.core........<4...7.......7...%...>...+...>...+...>...3...+...:...4...+...>...D...7.......T...2...9...)...7.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1072
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.8238642342853
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:BEKsrPMp0jMFgeRWv8KD8RY7o7dOfB7ojKR3jb9e3pSWH03/C6Tq:s0paMHR0jD8y85OfB8jO3P2HMq1
                                                                                                                                                                                                                                                                                            MD5:F8D120548CF01226D7A58B9DC00F3A05
                                                                                                                                                                                                                                                                                            SHA1:38F3B4DACD5D619B8568655014FEEE9E71C3A756
                                                                                                                                                                                                                                                                                            SHA-256:8E5CA08FFF5E5E8E8F962666ED22B36465542105FC0CC411801999A5F0EC4F07
                                                                                                                                                                                                                                                                                            SHA-512:03D0AD7D90C256991F81AF90EF3F066265BD516EDD67C76F04623E45A5B5F2046D8BF77A88BC3E1DE2791FDEE8290B3B596533B1D8D6A8288FD63F5189B47349
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........Q2.......T...2...3...;...3...;.......T.......T...2...3...;.......T...2...3...;...3...;...3...;...3...;.......%...4.......>...T...4...7...7...7.......'...7...>.......7...>.......T.......7.......>...........T...4.......T...T...A...N...%.......T...4...7.......%...>.......T.......T...4...7.......7...%.......$...>...4.......@....tostringMCould not determine browser version. Returning default value. Browser = .err.log.%d%.%d.match.string.0.0.verion.QueryValue.IsValid.options.root.Registry.Win32.core.ipairs.....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM.ie....options.....root.HKLM....options.....root.HKLM.ffj.......%...4.......7...........>.......T...4.......>.......H....tostring.GetCurrentBrowserVersion.utility..........4...%...>...2...1...:...1...:...0...H...."get_supported_browser_version..get_browser_version.mfw.core.Win32Helper.require...//61D08F43D1F34751D6F3BF193C7CF7746923D0D2BB87E8974479C0A3F3

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\contexthandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):422
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.255191646880291
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:504LqtAomX8latlQlQUQGmUwhq4Tf9q4Tf9qyHl/QqfTPSAlZtSk2UcS1kPnL5Qo:iUMlgQKht3TPzlbSk2FSuPnLOohSWll
                                                                                                                                                                                                                                                                                            MD5:C142010A93030F1EFCC025653C75BC0A
                                                                                                                                                                                                                                                                                            SHA1:F699468FC565CCA9D074E75785393EBC3415BBE9
                                                                                                                                                                                                                                                                                            SHA-256:CBDE2113190D9A37D4E5D2FF608837DB54E845507AFF4664BEE60907A4B1C6F3
                                                                                                                                                                                                                                                                                            SHA-512:0A9330839462F395A8B6E220A19C2D53CB387FA4DA284D30919F84C4F957E263E92E9A1824FA07F4C33C61D3C4497B07FDF7A023905A710DAF6102F235752F48
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..@.......4...%...>...G...'get_context_string not implemented.error........+...H.............,...G.....x.......2.......:...1...:...1...:...1...:...0...H.....set_context_config..get_context_config..get_context_string.m_logger;.......2...5...4...1...:...4...0...H.....new.ContextHandler...//46D12BD8B5929DEB728E4415170BA1991A2DBCA03AA8A41253813C6E2BD0803E7657D2104238478E01EBE5CAAD82F9D323DFE2563F2D9B8034F251C2CD03E5FA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\externalutilityfunction.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):897
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.586345929562101
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:LTuQyxqRopU5aedVf507iDaXU0XlLFMYQGJ1MBV6MEags:L6ZxyVf5Coj2F3/Jk6A
                                                                                                                                                                                                                                                                                            MD5:B78BED4A2A8C199004BA9629D3141920
                                                                                                                                                                                                                                                                                            SHA1:8F65591D952D621730E044C679DA707929F330C2
                                                                                                                                                                                                                                                                                            SHA-256:0FFCBEC07791E6113E422F81A03935D4B97524DD46F67B33261EB44FE53C73B5
                                                                                                                                                                                                                                                                                            SHA-512:1CA0830C90527C2868DA621694C7A25DDB7ACE98214D6FAF16BBE69BB37BE2EB5B71B06BB7B632B41BBFBB4B7D120329F9DA419192306CECA88B8C092560321D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........>+...7...>.......T...7.......T...7.......T...+...7.......7...%...>...%...H...4...7...).......T...7...6.......T...+...7.......7...%...7...%...$...>...4...7...@...........>.......T.......T...+...7.......7...%...7...%...$...>...4...7...@...4.......@.....7) return invalid result. Returning default value...tostring0) does not exist. Returning default value. External utility function (.utility._G.defaultQInvalid configuration supplied to external utility function context handler..err.m_logger.func.default_no_value.get_context_configR.......4...7...........>...1...:...0...H.....get_context_string.new.ContextHandler.........4...%...>...2...5...4...1...:...4...0...H.....new.ExternalUtilityFunction.analyticstelemetry.context.ContextHandler.require...//92FDF3FFDEB4AFB110E239B54B6B6C06E3A2C353C88C888884CFE640B2AA4A6D9E9344921C1D3C38F952E337FCFC15FEEE12C87E349D1E98413FFD87D2427857++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\featuretrackingfeature.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8106
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5732776873126575
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:V/NSyEtMTnv9O5xDclSiBDbEfFwE+0aH1zatOH+CnaLe1:lNSbMTvgxDgDNmFz+FWe1
                                                                                                                                                                                                                                                                                            MD5:8EB5E0B9919635B10100C3EF85A41682
                                                                                                                                                                                                                                                                                            SHA1:24133CA0B7FF58CC8F65A7CA7D590BD8132846D9
                                                                                                                                                                                                                                                                                            SHA-256:65A8BF5B420E05D9AEBA36B0CF4C635F812C6CA6F6982F138789B0EFDEC1F737
                                                                                                                                                                                                                                                                                            SHA-512:906F223597F6E9461DF0E60D62002025C8CF8DD542F35CB40440008E019681305210FD885C5F2DDF35246DA4D87CE9AB333467ED7DF49925A109E9D28AE3E766
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..V.......+.......,...+...+...6.......T...+...+...6...+...+...+...6...6...F...G..........d.......2...4...+...>...D...........9...B...N...4...7.......>...'...1...0...H.......sort.table.pairs.........P%...+...>...T.I.%...'.......'...I.>.6...7...6...7...6...7.......T.......T.......T...4.......7...4...4.......7...........%...>...=...4.......>...=.......T.......%...$...T.......%...$...T...6...7.......T...+...7.......7...%.......%...$...>...T...+...7.......7...%.......%...$...>...K...........%.......%...$...A...N...H........=2) was detected when processing FTF dimension..Invalid information for (.err%) when processing FTF dimension.'Skipping version information for (.info.m_logger.version.0.1.GetOption.settings.tostring.IsMatch.regex_helper.enablementCriterion.enablementSetting.scope..,.........4...7...........>...4...7...1...1...:...0...H.....get_context_string..FTF_Registry.FeatureTrackingFeature.new.ContextHandlerj.......+...7...6.......T...'.......'...I...6...7.......T...6...7...H...K

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\hashedmachineid.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):896
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.731768822796376
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:waNW9zZWTAfCnzkRFtWCkyYFLlyfyGJ1E89euI:wK4zZmnSnM6JyAev
                                                                                                                                                                                                                                                                                            MD5:88139CC385591F24536598CEED7AE95E
                                                                                                                                                                                                                                                                                            SHA1:0B1B91E30DCBEA2E84CE61A1E6440D1174F660F7
                                                                                                                                                                                                                                                                                            SHA-256:3E3A5D1D3D0571E6191AAF42AC4BFB50D3E1933FCB347AC3F37E59048B0FBDB3
                                                                                                                                                                                                                                                                                            SHA-512:52758563D4C6532E128230E0A26CD671E6C830872EC6F3B2F4966ABF4EAAC82D6CB93EA57C4F863ECEC22A4D06C9D1F2E18C400DAFB02519A2B8C7FF730FB42B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........R4...7...7...%...%...'...(...>...%.......7...>.......T...4.......7...%...>...=...........T...%...%...4.......7.......>...........T...+...4...7.......'...'...>...4...7.......'...'...>...4...7.......'...'...>...4...7.......'...'...>...4...7.......'...'. .>...%.......%.......%.......%.......%.......%...$...4...7.......>.......H......upper.}.-.{.sub.string.MD5Hash.utility.MachineGuid.QueryValue.tostring.IsValid.$Software\Microsoft\Cryptography.HKLM.Registry.Win32.core...w.......4...7...........>...%...1...:...0...H.....get_context_string%d41d8cd98f00b204e9800998ecf8427e.new.ContextHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.HashedMachineID.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//128B5C1E1C2FB5527ADD2A085148E40FBFB7CC9180CEDFD5678482CE5FD2B2844C1AFCD5992201FF19D37911504B5C8ABBA1B4F8DFF95B51B6064587D083334E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\samrecoverable.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):847
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.745126211992888
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:pUEYQTxkwMDwaLvpV53SqMKQXJ15twhVkbO:p7YQEwaLvpX3DX0JjtNq
                                                                                                                                                                                                                                                                                            MD5:82047E49417067DFDC8B11C1658324E2
                                                                                                                                                                                                                                                                                            SHA1:BE45CB9A63581901945D083EC19DE11337C8DF17
                                                                                                                                                                                                                                                                                            SHA-256:BF0D0644D63C63C3F74CF906738EDFBB2E40EB3F527FFA61FC605EA1BD62EF24
                                                                                                                                                                                                                                                                                            SHA-512:116E002DD07B3797B54034092DC235FE70A7C2B8547DD5A4F9F59EEA106EBF4CA114C0A9DFAD878A0E880E65717ECA105D0F3421F9FDD85A491A2C8CBFE2DB21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........;'...4.......7...)...%...)...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...)...>.......T.......T.......T.......T.......T.......T...'...4.......@....tostring.oem_recovery_v2_disabled0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WA_INSTALL3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL4*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_ACTIVATION0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_EXPIRY.*ShowSearchSettings.GetOption.settings.R.......4...7...........>...1...:...0...H.....get_context_string.new.ContextHandlery.......4...%...>...2...5...4...1...:...4...0...H.....new.SAMRecoverable.analyticstelemetry.context.ContextHandler.require...//03B06278A0DC3CB554BCDA368A77E1893A03E5CB026754E1FE9AB8431D46145A7BD2C703716D1BFB144D1DD04E050A29972199E4328E80BA194129438F17B71D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\sequencenumber.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):520
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.502102281106645
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:jRbkhToUoP9icHJXOefcM5oDGlbLnrWjJWJJKMhoxt6InNn:jRIhcU+9icp+ekMKQrWjJ1M66InN
                                                                                                                                                                                                                                                                                            MD5:D8189D2E48B289AEEE5AD9E3AE3BAF04
                                                                                                                                                                                                                                                                                            SHA1:553BDFCCB4A0FCF79DCBC54AB82487179BD34DB8
                                                                                                                                                                                                                                                                                            SHA-256:499B04C97B396E3770B794B75CDC0155F3DAF1F8C7E3E6084B74D5E166BB44AD
                                                                                                                                                                                                                                                                                            SHA-512:DBA4885A1EDE60E74C25BCD37FC0BAEDC2A05B75C94843BDF8E8CDDA40DC9737B8FC2BD8715C75F215EB2F749F74C4B15088F8F07739245AEAC4ABB04ADDDE0E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7...)...%...)...>.......T...%...H...4.......7...)...%...'...>...4.......@....tostring context_product_sequence_id.0.*AnalyticsSequencingOn.GetOption.settings.R.......4...7...........>...1...:...0...H.....get_context_string.new.ContextHandlery.......4...%...>...2...5...4...1...:...4...0...H.....new.SequenceNumber.analyticstelemetry.context.ContextHandler.require...//60446B936C77AAE13B489B605C877AB7957ACBEEEDA642F83E918AC287261FBEF70BBE7AF9F0D76C6F95C0CEC0B34C8A24D793A613F2F8D318F8F2E2E31ED2E2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionexpirydate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):594
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.635624057174678
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Mnl+qrqWSpHtDmkkkkkaTzobM5PstGlbLPRIJ+KoHtTrngEgdVlid:MVrsYkkkkkNbM+tQ+J1oNTrngEgm
                                                                                                                                                                                                                                                                                            MD5:1179A7CFC7BBDB8E10CF4AC1BDA1652F
                                                                                                                                                                                                                                                                                            SHA1:F3D30659D7527E6AC39BB87DDB8F145607E0B623
                                                                                                                                                                                                                                                                                            SHA-256:5B2D9BD8FE945D21C2406E50F485769579259F0157043D47634F804DB0A89C78
                                                                                                                                                                                                                                                                                            SHA-512:440A2E4A3690CF0357289CBD2DA00D53F0C7DF099985D62D70399863EE6AECCF434FD85584C412D2CE25FD337BB4D2188F93902F499721A50F08B3020282BF69
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........&+...7.......7...%.......$...>.......4...7.......%...>.......T...4...7.......'...'...>...%...4...7.......'...'...>...%...4...7.......'...'...>...$...H......-.sub.^(%d%d%d%d%d%d%d%d).find.string+SubscriptionExpiryDate: input date is .info.m_loggerI.......4...7...........>...1...:...0...H.....format_output.new.WSSSetting}.......4...%...>...2...5...4...1...:...4...0...H.....new.SubscriptionExpiryDate*analyticstelemetry.context.WSSSetting.require...//7C1A4993611911C76FC38C941E872939462F74AE99C2CDA140995E56E6C633B57EEC4B64F72B711DDD9A088ECEEB9F3EA529E799F1A5740BA7928288BC3F36FA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionstatus.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1088
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.515446395224515
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:bwEX9j1RXQmU3PZ4o2gq8FlKCzO3F2yfpzJJvUJ1mocdHhvHkMxQ:3JQvhq87KCzE2eFJ8JQocdHNHkMe
                                                                                                                                                                                                                                                                                            MD5:A294AEFA1BFEE73A32D2BE178B7D32AD
                                                                                                                                                                                                                                                                                            SHA1:3CD7D0F251917803ED4DF9094C2B6CE9864729BF
                                                                                                                                                                                                                                                                                            SHA-256:B2D9D41B2FCB9B3CD1ABAE059C3427BAEE7E58CD015E62F02E5D357AA8B31967
                                                                                                                                                                                                                                                                                            SHA-512:A954C908274A6668C77638B19A67862FC420B3B39A3B49B16731BF0C9798C3B6D7A00269E732354E4B7E03DBAF527FDFD1353AD3D8E171BC4A4E91D3A17BD1A0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........J'.......T.......T...4...7.......>.......T...4...7.......%...>.......T...'...H...4...4...7.......'...'...>...=...'.......T...'...H...4...4...7.......'...'...>...=...'.......T...'.......T...'...H...4...4...7.......'...'...>...=...'.......T...'.......T...'...H...4...7...3...:...:...:...>.......H....day.month.year....hour...time.os.sub.tonumber.%d+.match.len.string..4.......4...7...4...7...%...>...?....!*t.date.time.os.........+...7...%...%...>.......T.......T.......T...H...+.......>...'.......T...%...H...+...>...%.......T...%...T...%...H..........expired.active..INVALID_DATE.UNSPECIFIED.NO_APP.NO_SUITE.settings.vso.get_sub_db_setting{.......4...7...........>...4...7...........>...1...1...1...:...0...H.....get_context_string...WSSSetting.new.ContextHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.SubscriptionStatus*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//F03A153A558288A54B09A7B37406E04FA169C0D71A

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptiontype.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):538
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.531883646664102
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7KTIOnEKXZQ43i1g039R5gflvJJvUJWJJKxa2YDJUBirnDr1s:7Kk01tWyfJJJvUJ1xu1ZO
                                                                                                                                                                                                                                                                                            MD5:CC975420BD8F1CD4CBAA58D0AFABD19C
                                                                                                                                                                                                                                                                                            SHA1:E1405DBC6E5525898CD1AEA23BE79BB2233AB9B7
                                                                                                                                                                                                                                                                                            SHA-256:94A093D55904944B869A077872E4564F1F934083AD33E0B425904EDE78CC5991
                                                                                                                                                                                                                                                                                            SHA-512:A143245E70E4BCA2509D53A6347C024DA4F8F7693BEDAA57E35863E54EAEB42DAC61477D0CA9D0382F6B0FDA3D378B1F979619E45A34A69C3F0045457F359F9D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..l.......+...7...%...%...>...%.......T...%...T.......T...%...H......paid.0.1.free.trial.vso.get_sub_db_settingq.......4...7...........>...4...7...........>...1...:...0...H.....get_context_string.WSSSetting.new.ContextHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.SubscriptionType*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//C65E5DC45BBB9CAA051D26D33E25699CB515CF45654AE2474E29B807951A48F0D7F17EB04C72527B11F2A6B03E08801D940D97E73F77EE235AF4219BFDF99BDC++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\suitestatus.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):857
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.62046062931636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:9IvnI+FDmvqaV9q8ReFYfaHSSTXyfuvn6pxgXvt/tM5oyKOzmik239R5gflXQxLc:myyWXSPyfuugXl/tMCys2yfuxAGJ1SB
                                                                                                                                                                                                                                                                                            MD5:1388EE6027B50978501E7D39968420E4
                                                                                                                                                                                                                                                                                            SHA1:6A96C697BA42488E76256A609D57F7EA54D082B8
                                                                                                                                                                                                                                                                                            SHA-256:3E5BE7E22ACEA7613CEF6AF18E6024EAEC6726762BD60001312630E6BB728389
                                                                                                                                                                                                                                                                                            SHA-512:A86960CBA8281C036EB3B66ABB729CB66CB40F53C447E14BDA2DA59CFD630E5053736C657BA01ABC8DF367273810523254D73AB20F42936453332E94E63C9D20
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........&'...4...7...7...%...%...'...(...>.......7...>.......T.......4.......7...)...%...)...>.......T.......4.......7...)...%...)...>.......T.......4.......@....tostring.*Freemium.*Orphaned.GetOption.settings.IsValid5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core......Y.......+...7...>...4.......>...........T...)...H...)...H......tonumber.get_suite_status..&.......+...7...@......get_suite_status.........4...7...........>...1...:...1...:...1...:...0...H.....get_context_string..is_suite_installed..get_suite_status.new.ContextHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.SuiteStatus.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//E61CD0B63979890E2D5212C7DC4834E138030937DA4FE2E70892A0D5E47A064DA49DB8AFE48316DFD52EB270D7F1530FF6DD5355B5C068B9539405BA176F5677++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionexpirydate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):472
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.60004845040712
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:IOPm3KkBM5PsvcRu30GlbLMrJ0NRu3pK1SKkCwzW:DPRkBM+Z30Q+J0NRu3kbizW
                                                                                                                                                                                                                                                                                            MD5:601ACBF5C5A7991CDE5EDEEF05BCF0BB
                                                                                                                                                                                                                                                                                            SHA1:B6B1981A587C755AE96A5893F5A6E1D66D106633
                                                                                                                                                                                                                                                                                            SHA-256:5EDFEC8524F90FCC6A4A12C6312FB0E75660B414B4A361FD8DFF7D7684EF452E
                                                                                                                                                                                                                                                                                            SHA-512:25046F3BDBCC135D0667089BEC1542B9CC6888DDA4EFB7627B5276D224DE0989DEE252A412A038FD076C681407178205C4BE6215250B5F724666078F876DA54F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..m.......4...7.......%...>.......T...4...7.......'...'...>.......H....sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.stringR.......4...7...........>...1...:...0...H.....format_output.new.AnalyticsWPSSetting.........4...%...>...2...5...4...1...:...4...0...H.....new.WPSSubscriptionExpiryDate3analyticstelemetry.context.AnalyticsWPSSetting.require...//144C502691AFBF8B4ACA0A00BD6395CEF86744E2D59E65237134A4826AF49A1826E5CB972FA27BFD090A405AC9F3FDCCAB163D6BA4C3127EBF50E2B91E47CC7E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionstatus.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):498
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.590424669892403
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:+lc9gmEtW+NG9kM5PsvcRu34GlbLb1J0NRu3pKeffpnnsEkcbKATO:+e9KtW+UaM+Z34Qb1J0NRu3keXJnXhO
                                                                                                                                                                                                                                                                                            MD5:98D28F7C9EC12B6F0F6BCF2916AE84F3
                                                                                                                                                                                                                                                                                            SHA1:F9E2A7B14A5DFCB9AC9CD48C9D0818244D233D6E
                                                                                                                                                                                                                                                                                            SHA-256:0BE328D97C1ECAC0F5F6F8380F80287C7DB7CB11A09511DD3347986E4CB3A970
                                                                                                                                                                                                                                                                                            SHA-512:3BD66A50CD7122A1CBEB722E4F5DDFA91D35D417725ABEA512AF432A9CD4C77FE17B3667D54C1A70481517359E86143C54425D537C1C995868C091481A7D5109
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...............T.......T...%...H...T.......T.......T...%...H...T...H...G....expired.Paid-Expired.Trial-Expired.active.Paid-Active.Trial-ActiveR.......4...7...........>...1...:...0...H.....format_output.new.AnalyticsWPSSetting.........4...%...>...2...5...4...1...:...4...0...H.....new.WPSSubscriptionStatus3analyticstelemetry.context.AnalyticsWPSSetting.require...//CF5F50DB9D65EBC53550C157DF2280054C09B3D5F80ADA39C20CB76F6D9B25046D6BC810A5CED6C8EE4587A3DC687BAFB94AC40516C3129FD4C753C64CFF7143++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):492
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.587751249830657
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ilc9C29IQ7WRi9G9kM5PsvcRu3uGlbLSYJJJ0NRu3pK4lnFYGRbi:ie9Cd+OikaM+Z3uQSWJJ0NRu3k4jvRbi
                                                                                                                                                                                                                                                                                            MD5:DB37331D67F33A6B4A38C0FFA5DB4131
                                                                                                                                                                                                                                                                                            SHA1:20CFEEEF3E6A3BC0562753975813B3065D26626C
                                                                                                                                                                                                                                                                                            SHA-256:415F7C067CCD1B831C90FB524E70B9BEEBB7C0DC913E427018A47D610F24BFD1
                                                                                                                                                                                                                                                                                            SHA-512:EE535E98409E48F6F8C3A98520762E13FF7724FEC1C59A218EC5FD06E7ACF4DB3991F620DCDE4A4531073E703ED1CE34A1251771E1ACC5BA5BBDBCFF9F98E7CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...............T.......T...%...H...T.......T.......T...%...H...T...H...G....paid.Paid-Expired.Paid-Active.trial.Trial-Expired.Trial-ActiveR.......4...7...........>...1...:...0...H.....format_output.new.AnalyticsWPSSetting.........4...%...>...2...5...4...1...:...4...0...H.....new.WPSSubscriptionType3analyticstelemetry.context.AnalyticsWPSSetting.require...//579D13043596F7DCECEBD1692AC5A38C84B7B85726B3347C5CFB13ABE308DC432429F64D463B27CE51421E34A328FF5D8495721AC59008308E31B387E36679C8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wsssetting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1244
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.806046090193304
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:DJHrK4xBwRf8FlNXqzngq4oxlOHbhNYSOaQrmAENhRxMCyjBmwkQAJmJnWgO:DJLlxBCU7ZuglqY7sSHAElxyBmwk3J+k
                                                                                                                                                                                                                                                                                            MD5:790512EA3BA0ADB3D44EF3D93869ED8A
                                                                                                                                                                                                                                                                                            SHA1:A5656777C957A50C6EED2656BA6BD47D773EEBC9
                                                                                                                                                                                                                                                                                            SHA-256:AEA1F1721A86433348627B9781849FCD35B0EEB09D29EE9330C096F0B01F8AFE
                                                                                                                                                                                                                                                                                            SHA-512:D97434063A12D970623BFD9A5DBC04A53E3C99F27E7A2F30EFFFE97AA86B88E19E370D634C2E7237C8347DAF105A497F642D7B12C46860F2F02C19F90B38BB21
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........H...........=%...+...7...>.......T...7.......T...7.......T...+...7.......7...%...>...H...+...7...7...7...>.......T.......T.......T.......T...7.......T...7.......T...4.......7.......>...........T...+...7.......7...%...>.......+...7.......>.......4.......@......tostring.format_output?MD5 function incorrectly hashed data. Using default value..MD5Hash.utility.MD5.hash_id.UNSPECIFIED.NO_APP.NO_SUITE.get_sub_db_setting>Invalid configuration for the WSSSetting context handler..err.m_logger.property_name.db_name.get_context_config.UNKNOWN........(%...+...7...>.......T...%...H...4...7...7...%...%...'...(...>.......7...>.......T...%...H...4.......7...........>.......T.......T...%...T...4.......>.......H......tostring.UNSPECIFIED.GetProperty.subdb.NO_APP.IsValid#SOFTWARE\McAfee\MSC\SubManager.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed.............4...7...........>...1...:...1...:...1...:...0...H.....get_sub_db_setting..get_context_string..format_output.new.SuiteStatusr.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wssversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):644
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.663122685050077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:euuPgonhXPZqFRPYXxFvO3M5+QT39R5gflfA01JzKnFYi+aWhP:euuPgohRqzPQxFIMTTyff1JmFYi3e
                                                                                                                                                                                                                                                                                            MD5:82010E13851109F7738A006401B9827F
                                                                                                                                                                                                                                                                                            SHA1:5B2156E2C7ACDFB69653CD29B5708F42561D167F
                                                                                                                                                                                                                                                                                            SHA-256:B194056B2C0F949B97C8DFE06F20C757E07AEA144E8102FD0CD66808F8E526B3
                                                                                                                                                                                                                                                                                            SHA-512:B3497B66E0C82C6D56E8C1266244D7FCD28BED65092F0254170D484966CEFB1A8DA13C7B1C352968B97118C9677F5E63AE003888650A319C4567EF8437E09D55
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........#+...7...>.......T...%...H...4...7...7...%...%...'...(...>.......7...>.......T...%...H.......7...%...>.......T.......T...%...H...4.......@......tostring..ReleaseName.QueryValue.no_ver.IsValid.SOFTWARE\McAfee\MSC.HKLM.Registry.Win32.core.no_suite.is_suite_installed...O.......4...7...........>...1...:...0...H.....get_context_string.new.SuiteStatus.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.WSSVersion.mfw.core.Win32Helper+analyticstelemetry.context.SuiteStatus.require...//2FC2956DAC191BCC015C27823A356449ED234E197FDE489B4ADEA1C6066010B6AFB7C6C48B8EE18B31D9C7D23D749FECD758F5055CA13F792119EA04F2F40435++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2311
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.599391872787595
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:dqAt8sOzFU/BQJwyXJ/kRthJviCgscly3AZEhV6RhiJAOtXiBXjM:Ft8FqQtXdkRhngscw3FV6RhyAOtXiBXw
                                                                                                                                                                                                                                                                                            MD5:56E0B81B5C1012E663524B6842239CAC
                                                                                                                                                                                                                                                                                            SHA1:63D93D14753E129793FDCD9847D4C67F9FE4F5FA
                                                                                                                                                                                                                                                                                            SHA-256:4FD01B16C17A91A7BA2430D8401178B7BD68EED01184B16174D5C02D93CF82E5
                                                                                                                                                                                                                                                                                            SHA-512:091E2F3B3EA112DC240C1201FFFB9250A64A30397433C73024771E24D41EFCD9E619CA7C1AED961BA87CB6BD2D147A805F43D862B7354587EFC33D7719853F03
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........%...4.......7...)...%...%...>...........7...%...%...>.......4...7.......%...>...T.......T...)...H...A...N...)...H....([^,]+).gmatch.string.%s+.gsub.analytics_deny_list.GetOption.settings.........M4...7.......7...%...>...4...%...>...4...7.......7...%...>...4...7...>...D.7.+...7.......7...%.......$...>.......T.%.7.......T.".7.......T...4...%...7...$...>.......T...7...+...7.......>...7...>...4.......7...)...7.......>...T...+...7.......7...%...7...$...>...T...+...7.......7...%.......$...>...B...N...G.....4Invalid configuration supplied for the context #Nil handler found for handler .err.SetOption.settings.get_context_string.new analyticstelemetry.context..setting.handler.Processing context .m_logger.contexts.pairsgIn AnalyticsEventHandler's process_context_attributes before for .. pairs(context_config.contexts)6analyticstelemetry.context.analyticscontextconfig.require:In AnalyticsEventHandler's process_context_attributes.info.log.core........+...H.............,...G...........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventsconfig.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6421
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.486076446397746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:wRFnBRzIk1BErj+w0qw92kCtczF1hEqM7MztF5CFJFDV:6dBqCuP9VyzFgqGcgFHZ
                                                                                                                                                                                                                                                                                            MD5:72E2885D357F853CD2A7A7A0D041907B
                                                                                                                                                                                                                                                                                            SHA1:CB70E98AC769BBAD8894B07842429B56B928243A
                                                                                                                                                                                                                                                                                            SHA-256:BDE237747E668E0D5803B58682E766BCE2CB6A0B7E407CE079D344050F718B68
                                                                                                                                                                                                                                                                                            SHA-512:8732F19B4227E19B03BD0EFF5D53CD8169EC0054F90052439F309715A45CD8BA5914286F8B7B192C0341319979980B2E002FF209EDCB0593A2D3F0EB48082CBA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...1.........3...3...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...3...:...2...3. .;...:.!.:.".3.#.3.$.:...2...3.%.;...3.&.;...3.'.;...:.!.:.(.3.).3.*.:...2...3.+.;...:.!.:.,.3.-.:...3./.:.0.3.1.:.2.3.3.:.4.3.5.:.6.3.7.3.8.:...2...3.9.;...3.:.;...3.;.;...:.!.:.<.3.=.:.>.3.?.:.@.3.A.3.B.:...2...3.C.;...3.D.;...3.E.;...3.F.;...:.!.:.G.3.H.3.I.:...2...3.J.;...3.K.;...3.L.;...:.!.:.M.3.N.3.O.:...:.P.3.Q.3.R.:...2...3.S.;...:.!.:.T.3.U.:.V.3.W.:.X.3.Y.:.Z.3.[.:.\.3.].:.^.3._.3.`.:...2...3.a.;...:.!.:.b.3.c.3.d.:...2...3.e.;...:.!.:.f.3.g.:.h.3.i.:.j.3.k.:.l.3.m.3.n.:.o.2...3.p.;...:.q.:.r.3.s.3.t.:.o.2...3.u.;...3.v.;...3.w.;...3.x.;...3.y.;...3.z.;...3.{.;...3.|.;...3.}.;...3.~.;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...3...;...:.q.:...3...3...:.o.2...3...2...3...;...3...;...:...;...:.q.:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):439
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.454995550876983
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:17jDBid/FPpPjGlbLpCCDiEiMJsYJJKxZeGhxbap:1/DBid9P9QpHDiEvJsPxc
                                                                                                                                                                                                                                                                                            MD5:6915CB341073FB0333B92D25DC20FF1E
                                                                                                                                                                                                                                                                                            SHA1:B829C7FEB95CFE4525BB20B04D4216A6CD972B1A
                                                                                                                                                                                                                                                                                            SHA-256:7684D6B5DB9E5D043139535868D0A550A2C342AE512764BD656B39A7C8CA00B0
                                                                                                                                                                                                                                                                                            SHA-512:DFEE051B61F4B56F75730DB1EDE516674F06628D3CB3203A63788123D2564424E32D9E4F87AC45D64B60EA5D60B82C3F9D2176E64198AC0B45BBC9B7BB5B0723
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..>.......4...%...@...)handle_on_navigation not implemented.error_.......4...7...............>...1...:...0...H.....handle_on_navigation.new.AnalyticsEventHandler.........4...%...>...2...5...4...1...:...4...0...H.....new.AnalyticsHandleOnNavigate4analyticstelemetry.events.AnalyticsEventHandler.require...//C6033701521C03C6B8C2A236F0B78D1612421EC6338A8082244B659E34CCA10E19B248E67DA4D96B5AD4E90671B0479AF5DB0C749D938DA04CE3CCB48E87B4B0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticstelemetryhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2050
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.655013472159574
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:bGqjTnzJ8UtVtiHJG0JbXS9mf+ZS9oFGtQt6MEKQVkJLr+b:XjB8ebipfRiYd+QFBk1Kb
                                                                                                                                                                                                                                                                                            MD5:263807144F7F9D4114A1531C4B7B1E29
                                                                                                                                                                                                                                                                                            SHA1:6699E2B97795AAF40582D8F22A51909436E0CF0A
                                                                                                                                                                                                                                                                                            SHA-256:03CB349E795910A01F61D339F562D18DA3428C955BFB0E3B21835745DBADE849
                                                                                                                                                                                                                                                                                            SHA-512:547E2C2CAE7EAF90A418F32F7BBE81C16966F043FD014D9A5E1BF7BCD10E20720ABC87A178B4B1576FCC0C1FD4CDF65B6FEB00EFDDE99A8AB45306D16DDF1B11
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........64...7...6.......T...6...H.......7...%...>.......T.......7...%...>.......T...%.......$...4.......7.......%...>.......T.......T...)...9...H...4...7...'...>...%...4.......>...$...4.......7...'...7...7.......>...)...H....currentline.short_src.Log.utility.tostring%Failed to load package. Error: .getinfo.debug..include.external.mfw..^core%..^mfw%..find.loaded.package......!...4...7.......7...%...>...4...7.......T...4.......T...4.......T...4...7...'...>...%...4.......7...'...7...7.......>...'...H.......T.......T...4...7.......7...%...>...'...H...4...7.......7...%.......$...>...4...7.......'...)...>.......T...4...7.......7...%.......%.......$...>...'...H.......T...7.......T...4...7.......7...%...>...'...H...4...7...7...6.......T...4...7.......7...%...7...$...>...'...H...7.......T...4...7.......7...%...7...$...>...'...H...4...%...7...$...>.......T...4...7.......7...%...7...%...7...$...>...'...H...7...4...7...........>...7...>.......T...4...7.......7...%. .7...$...>...'...H...'...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\blockpage.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2086
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7237748509717274
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KeirvSzqyINuERXTDdL5wFip2GdQj14j6Q9RRRhQ00MuhXuS5g+i5BkJ0+KJyDo:zyvSzyDdL56LGSjWb9RRRC0ns3diA031
                                                                                                                                                                                                                                                                                            MD5:F679FFD2B6FD34F3D42BB7A3D9FDFD9D
                                                                                                                                                                                                                                                                                            SHA1:F473F2069C6E130189DBFF014380B24493B256D8
                                                                                                                                                                                                                                                                                            SHA-256:721B218BEA71AAE61361D0DC28E05A8DA69FBF84236C1CD5F5B305BF92A4DC17
                                                                                                                                                                                                                                                                                            SHA-512:5FF19792B1E93B2D4A2818F4198C364F6FFFBE306A9561380D6219FB9E509AB1BFF6B973EA447B5BCB7306686989A73531722322B45894043523D404BA60A2CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7...)...%...'...>.......4.......7...)...%.......@....SetOptionInt"*AnalyticsCounterPagesBlocked.GetOption.settings.........%)...4.......7...)...%...)...>...........T...)...H...7.......T...7.......T...4.......7...%...@...T...7.......T...4.......7...%...@...T...)...H...G....msad.ads.blocked.Frame.msad.sites.blocked.PublishMessage.wssEventSender.Top.level.Typosquatting._event_name.*AnalyticsSendWss.GetOption.settings......).|+...7...>.......T...+...7.......7...%...>...)...H...7.......T...+...>.......T...+...7.......7...%...>...+...+...>.......T...+...7.......7...%...>...7.......T.(.%...:...7.......T...%...:...7.......T...%...:...7.......T...%...:...7.......T...%...:...T...%...:...7.......T...%...:...T...7.......T...%...:...T...%...:...T...%...:...%...:...7.......T...%...:...T...%...:...3...7...:...7...:...7...:...7...:. .7...:...7.......T...7...:.!.7...:.".7...:.#.7.%.....T...%.&.:.$.+...7.'.....>...+...7.(.@............transmit_analytics_event.set_analytics_event.de

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\browsernavigate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2017
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.603431850176971
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:NJheQtT4vddnM2HJdULzkDeNnru5Xt9HiKf/BeAJ3GTbJe:NTeQh4vI2HALzkDSq9C0A03sb0
                                                                                                                                                                                                                                                                                            MD5:70EC6BB5DAD57C3E0296EA8569465FFD
                                                                                                                                                                                                                                                                                            SHA1:4FB213DA0F6ADD082756EC758EA6EC8C7E554ABA
                                                                                                                                                                                                                                                                                            SHA-256:0C366DB8980FEB5851D8E7A9EFD9F2A189E223EF182AC64D046EF4827DD2FBED
                                                                                                                                                                                                                                                                                            SHA-512:AE9C73D252E5216482C11D7F0636FA40E9CE2488A3547CF104799E723754C7740EED9D1379A0F5BFF560CFB4C539F73A8C67D523DE0CBFAEBCFE297F8B5432DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........*4...7.......7...%...>...+...7...>.......T...+...7.......7...%.......%...7...$...>...)...H...7...+...7...........>...7...>.......T...+...7.......7...%.......$...>...H.....'Failed to handle analytics event: .handle_on_navigation.new.handler. Handler: BBrowser Navigate handler does not exist for analytics event: .err.m_logger.get_analytics_eventIIn Analytics BrowserNavigate Handler's process_registration function.info.log.core........04...7.......7...%...>...4.......T...+...7.......T...+...7.......7...%...>...G...4...4...7...>...D...)...7.......T...4...%...7...$...>...........T...7.......T...+...3...:...:...9...B...N...G........config....handle_on_navigation.analyticstelemetry.events..require.handler.events.pairseA global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.g_analytics_configSIn Analytics BrowserNavigate Handler's build_navigation_registrations function.info.log.core.........4.......7...)...%...'...>.......4...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\commonlogicloader.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1419
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.817255116338556
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:BJkJ1pQBwRdS0ZSFtGT7QwAmwk6mT/eB+kJRiuWeTSKUZSFgbM6A3sU5WRPe02H:MpawRdS0ZSTGTUwTwkrTGB+2CKUZSmY7
                                                                                                                                                                                                                                                                                            MD5:64B0BB4595A3177810B46ED539FE53C3
                                                                                                                                                                                                                                                                                            SHA1:7D49EA2A3B1C203FD5EF944173B3F675C9CACF09
                                                                                                                                                                                                                                                                                            SHA-256:BE9310AC36349CAAB9F380422101F873AD66B760D3103B5D2EC149FDAD44EF07
                                                                                                                                                                                                                                                                                            SHA-512:B430AE4746B5708E74E3E2A2B9EF1176F1330B0F27B0D9DFCF67EA7CD15C1B8FA0F95B80DFC8BFC33DDC4DD00F58CD57802A1C550667BC7AB58C116C1D15602A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...6.......T...6...H.......T...)...4.......7...............>.......T.......T...)...9...H...4.......'...>...G....error.include.external.loaded.package.........4...7.......7...%...>...3...%...4.......>...T...4...4...........>...A...N...G....requireFromLogic.pcall.ipairs.\logic\.....MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.type_tag_utils=Inside Analytics's CommonLogicLoader's requireLogicFiles.info.log.core........]4...7.......7...%...>...%...4.......7...>.......$...4...7...%...'...>...4...7...%...>...4...7...7.......%...$.......>...7.......T.5.4...7...8...7...>...'.......T.-.Q.+.....7...%...%...>...4...7.......7...%...........$...>...4...4...........>.......T...4...7.......7.......>...4...7...7...........>...........T...4...7...8...7...>.......T...T...4...7.......7...%...>...G....loadSSProvidersCode end.FindNextFile.err.requireFromLogic.pcall.Loading script: ...luc.gsub.cFileName.string.handle.*.luc.FindFirstFile.Win32.WIN32_FIND_DATA[1].n

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailycounters.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2602
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.86343317228234
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3WDj/EJhJ2TqHsZHNJeB50RmWnhFDm1rpy5t7CjXyOI0B2gzZ9IBlJEDQJkgSDt:3E/eh4TqH4zeMRmWhlmppKCjiVgsEEuT
                                                                                                                                                                                                                                                                                            MD5:183E6EF0F1342B3A1FEA5A1D12C3F370
                                                                                                                                                                                                                                                                                            SHA1:8F0E7D4BE660B30D430F5271D67424015B0B403C
                                                                                                                                                                                                                                                                                            SHA-256:E81746A89C87B11BA0C31E51E93C9C32A72029F15F75A46524329A7A7A71721F
                                                                                                                                                                                                                                                                                            SHA-512:0959FB22BDEBC32B9EC2F46E6161A8D3AEF3C6606F83BE8CEFBD1A156A40DEF2C61AA3125A9188154C190EB79F0FE75CCE875AC7577BEB64F2CC7675E25D9A3C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........d4...7.......7...%...>...+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...7.......T...)...7.......T...4...7...>.......4.......7...........%...7...%...4...7...7...>...$.......>.......4.......7...........%...7...%...4...7...7...>...$.......>...)...H......SetOption.lower.string._.GetOption.settings.tonumber.default_no_value.in_context.prefixQAnalytics Daily counters handler called with an invalid event configuration..Analytics_DailyCounters.get_analytics_configBAnalytics Daily Counters handler was passed an invalid event..err.m_logger.triggerType.browser.get_analytics_event;Inside Analytics Daily Counters handle_analytics_event.info.log.core.......%...4...7.......7...%...>...+...7...>...)...'...)...%...3.......T...7.......T...7.......T...7.......T...7...........T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailyping.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2554
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.570854057069968
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:X8QEBx2Qh6/IHQ+OJdxrLz+mzLSDRN9Wh2h9lNKZFpjF3JAB9JPLJs4Cm:X1E6Qh6rvZLz+qmjpNKdjfwTqrm
                                                                                                                                                                                                                                                                                            MD5:C7B160855B71C76228156917A0A4DEF2
                                                                                                                                                                                                                                                                                            SHA1:B3670FC42B6932473361A08A9F32EA829276A99C
                                                                                                                                                                                                                                                                                            SHA-256:21AB9A238676F8A79D96B31E4CAF18D701A5830AA65C9ED140B5442A3C84DD3E
                                                                                                                                                                                                                                                                                            SHA-512:11CF5686F769EA9D2CE1416B6DC7E05AB496FFFA69ABA55F69952606847FFE8747ADC7B43EBEBEEAC471A85A71A498CCAFA31565CB174FBB5BB02400E2030A3E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........(+...7...>.......T...+...7.......7...%.......%...7...$...>...)...H...3...7...+...7...........>...7.......>...+...9.......T...+...7.......7...%.......$...>...H.......XTelemetry 3.0. Daily Ping's process_registration failed to handle analytics event: .send_on_ping.new....handler. Handler: CTelemetry 3.0. Send on ping handler does not exist for event: .err.m_logger.get_analytics_event.........2...4...+...>...D.......T...7.......T...7.......T...7...6.......T...7...7...9...B...N...H......metric_value.ping_metric_id.pairs.........4.......T...4...7.......T...+...7.......T...+...7.......7...%...>...G...4...4...7...>...D...)...7.......T...4...%...7...$...>...........T...7.......T...+...3...:...:...9...B...N...G........config....send_on_ping.analyticstelemetry.events..require.handler.pairstTelemetry 3.0. A global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.events.g_analytics_config........$+...+.......T...+...,...+...7.......7

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowsernavigationcount.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1145
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.907625019311047
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:wdy/QQrhZmwQgFThjClvVvgP0VvAFBiLKE1JdID0Vv+vJ/vJ5NY9WKc3jR:OQrDmOF0EAAFBC3cscJXJg0KijR
                                                                                                                                                                                                                                                                                            MD5:A4B738411A6753B05285862E6F85B894
                                                                                                                                                                                                                                                                                            SHA1:B3A4A0435776AA688B64D5997365102548EF33A1
                                                                                                                                                                                                                                                                                            SHA-256:765BCE04CE2B84A317F31FB7FC1AC3FF5165F4E31582ABF5197C18743CBB6811
                                                                                                                                                                                                                                                                                            SHA-512:C4B6ED9CF6EF37C058823531F31DFC8E43055838FC98BD6161E57F28D2800B95E4DC33097E6EBC3E4339891307DA579524FEEFEC840EB86C126E44FC805CCDE6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........?4...7.......7...%...>...+...7...>.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...2...4...+...>...D...4.......7...)...4.......$...'...>...9...4.......7...)...4.......$...'...>...B...N...7...:...4...4...7.......>...=...:...)...H........encode.json_parser.tostring.metric_value.ping_metric_id.SetOptionInt4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX.GetOption.settings.pairs\Analytics DailyPingBrowserNavigationCount handler called with an invalid configuration..err.m_logger.ping_label.get_analytics_config:Inside DailyPingBrowserNavigationCount's send on ping.info.log.core.........4...7...............>...%...5...3...1...:...0...H.....send_on_ping.....ch.ff.ed4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX+Analytics_BrowserNavigationCountToday_.new.SendOnPing.........4...%...>...4...%...>...3...5...4...1...:...4...0...H.....new$DailyPingBrowserNavigationCount....send_on_ping./analyticstelemetry.events.SettingsDBLookup)analyticstelemetry.events.SendOnPi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowserused.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1385
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.653044652159739
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:fQUzw/owJFF/xo2VwU3kPwEy/QQrhz1NZbsJYlvV3HVEJBi8ISSEkVV6vJ/vJ5LL:xwJnYJzQrp1NZbs6eJBPzJXJx
                                                                                                                                                                                                                                                                                            MD5:E7AA2F615C432CDACDC8B0A1C9BAC623
                                                                                                                                                                                                                                                                                            SHA1:86E51CB557D358855581EDF2CA6BA9D474FFB92C
                                                                                                                                                                                                                                                                                            SHA-256:645CCAE980461DE87C1B37C7A680CBDFF52325E2B7351834E9CD5010397E7842
                                                                                                                                                                                                                                                                                            SHA-512:3966DA91F317E364BA33355744B34957D8B05CB66845B748DCE2AB2A669121E6202225E4739F54B1779534F89AD13383C68C98E0971E8CE8B111309F7ED2113F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........'4...7.......7...%...>...4...7.......>.......3...5...4.......7...4...6...>.......T...4...7.......7...%.......$...>...)...H...+...7...)...+.......$...)...@........get_setting$Process is running for browser .IsProcessRunning.utility.browser_processes....ff.firefox.exe.ch.chrome.exe.ed.msedge.exe.lower.string9Inside DailyPingBrowserUsed's get_browser_used_today.info.log.coreD.......4.......7...)...+.......$...)...>...G......SetOption.settings........34...7.......7...%...>...+...7...>.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...2...4...+...>...D...+.......>...9...+.......>...B...N...7...:...4...4...7.......>...=...:...)...H............encode.json_parser.tostring.metric_value.ping_metric_id.pairsNAnalytics DailyPingBrowserUsed handler called with invalid configuration..err.m_logger.ping_label.get_analytics_config/Inside DailyPingBrowserUsed's send on ping.info.log.core.........4...7...............>...%...3...1...1...1...:...0...H.......send_on_ping....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingmetriccounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1533
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.602525066998951
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:UuQRu0UeI7FcfXlvVulvDJNngnF3US2Pd3nimkctcXlvV54SGXgBiaxJmEDzfOBz:FagBHJNnQES2Ri1kSGQBlJjDaJEw
                                                                                                                                                                                                                                                                                            MD5:04B119EA4E47D803B073706E3F0CA591
                                                                                                                                                                                                                                                                                            SHA1:1F977FA5DF79E70F00824AA9B1467ADED4645B44
                                                                                                                                                                                                                                                                                            SHA-256:8E51392E1AC69088A8AED6106E48F2CDA30F2B4A93822F73C893E5E785AA16D6
                                                                                                                                                                                                                                                                                            SHA-512:9DE01BA228E9CBDC3FB080CFCE93A4735630875D1DE80B15D0655E4AB97B21EC9A07C2A73046631E7E7F7208B8FD8A1F2A14229F974064C682695FE55B1DF834
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........C+...7...>...)...'...4...7.......7...%...>.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7.......T...)...7.......T...4...7...>.......4.......7.......7.......>.......7.......T...7.......T...7...4.......7.......7.......@......SetOption.max_value.GetOption.settings.tonumber.default_no_value.in_contextSAnalytics DailyPingMetricCounter handler called with an invalid configuration..err.m_logger.setting_name.ping_metric_idAIn Analytics DailyPingMetricCounter's handle_analytics_event.info.log.core.get_analytics_config.........O+...7...>...)...'...).......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7.......T...)...7.......T...4...7...>.......7.......T...7.......T...)...4.......7.......7.......>...7.......T...7.......T...7...7...:...:.......T.......T...4.......7.......7.......@...T...)...H...G......SetOption.metric_value.max_value.GetOption.settings.reset_count.tonumber.default_no_value.in_co

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainnavigatedcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2990
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.858737800821815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:N8nwvzod7Tdj/F01AwQ4B8i+TdJ8ZeKIk7kyNcZcjCHDuJ1QOG:CnczaxjdQPQY+f8ZeK4y+ZcGHaztG
                                                                                                                                                                                                                                                                                            MD5:80A284B86E17C5C2383C544EE8D038AF
                                                                                                                                                                                                                                                                                            SHA1:39B7D157C3B2074336C8475F4B4A59F568251017
                                                                                                                                                                                                                                                                                            SHA-256:2B6BABE98DFE24846170F9007441C3C9CA4762BD9D8EF51182CAB0E45BEEB3D3
                                                                                                                                                                                                                                                                                            SHA-512:1B15E89F988D33970BC7D5B803D629EE4E2697B108429574A14BF90EAC90713E31732DFE3A1611B72FBD8CCF8A02D107371234A78B440BA25D6DA6B044182C9C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..n.......4.......>...D...4...7.......7...>.......T...7...H...B...N...)...H....domain.urlMatch.match.string.pairs........)...H...........=+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...+...7.......7...%...>...)...H...)...'...+...7...+...>.......T...)...H...4...7...+...%.......%...7...$...>...4.......7...............>.......4.......7...............>...)...H............SetOption.GetOption.settings._.lower.string^Analytics Domain Navigated Counter handler was supplied a malformed event for processing..err.url.browser.get_analytics_eventOEntering Analytics Domain Navigated Counter handler's handle_on_navigation.info.m_logger.........D+...7.......7...%...>...)...'...)...3...'.......'...I.4.'...+.......'...I...4...7...+...%...+...6...7...%...6...$...>...4.......7...............>...'.......T...3...+...6...7...:...6...:...:...+...7.......>...+...7...>.......T...4.......7...............>...K...K...)...H..........SetOption.transmit_analytics_event.set_analytics_event.hit_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\downloadscan.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1661
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.662599418994416
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nDu3jiHHXVWJuEflaCHo3EbRj2AZGrZ+8JzBJJeBJMsu:CjiH3V8aCiEbRjY40heBqsu
                                                                                                                                                                                                                                                                                            MD5:F4680A0D76F266946D1E1E57787AE290
                                                                                                                                                                                                                                                                                            SHA1:0F1771C55194FB0FEDE113C26767E26FDAB8540B
                                                                                                                                                                                                                                                                                            SHA-256:0C235CB3A288F7E2465B076CE1D431AC370074FF6A6C23A2FCC39D2286A87A40
                                                                                                                                                                                                                                                                                            SHA-512:DFFCD0A7528D5FC666D296EE30E105973ED28162C693630F9A077A6FC800E66D422C495E64BDB3CCBDE65B299CD8090E3DC447494551CAAC81C4ACF338F66324
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..X.......4.......7...)...%...)...@...&*DownloadScanSendProcessTelemetry.GetOption.settingsU.......4.......7...)...%...)...@...#*DownloadScanSendFileTelemetry.GetOption.settings........7%...)...7.......T...7.......T...4.......7...%...>.......T.......H...T.$.7.......T...7.......T...%...4.......7...%...>.......T...4.......7...).......'...>.......4.......7...)...........>.......T.......H...T...)...H...G....SetOptionInt.GetOption.settings.msad.files.blocked&*AnalyticsCounterDownloadsBlocked.Blocked.msad.files.safe.PublishMessage.wssEventSender.AcceptRisk.interaction_type.DownloadBlock.name..........B+...7...>.......T...+...7.......7...%...>...)...H...+.......>.......T...+...7.......7...%...>...7.......T...+...>.......T...%...:...7.......T...+...>.......T...%...:...2...7...:...7...:...7...:...7...:...7...:...7...:...7...:...7...:...+...7.......>...+...7...@............transmit_analytics_event.set_analytics_event.ui_type.hit_label_24.colour.hit_label_23.hit_label_22.hit_label_21.browser.h

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\heronerrorslog.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2413
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.751917441648925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qT4t/7WpvjcfRzxIrPAaPpJ5JjWJCL7XYGjQJPUmQrMBSmJXRgAnDMJD39:qaiQRajJHJSCHXYGjHqXSgQH
                                                                                                                                                                                                                                                                                            MD5:6456F2183ADD99474020ED498531C407
                                                                                                                                                                                                                                                                                            SHA1:9678A3EA175B1F63A051A7BE61F7D893B1D1467B
                                                                                                                                                                                                                                                                                            SHA-256:181A5656F036117846125133003C99F43DFBD1A69C9935EDC20703286A924B09
                                                                                                                                                                                                                                                                                            SHA-512:CF55D6392F41A19059DC91FFE12287DF98049A6AB0E7178741293376893B239623C1BF028C953A028367A64126C16CB75DF70DBCAB610619637667BB5FA68BFB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........#...4...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......7...%...>...)...H...+...7...>.......T...+...7.......7...%...>...)...H...)...7.......T...7.......T...)...%...7.......T...7...4.......7...)...+...)...>.......T...+...7.......7...%...>...)...H...4.......7.......+.......>.......T.......T...%...T.......%...$...%...7.......T...%...7...%...$...%...7.......T...%...7...%...$...%...7.......T...%...7...%...$...%...7.......T...7.......T...7...%...7.......T...7...%...7.......T...7.......T...%...7...%...$...%.......%.......%.......%.......%.......%.......$.......%. .....%.!.$...4.......7.".....+.......>...)...H..........SetOption.}.{.,"metadata":.,"line_number":.,"error_code":.,"error_type":.,"function_name":."file_name":.metadata.error_code.".null.,.[-HeronErrorsLog heron telemetry disabled..GetOption.settings.default_no_value..in_contextGHeronErrorsLog handler called with an invalid event configuration..get_analytics_configPAnalyt

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\installedextensions.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1319
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7216700075493465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:lFaWr5tiHRqBSCjsVudhKxQ6FF9K6FXyvjSBibq+rV+l3JDzfW1J5ZFVdUNEWVx5:lJ5tiHRqBSCjoqhqK3jSBSqKwbD6JzFU
                                                                                                                                                                                                                                                                                            MD5:432C56CC5D6E640A55858F4B6582DED7
                                                                                                                                                                                                                                                                                            SHA1:7FAD59D8AB1607F79444DE2A0D0D350043AE2EB6
                                                                                                                                                                                                                                                                                            SHA-256:F39FECA59F9CC8EC013AC5E0736994ABFF11A427C7578269B9F4445E5A0C71DC
                                                                                                                                                                                                                                                                                            SHA-512:601F589DB29E835E2545153299083B320A597642E64E5A0A7771F87BC9F9D70E176E930309B7A24D7D97E94FD5AEFDD91876A47518772C19846621DF63132AF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........)...H...........V+...7.......7...%...>...4.......7...)...+...'...>...4...+...>...D.B.4.......7...)...+.......$...'...>.......T...+...7.......7...%.......>...T./.4.......7.......>.......T...+...7.......7...%.......>...T. .+...7.......7...%.......%.......$...>...3...:...:...:...+...7.......>...+...7...>.......T...4.......7...)...+.......$.......>...B...N...G............SetOptionInt.transmit_analytics_event.set_analytics_event.hit_label_21.hit_label_20.hit_label_19...._event_name.wa_installed_extensions. is *extensions json payload for browser: ANil installed extensions payload so not sending for browser .get_extensions_info.browserSettings8Ver_to_send <= ver_sent so not sending for browser .pairs.GetOption.settingsHEntering Analytics InstalledExtensions event handler's send_on_ping.info.m_logger.........4...7...............>...%...%...3...1...:...1...:...0...H.....send_on_ping..handle_telemetry_event....ED...CH..1Analytics_Installed_Extensions_Version_Sent_3Analytics_Install

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\lowsearchusertargeting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3237
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.671190217775351
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ZFo6qfgkI9Dszs2fDseVqrA5i/pH9ksapGGjwyPCr06d7L9C7/70OBCJrD2kJAnS:ZXDfOz0cqroi/pas+5ahLK70jr6k6nS
                                                                                                                                                                                                                                                                                            MD5:0E018E77C844A549B3E415D2A90E7AD5
                                                                                                                                                                                                                                                                                            SHA1:08E97716DFD91CAC66C9EFB8C6DE8DDF2FC5CB48
                                                                                                                                                                                                                                                                                            SHA-256:273CC302B4C9111373C1503957E552FF334F1B3DE5E7816D4B319EE39713999A
                                                                                                                                                                                                                                                                                            SHA-512:57D24EA4AA971EA36D6901EA57CBF2E72CCBC5587DAC13665B62BF4A43CBBF5BCA525A75BD4383767DDF5D58AD2C3E45BD51913F6A73C8047ACCB626AC34E02E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........0...4...7.......7...%...>...%...4...4.......7...)...%...'...>...=...4...4.......7...)...%...'...>...=...4...7.......7...%.......%.......%.......$...>.......T...4...7.......7...%...>...G...4.......7...)...%...)...>...4.......7...)...%...)...>.......T...%...T.......T...%...4...7.......7...%...4.......>...%...4.......>...%.......$...>.......T...4.......7...)...%...'...>...4...7.......7...%...4.......>...$...>.......T...4.......7...)...%...'...>...4...7.......7...%...4.......>...$...>...4...4.......7...)...%...'...>...=...4...7.......7...%.......$...>...4...4.......7...)...%...)...>...=.......T...G...4.......>...4...7.......7...%...4.......>...$...>...4...4...7...%. .....>...=...4...7.......7...%.!.....$...>...3.".:.#.:.$.:.%.:.&.:.'.4...7.......7...%.(.>...+...7.).....>...4...7.......7...%.*.>...+...7.+.....>...4...7.......7...%.,.>.......4...7.......7...%.-.....$...>...4.......7...)...%.......>...4...7.......7...%./.>...G.....9send_low_search_user_targetting_telemetry() exitin

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\navigatedtoday.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1396
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.579183931915572
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:jqHLCBuhF2pg49WdJs1bWWSAJWIKY7jJTMKJNzBibIvJvJZHrRDzf52vJsKH4UYC:GOwhXdcb3VA7Y3JTrJ1BSoJv3LRDeJ1R
                                                                                                                                                                                                                                                                                            MD5:A2A28B6544E599C17C7E60E976884249
                                                                                                                                                                                                                                                                                            SHA1:E197AF92405917AD9AE02131C195314425AB1E99
                                                                                                                                                                                                                                                                                            SHA-256:6C1077FFD5E9F4715684ACD43BD4B5F276508C92B678729BBF2DC6F93D2B4566
                                                                                                                                                                                                                                                                                            SHA-512:94F716023AD468690D78BD5D21B213DDA816ED55D1143077D5DB261447D5C7E470064E7D37AD2D3D6CE3D5E395FCE370132449BD1A55CA11CFED46B6CDC2B44C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........M4...7.......7...%...>...+...7...>.......T...7.......T...4...7.......7...%...>...)...H...4...7...7...>...5...4.......7...)...+...4...$...)...>.......T...4...7.......7...%...>...)...H...4.......7...)...+...4...$...'...>.......4.......7...)...+...4...$.......>.......T...4...7.......7...%...>...)...H...)...H.........aNavigatedToday Telemetry 3.0 handler unable to increment BrowserNavigationCountToday setting.SetOptionInt.GetOptionXNavigatedToday Telemetry 3.0 handler unable to set BrowserUsedToday setting to true.SetOption.settings.lower.stringXNavigatedToday Telemetry 3.0 handler was supplied a malformed event for processing..err.browser.get_analytics_eventAIn Analytics NavigatedToday Handler's handle_analytics_event.info.log.core..........4...7.......7...%...>...+...7...@......handle_analytics_event?In Analytics NavigatedToday Handler's handle_on_navigation.info.log.core.........4...7...............>...%...%...1...:...1...:...0...H.....handle_on_navigation..handle_analytics

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\pushnotification.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2990
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.64832248381332
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3ve3xKEKVwvdyJEZ6M3jYBjjWb8TBSif4PyVteSZrlMWuar7uLnU/XajyBSfJFWT:3vgKEKVwvdyA6Mqj48FpflteK5MxnUoC
                                                                                                                                                                                                                                                                                            MD5:F81799F5E9DA604D046FF750CA8AF496
                                                                                                                                                                                                                                                                                            SHA1:F4EE2AA82872B52CDB8A9CA9F567283906DC44FD
                                                                                                                                                                                                                                                                                            SHA-256:ACE064A33E924480326215796496C7FDE558EFCE8785E89783176AD956AA356D
                                                                                                                                                                                                                                                                                            SHA-512:F70ADF1F5DF9686A82100C966A434A9A77B6809CD385DFE5AE35930FC214A230B89925A3194272665FC7C87985CB6768A0351E56E027DC1FFDABA7BB493C96ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........$4.......7...)...+...'...>...4.......7...)...+...'...>.......T...+...7.......7...%...>...)...H.......T...+...7.......7...%...>...)...H...)...H.........EAnalytics PushNotification ver_to_send < ver_sent so not sendingEAnalytics PushNotification ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......4.......7...)...+...'...>...4.......7...)...+.......>...G........SetOptionInt.GetOption.settings.........%...4.......>...T.......%...4.......>...%...$...A...N.......T.......7...'...'...>...........%...$...H....].sub.",.tostring.".ipairs.[........('...2...4.......>...T.......7...%...>.......7.......>.......7...%...>.......7...'.......>...........T...4...7...........>.......A...N...+.......>...........F......insert.table..:.sub.//.find.ipairs.w.......3...:...:...:...H....hit_metric_0.hit_label_21.hit_label_19...._event_name.wa_push_notifications.hit_label_20.ch^.......+...............>...7.......>...7...@......transmit_analytics_event.set_analytics_event.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1236
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.582895413037037
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:suOX0Rh2oyys12w+A9YOayYBKzYjbvEWYHht698eS69g5BidlJaQTJsPFn9F:dOXIXs12wd9YnyYkzYjLAme+g5BCJamk
                                                                                                                                                                                                                                                                                            MD5:7ECF19552AEE19EF9B40077A28765FCF
                                                                                                                                                                                                                                                                                            SHA1:711ABE165B26046D17978152EC8351F5921A05BD
                                                                                                                                                                                                                                                                                            SHA-256:1939F2FF5E83566B7AB9F7E913A6E499FE13C2880CDB8DE6EE16638D9EB301FC
                                                                                                                                                                                                                                                                                            SHA-512:32A8FA69C4F354ADF46EC128CEC2E2A87944DBCEB2C787F886A4843B97A612C3413DA67B2F8062E104333D6E15141DC6651090E0C4A28DDAFED06011917E7741
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........r+...7...>...+...7.......T...+...7.......'.......T...4...7.......7...%...>...)...H...7.......T...7...:...3...7...:...7...:...7...:...+...7...........T...7.......T...+...7...8...:...T...+...7...8...:...+...7.......T...'...+...7.......'...I.(.+...7...6...........T...4...7.......7...%...>...)...H...+...7...6...8...6.......T...4...7.......7...%...>...)...H...+...7...6...8...+...7...6...8...6...9...K...+...7.......T...+...7...:...+...7.......>...+...7...@........transmit_analytics_event.set_analytics_event.hit_screen8Malformed event passed into RemapAttributes handlerNRemapping part of config passed into RemapAttributes handler is malformed.remapping._event_name.Impression.hit_label_20.browser.hit_label_19.hit_label_18....name.interaction_type.action_type9Malformed config passed into RemapAttributes handler.err.log.core.event_names.get_analytics_event..a.......4...7...............>...1...:...0...H.....handle_analytics_event.new.AnalyticsEventHandler.........4...%...>...2...5...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchreset.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3304
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.524361602493551
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:iEvgKkKVwvdFHl10Hj2bdIWjRN5RlDNx1INjOI26VNPNEwixtPJP5:iEvgKkK+vjMKFPbx1IPHI/
                                                                                                                                                                                                                                                                                            MD5:AE9D595CF445C0FC75ECBDEA470C7E61
                                                                                                                                                                                                                                                                                            SHA1:3AD8B5FA1D78A85353417756F4C2DB8CABE4C8A3
                                                                                                                                                                                                                                                                                            SHA-256:C27A87859D0DB75FC07923987408BCB1A6A9A10C1165487C2B66AA2E5468EA0E
                                                                                                                                                                                                                                                                                            SHA-512:BA7807A912B47283C10E33E7A3FF1588B13E6F8ECC906CE8FCA84B2A96C775598686F052C5A51A5F629FBF924967C5A05DC0B448063D18BBD7AD008DC30108A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...4...7...%...>...=...4.......7...)...+...'...>...'.......T...'...H.......H......GetOption.settings.!*t.date.time.os........$4.......7...)...+...'...>...4.......7...)...+...'...>.......T...+...7.......7...%...>...)...H.......T...+...7.......7...%...>...)...H...)...H.........<Running processes ver_to_send < ver_sent so not sending<Running procceses ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......4.......7...)...+...'...>...4.......7...)...+.......>...G........SetOptionInt.GetOption.settings..........+...7.......7...%...>...4.......7...)...+...)...>.......T...)...H...+...7...>...,...+...7.......T...4...7...4...7...%...>...=...4.......7...)...+.......>...4.......7...)...+...'...>...)...H...4.......7...)...+...'...>...+...7.......7...%.......$...>...+...7.......7...%...+...7...$...>.......T.O.+...7.......T...+...7.......T...+...7.......T.C.+...>...'.......T...+...7.......7...%...>...)...H...%...+...>.......T...4.......7...>...........T...+.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1597
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.817213114950578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:MrIZD16awmNbNSj2S0czDB+JJEDxJMQ6A:Mu1BJPSj2QkJEN2Q
                                                                                                                                                                                                                                                                                            MD5:939F914D907EE211614743D6C6337C4E
                                                                                                                                                                                                                                                                                            SHA1:724D0E6C8938AC2D42FCD000577968C259635C17
                                                                                                                                                                                                                                                                                            SHA-256:3424796D0F81752B4C38705DA954CD06B496E42DF5474CB0CA8A7B58E6A07C14
                                                                                                                                                                                                                                                                                            SHA-512:D492C3A4CEC0D4AA26DC0872DFAA0376994FADD5EBAB653C7E6A17EEEDA53B0B4307AFA555FE619F7EE8E0D69E4380AB432A5E9D2E0F2EE6C9B7E5DA30033CFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........A+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...)...'...4...7...+...%...7...%...7...%...7...$...>...4.......7...............>.......4.......7...............>...)...H........SetOption.GetOption.settings._.lower.stringHAnalytics SearchSuggest Counter handler was passed an invalid event.err.search_type.interaction_type.browser.name.get_analytics_eventDEntering Analytics SearchSuggest Counter Handle Telemetry Event.info.m_logger.........J+...7.......7...%...>...)...'...)...3...3...3...'.......'...I.8.'.......'...I.3.'.......'...I...4...7...+...%...6...%...6...%...6...$...>...4.......7...............>...'.......T...3...6...:...6...:...6...:...:...+...7.......>...+...7...>.......T...4.......7...............>...K...K...K...)...H........SetOption.transmit_analytics_event.set_analytics_event.hit_metric_0.hit_label_21.hit_label_20.hit_label_19....hit_label_18.SearchSuggest._event_name.wa_sea

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchterm.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4745
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6884647749952135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ufJXUKbNOxIfjoc1pKtk8LhEPeLLscemPwH1ebhua+qJmzJ:ufGK18W8txPdemPwH1+BJoJ
                                                                                                                                                                                                                                                                                            MD5:10F6C5567EBCB4F4A95AA76AEE90D475
                                                                                                                                                                                                                                                                                            SHA1:07F6A0C8736981AE9C485B29A58DED126A77D665
                                                                                                                                                                                                                                                                                            SHA-256:6F09CD02909B884EFD38DCDD07AB46A01807B4BA19EED8367B59B2424DAA115D
                                                                                                                                                                                                                                                                                            SHA-512:1E19FA1D43957DAE2B48BF74DE775356D567ADE66B3E0C01AAEBDF20190F6BDCCDB5E1D177051E5012333E2E7C46031464C51F3175A9E9D30F0AA869582A8CFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..8.......4...7...4.......'...>...?....tonumber.char.string+...........7...%...+...@......%%(%x%x).gsubc.......4.......>...D...4...7.......7...>.......T...H...B...N...)...H....urlMatch.match.string.pairs........04...7...........>...5...5...4...7.......4.......>...4...7.......%...>...5...5...4.......T...4...7.......'...4.......>.......+.......>.......4...7.......%...%...>.......4...7.......>.......H......lower. .+.gsub.first2.last2.&.sub.first.last.find.string.2.......+.......+...6...7...@........firstIndicator........F%...4.......>...T.>.)...4...7...>...T...)...4.......>...T...4...7.......%.......%...$...>.......T...)...T...)...T...A...N.......T...)...T...A...N.......T...4...7...>...T...4...7.......%.......%...$...>.......T...)...T...A...N.......T.......T...7...T...7...%.......$...A...N...H.... .category.exclusion.%f[^%w_].%f[%w_].match.string.inclusion.ipairs.........)...H.............+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchhit.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7894
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.69583977985513
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:GU5S4WUWw2t6H2oQ5IEi6e7P51JLpkA86Z7dRQ198Hxkh0thr39whPujUKU1Kp3V:GEcLaVbc98HxkhKrNwGy4C6B6aAkaY
                                                                                                                                                                                                                                                                                            MD5:890CEEBD023A4813824278F62EAE291C
                                                                                                                                                                                                                                                                                            SHA1:9DE0EE870880F797CE157F0A3118B27C116232A3
                                                                                                                                                                                                                                                                                            SHA-256:42E364CE2AF6FDCBA50D9BA040357052EB1675B5DE1E2A52189A38685FB431E4
                                                                                                                                                                                                                                                                                            SHA-512:105A1C85A6019F6129F04DE779B9000557AEC5EFFE31C5B50BE28CE375A47BEEFD4464C9DF4B0681B877671E7F52D59826D31F23841BEAB05C12DE918C6AC4F1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...4.......7...).......'...>...=...4...7.......7.......%...4.......>...$...>.......4.......7...)...........>...G....SetOption.tostring. - count: .info.log.core.GetOption.settings.tonumber.........$4...7.......7...%.......$...>...7...7.......'.......T...Q...........T...4...7.......7...%.......%.......%...7...$...>...3...:...:...7...:...H.......day., day: ., month: /Secure search hit add_month result, year: .month.year-Secure search hit add_month, num_month: .info.log.core..........!4...7.......7...%...>...4...7.......>...4...7.......>...4...7...........>...4...7.......7...%.......%.......%.......$...>.......H...., difference:., target_time: /Secure search hit days_until, start_time: .difftime.time.os!Secure search hit days_until.info.log.core...........~4...4.......7...)...%...'...>...=...4...7.......7...%...>.......T.f.4...7...%.......>...+.......'...>...+.......'...>...4...7...+...........>...=...4...7...+...........>...=...4...7.......7...%...>...4...7...>...4...7.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchtoast.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2738
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.773377646751177
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:GnNu1RNBjl20TH6TyDFFkKPuE/XMXjjQJjULso2X16RRwBrJ8v08WvJV1h:3dIquE/0jciL6IU8v07v7b
                                                                                                                                                                                                                                                                                            MD5:1E3633511877B135BEBBC44D8596F3BA
                                                                                                                                                                                                                                                                                            SHA1:F1B032B185FCC38D99431CA211FCA9BE9D02ACDB
                                                                                                                                                                                                                                                                                            SHA-256:E139A0F3B0E6B0FF72462260501BEEA9FB1F1DB3519A58725F4D7A25BAB4EAEC
                                                                                                                                                                                                                                                                                            SHA-512:89A4C8DD376FE966A843C1FB662D7B7C77DAE84977691C66A2DB0E3D904D2F668A301BD23F0023E6B4EE6729D9FBE719D9179D4F35CA0F1336B07EAB31DEA24C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...%...%...7.......T...7.......T...7...7.......T...7.......T...7...7.......T...4.......7...)...+...7...$...7...>...T...7.......T...7.......T...7.......T...4.......7...)...+...7...$...%...>...:...4...7...>...+...7.......7...%...4.......>...$...>...4.......7...)...%...)...>.......T.A.4.......7...)...%...'...>...'...%.......T.#.4...7...........>...4.......7...)...%...'...>...+...7.......7...%...4.......>...%. .4.......>...$...>.......T...+...7.......7...%.!.>...%.".....T...%.#.....$...T.......%.$.%.#.....$...+...7.......7...%.%.....$...>...%...7.......T...4.......7...)...%.&.'...>.......T...4...7.......>...'.......T...4.......>.......4.......7...)...%.&.'...>...T...4.......7...)...%.&.....>...3.(.7.'.:.'.7...:.).7...:.*.7...:.+.7...:.,.:.-.7.......T...4.......>...:...4.......>...:./.+...7.0.....>...+...7.1.>...+...7...>.......T...7.......T...7.......T...+...7....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendimmediately.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):571
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.39472540540094
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:guSXZf/f9emfvlauFkQySj3d2kuBid/9J+PdGlbL5IRMJsYJJK6ok4LXcEjDmv5:guEXB9NkOj3MHBidlJaQ5tJsP44Lfj45
                                                                                                                                                                                                                                                                                            MD5:CC179A65526BA23300A9BFFA42D7D908
                                                                                                                                                                                                                                                                                            SHA1:84F2129E1DDAF1FB31B062060E452325EFE4E58D
                                                                                                                                                                                                                                                                                            SHA-256:72542691C7BF941C41FCAC21ED59ECDC25A8E046CCC5F0A209FD7C3CF0189E01
                                                                                                                                                                                                                                                                                            SHA-512:B00D672B9CDF04816DF9CAD681DE0A91E1059EAC541C20DDE016E0E1D14EEC00C0F200B67C2B224D413B3E5D88143DBD23E2783CBA0B85B9ECDC11FCEF09F9A2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........+...7...>...7.......T...)...:...7.......T...)...:...7.......T...)...:...+...7.......>...+...7...@......transmit_analytics_event.set_analytics_event.flags.timeout.analyticsSDK.get_analytics_eventa.......4...7...............>...1...:...0...H.....handle_analytics_event.new.AnalyticsEventHandler.........4...%...>...2...5...4...1...:...4...0...H.....new.SendImmediately4analyticstelemetry.events.AnalyticsEventHandler.require...//E9D65996B65D174FE17F767DC4552D02BDDB62379B6B62B681CA7C09822503D6C456768148CC77B0D229AD8DEEA9C67E07455FB3F0FB2C33CB212E61D314B881++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):407
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.477433384171874
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:5hBid/DNP9GlbLzFQMJsYJJKpFnbWHYCgpo:3BidLQzFZJsPjaH3gW
                                                                                                                                                                                                                                                                                            MD5:C6BB8732688D68F6664569D21C89BF2D
                                                                                                                                                                                                                                                                                            SHA1:E3C4EE7AFD06E6B27ED7C53135719FA83300F7BA
                                                                                                                                                                                                                                                                                            SHA-256:A12D3E02F4355C78A5E3281FEAD0A25F5E4653958ACFED88D82F54EA7DB74E61
                                                                                                                                                                                                                                                                                            SHA-512:D7B0E5FAD5C09A5729FD9391D9C9412EA5A0DA582190CA5F7076F49184E5431EEF2AD9A3CDEBE7BBE53C7A6CF37CDF4D3C5959EBB2CE9D0D4816B1DE60520106
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..6.......4...%...@...!send_on_ping not implemented.errorW.......4...7...............>...1...:...0...H.....send_on_ping.new.AnalyticsEventHandler{.......4...%...>...2...5...4...1...:...4...0...H.....new.SendOnPing4analyticstelemetry.events.AnalyticsEventHandler.require...//34593D090E6C32B38D72A536256813B343C06C42CED1D7743AF11EC1F8D895A14081FBB20ED7A5BB68F7A7C7DD961B94FF83ACD1185B8CA9ABE514946F4B8AA7++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\settingsdblookup.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):405
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.536368643039731
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:5gPyr0iO0jRjRmzSAXmZcWRNRYvTooOH620gaAyXGVAdzhlJ2ygZgkREdS9dH/jB:aq3xmm+W3RYvfOH6eaAQ8mzl232E90g
                                                                                                                                                                                                                                                                                            MD5:4C3AA1900EBE84EB9A1B946474FEF016
                                                                                                                                                                                                                                                                                            SHA1:2AEF35F153E6D941682FBEADEE65A6409E52E4C8
                                                                                                                                                                                                                                                                                            SHA-256:6E0BFCEEC8BB9E3FDA25F50391F48B7DBA4EF592E46083B4780AAC216949E8FB
                                                                                                                                                                                                                                                                                            SHA-512:1DC1B9B045FA5768777C991A2DBE0455A7AAAAE25B75DA6FF0F4596DF6310CEB70032064F542957062BAC22DB895EF5B538838A9CF4496C07966441FEF16AAFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........%.......T.......T.......T...4...7.......7...%...>...T...4.......7...............>...........T...%...4.......@....tostring.GetOption.settingsAInvalid parameters supplied for get_setting helper function..err.log.core.(.......2...1...:...0...H.....get_setting...//4D8C8739D58D327ED5C7CD446D3BEB0D28D1CB9557CDDA824A0D5351E270D6ED92A3DC95487749A983F6A00B57FFFC0C9848B0288F111A0CFE654EC6970C6B85++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\smareputationcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1647
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.833674174075441
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:y6V/NtwIgf3Naf46Kj09dXoizDB+JJKD+kJ+t+h:V/NtRgfEw6Kj6dXzkJKrCI
                                                                                                                                                                                                                                                                                            MD5:EF70C5B9C740F6B42E17310E05255436
                                                                                                                                                                                                                                                                                            SHA1:8F3273D436893B7B4EA7676EAC1A6AE46B0548C9
                                                                                                                                                                                                                                                                                            SHA-256:FD3676543FB7F0AB576AF48CAB893D90CFF492C5F2A33A7D48B46DC794C2E65A
                                                                                                                                                                                                                                                                                            SHA-512:CBEC18FC2519EDE7BDD787CB469C5B24E1A5EFCB4751D3C2DBDD193C1D22C24529D5E5883BC73ADC58B53C81050907793202020366E10C31D514F7132B5128E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........C+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...)...'...%...4...7...+...%.......%...7...%...7...$...>...4.......7...............>...7.......4.......7...............>...)...H........SetOption.GetOption.settings._.lower.string.defaultFAnalytics SMA Reputation Counter handler passed an invalid event..err.count.color.site.browser.get_analytics_eventEEntering Analytics SMA Reputation Counter Handle Telemetry Event.info.m_logger........Q+...7.......7...%...>...)...'...)...3...3...3...3...'.......'...I.>.'.......'...I.9.3...6...:...6.......7...>...:...)...'.......'...I.".4...7...+...%...6...%...6...%...6...$...>...4.......7...............>...6...9...'.......T...).......T...4.......7...............>...K...+...7.......>.......T...+...7...>...K...K...)...H........transmit_analytics_event.set_analytics_event.SetOption.GetOption.settings._.lower.string.hit_label_20.upper.hit_label_19...._event

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalytics.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):856
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.566845685454563
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ZUFEIGeDQTSJ9AnuZ+nzwEmwBihQlJg/QBtJsPGjOmPq:Z40TSJMuZ+zzmwBRJmktJ7lC
                                                                                                                                                                                                                                                                                            MD5:D4633D1CF750BE19C2804321F1CDEE65
                                                                                                                                                                                                                                                                                            SHA1:835E728276CAE648FF257A23B0FBF5E45B3A0E2F
                                                                                                                                                                                                                                                                                            SHA-256:A7387553A9F16FCCE800235AB5198F103CC81B8E90606E40CEED82B8C1A9F0DD
                                                                                                                                                                                                                                                                                            SHA-512:B53854B5EB2286B69B3847EADE03156B6B7080DEEBC565CE07C34891994A05D8BAAB130B00C99E25AB11A9182734BFD8C7B8BB7A93B42DB6BC416959EE0771BF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........0)...4.......7...)...%...)...>...........T...)...H...+...7...>...,...+.......T...+...7.......7...%...>...)...H...+...+...7...6.......T...+...7.......7...%...>...)...H...4.......7...+...7...@..........PublishMessage.wssEventSender>Invalid message passed to WSS Analytics analytics handler.messageQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_event.*AnalyticsSendWss.GetOption.settings.........4...7...............>...3...1...:...0...H.....handle_analytics_event....msad.files.safe..msad.sites.safe..new.AnalyticsEventHandler}.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSAnalytics4analyticstelemetry.events.AnalyticsEventHandler.require...//0D57CCAC4A0EC5184AB156150D86485469E5CBCE84F64D1B64AA81DE2636BCB288A4BABCB25FAC8109F1806D9AE858D2BBAD913EBB9EA49CAB57A03D09B575FE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalyticsraw.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):705
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.574294022810492
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:n+oUk4lj/Cx6WfEFyi9AnuyzRu+nGpIjbpZIf0NBid/9J+PdGlbLOoMJsYJJKgk5:RUFj/Ycyi9AnuZ+nzwcNBidlJaQORJsN
                                                                                                                                                                                                                                                                                            MD5:EC12756315F35D496B0C4279FD498247
                                                                                                                                                                                                                                                                                            SHA1:B887DDAB929A6697569C41A7EA46B8CA3FA58F82
                                                                                                                                                                                                                                                                                            SHA-256:04412CFB4A01B472C05DD51EC2F1684DFD20880C33147EF6102762E9502A6FFC
                                                                                                                                                                                                                                                                                            SHA-512:7D12A911E1B1DE877B3408B9EB97A10E98A3041DC1EBF7222E88AE1E1D0DABF7645B9B10467AF87F61AB89642A0B321A231B4A3A88DCAD6D1211E3ED9358420A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........")...4.......7...)...%...)...>...........T...)...H...+...7...>...,...+.......T...+...7.......7...%...>...)...H...4.......7...+...7...@........message.PublishMessageRaw.wssEventSenderQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_event.*AnalyticsSendWss.GetOption.settingsa.......4...7...............>...1...:...0...H.....handle_analytics_event.new.AnalyticsEventHandler.........4...%...>...2...5...4...1...:...4...0...H.....new.WSSAnalyticsRaw4analyticstelemetry.events.AnalyticsEventHandler.require...//22BE2655D9EF7025EFF4FBA17E30091D84414044CAC293A219391477412AFEFA11EAC89761472930A6623954144CF343C57E84FD67DE0EE23BD1417463BB0534++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\browserhost.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3907520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.420718802860094
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:1BPIOnx10wSUTZiPBbY/mLxYFrzmUtSXoEUrQW/iPkJSDzMORNOJ3RFoM74/2wfz:LPpXvSDzMUsJ3RFo0K2buAKDIIcA
                                                                                                                                                                                                                                                                                            MD5:F413A954CA8F508D9E3BE2B9D8CB866C
                                                                                                                                                                                                                                                                                            SHA1:2CE2FB3F5C3442AE7A6AA887B15345DD8BA4A3ED
                                                                                                                                                                                                                                                                                            SHA-256:37E262FDAF125C0EA9BC312F6615F3400B02C0702FA6D4CE4F26C2AB3598BCA4
                                                                                                                                                                                                                                                                                            SHA-512:86D88E5CF6C633ED4A5FE71C2E60A1A86BFCA13D19B8E51BF5C30DF364CB869AAB6019CECDFD620ADE0482B0ED0C4FBDD0D142D69B7EE7F530625BD566EBAC35
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......~.{.:..]:..]:..]a..\1..]a..\...]h..\)..]h..\0..]\..]8..]h..\T..]a..\/..]a..\8..]...\;..]...\<..]...\;..]a..\+..]:..]...]...\{..]...\...]...];..]...\;..]Rich:..]................PE..d...Ij1e..........".......+..<........&........@............................. ;......#<...`..................................................4.......:...... 8.\Y...B:..]....:.Lm..@.1.p.....................1.(.......8.............+.......4......................text.....+.......+................. ..`.rdata...8....+..:....+.............@..@.data...T1....4.......4.............@....pdata..\Y... 8..Z...r7.............@..@.didat........:.......9.............@..._RDATA........:.......9.............@..@.rsrc.........:.......9.............@..@.reloc..Lm....:..n....9.............@..B................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5985656
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997073443075553
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:98304:T+PQByUNM+wti12AJyTJs6mEzHohlciWocwyJ6TW9TFIfvxzNfuTeaFfPzemlu:i4ByU6+JyTKbEDoXciWoSdF+vhNf4TeV
                                                                                                                                                                                                                                                                                            MD5:EFADC0D22983A99516DDBFBA3FD6F1A5
                                                                                                                                                                                                                                                                                            SHA1:A64D75E07B8535FC7F71F33684CEB852E6784FA9
                                                                                                                                                                                                                                                                                            SHA-256:B4F29215D91B81325283EA358CB73753D53392874637C501F3009F0718091461
                                                                                                                                                                                                                                                                                            SHA-512:479F98D3D2C868F7189F09669A92F941979679F60525229F917F8B351BFCDEC8873E8D69D3153515F660A80D666E5F4A0DF8CC00F59EC1B423AE1DFD48C8B6E8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:PK............................app_launcher.js|Uak....._1..?.,r\...x.4.B.>..O.R......2;.+\.........Z.v.sfV^..... ...ww......Ow.........>.....{..-C^......<.7......#...!..j.:...G...`..........h....k.s.B...@q..@...HV...M.a'..~."E,'.N].."%.9[.O.R.O.....h@.j...,o',.9...../.^bLR.0i3.'.....)D........=K..M.V...B.;1.#`.Ta......3;;va...Hq..N...E..<.d.O%<...XX.2..`....FI.+W.H.t...`l3Fc.v6me.E....!1.5...O.e..c..]w.L.M........N.c.B.U...6.`..H...H.<D..&.S...1L."t. ..Q3zVg..k..A.-.X.....i'h.Y$..p:l..i/=. Y.i$B.]....Is&U.......H...I.....J.l....Q`.x.Gh......H.l..n|.!<u.....5...]b..T....F..W....u.7'......|-<s,.....p}.....&.?...;. ....@..%%T...v.[.jz........Tk..p.UA..T.P.jvu..T..**....:SU.|..2....../..4.X...\....w-.^;\...y.bPTR.Rz&.K..f...C._.v..|~....0Y.y...W......u......fC.~..}..i.vL.]...+.cS.s..s.(.P...Cxm..?.4.c..:j..\>..9Iz.\-...}.\!pT.,...W..Fw..K..*p(..P.}9..E.(..Hf..*M.UP'.\.OC._.rm..y.P.....~.....;.8....a...O.,.Xe:S\(.r.%..."y...Ynu...G...@..#VY.(.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):358
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.783729084285157
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:3FF2b4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:1YJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                                                                                                                                            MD5:4BCE68B8CBF044EB70958BC6018D0F01
                                                                                                                                                                                                                                                                                            SHA1:46B4482884D6062CF15E618B8035BD1E675A3EA9
                                                                                                                                                                                                                                                                                            SHA-256:FE5A9A409388CD8E5D6AF76E3FC8E8708F697F2577886BC3B826B4D591CB4306
                                                                                                                                                                                                                                                                                            SHA-512:0F3E86AEB29E202E2E36E4E1859AFED3F17CE65246E90291CA8413287B94798A42309EB27E5CFB67A0B48A8C6D14174FBFC3F36EBE25B7BD8D7800BB78671047
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor_v2.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):357
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.7907114893123115
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:3FF2Eas4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:17aWJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                                                                                                                                            MD5:BEEC1609B6AA63B29247C7C4805CBF32
                                                                                                                                                                                                                                                                                            SHA1:A9AF06A9D648857FDFBB8BD0D1B6A49840FF0232
                                                                                                                                                                                                                                                                                            SHA-256:BFFE531435235BF8801946B9BC8654A79727FD6D591DBB7BE173BE9A55FC6974
                                                                                                                                                                                                                                                                                            SHA-512:36BBB47F67D2B112AF77759E637318CD79560156B3B5A1007FEE0CB0A9FDE3E26C99D980D2160DF0A730304A43D3D16D2F28742E44A5303B81C0FEAE78A176FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\eventmanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4595760
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.483853360511586
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:ybwb+Xrrg7YaLYkZMz03fM/S0orrrst6U6smaljX24B02YQBLIKZK/+5a09wxqxE:ykEwz8/L1K/sa09wxA2uTsLlFi6L14z
                                                                                                                                                                                                                                                                                            MD5:E5349043F8B5E10BACBEA38B81DFB67D
                                                                                                                                                                                                                                                                                            SHA1:C8F4C47A6CC0C0CD6747781192473934BCF4AB70
                                                                                                                                                                                                                                                                                            SHA-256:FEBC433A137F32EEC85C985ABCAA92B78C45ED7454E62B697E1281C6B71559D1
                                                                                                                                                                                                                                                                                            SHA-512:938170BA5670D87A55ABD0F67E2CA53EDAA4A55DEA1537F9CBC8BB7EE01C56E6F2EA506E3728337E93D36791009204D9B26F5BB7B22C1B6AE80B3683B9487EB2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$......."R.Uf3..f3..f3..=[..k3..=[...3..4F..w3..4F..l3...\].e3..4F...3..=[...3...F..g3..rX..d3..=[..g3...F..g3..=[..s3..f3..g3...]..&3..f3...2...]..'3...F...3...F..g3...F_.g3...F..g3..Richf3..........................PE..d... j1e.........." ......4..........a........................................E.......F...`A.........................................+?.P...`+?...... E.`....PB.......D.0....0E.xe..,,;.p....................-;.(...`.7.8.............4.`....&?......................text...#.4.......4................. ..`.rdata..D.....4.......4.............@..@.data........P?..:...B?.............@....pdata.......PB......|A.............@..@.didat........E......&D.............@..._RDATA........E......(D.............@..@.rsrc...`.... E......*D.............@..@.reloc..xe...0E..f....D.............@..B................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.457062531070689
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLGVuDl9IbNk1O:7rrSOX8BC0Bj5dXEC0BjyKSgDlyhkE
                                                                                                                                                                                                                                                                                            MD5:2C63B7AFFE088C01AB5F20D5104E15DF
                                                                                                                                                                                                                                                                                            SHA1:A5D6C4711A285ECE7EBCE9D7E022424EC4EDB4B6
                                                                                                                                                                                                                                                                                            SHA-256:12B993EF6A1E24A033F837365B81D23285A44B8A2D7B4997731A0A2DCDE66755
                                                                                                                                                                                                                                                                                            SHA-512:DDD71C0266807E92102ADC5396BB423437D711E6379590B8337BD82500D8CB70A4E6CB1240C8364CE90311EC969229EA5634E79CB5443C4782E6A38C4CCC87B4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//C5F0B43E00F5627EEEC2393F31E84E03519AA4F8BE9244C8A03E876842E437D46962E9871B7250D7615D7E2D8C7B3DCA63A88B85E23EAD23B7BAFD1C9D3D9030++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4575923167906515
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLEulWlnnxXn:7rrSOX8BC0Bj5dXEC0BjyKS9gYnxXn
                                                                                                                                                                                                                                                                                            MD5:04D6CFD2351BAC10CA5425269D1A9E14
                                                                                                                                                                                                                                                                                            SHA1:01834871494D9CFEBD7297492A059F3C81156B35
                                                                                                                                                                                                                                                                                            SHA-256:4504952D3DE20C1432B1D83959A91B7D989525A0C3CD66A5D052F78308F487C9
                                                                                                                                                                                                                                                                                            SHA-512:8E2A1F4D09B87C8F6DA1D0865B97031745059974EFDD5990A5EF142611DF16B5C5BDAA694E56B919ED4CC8ABE4A19BAA8CA7DC8C6E6256EDA10EE5B3B42C49DA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//3A9F3C8F649DBE1566697AD22AF502965914F54401D874EAEF5489E526632285BEC469E711E47D9D55E26DB98DD5D0D2A12283C734E4B14C13D1EE46E45F55B9++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.452832655007357
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLs+uM3ySBvVf:7rrSOX8BC0Bj5dXEC0BjyKSOjf
                                                                                                                                                                                                                                                                                            MD5:500CF042BDE44B7480537A73F638DA68
                                                                                                                                                                                                                                                                                            SHA1:E8D3CAF416A35A25F2F9900BB075374911E04604
                                                                                                                                                                                                                                                                                            SHA-256:D33C0A5A9F49A58F2F62062C416A7F7272D2FF086B097A333D680975C527448C
                                                                                                                                                                                                                                                                                            SHA-512:D7D6858FAA9D01ADF2AAB289D7ECDCEA0FA13D8A4977A8239EF40E258105D37E743EE3DE43673D513392B44294ED605A5492E82AEE5D7215DEA25C25C2DDC9B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//78E4B005F00091A9BBA8C6FF7B202C37FBD4266C883AB9C788C43B50F87A05F1CFDEEDA0A0AEBDBDDA5956F856573FFF6877D2A657A8EFA63B6FDB625F9CCEF8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.462269411923535
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLKbmzY51:7rrSOX8BC0Bj5dXEC0BjyKS3bm851
                                                                                                                                                                                                                                                                                            MD5:8F2C476904096330DD804923C943804E
                                                                                                                                                                                                                                                                                            SHA1:DDB93B41F6FB6C56B52C13A894838944D785F398
                                                                                                                                                                                                                                                                                            SHA-256:1F97B352FE44C92136749ECDC03EDB66CD83B09F6C30A736FF07860322C9061B
                                                                                                                                                                                                                                                                                            SHA-512:F3EC6C431ADC24A34368BBA37F1BB0B94C5E46FB31CB407E9BB2C292EA5E837B19F9F84648D6EA0BAD6ECBD10D4D32016757BC0B66D7E8E09C7FD11D03342EE0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//575E452AC777F6963BA6E75571831F65210C2B5E192738255AF348F79D560D4AF2C79E0D7E3EBC6E62A3B9B2B0583023E453C2D75865871FCBEDD822AB0A33FC++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.473701209105896
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSHB9Bu1yaZQ:um8BC0d5dXEC0dyKSHzmB+
                                                                                                                                                                                                                                                                                            MD5:13145CF41E44DCAE7BE843F6459CC052
                                                                                                                                                                                                                                                                                            SHA1:39BF1C0E6D766B98FA06FA72EC0476AEA6BB5AE8
                                                                                                                                                                                                                                                                                            SHA-256:A99A8A6144D0C27262FF975D2812D3B44797B1A04D1D57E10D383FE00174BBFE
                                                                                                                                                                                                                                                                                            SHA-512:78C6958E9A649B940128D0F301E4E63CA3E7AF822EE233BF4E8FC3CF8306C2717520CDE98E54C631B1EA06658539847AA89F8D6AA9A633E0A16381333C671069
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//C8455F814B99D9A0475379993091A75FC2FEC3B16242079C496D5C16E2CB9A301241450D01593C204EE51BF7612BF3E70367CA96938A2ED59AA3F8979D692D10++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4630470056002
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLyrWbT0n:7rrSOX8BC0Bj5dXEC0BjyKSjrf
                                                                                                                                                                                                                                                                                            MD5:19C4B9D0B3BA1F8BEBCCE744239C6279
                                                                                                                                                                                                                                                                                            SHA1:BA2847C98B84A43DDB575CACD2772A2F72CCCF96
                                                                                                                                                                                                                                                                                            SHA-256:F3E36C005C9F13B431C01B4D98258F1B20C4B88980E3BAD5122812B4B1099A63
                                                                                                                                                                                                                                                                                            SHA-512:0257335899FB1B115EC1E6CF2FF1A491B5FC8841B1C97D26AEAFE2FC800C282000AFB8DA85BDBFC6CB9CEE96EE05ADE30E559A9319190167F8A7FD891567089A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//F48BC0A207AFEE2797A73472CC751017EF15E00F8048740C617860AD76482E2208EF125E640D1C32A597401131CAA66B07649B0932228194BE40D0AFD9880415++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.462475194813927
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLQIFedPjd0:7rrSOX8BC0Bj5dXEC0BjyKSfd0
                                                                                                                                                                                                                                                                                            MD5:728642C239AC3AB08864A4FED48E0BE3
                                                                                                                                                                                                                                                                                            SHA1:B7CD240F8F03A381C13D1D4A833CD1047373AB5F
                                                                                                                                                                                                                                                                                            SHA-256:B3371A4CB58F38CDAD46970F86235B9C19E8BFE1A0CC5FAEA567ED63AB8DC4D6
                                                                                                                                                                                                                                                                                            SHA-512:3FCDFAC5D821615AD19F41EC4D87CAFAC18AA25A66FA7A04EC3C900024D3C49B582CF388B273DCD5DF3F5601138C06A02556948B873AB6B5CD9EA391E240B80E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//AFAC4DFC424738537692DC290977E76C894A0B9B8454E9D750F0D6EFA0EB70396309537EBBD2B0C6E2757469944DBC3BE8EE9CC8782C83A4AF717645F50E4072++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.456221156174318
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL/urqJ4b9amK:7rrSOX8BC0Bj5dXEC0BjyKSLfZtK
                                                                                                                                                                                                                                                                                            MD5:C47772370CE4F7FD7DEA27C8997796DD
                                                                                                                                                                                                                                                                                            SHA1:51F4D16A252E735972CD87BBFF7D9C87085E9C88
                                                                                                                                                                                                                                                                                            SHA-256:35E7FAEBB0702815F56EEA8148A1C7A4F85B5AB22F08DDA4E5B06B22DDEF9105
                                                                                                                                                                                                                                                                                            SHA-512:4B1582E039003CBB8DAF0964EAC040360947AD1DC45F11BCC257F164848E539CF2C929922203AC03988BF7052ABA0C15CE40525B4D7677039763DC08C476D2AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//0E64429E0A9F843E0EC94EB3DF37E06143B391C576B919A5395E75F74EBDFEF45DF80F64DFCC06C8E962624D4DEDBC6FCB7B620130EAC7FD7940FF1EE0E3B546++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.474008739615887
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLuaQphAi2lQ:7rrSOX8BC0Bj5dXEC0BjyKSDhRWQ
                                                                                                                                                                                                                                                                                            MD5:F1861FE2D0AD22983F09B68B5C66CACB
                                                                                                                                                                                                                                                                                            SHA1:FCD2E94221C50BD4F8A051575462A49EDB544F39
                                                                                                                                                                                                                                                                                            SHA-256:432C7D6707C051A2A5B6E855B78FB553A53ACA791D55467F21E4AEE2E139E9CB
                                                                                                                                                                                                                                                                                            SHA-512:21E2020C41F0D954892B375E506DFACFA9BF77FE694ADCC9052834B7CF05B8EBAAEEDFD671F9F6C2481C3324458ADF1654A6E6888324E0B318E6A16CE80989A1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//06149726A79AD878008A6A9C6F23B086B8E36B560078A242662D5F21F736BF6CBAC71737D30D70450B9A814C16FB5E53996D437DB5FEC423E700AE1A34435FDA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.469613160083841
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLnLRmUSmMO:7rrSOX8BC0Bj5dXEC0BjyKSs8LO
                                                                                                                                                                                                                                                                                            MD5:F59FFF57B797C922AA64D787CC2D96E4
                                                                                                                                                                                                                                                                                            SHA1:0BA7BE67DBAD03F28AB10B244BE34E2366053790
                                                                                                                                                                                                                                                                                            SHA-256:20EB03721430FFEEB0A669B65FAECB976BFFC6677D19FA47FE7A52295D04EDDC
                                                                                                                                                                                                                                                                                            SHA-512:8AEC3B5972B28299E14075E138D3773D269248490B02FE24F1C688EA0EE6B54A3509045C236963B03108909342ECE071F74DC3ABD2C881A50C07988AF776680A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//536AC09A599AF9058A45A141AC3F06DCB258565AA9D99D874CB155736D44A797036FDE73BB44CE6794038292C22F44044C6CE46B8427C23CB5B032C146F0EBB4++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.460552508045365
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLdkHZ/T+S:7rrSOX8BC0Bj5dXEC0BjyKSP5/yS
                                                                                                                                                                                                                                                                                            MD5:3F4A2766A6F5059E345D7E014605812D
                                                                                                                                                                                                                                                                                            SHA1:8A12BE294926F26F013C86527F2B0A2892CBF9E6
                                                                                                                                                                                                                                                                                            SHA-256:C6646DE89EFA612EA7EA6B20A1A42EEDDA35B2DCBBD9B36270FE4A3AB35F189C
                                                                                                                                                                                                                                                                                            SHA-512:CC9B7936CCA2A603883AC16615539FD561FB5CD0A6655FB314971B69C10A19137D9CE92A57E32EBAA1833CF18916DE162560EC771405025AB28453E506C9245F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//8C74BBBC4B532BBAB1E492E3FF63BF4A6DEF7F478F1649A7CF56EAC7925BADAA618D15B02648C3C0021895D4926E9DB9AE3B2C7D9F63A143A05A38C7A2C0390D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.446422453660456
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLET/RPOx/O:7rrSOX8BC0Bj5dXEC0BjyKS3/M/O
                                                                                                                                                                                                                                                                                            MD5:114F00B91B0A839BC59C13EECD969417
                                                                                                                                                                                                                                                                                            SHA1:426A629227A573AC60F103C20D54389FEE58B7CA
                                                                                                                                                                                                                                                                                            SHA-256:730474FDA92C5D06034E02C8E0F2EFB44C517D02413E11D04D5C9DA7A877FFE6
                                                                                                                                                                                                                                                                                            SHA-512:5C16321F03D21ECC761E2D8F46387A4344C2B150D0BDB76EBDEDADFF12F6E999925CEB28C3925E569B41EDD08F7C63A13E3677D4EF4ED454B0813C598D21A110
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//CAA56B8AE7AB8A7499EDD9F2142DB3BE9A06DAE61625B5A5B64E3A33C654F67535B67291956E9D6044537E02ADAB6EF521B6E6C2672C0CB30D885DC8903C56B9++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.445285532002276
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLuMiROHO:7rrSOX8BC0Bj5dXEC0BjyKSbMiROHO
                                                                                                                                                                                                                                                                                            MD5:A16523E679479EB2345EDB8A03F4B95A
                                                                                                                                                                                                                                                                                            SHA1:CF59E8F308528CBDF3B3FB94C7307D1AC8096E04
                                                                                                                                                                                                                                                                                            SHA-256:A42B6C56F808FE6EAE9F35914384351D33FA595BA337F1DA7B174FF9C75B5025
                                                                                                                                                                                                                                                                                            SHA-512:A02B71348E1C7B6DB4BD845C1E70A6350C8497F3DD0D0EEDA5798AE31257891DBA3324B1CE675171A2806A5FCE2769E3108108F1D322BEA81E4512662CB8C512
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//D50D438293DDE09E773541733B3BE64F7A7EB539C47BB7ADBE15B33DE7E7538F5BC0291EF30D2BE3E15E5E01E9D2CDD0B6141C761F02ED076A5DE11885EC5269++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.459928138102989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLjNhCJcDF8lRZ:7rrSOX8BC0Bj5dXEC0BjyKSOWskRZ
                                                                                                                                                                                                                                                                                            MD5:0A165A8316A9B5B7D83E48C26B103BE2
                                                                                                                                                                                                                                                                                            SHA1:46CCBB4E5583B5D66DDE75B8200530A24EA39598
                                                                                                                                                                                                                                                                                            SHA-256:21C0F6C158ED8E31920F694C9448CE1EF95280FBA9AA90C202701CB4E0D60500
                                                                                                                                                                                                                                                                                            SHA-512:F3D13507002E72A77DA78E1AE7A98B9AEA0C1756C792CA8A8C18A250AFFF2A36FFB13E0FA0BE88795B3EB1B93EEAB5CAD482FFEDE9A2842DC38BF88E88367F12
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//9CFA0EDD6F37124B5C22851C49378D9350F921D085C3E994E97C57EE2D4918B7064FC26CE05D4026F977CDEAFA81A4F323AED49271FAC19AC43EE419004DE791++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.457234851314495
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSfLShM2yDvz:um8BC0d5dXEC0dyKSWM2qz
                                                                                                                                                                                                                                                                                            MD5:C60AF0552109D9CB29C7F0F3BC970D1A
                                                                                                                                                                                                                                                                                            SHA1:BEA15F85D7AFF354E24D7DFFFBDB7A88076EAFB9
                                                                                                                                                                                                                                                                                            SHA-256:B2AE71EE2E866FB5969C7F201A54DA6E0FC96515EAA583478B5B9B78960CD978
                                                                                                                                                                                                                                                                                            SHA-512:F7976EC5D34EA281F73A09CBDA798BC7C40F98375558E66133FBA273E5167A4E856174D326C6B73E02078DEADCD530FD4A7DC162E0CC1D3503A1FC02819472F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//7F35BBE0E6B4A1C6D6F4FE1A195CCCC79F5C04955176167B814DD3F4ABB599AB7DB0CDCCE2A9F66B7A9363C717B9BA816DEE882664AECD4D77034C35B3E8D088++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.463598625431088
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLqEU1RxnM+7ZR:7rrSOX8BC0Bj5dXEC0BjyKSV/LM+7f
                                                                                                                                                                                                                                                                                            MD5:759EA8276509D69039F7CFC0B8707E54
                                                                                                                                                                                                                                                                                            SHA1:95CE60D56462475C90AC4EF368BDCBA8B425F02C
                                                                                                                                                                                                                                                                                            SHA-256:18FD89870B46B749E5761917A41E678C89B810DD73EAE63F69F2029FA538032D
                                                                                                                                                                                                                                                                                            SHA-512:EF8B2E9F9335D8C7831D8B1568E0219E01BB6572570241C0D904BF62BFCCDB346D3CAE7A9D8D9FA93C5E63159C8E3A0D1A1D5F3EE40CF82E0765407691439E06
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//FB114B24728C898322B0252E590EBCB476AB5994E0B69360F7AF80AAA4EA986BC979C031A432738D3229B59C26FDBBF25233F27E11D9FF93A83AF6B41845B0AB++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4635987817635145
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLf2YjE9b/xO:7rrSOX8BC0Bj5dXEC0BjyKSjYjEvO
                                                                                                                                                                                                                                                                                            MD5:ED628036F94DA54EFB8878B690D91B9E
                                                                                                                                                                                                                                                                                            SHA1:CAE90BD827A7FFBBBD7B040D0D85F381594BA5BF
                                                                                                                                                                                                                                                                                            SHA-256:5CA2C20958F3DDE9F771ACDC2196824294D5B9CAB7FCD541ECF181DDF7A375BE
                                                                                                                                                                                                                                                                                            SHA-512:D38B2C4EFC220DD097A88F260D7D89AD1C229BB0628F0164132978D51741A80E2FB32EE3C004478DE5468126F306C858FE48F16E8C46EF6DB3783B77FBFFC607
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//F243CBD9C21488EF7C5BA3449F85900E9BF92E17AD4DD0A92B957A0481131D1848C4DF01F3A1E27391D6F52F7EEBB017822E3CD28B0EABC60908C2138B443AF5++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.445197535901985
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSgBXUoLCLmid:um8BC0d5dXEC0dyKSgBXNL/id
                                                                                                                                                                                                                                                                                            MD5:05B1C706A2D0A8EC4AAC0C0735F47E52
                                                                                                                                                                                                                                                                                            SHA1:7BCE6B2DF4A5D15BC63676B19F2E75FD1769A742
                                                                                                                                                                                                                                                                                            SHA-256:0EE26194AA0479683A945CEBC2461B35FFE61B7A76DE4C696134FFCBB8E0DA7C
                                                                                                                                                                                                                                                                                            SHA-512:3DC0FEACDE82948BC4C59D42375A298A53BFFA1023358886925FEA6A8465D38DC660AC2A7975E21A630823B3876F550F7E1DD92A1708F98278ACD2ED3A87BBAC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//BA1DA56EB3A2607A32832CADED8BE3D26FEEB874FF9FD42F3D1E0E0A7AA2D984ACB31E27FCB9FE63B19F8E807B227AE6F363F5348996F0F8456C2C5CE8F6B74A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.46942216703476
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLMHwtKKYReWR:7rrSOX8BC0Bj5dXEC0BjyKSwKzJR
                                                                                                                                                                                                                                                                                            MD5:56DA883ED1B29AFF30506655E2F1F923
                                                                                                                                                                                                                                                                                            SHA1:16E41E7F64595FAEF4824556D91FBBBAAD5A2290
                                                                                                                                                                                                                                                                                            SHA-256:2B0C004841479710CDBF4E1DC9219CAD1392914812CD00820B5DF860AC0C6AD3
                                                                                                                                                                                                                                                                                            SHA-512:04C8DC7FF9931BE8CA3E52F882036D21FE24920069EFA7CEF3E4B8270538D55D3F2228F84603D0B689F20F7FD57488283086F5C6C124AA8B65744EB2AE95FBCE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//5EC6745BD9B2304CD9346E8D43358153B0EC643FD6B3FC8A5583CF7D3F9FA4A82A0F5581A892A4E92BEE6DA6747D53F637E2850B5A66DC6B48B1676901F3D862++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.469574752733979
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLgA7B9+EvO:7rrSOX8BC0Bj5dXEC0BjyKSQ72t
                                                                                                                                                                                                                                                                                            MD5:39FBC7A836C6A9A9BEF0AC58673D602D
                                                                                                                                                                                                                                                                                            SHA1:6B5E20347FC819F8425F42903B3BC131574553E6
                                                                                                                                                                                                                                                                                            SHA-256:BEC7BCB35131D24C8C375BB5D864B2C0B522720A6AA388382993CEF2D5C448D5
                                                                                                                                                                                                                                                                                            SHA-512:35E7518C48AF05232BA3B33AAB4535BA1FDB2579F4C73A96660BC00D660E58FFEA856044206C8BC384178E26B8775522231187C6C75E6B66109BDA35D34112AA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//388F6AF6E65DBCE2C747549D5B4D46D5D931DA5D510F5933012A69DA6FDDE4AFF335B3791FC007C3AA5521E482B0361D75676F323A2B2CBB985DB2CD371168BA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.460896650516683
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL/bRB+7s7mMyaI3W:7rrSOX8BC0Bj5dXEC0BjyKSWElII3W
                                                                                                                                                                                                                                                                                            MD5:ED2BBB1D1DB33B6042CA25DD81C35018
                                                                                                                                                                                                                                                                                            SHA1:AA6A74124BC820179AEB7CAE588D136BA6072045
                                                                                                                                                                                                                                                                                            SHA-256:7A7C9DEA09769BC7E2D33E2A98BCBD0DB3372C48D5C5C625005CDD237E6A44E0
                                                                                                                                                                                                                                                                                            SHA-512:086A9CBC42D2E6BA3DF55B1703693E926228BA53A9671C133881BCA1A5E8408863E40E9FE5BE622254A0624F634E07E486BA6E6D226F3C56C2A4BB1F261D0F9C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//EC996BEB3661F429D0B70CBC24E5962A961E1A3C8C93172B6409DA9C7D6EDFB5D73DAB02DA20375C3D260A53E5082531A2B01F8A5F8CC40DB2067FEA8FD27BBF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467856883034622
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLO2EOTHHPMn:7rrSOX8BC0Bj5dXEC0BjyKSiPnPMn
                                                                                                                                                                                                                                                                                            MD5:E973F3585B323F14B0BB4BF717C2C432
                                                                                                                                                                                                                                                                                            SHA1:2C1F47252D9E7E994E5225ADDC1469BC7E67EA0C
                                                                                                                                                                                                                                                                                            SHA-256:CCF0474C676C87709A1D98108332E95880DB5C1DF79C02C2B5852D648E02616A
                                                                                                                                                                                                                                                                                            SHA-512:C5DCCD763E75EB8ECA819BC0CDAEE461BFEBA2F6E1172764CBBE7AE7E40343CB0D26F3578C86BAC8B10EC9314B8ADAEBB60F84D7F52ED10898BD7D061BE37381
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//F15F66D98C087AA4185915CF450FA38197D1E150AF0DFEFC0F6147610333DEE53EEF901C8BF177497DB3D7E0155DC36E7FFA61C2C7D2030D3477C23866F68EA7++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.470593121533814
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLc0gxjhZnGKComO:7rrSOX8BC0Bj5dXEC0BjyKSMIGK95
                                                                                                                                                                                                                                                                                            MD5:2DFC038F1F25EC961BD374CC4746688B
                                                                                                                                                                                                                                                                                            SHA1:7075EA88276FC26B03D3611DBA9F015C9CF63F17
                                                                                                                                                                                                                                                                                            SHA-256:0F75D819C2E9F9A4D4FB42278D3E5C8A9D06B5256D1C81DEF2EF9C3711FFEBAE
                                                                                                                                                                                                                                                                                            SHA-512:A96A68810A701F1A763A5202E654123D2E9FAB02DE8238A188E663377BE5FE6D417B8CB8CCB63FC97806D9D8DF12A925964CC967E3DF247CE340DA7681A1D1A8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//1D77B7340250E588FDBFCB5F0E18877500FE6458EC824116297725BDDA4845449CC2E58D2F4CBD8FBC1666C492B41D501773CE2E65F777D7AE1FE1C55433A495++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.460028903608339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLf6JQVf6SgS51dZ:7rrSOX8BC0Bj5dXEC0BjyKSbeASldZ
                                                                                                                                                                                                                                                                                            MD5:0D785342A25247CA9003B7B9D037E3FE
                                                                                                                                                                                                                                                                                            SHA1:2943F21E6AA9A448947BDB24FEFE639F6B01EF70
                                                                                                                                                                                                                                                                                            SHA-256:25299DBC1364EBC47C4E656F9C5B972C59F63A7F8F3CBF0B8F083A3423B20EB6
                                                                                                                                                                                                                                                                                            SHA-512:ED3C0C6C98EBE353065B4DE19FA89E22257E734FA439CB16F5DE2E5BC771B935CFA1F1B76296D0CA475B300A2178347466F570E04F1B7D585A2A0FC4327D7729
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//60ACE245215226914E5DA484150FE797D0C333F017E544AC161161CF90AAAFF0369E4A633D10F2991BEA9862B09BED4C19572BDDF358D944E6A3D12EF171493D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.456037342077777
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLfCkrgkK+cc/:7rrSOX8BC0Bj5dXEC0BjyKSonrgFi
                                                                                                                                                                                                                                                                                            MD5:B973EC23CFFB723FEA68F8561B6EA662
                                                                                                                                                                                                                                                                                            SHA1:3B39CBE8153950F9C6DD1672AE8A0B6ED0997A1D
                                                                                                                                                                                                                                                                                            SHA-256:FA43AEA3678EDE64162E431F8DD7D8FAEACECD58C5DC04B814291B1D6E428B22
                                                                                                                                                                                                                                                                                            SHA-512:EA4D78E2F9902CFEAA00CB1670AC4B7435A39343BCC8D67BC5ADFD3A347AE2A4A64439645A4937AFE642C1DB6C98EB7D5CB3F13F07BE0DC10D647C37B92A8BF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//B157263B6EA7B05AD27A98A5E4A4B269B610DCEED65B53C816681C5EB68CD063838FB8BDB21580794FA2AB7B03A4796B3FCE54BEFF2272273443D6BBB7C4DFB6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.455761366787283
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLQyDAOdHn5g2S0UgN:7rrSOX8BC0Bj5dXEC0BjyKSrbsZ7S0T
                                                                                                                                                                                                                                                                                            MD5:907EDD42DF7B2041D7EDDEF4F8FC5D9E
                                                                                                                                                                                                                                                                                            SHA1:AB9E9C28130CA7CDD64072F756F00EF24C749971
                                                                                                                                                                                                                                                                                            SHA-256:21A84F5A3A4DD952E6A1BF79259A9D10C48C844FC9A1DF52B42D18D53BBF2CB5
                                                                                                                                                                                                                                                                                            SHA-512:F9E1E561E4217F48F5D7DADF399C81A69DC97F5535EBAFBE453AD9DF4EED4ED1B4EE124381C0820E94FEC20A9261611367E0DDA3661867D05540E5913B98A524
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//CA2160C747D0CD707855805FCA47777CBA17E71830125AAA7FDF367A84F0AA8057C8357B68DBB615DA8E1BBCB0BFFC6910774DFC72B3A97051FBF89F1E4C1FD2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):803
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4578324444250415
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLX+j4WkWUB:7rrSOX8BC0Bj5dXEC0BjyKSj4R
                                                                                                                                                                                                                                                                                            MD5:1C7F9452A0AF5E43BD088BF599A0CEA2
                                                                                                                                                                                                                                                                                            SHA1:40DAC5BDC4DC1B11EB76E97707EE9CBB750C94F6
                                                                                                                                                                                                                                                                                            SHA-256:CC3B5364B57E96E0C4882CB04DE6B882B1829C2C7C7277E4EB1B1F6DB06884DE
                                                                                                                                                                                                                                                                                            SHA-512:68E719FE01634C3E80C056B80F4395033C15365FE83992EBB54D0627D25125BC172F94C5C2E627826E6666796C2669514FBEAC7E7F0D027FE5CF29715B7DC509
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//34A9340FBF7EDAC6D0E6DA9B0BFC295557D59DC62F5A8F97FE81D7D6AC1DA8183752369A0AF90336258AB6AEE4EBF097B9E85972BDB981C1A77FBA42F19A0168++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5377
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.645379925283546
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:WQVBazY8QxuorbT6roQ/CZwmBrqtXNMDUaGCrW+NlaVy98ZDcT7ek81vY:WQvaz3AumireG6HYVygDcTqh1vY
                                                                                                                                                                                                                                                                                            MD5:D3854AF68405E344A52E1DD70EDDA7E2
                                                                                                                                                                                                                                                                                            SHA1:8DEEF7F53E82257C1B02D9EA4ADB21C78B3D2F72
                                                                                                                                                                                                                                                                                            SHA-256:01EDBC10FC72B557758CA88301D2CC0815FD771E39F7E2182B7C8E2B312C83F2
                                                                                                                                                                                                                                                                                            SHA-512:DFE3B660A4271B3F5D96617F320646130430C277B0D79F85FD1FD5597C758B2FA4139B47C989C57279135B1766F6751B0F55552D400325823C60480BE8E0DE99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Prob.h. skenov.n..",.. DL_SCANNING_MESSAGE: "Soubor, kter. chcete st.hnout, pro jistotu skenujeme.",.. DL_BLOCKED: "Zablokovan. stahovan. soubor",.. DL_SCANED: "Skenovan. stahovan. sooubor",.. SS_ON_STATE: "Bezpe.n. vyhled.v.n.",.. SS_FIX_MESSAGE: "V.born.! Tyto zm.ny provedeme p.i p...t.m restartov.n. prohl..e.e.",.. SS_OFF_STATE: "Je vy.adov.na akce.",.. SS_OFF_MESSAGE: "Upozorn.n.! Ka.d. des.t. hled.n. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "P.idejte k v.sledk.m hled.n. hodnocen. rizika",.. SS_OFF_DIALOG_CONTENT: "Ov..te bezpe.nost odkazu d..ve, ne. na n.j kliknete.",.. SS_SEARCH_OPTION: "Nastavit slu.bu Bezpe.n. hled.n. jako v.choz. vyhled.va.",.. THREAT_OFF_STATE: "V.straha zabezpe.en.!",.. THREAT_OFF_MESSAGE: "Po..ta. je vystaven hrozb.m, ale m..eme v.m pomoci.",.. AVFW_DIALOG_HEADER: "Antivirus a br.na fire

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5126
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.344464090919931
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:uZb3Bdp2fhG5TrVo8Ybuoo/tFCld/lwrYeCEUVlku/TzmV9S9hSFmUihQI:QCfhwrrYbuoG4Z+VchgmQI
                                                                                                                                                                                                                                                                                            MD5:07E32B603DA78CFCDCE561024A2519D3
                                                                                                                                                                                                                                                                                            SHA1:EA6AF28663B342C6BEFEDA1A5D6C94C760B10AE2
                                                                                                                                                                                                                                                                                            SHA-256:546D77880E140593D621EB3207FB152DD3A829D7CACDB54CDAF42BF6414CE4C9
                                                                                                                                                                                                                                                                                            SHA-512:BCC4651A1EA923572BAF0B58F7DBEA7D358A79E74E998096490FBDBA8276C4D28BE737430D208B523660F2B8FB8E9D5A264788512C8C12FD7FC36A271BAD170F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanner .",.. DL_SCANNING_MESSAGE: "For en sikkerheds skyld scanner vi overf.rslen.",.. DL_BLOCKED: "Download blokeret",.. DL_SCANED: "Download scannet",.. SS_ON_STATE: "Sikker s.gning",.. SS_FIX_MESSAGE: "Fint. Vi foretager disse .ndringer, n.ste gang du genstarter browseren.",.. SS_OFF_STATE: "Der skal udf.res en handling.",.. SS_OFF_MESSAGE: "Advarsel: 1 ud af 10 s.gninger indeholder et farligt link.",.. SS_OFF_DIALOG_HEADER: "F.j risikobed.mmelser til dine s.geresultater",.. SS_OFF_DIALOG_CONTENT: "F. at vide, hvor farligt et link er, f.r du klikker p. det.",.. SS_SEARCH_OPTION: "Brug Sikker s.gning som standards.gemaskine",.. THREAT_OFF_STATE: "Sikkerhedsadvarsel",.. THREAT_OFF_MESSAGE: "Din computer er i fare, men vi kan hj.lpe.",.. AVFW_DIALOG_HEADER: "Antivirussoftwaren og firewallen er ikke sl.et til",.. AVFW_DIALOG_CONTENT: "Ca. 864 millioner stykker personlige oplysning

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5366
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.336473915775586
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:F20O91pUKtemTKjnkGzgUIzeRF9DQ8YMLOeaTkHzp1E9Cm6uUUZSO:F29CKteQKjnkGzwzeRN8hA1EEtBaL
                                                                                                                                                                                                                                                                                            MD5:158A6B86D6707871103F085B3D0AE85B
                                                                                                                                                                                                                                                                                            SHA1:B902D937A574DB34064B497E256CB2249515ED35
                                                                                                                                                                                                                                                                                            SHA-256:AE97E185EE4A53466EB6738AEAFB7DC9790A2603FAB6C51782B0495779601502
                                                                                                                                                                                                                                                                                            SHA-512:FD6F5DD18AD614720BB19163711E582187D01BD9BA745D9721C0E9F9AB763DCC2ACFDDA0D5DB816F9718D8EC126B515B12705CF6CD0767F39BB61CE366C7933B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Wir scannen den Download zu Ihrer Sicherheit.",.. DL_BLOCKED: "Download blockiert",.. DL_SCANED: "Download gescannt",.. SS_ON_STATE: "Sichere Suche",.. SS_FIX_MESSAGE: "Sehr gut. Die .nderungen werden .bernommen, sobald Sie Ihren Browser das n.chste Mal starten.",.. SS_OFF_STATE: "Handlungsbedarf!",.. SS_OFF_MESSAGE: "Warnung! In 1 von 10 Suchergebnissen ist ein gef.hrlicher Link enthalten.",.. SS_OFF_DIALOG_HEADER: "Risikobewertung f.r Ihre Suchergebnisse hinzuf.gen",.. SS_OFF_DIALOG_CONTENT: "Erkennen Sie gef.hrliche Links, bevor Sie darauf klicken.",.. SS_SEARCH_OPTION: "Sichere Suche als Standardsuchmaschine festlegen",.. THREAT_OFF_STATE: "Sicherheitswarnung!",.. THREAT_OFF_MESSAGE: "Ihr Computer ist ungesch.tzt, aber wir k.nnen Ihnen helfen.",.. AVFW_DIALOG_HEADER: "Ihr Virenschutz und Ihre Firewall sind deaktiviert",.. AVFW_DIALOG_CONTENT: "Seit

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8385
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.97036429913225
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BYz3hNXL4xrlON0pOqxptk2xgthUE6wfOhLQvvsy:ULXUlObqTC2xgwmOhcvvsy
                                                                                                                                                                                                                                                                                            MD5:96170DEF81B1B8EE3572033B9D4F2059
                                                                                                                                                                                                                                                                                            SHA1:4305BF5113AF76DBBF693284FBBB633AAE14F056
                                                                                                                                                                                                                                                                                            SHA-256:F18D9C7A8162BC11CB58D635A30551127C9D6665223E4311E90CBD2A10E33F42
                                                                                                                                                                                                                                                                                            SHA-512:D2354DB541849FD221AED327757111E61F7F4C175DDF49CE7922362C0C9F3B6041D58E58A9798EE6D717E77F4285D489FD4B9F6FC3494DBCDBD6B3F6E9415854
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".........",.. DL_SCANNING_MESSAGE: "......... .. .... ... ... ...... ..........",.. DL_BLOCKED: ". .... ............",.. DL_SCANED: ". .... ........",.. SS_ON_STATE: "....... .........",.. SS_FIX_MESSAGE: "......! ..... .. ....... .. ........... ... ....... .... ... .. .............. .. ......... ...........",.. SS_OFF_STATE: ".......... .........",.. SS_OFF_MESSAGE: ".......! 1 .... 10 ........... ........ .......... .........",.. SS_OFF_DIALOG_HEADER: "........ ............. ........ ... ............ ..........",.. SS_OFF_DIALOG_CONTENT: "...... .... ........... ..... .... .........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4755
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.330293493969292
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:uU3x9/eMjflrS5xsyoBkXqLB+Qz/Q1wU9pYOosphJM:3x9Jjf2Kkm8GQ1NPjVDM
                                                                                                                                                                                                                                                                                            MD5:8452D886996EF223FF0526904ED7D55D
                                                                                                                                                                                                                                                                                            SHA1:7E48B6B39087A37A1112F8F080FA0F49B6444F17
                                                                                                                                                                                                                                                                                            SHA-256:42A40BE4ACF1B975B4358B220CD77F0B7A2F5AD1482C67722DC1845074E0B096
                                                                                                                                                                                                                                                                                            SHA-512:57413DD7979F9EFE456870289A0021D27665B57C14F49C03F2148AA60C4ECC5CC97E0A36C43E57E9B6200E608423D248CCCFBD392820837FEDA111BAE79B46FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanning...",.. DL_SCANNING_MESSAGE: "We're scanning your download just to be safe.",.. DL_BLOCKED: "Download blocked",.. DL_SCANED: "Download scanned",.. SS_ON_STATE: "Secure Search",.. SS_FIX_MESSAGE: "Great! We'll make these changes the next time you restart your browser.",.. SS_OFF_STATE: "Action needed!",.. SS_OFF_MESSAGE: "Warning! 1 in 10 searches contain a dangerous link.",.. SS_OFF_DIALOG_HEADER: "Add risk ratings to your search results",.. SS_OFF_DIALOG_CONTENT: "Know how dangerous a link is before you click on it.",.. SS_SEARCH_OPTION: "Make Secure Search my default search engine",.. THREAT_OFF_STATE: "Security Alert!",.. THREAT_OFF_MESSAGE: "Your computer is exposed, but we can help.",.. AVFW_DIALOG_HEADER: "Your anti-virus and firewall are off",.. AVFW_DIALOG_CONTENT: "About 864 million personal data records have been compromised through data breaches since 2005.<br/><br/> Don't browse

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5193
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.289454543730624
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:dRey5rMscODKKai5iihhi6VnRSyLK3yAEK9WOM0CKAXk:dUWr+ODhai5SknRSkNKPM0VP
                                                                                                                                                                                                                                                                                            MD5:EA1D149475B8DE595E7F6548C2849589
                                                                                                                                                                                                                                                                                            SHA1:B996EDAB6AF11C53077AB301B47A28D553386D8B
                                                                                                                                                                                                                                                                                            SHA-256:070D076E1FA2DA12B2AA741EE3B2B445BF8B00B3DC00783D92BE868735CA45B9
                                                                                                                                                                                                                                                                                            SHA-512:CC920E7633C8817033C491E894E78F44D5279BFE676519A74D624A8415ECE9BFCA0B6719556F9FF8D32EE739DE936146ACC79DBCD2F4E8D0586BDEBC9AAC3B85
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando...",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Genial! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Debe tomar medidas!",.. SS_OFF_MESSAGE: "Advertencia: 1 de cada 10 b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de sus b.squedas",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Definir B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Su equipo est. expuesto a riesgos, pero podemos ayudarle.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desactivado

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5216
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.317891684926424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:zyErLx7VO33aiG/qshhi6VnRfylmDiP2QuyMLii9j0OsKbPQg:zXrXO33aiiMknRfyp/Haiitfzzz
                                                                                                                                                                                                                                                                                            MD5:F2FAE8DE64422C814C9296DF22F68889
                                                                                                                                                                                                                                                                                            SHA1:5687D0E2C821783B5488374712FB688525A0E4EB
                                                                                                                                                                                                                                                                                            SHA-256:F136E244990ACDFEE269269FD13AB68C1A685E5F036E2052B7728DEBA557C0F5
                                                                                                                                                                                                                                                                                            SHA-512:510253E16EB1D298B73B3F1D14F38FFDCC2EA640297CBD78D6993E80E15BFBBEBCC836BDAEEFCBC2B5AD6EE886078EB4D02393CF230303D2987DA38FB89CD718
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando.",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Excelente! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Se requiere acci.n!",.. SS_OFF_MESSAGE: ".Advertencia! Una de cada diez b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de la b.squeda",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Establezca B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Tu computadora est. expuesta, pero podemos ayudarte.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desac

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4959
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3104739880659775
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:5ZZ4vNUD1ns7pqxqkRKk/eFt+2jiLRQoYWzZ0pu96M1cNi:PZ4vNlq4kRKkGSRcpuw4ai
                                                                                                                                                                                                                                                                                            MD5:9D38E74F684DB0F2CBD2D65EB56319BA
                                                                                                                                                                                                                                                                                            SHA1:FCAD74DC426F0271EF3534CAEA293EF66F25D141
                                                                                                                                                                                                                                                                                            SHA-256:FB08901885207A9FE74D5B15A4B8E1BA156062A73A5EF3882745F89C5EE27133
                                                                                                                                                                                                                                                                                            SHA-512:9F2E1F1FC76E612DC6FD06ECE136D515D705B413B543C7492BC397CBC0401693DFF6B9D4248FF05E2D3C485EDAEE1EA6B04DF4BBB5C3559BBB897F6EA163744C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Tarkistetaan.",.. DL_SCANNING_MESSAGE: "Lataamasi tiedosto tarkistetaan varmuuden vuoksi.",.. DL_BLOCKED: "Lataus estetty",.. DL_SCANED: "Lataus tarkistettu",.. SS_ON_STATE: "Suojattu haku",.. SS_FIX_MESSAGE: "Hienoa! Muutokset tulevat voimaan, kun seuraavan kerran k.ynnist.t selaimen.",.. SS_OFF_STATE: "Toimia vaaditaan!",.. SS_OFF_MESSAGE: "Varoitus! Joka kymmenes haku tuottaa vaarallisen linkin.",.. SS_OFF_DIALOG_HEADER: "Lis.. hakutuloksiin riskiluokitus",.. SS_OFF_DIALOG_CONTENT: "Luokituksen avulla n.et ennen linkin napsauttamista, onko se vaarallinen.",.. SS_SEARCH_OPTION: "Aseta Suojattu haku oletushakukoneeksi",.. THREAT_OFF_STATE: "Tietoturvavaroitus!",.. THREAT_OFF_MESSAGE: "Tietokoneesi on alttiina uhille, mutta voimme auttaa.",.. AVFW_DIALOG_HEADER: "Viruksentorjunta ja palomuuri ovat pois k.yt.st.",.. AVFW_DIALOG_CONTENT: "Noin 864 miljoonaa yksityist. datatietuetta on jout

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5692
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.295808362799397
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:0MxyhGiDkpQQrrENOqplZuFfrYnWv6HScq48Ky6o9Q+W55fTskdSb:0ZhGVQQrrENOqYIH2V6o/W5DQ
                                                                                                                                                                                                                                                                                            MD5:5F08B3BABF3AFFB2530ACA5B71625FDA
                                                                                                                                                                                                                                                                                            SHA1:E4E774326597046E59392E318CEE47010A31B3F4
                                                                                                                                                                                                                                                                                            SHA-256:A79D00BB5096EC39F7D652D199F024E8AB3F8B9F7FDFF78EA0DF622D9ACBA074
                                                                                                                                                                                                                                                                                            SHA-512:F3D72B3A8F8A29BBD40A6507832F46C44181391C12C85478DDB11CD34F17EB765B17D0D6BAA1A4252B15D26DD3381A19E44BC2C47B27B159930A8C98B5255784
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Nous analysons votre t.l.chargement par simple mesure de s.curit..",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien! Nous appliquerons ces modifications la prochaine fois que vous red.marrerez votre navigateur.",.. SS_OFF_STATE: "Intervention requise!",.. SS_OFF_MESSAGE: "Attention! 1.r.sultat de recherche sur 10 comporte un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajoutez des cotes de risque . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Connaissez le niveau de dangerosit. d'un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "Ajoutez Recherche s.curis.e . mon moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit.!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est vuln.rable, mais nous pouvons vous aider.",.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5621
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.315816147531431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:yp99a4ffmtaCS1mELq47byJXGUmytipUS22d9h+/ijfTE0eO5l:yXAaCpELq4Fr2c/2iuOj
                                                                                                                                                                                                                                                                                            MD5:81A975890DD6BA6C9E6F4C723FBDB24E
                                                                                                                                                                                                                                                                                            SHA1:1EE9656E2F64FA8B868398064FD7C39BA5B8CCC7
                                                                                                                                                                                                                                                                                            SHA-256:FD90CDA5ED8FCB96DF09D0A1785959BDCCDE95E7C28BD6481952D940180F2EF0
                                                                                                                                                                                                                                                                                            SHA-512:3324C59D8C17C25CCEF3D7109BB61425340CFD50C5BAF4C47844F09C5436F8BCEE980829A83CB0CDA62B12C000481387226D5D8E440D7083394E57028F868EC4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Par pr.caution, nous analysons votre t.l.chargement.",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien. Nous effectuerons ces modifications au prochain red.marrage de votre navigateur.",.. SS_OFF_STATE: "Mesure . prendre.",.. SS_OFF_MESSAGE: "Attention.! Une recherche sur dix contient un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajouter l'.valuation des risques . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Prenez connaissance du danger que repr.sente un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "D.finir la recherche s.curis.e comme moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit..!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est expos. aux menaces, mais nous pouvons vous aider.",.. AVFW_DIAL

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5041
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.414388669142387
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:W82DDbczNyMnf3MeFH+JDxk/zay9SIhFO8DF84sSbuoU0zDub9FONkd3V/u:W34zwMfceFHSDxa1FcZbLONslW
                                                                                                                                                                                                                                                                                            MD5:C75EDCE73D115B5363F023A9F7364BE2
                                                                                                                                                                                                                                                                                            SHA1:7F88D65886BD97ABEC3EE6976C4C9C8F52F588DE
                                                                                                                                                                                                                                                                                            SHA-256:EAA39B3582B6D39ED56B6C376C3D1F2D45796F8FCE540890AF03D5245F0E9615
                                                                                                                                                                                                                                                                                            SHA-512:1CB8539E03265DA7AC819936C261E0B76E03BB0228685E0F0E0F4667CC0F88764853F5433C2203272A65490CCC012A6BD2B5A0AD9B935D1AFE7439E917BD2E33
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Pregled...",.. DL_SCANNING_MESSAGE: "Pregledavamo va.e preuzimanje za svaki slu.aj.",.. DL_BLOCKED: "Preuzimanje je blokirano",.. DL_SCANED: "Preuzimanje je pregledano",.. SS_ON_STATE: "Sigurno pretra.ivanje",.. SS_FIX_MESSAGE: "Sjajno! Ove .emo promjene uvesti sljede.i put kada ponovno pokrenete preglednik.",.. SS_OFF_STATE: "Potrebna je akcija!",.. SS_OFF_MESSAGE: "Upozorenje! 1 od 10 pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocjenu rizika rezultatima pretra.ivanja",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je veza opasna prije nego .to kliknete na nju.",.. SS_SEARCH_OPTION: "Postavi Sigurno pretra.ivanje kao zadanu tra.ilicu",.. THREAT_OFF_STATE: "Sigurnosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va.e je ra.unalo izlo.eno, ali mo.emo vam pomo.i.",.. AVFW_DIALOG_HEADER: "Isklju.eni su antivirusna za.tita i vatrozid",.. AVFW_DIALOG_CONTENT: "Oko 864 milijuna z

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5401
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.533606860200013
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cDlYr1MDbtVqXiZgRRGXtsXPG8sZT15INx7h6X9mwu9Dvymc+cE0AHBJ:hZYHqXiL8y5WzN6gwuBKmzP5HX
                                                                                                                                                                                                                                                                                            MD5:0D78BCF3DED4DCE89E2C375ED9A0A0E3
                                                                                                                                                                                                                                                                                            SHA1:791FE44B4D704A491A1093ACBA1DB041969E0649
                                                                                                                                                                                                                                                                                            SHA-256:8177554F6D854115EA3800C4FC6E0C6ABB924EB71642C71FC1F3F31FD1BD9CF3
                                                                                                                                                                                                                                                                                            SHA-512:CF7D0BCBFABFC20CFBBA4FD21EB5334E8C9A56888B38DD8D34B6E99651BC816D27210C54B23D05154417E7747BFF1FC7962EE7EC5E5F92969D83D9A972DC28C5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Vizsg.lat...",.. DL_SCANNING_MESSAGE: "Biztons.ga .rdek.ben .tvizsg.ljuk a let.lt.tt f.jlt.",.. DL_BLOCKED: "Blokkolt let.lt.s",.. DL_SCANED: "Megvizsg.lt let.lt.s",.. SS_ON_STATE: "Biztons.gos keres.s",.. SS_FIX_MESSAGE: "Rendben. A b.ng.sz. k.vetkez. .jraind.t.sakor v.grehajtjuk ezeket a m.dos.t.sokat.",.. SS_OFF_STATE: "Beavatkoz.sra van sz.ks.g!",.. SS_OFF_MESSAGE: "Figyelem! Minden tizedik keres.s vesz.lyes hivatkoz.st tartalmaz.",.. SS_OFF_DIALOG_HEADER: "Vesz.lyess.gi besorol.sok megjelen.t.se a keres.si eredm.nyek mellett",.. SS_OFF_DIALOG_CONTENT: "Ismerje meg a hivatkoz.s vesz.lyess.gi besorol.s.t, miel.tt r.kattintana.",.. SS_SEARCH_OPTION: "A biztons.gos keres.s legyen az alap.rtelmezett keres.motor",.. THREAT_OFF_STATE: "Biztons.gi riaszt.s!",.. THREAT_OFF_MESSAGE: "Sz.m.t.g.pe sebezhet., de seg.thet.nk.",.. AVFW_DIALOG_HEADER:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5110
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.230705876675504
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ZDrBAuuEnhYJMxwmH77265IcUNspZPBDNMTix+wwyHTd9H7pmC23G:drLnhYJ2wmHf2MIcUYQw1HJR74E
                                                                                                                                                                                                                                                                                            MD5:CD92BB1767A07185687F10123505EABC
                                                                                                                                                                                                                                                                                            SHA1:B6F7D7B49E1299AF540CE89FEB8B5547C01DFFAE
                                                                                                                                                                                                                                                                                            SHA-256:41DFCDD11D9EAF0A08059686C19CCE5087F2499B56A1048215C839BB9424A871
                                                                                                                                                                                                                                                                                            SHA-512:08710C05EA3E23211D98D2AE05DFF292F632C94EA0AC04D93BCE1AF7D6973780468BE54603E88D4AE456D85DA5D7A40F517EE3957E6AD5A8CFD0E48DF060FCE8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scansione in corso...",.. DL_SCANNING_MESSAGE: "Stiamo eseguendo la scansione dei download per verificare che siano sicuri.",.. DL_BLOCKED: "Download bloccato",.. DL_SCANED: "Download scansionato",.. SS_ON_STATE: "Ricerca sicura",.. SS_FIX_MESSAGE: "Perfetto! Apporteremo queste modifiche al riavvio del browser.",.. SS_OFF_STATE: "Intervento richiesto.",.. SS_OFF_MESSAGE: "Avviso. 1 ricerca su 10 contiene link pericolosi.",.. SS_OFF_DIALOG_HEADER: "Aggiungi le classificazioni dei rischi ai risultati di ricerca",.. SS_OFF_DIALOG_CONTENT: "Conosci la pericolosit. di un link prima di accedervi.",.. SS_SEARCH_OPTION: "Imposta la ricerca sicura come motore di ricerca predefinito",.. THREAT_OFF_STATE: "Avviso di sicurezza.",.. THREAT_OFF_MESSAGE: "Il computer . esposto a rischi, ma possiamo aiutarti.",.. AVFW_DIALOG_HEADER: "Antivirus e firewall sono disattivati",.. AVFW_DIALOG_CONTENT: "Dal 2005, circa

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6573
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.719649113632793
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:NTUsvaiozLJ9h9yY4smsT7h0O71Kw1JFk:esv4J9HyY4smsT7h0O7Pv2
                                                                                                                                                                                                                                                                                            MD5:5028CEE2B1C580EC86752D9DD039412D
                                                                                                                                                                                                                                                                                            SHA1:85F70C6670DB02B447A90642FB9AB14C50E8864D
                                                                                                                                                                                                                                                                                            SHA-256:417AC3BC48126590E6CA3EF4DCBB8E11A4D5299339BCC90E99AD9B35B08A6596
                                                                                                                                                                                                                                                                                            SHA-512:F2ACDED27C51169FE96E25F2723DBCBFB9FAC8343719920987D0DA471FF7218DAED046C36DB39C88EBDB9644942A43D5788CD660BFA4A12D8E8CC7282372739B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "........",.. DL_SCANNING_MESSAGE: "..................................",.. DL_BLOCKED: ".............",.. DL_SCANED: "............",.. SS_ON_STATE: ".....",.. SS_FIX_MESSAGE: "....................................",.. SS_OFF_STATE: "..........!",.. SS_OFF_MESSAGE: "... 10 .. 1 ......................",.. SS_OFF_DIALOG_HEADER: "...................",.. SS_OFF_DIALOG_CONTENT: "..........................",.. SS_SEARCH_OPTION: ".......................",.. THREAT_OFF_STATE: ".........",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5497
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.853952782359886
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:A4T4OfEAmKkUvLS/fDa8s9If8LNaSkXLwjk2XEgvR6z0O739OBqKkLHtNG:Bff7Jk3a8iNaSEKtODYBqKoNNG
                                                                                                                                                                                                                                                                                            MD5:20FD128ADFD5827D4AF6E76577E4CB2B
                                                                                                                                                                                                                                                                                            SHA1:A1B2AC6AADF10A24FDECCD67DFC5DD23F02A2E73
                                                                                                                                                                                                                                                                                            SHA-256:4A1B1B06EC5449F219E59B266BCCADB24EDD5BA424E61010FC78E4BEC6319A8C
                                                                                                                                                                                                                                                                                            SHA-512:D84C6AACC3AF312ED1276C597BAD59EB36E39A02D1DA6DAA96A43938D4892ED2F9FED7A7E82E623D543E79879FD734EA17C00C7EA8F7443F3D7AD72430EB09FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".. ....",.. DL_SCANNING_MESSAGE: "... .. ..... .. .....",.. DL_BLOCKED: "... ....",.. DL_SCANED: "... ....",.. SS_ON_STATE: ".. ..",.. SS_FIX_MESSAGE: "....! ..... .. .... .. ... ......",.. SS_OFF_STATE: "... .....!",.. SS_OFF_MESSAGE: "..! .. .. ... ... ... ... .. 1/10....",.. SS_OFF_DIALOG_HEADER: ".. ... .. ... .......",.. SS_OFF_DIALOG_CONTENT: ".... .. ... .... .. .......",.. SS_SEARCH_OPTION: ".. ... .. .. .... ..",.. THREAT_OFF_STATE: ".. .....!",.. THREAT_OFF_MESSAGE: "... .... ...... McAfee. .... . .....",.. AVFW_DIALOG_HEADER: "...... .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4937
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.330241853373416
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:iith6b8IIs/ySd0vgZwxwud8eWgwbYeCCVKduaN3z559JBhoAsUnxUqA:J36nR1swuD8boN951hvsUnx1A
                                                                                                                                                                                                                                                                                            MD5:0C475C18B11902759BE24EA4D1D8A223
                                                                                                                                                                                                                                                                                            SHA1:D4F9B9BFE267A6D278E9E081B86B153A6B58ABF6
                                                                                                                                                                                                                                                                                            SHA-256:A06B0246170696C2325F363BD571141E6EBDA3BD2BEDB87C40A1115C389E3115
                                                                                                                                                                                                                                                                                            SHA-512:04EB43F1B844A363A2D5CEC8286A54ECA6BFC9DEE5FB77BB1EA5998805FB1F66BF81E30E1598DAEF48D2EDF3D396CC075C721E94EF65FED9B443AC1BD159AAF5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanner..",.. DL_SCANNING_MESSAGE: "Vi skanner nedlastingen for . v.re p. den sikre siden.",.. DL_BLOCKED: "Nedlasting blokkert",.. DL_SCANED: "Nedlasting skannet",.. SS_ON_STATE: "Sikkert s.k",.. SS_FIX_MESSAGE: "Flott! Vi skal gj.re disse endringene neste gang du starter nettleseren.",.. SS_OFF_STATE: "Handling kreves!",.. SS_OFF_MESSAGE: "Advarsel! 1 av 10 s.k inneholder en farlig kobling.",.. SS_OFF_DIALOG_HEADER: "Legg til risikovurderinger i s.keresultatene",.. SS_OFF_DIALOG_CONTENT: "Vit hvor farlig en kobling er, f.r du klikker p. den.",.. SS_SEARCH_OPTION: "Gj.re Sikkert s.k til standard s.kemotor",.. THREAT_OFF_STATE: "Sikkerhetsvarsel!",.. THREAT_OFF_MESSAGE: "Datamaskinen din er eksponert, men vi kan hjelpe deg.",.. AVFW_DIALOG_HEADER: "Antivirusbeskyttelsen og brannmuren er av",.. AVFW_DIALOG_CONTENT: "Omkring 864 millioner oppf.ringer med personopplysninger har havnet

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5046
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.305081256656471
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:IHFRCH1qpecUFhzJizV+kE1XGwRZYzg0u0Qu2OOkMCJuzXvu9odS+daUmh9:IHFRCVqpAFh4zV+kol56Q1EJ2vufCaL9
                                                                                                                                                                                                                                                                                            MD5:138E807F274176682C3E98704DAEF5A2
                                                                                                                                                                                                                                                                                            SHA1:14066A82DB202934E0F5A437BB6762ECE6D51578
                                                                                                                                                                                                                                                                                            SHA-256:252D5C72B20209D5636DD206E6BB16FC190200E8BC9C08361DBDE9480031BA4E
                                                                                                                                                                                                                                                                                            SHA-512:ADACCC5980C979A9174F3CE1A5EB60910A20211672C9CD723F845AA9826689F20159FBDB444E43CBE445088283175556CE58C2571E99DA31588C5932BB78E0A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Uw download wordt voor de veiligheid gescand.",.. DL_BLOCKED: "Download geblokkeerd",.. DL_SCANED: "Download gescand",.. SS_ON_STATE: "Beveiligd zoeken",.. SS_FIX_MESSAGE: "Fantastisch! Deze wijzigingen worden ge.mplementeerd wanneer u uw browser de volgende keer opnieuw start.",.. SS_OFF_STATE: "Actie vereist!",.. SS_OFF_MESSAGE: "Waarschuwing! 1 op de 10 zoekopdrachten bevat een gevaarlijke link.",.. SS_OFF_DIALOG_HEADER: "Voeg risicoclassificaties toe aan uw zoekresultaten",.. SS_OFF_DIALOG_CONTENT: "Weet hoe gevaarlijk een koppeling is voordat u erop klikt.",.. SS_SEARCH_OPTION: "Maak Beveiligd zoeken mijn standaardzoekmachine",.. THREAT_OFF_STATE: "Beveiligingswaarschuwing!",.. THREAT_OFF_MESSAGE: "Uw computer is blootgesteld, maar wij kunnen u helpen.",.. AVFW_DIALOG_HEADER: "Uw antivirus en firewall zijn uitgeschakeld",.. AVFW_DIALOG_CONTENT: "Sinds 2005

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5241
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.561302759807539
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:qUIwsXVPIcXdt1qJZHybN1qfWl9my9bpE3TiYv5YTKSjzxj4dsd9DFsxee7Vv:q1wsXVgcHoZHu2OlqukURj4di5te7V
                                                                                                                                                                                                                                                                                            MD5:479AE6D8929DB3584AD6793F13363A2D
                                                                                                                                                                                                                                                                                            SHA1:DCDC48ABF0B5A31798BF9CB10DBC1540D5EF63C4
                                                                                                                                                                                                                                                                                            SHA-256:9A3B1E6DD494965FF7877C2286570A73AC6CDB1E56F062BC731DF3E37814FFB6
                                                                                                                                                                                                                                                                                            SHA-512:F0C0A6B45769265A1D9C6D5903388D314A20FEEC4A8D8B4E238F116C82B588490B1DADF210EEADF941F6D869EC6DF1945D6091DBC76A1F32BB81BD52ACEC800F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanowanie...",.. DL_SCANNING_MESSAGE: "Na wszelki wypadek skanujemy pobierany plik.",.. DL_BLOCKED: "Pobieranie zablokowane",.. DL_SCANED: "Pobieranie przeskanowane",.. SS_ON_STATE: "Bezpieczne wyszukiwanie",.. SS_FIX_MESSAGE: ".wietnie. Zmiany zostan. wprowadzone po ponownym uruchomieniu przegl.darki.",.. SS_OFF_STATE: "Wymagane dzia.anie.",.. SS_OFF_MESSAGE: "Uwaga! 1 na 10 wyszukiwa. zawiera niebezpieczne ..cze.",.. SS_OFF_DIALOG_HEADER: "Dodaj oceny ..czy w wynikach wyszukiwania.",.. SS_OFF_DIALOG_CONTENT: "Dowiedz si., czy ..cze jest niebezpieczne, zanim je klikniesz.",.. SS_SEARCH_OPTION: "Ustaw Bezpieczne wyszukiwanie jako domy.ln. wyszukiwark.",.. THREAT_OFF_STATE: "Alert zabezpiecze.!",.. THREAT_OFF_MESSAGE: "Komputer jest nara.ony na zagro.enia, ale mo.emy Ci pom.c.",.. AVFW_DIALOG_HEADER: "Antywirus i zapora s. wy..czone.",.. AVFW_DIALOG_CONTENT: "Od 2005 r. bezpi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5076
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3398082683156485
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:hzqsY64tGeMe1EjJDQYz8VMntBYv4tBg9Wq90QA:hWnjE7e1iJl44BgD9c
                                                                                                                                                                                                                                                                                            MD5:14D41A9307377B803619CE920B6AA1AE
                                                                                                                                                                                                                                                                                            SHA1:04CE72386D079C06A7D61BF86195E7A7041BBB6F
                                                                                                                                                                                                                                                                                            SHA-256:7B7D203FDED99A8CC837895BEB62090CC90B389CAFBED9BB0E64C39CA20FD9C6
                                                                                                                                                                                                                                                                                            SHA-512:C7D3282F6352546EFBD822B5D574CDF0D0C36FED20A26B5F1CBC05C1309E6BEA18B309736DC528AF527BC6C4C93C839F4C15E0DB3D30999951C5CF9F23EA9F46
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Varrendo...",.. DL_SCANNING_MESSAGE: "Estamos varrendo o seu download apenas por seguran.a.",.. DL_BLOCKED: "Download bloqueado",.. DL_SCANED: "Downloads varridos",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: "Excelente! Implementaremos essas mudan.as na pr.xima vez que voc. reiniciar o navegador.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aviso! 1 em 10 pesquisas cont.m um link perigoso.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Saiba qu.o perigoso . um link antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa segura meu mecanismo de pesquisa padr.o",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "Seu computador est. exposto, mas podemos ajud.-lo.",.. AVFW_DIALOG_HEADER: "Seu antiv.rus e sua firewall est.o desativados",.. AVFW_DIALOG_CONTENT: "Cerca de 864

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5194
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.338736098046057
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:L60E2K+GRZAEbZoyh5Mj+WkfVptFa9GqDXyI3:L6SKhDAmlk+bVLFaXDj
                                                                                                                                                                                                                                                                                            MD5:7283F039EC1083FB10D7C3D4B3E04E87
                                                                                                                                                                                                                                                                                            SHA1:D536B515C66F77B960268E35EAA4ED4876A8B351
                                                                                                                                                                                                                                                                                            SHA-256:2CDD0003ADC2F3592F1B9C82AC989BB28C80922C5A8A3498DAD09C7C448E3421
                                                                                                                                                                                                                                                                                            SHA-512:1C6BB2C7002D389D6EC0CD6A49F17055D2A75A850DD75997CD1F07D65CE3FEACB5EE9AABC0661AD26DF31DABF19FDA86B915EA48834F3307233E241D481AA2CF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "A analisar...",.. DL_SCANNING_MESSAGE: "Estamos a analisar a sua transfer.ncia para garantir a m.xima seguran.a.",.. DL_BLOCKED: "Transfer.ncia bloqueada",.. DL_SCANED: "Transfer.ncia analisada",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: ".timo! Aplicaremos esta altera..es quando reiniciar o browser.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aten..o! 1 em cada 10 pesquisas cont.m uma liga..o perigosa.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Conhe.a o n.vel de perigo de uma liga..o antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa Segura o meu motor de pesquisa predefinido",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "O seu computador est. desprotegido, mas podemos ajudar.",.. AVFW_DIALOG_HEADER: "O seu antiv.rus e firewall est.o desativados",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7499
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.996250397143976
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:tNl8/c1QdEytaXyRV2slXqooj0MZ88VijpNtOjQCPg79pKUvwU/lsGyVHv:J8/c1QuytDV2s488V+TtWHkWUIU9RyVP
                                                                                                                                                                                                                                                                                            MD5:158D8DF08DBBB79B4B568222E234C508
                                                                                                                                                                                                                                                                                            SHA1:3855A05E996578A85CF68B5C720080746EF361D5
                                                                                                                                                                                                                                                                                            SHA-256:BE8E976059CC21EBCA477BE06E415CB8EDF8F8D8827568E4B6AED1C2114CC780
                                                                                                                                                                                                                                                                                            SHA-512:A841582BDCD2E089B4B2047E989CD655A41AD4849A55ACF9203C1667BB811B043A1FEB1FB233C6BCA55D5900B99F194F7176EF1BF4FED22718A9C6F0CA46079C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "...........",.. DL_SCANNING_MESSAGE: "........... ............ .........",.. DL_BLOCKED: "............. ........:",.. DL_SCANED: "......... ........:",.. SS_ON_STATE: ".......... .....",.. SS_FIX_MESSAGE: ".......! ......... ..... ....... ... ......... ........... .........",.. SS_OFF_STATE: "......... ........!",.. SS_OFF_MESSAGE: "......... . ........... ....... ........ ...... .... ....... .......",.. SS_OFF_DIALOG_HEADER: "........ ....... ..... . .......... ......",.. SS_OFF_DIALOG_CONTENT: "..... ......... .. ...... ......., ......... ... .......",.. SS_SEARCH_OPTION: "....... ........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5398
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.648426306392097
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:jTm1b9h9okCKuoXx9byC6n+Ih6hXV7ILNadt6rDSczFk9HVXrcDJ:jTob/9SKuqbyC6nYhScSicBk5BcDJ
                                                                                                                                                                                                                                                                                            MD5:584E297CAD7E1C80A8EEF2F76E9BB9FE
                                                                                                                                                                                                                                                                                            SHA1:A1075569B7042BE5BDC05DFA2D191D4BCEA7C4ED
                                                                                                                                                                                                                                                                                            SHA-256:05885EE719704755341A7242E24D4C16F3675072E689E10E93BA34C04DBA6B4B
                                                                                                                                                                                                                                                                                            SHA-512:3ECA2B43A8CA2CF17087262F23DDFCDF73C222D82EF825308CCCB9F08F65A5653B2F626F772C14239D35A6434BA5AC4FF614DAC22C684205FC28C4497DCF97AD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Kontroluje sa...",.. DL_SCANNING_MESSAGE: "Stiahnut. s.bor sa kontroluje, len pre istotu.",.. DL_BLOCKED: "S.ahovan. s.bor bol zablokovan.",.. DL_SCANED: "S.ahovan. s.bor bol skontrolovan.",.. SS_ON_STATE: "Zabezpe.en. vyh.ad.vanie",.. SS_FIX_MESSAGE: "Skvel.! Zmeny sa uskuto.nia pri najbli..om re.tartovan. prehliada.a.",.. SS_OFF_STATE: "Treba kona.!",.. SS_OFF_MESSAGE: "Upozornenie: 1 z 10 vyh.ad.van. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "Pridanie hodnoten. rizika k v.sledkom vyh.ad.vania",.. SS_OFF_DIALOG_CONTENT: "Sk.r ne. kliknete na prepojenie, mali by ste vedie., .i je nebezpe.n..",.. SS_SEARCH_OPTION: "Nastavi. slu.bu Zabezpe.en. vyh.ad.vanie ako predvolen. vyh.ad.vac. n.stroj",.. THREAT_OFF_STATE: "Upozornenie zabezpe.enia:",.. THREAT_OFF_MESSAGE: "V.. po..ta. je v.ohrozen., ale m..eme v.m pom.c..",.. AVFW_DIALOG_HEA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5115
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.414410260111673
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:a7um49Rmkzg/G5dK+J8tkaUnSlBS2DFA4s+roJGEUuzvYb9NKNvt3w/yYu:3VNzgOWS8ttFFV/b3KNlgqYu
                                                                                                                                                                                                                                                                                            MD5:56F8675629727A04771F4BF908FBF4EC
                                                                                                                                                                                                                                                                                            SHA1:9E831F70B872EDA63AA24F886793892521E0977B
                                                                                                                                                                                                                                                                                            SHA-256:50345CA9E5F00E69728101F3B04892A42E17A2BEEEFCAD37EAF7BF228AE27900
                                                                                                                                                                                                                                                                                            SHA-512:2CA01383CCA61EA17A5E3B7E1EE72999D9E387CFCC2574C88AB311FD8D3895A1E7F786227D694BD6C69B204D223DE4BA7BB4C08D7F8FBE4B0AE982204C4628AC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skeniranje...",.. DL_SCANNING_MESSAGE: "Skeniramo preuzeti sadr.aj radi va.e bezbednosti.",.. DL_BLOCKED: "Blokirano preuzimanje",.. DL_SCANED: "skeniranje preuzimanja",.. SS_ON_STATE: "Bezbedna pretraga",.. SS_FIX_MESSAGE: "Odli.no! Ove izmene .e biti unete kada slede.i put pokrenete pregleda..",.. SS_OFF_STATE: "Potrebno je preduzeti odre.ene korake!",.. SS_OFF_MESSAGE: "Upozorenje! Svaka deseta pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocene rizika u rezultate pretrage",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je neka veza opasna pre nego .to kliknete na nju.",.. SS_SEARCH_OPTION: ".elim da bezbedna pretraga bude moj podrazumevani pretra.iva.",.. THREAT_OFF_STATE: "Bezbednosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va. ra.unar je izlo.en pretnjama, ali mi vam mo.emo pomo.i.",.. AVFW_DIALOG_HEADER: "Antivirusni program i za.titni zid su isklju.eni",.. AVFW

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4882
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.400058325197915
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:fl+hIZSmigy7tw5va0ZPYVhH9lSIkMKJU9xIGRQtVRRT:d+hIZC7twtn8HQJJUQGRIRT
                                                                                                                                                                                                                                                                                            MD5:E98A674F14F43B9564EF46979F43DEBA
                                                                                                                                                                                                                                                                                            SHA1:2883EEB6BAFBA0B4CB8FAFD65E9A6E75648A3427
                                                                                                                                                                                                                                                                                            SHA-256:10A1A0C6A61C8FD2D7B1D5DF5D10723DA21BCF64B4ED26279D99A2227AE51A6A
                                                                                                                                                                                                                                                                                            SHA-512:96DB668AE2583D2597F14DB52E926A4A99B88783D967727B2F5C1984ECCB3ADF08E597B7D3AB9E08D7186B731587AA20E762779A15A4AA7A19D787CCCEE77F4F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Genoms.ker...",.. DL_SCANNING_MESSAGE: "Vi genoms.ker h.mtningen f.r s.kerhets skull.",.. DL_BLOCKED: "H.mtning blockerad",.. DL_SCANED: "H.mtning genoms.kt",.. SS_ON_STATE: "S.ker s.kning",.. SS_FIX_MESSAGE: "Perfekt. Vi utf.r .ndringarna n.sta g.ng du startar om din webbl.sare.",.. SS_OFF_STATE: ".tg.rd kr.vs!",.. SS_OFF_MESSAGE: "Varning! 1 av 10 s.kningar inneh.ller en farlig l.nk.",.. SS_OFF_DIALOG_HEADER: "L.gg till riskklassificering i dina s.kresultat",.. SS_OFF_DIALOG_CONTENT: "Du f.r veta hur farlig en l.nk .r innan du klickar p. den.",.. SS_SEARCH_OPTION: "V.lj S.ker s.kning som standardalternativ f.r s.kmotorer",.. THREAT_OFF_STATE: "S.kerhetsvarning!",.. THREAT_OFF_MESSAGE: "Datorn .r utsatt f.r risk, men vi kan hj.lpa till.",.. AVFW_DIALOG_HEADER: "Antivirus och brandv.ggen .r inaktiverade",.. AVFW_DIALOG_CONTENT: "Cirka 864 miljoner personliga da

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5273
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4897436303009
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:THxCtJRQDY8NoBGZOpo/n2ovqXm/IwjfdZ1zT4x9hEKHCnAzv2ms:7xCtANoBGnR/TdZJ4xEsv2ms
                                                                                                                                                                                                                                                                                            MD5:9531B44A60CC26D2B631710D6CABCF51
                                                                                                                                                                                                                                                                                            SHA1:D20611640A87812E697734CF6EE38B1293355CC9
                                                                                                                                                                                                                                                                                            SHA-256:2AD65C0525AE3B99CDF02A0081765DF0C849ED01DFB1CB2625BE6C39D55CC2CD
                                                                                                                                                                                                                                                                                            SHA-512:48D0979D427AB1C6FF70B758B2B24A849DCDF9C83EA4049E57903FAF83E189E9E3FBD40D9F11051D918E779FD45D1E1FD40B600BF7AEE63950A22D423D9009AE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Taran.yor...",.. DL_SCANNING_MESSAGE: "Her ihtimale kar.. indirmenizi tar.yoruz.",.. DL_BLOCKED: ".ndirme engellendi",.. DL_SCANED: ".ndirme tarand.",.. SS_ON_STATE: "G.venli Arama",.. SS_FIX_MESSAGE: "Harika! Taray.c.y. bir sonraki sefer ba.latt...n.zda bu de.i.iklikleri uygulayaca..z.",.. SS_OFF_STATE: "Eylem gerekli!",.. SS_OFF_MESSAGE: "Dikkat! 10 aramadan biri tehlikeli ba.lant. i.erir.",.. SS_OFF_DIALOG_HEADER: "Arama sonu.lar.n.za risk de.erlendirmeleri ekleyin",.. SS_OFF_DIALOG_CONTENT: "T.klamadan .nce bir ba.lant.n.n ne kadar tehlikeli oldu.unu bilin.",.. SS_SEARCH_OPTION: "G.venli Arama'y. varsay.lan arama motorum yap",.. THREAT_OFF_STATE: "G.venlik Uyar.s.!",.. THREAT_OFF_MESSAGE: "Bilgisayar.n.z savunmas.z ancak size yard.mc. olabiliriz.",.. AVFW_DIALOG_HEADER: "Vir.sten koruma ve g.venlik duvar. kapal.",.. AVFW_DIALOG_CONTENT: "2005'ten

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4673
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.281513023953211
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:THIWI0hyh/2vKsPMP0VIQUuGOPpBM9Yc81vzNmF:T5Qh/Yq9joBMGz1pmF
                                                                                                                                                                                                                                                                                            MD5:6B2425BB011F5C4ABE0B78EE7B7D1D58
                                                                                                                                                                                                                                                                                            SHA1:29F00FAECB2CA9F0EC9C2F12CC971DE82007F18C
                                                                                                                                                                                                                                                                                            SHA-256:B12580098DD8CBB3AE971A3A48CD9CD770360BA4B40B16C5C2065B825A8F1CCF
                                                                                                                                                                                                                                                                                            SHA-512:01207BBEE1FBCD4CB8C8A27033066C4D6BC7C3A90ABDD189D7BEA8F419ED3E4E030AADEE51E0AEA8379360CB3ACF63A036D6A44B0D4B2EEEB83CC7F666AA84B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..................",.. DL_BLOCKED: "......",.. DL_SCANED: "......",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: "...! ....................",.. SS_OFF_STATE: "....!",.. SS_OFF_MESSAGE: "...1/10 ............",.. SS_OFF_DIALOG_HEADER: "...........",.. SS_OFF_DIALOG_CONTENT: "...................",.. SS_SEARCH_OPTION: ".............",.. THREAT_OFF_STATE: ".....",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "............",.. AVFW_DIALOG_CONTENT: ". 2005 ....... 8.64 ..................<br/

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4704
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.283653389261111
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:+54tUIE58+sUHLz4111bAmwqkFvHOVJXBxC7RP9LX9Qom/6tU:+utkVAdAm8uf0X6/StU
                                                                                                                                                                                                                                                                                            MD5:0274EBB7C26A68301BAC8C80691E1D85
                                                                                                                                                                                                                                                                                            SHA1:8A831A27E09F425129C2254C23736783200F0093
                                                                                                                                                                                                                                                                                            SHA-256:EE5EB3545ED65C0D3C7B869F21580418A4F66DD891C288395D9A6867384A8A44
                                                                                                                                                                                                                                                                                            SHA-512:3E51E072D483B165E391307F7B72CCE02ABBAE02CF9893D95F88DE5C777656FFA625E1710BEE356A1DCBDB7FB7EF0FB8C207EB63BEE850D540D17C3F340BE016
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..............",.. DL_BLOCKED: ".....",.. DL_SCANED: ".....",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: ".......................",.. SS_OFF_STATE: ".....",.. SS_OFF_MESSAGE: "...10 ..... 1 ........",.. SS_OFF_DIALOG_HEADER: ".............",.. SS_OFF_DIALOG_CONTENT: "..................",.. SS_SEARCH_OPTION: "...............",.. THREAT_OFF_STATE: "......",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "...........",.. AVFW_DIALOG_CONTENT: ". 2005 ...... 8 . 6 . 4 ...................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1510
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.727503544022839
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTt2GGq0IQDhhlGGqg4o1GGGqUdVkrN0/Fq9eA0dmUcHs:w3q0Fhl3qg71G3qUvkrNeq9f0dmZs
                                                                                                                                                                                                                                                                                            MD5:820381438823E7F130304A08DA23053E
                                                                                                                                                                                                                                                                                            SHA1:A3B557A86F052B5A2A762EC095591E2342532146
                                                                                                                                                                                                                                                                                            SHA-256:80B89EFF878B643D6628870DA6633FBB4F093D81759572A094C88D84E5FCA334
                                                                                                                                                                                                                                                                                            SHA-512:24C70F2F157E6770311F66B18B9A6D770D0BB7CD8DE3E9E7D874E9FD3C55C27877B47515CF0F61A9506783EF4E01D97BD09964CA409B15CB64C766A43ECC6198
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skejte bezplatnou ochranu p.i proch.zen. internetu od spole.nosti McAfee kliknut.m na mo.nost {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Pomoc. mo.nosti {0} zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Pomoc. mo.nosti {0} budete d.le chr.n.ni online d.ky t.mto funkc.m vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechat zm.ny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Pomoc. mo.nosti {0} programu McAfee. WebAdvisor zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_PERMISSION_ADDED_CONT

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1414
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.53551596267688
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTEz6tBWYCISc5ciWzCISNOFBWYCISrrVpz92w56WYaFtsmA/4:U4nCISc5cvCISNOFnCISrxRmWnFGD4
                                                                                                                                                                                                                                                                                            MD5:E266E312F457050AD50B357C64FC855D
                                                                                                                                                                                                                                                                                            SHA1:73A6065F24B7F3BA9A77602899ADD2DA0CAFF02E
                                                                                                                                                                                                                                                                                            SHA-256:464218BDC5A85B0A064F3122A2DCF0114DD4C6A2ABDEF8B57B4F061F3A96E8AA
                                                                                                                                                                                                                                                                                            SHA-512:6CDC976D032B4174CEA16F32A92920FA2E5061BE0624959F627AE604E6CC390D4C9F2372B86549ABD56EC8B3103AA8717FAB1152561296FBA46FB6D1EA02999F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hent den gratis webbeskyttelse fra McAfee ved at klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for fortsat at v.re beskyttet online med disse ekstra sikkerhedsfunktioner fra McAfee.: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold .ndringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillad",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ak

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1494
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5135210722869585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTjZ+CqIYh/aCCqIYVdQvTMzTIAc7HQmKnCqIY4DMEIWljVWbbBNX:zZ+lxVlxVebMzTEQmKnlx4DO+JmBB
                                                                                                                                                                                                                                                                                            MD5:4F8A856DE9F0FEBAE8341B3421639063
                                                                                                                                                                                                                                                                                            SHA1:2FABF74C55CBAED8AD51E60544BDF68A4C97CB8E
                                                                                                                                                                                                                                                                                            SHA-256:F4C29A1A9DF6F963AB2A9D6B8D29CF698A1F4FCC509442E6D2FB83957484C784
                                                                                                                                                                                                                                                                                            SHA-512:2E7CAD5891CE0171F8454842F7D420D7CE212C43AF43A3705E79834E21D1246ED31D7FC7B0067F3853BDBA094BA8C14B0AE14553AB05232B31B3A593144022FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Nutzen Sie den kostenlosen Web-Schutz von McAfee, indem Sie auf "{0}" klicken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Klicken Sie auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu nutzen: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Klicken Sie auf "{0}", um weiterhin mit den folgenden Funktionen des zus.tzlichen Schutzes online gesch.tzt zu bleiben: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".nderungen beibehalten",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Klicken Sie f.r McAfee. WebAdvisor auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu aktivieren: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2138
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.212127477861214
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTYCoYrWTMeJ3P/oYeITMeJ3Pq2dnzgWTMeJ3P+PPvKoYC0EDdX0y2wyiFWvzl:TWRpEIRpq2dzgWRp+Pt0EDdZMl
                                                                                                                                                                                                                                                                                            MD5:BE4EAC268C3206E033F41415087DF951
                                                                                                                                                                                                                                                                                            SHA1:16BB0B6022ED0C229F54B04FFFA5B72F5D695834
                                                                                                                                                                                                                                                                                            SHA-256:58EB619E2E6F5B5A28E4E6BF3D8FD490CB1F893A353E75C2528DB4894CDD61AD
                                                                                                                                                                                                                                                                                            SHA-512:69D010FBC467101CAEF34B57B031A119FC4940051812A7920E052DCB38C37A01BA6AE5E425FA41279305DA4CE8D61C32E8F28DA818CB9A2C040FF88FAE62CBE3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "......... ...... ......... ... .. McAfee ........ .... ... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} ... .. .............. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ... McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} ... .. ........... ........ online .. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1249
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.502519115171498
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HTnv5z5vJC7voO2yDTvq7vJC0rr+2yDTvq0rEAPrhG3XO2yDTvqG38OPOyYhbzN:7HTBv4lHkVKlHNEAkulHrRH/T5fLPeNl
                                                                                                                                                                                                                                                                                            MD5:95E35B2CFD7BE1678BAF7DFD1F4BEB24
                                                                                                                                                                                                                                                                                            SHA1:BDEACC53E480FBCBC3E4FDCA44CAF10C115DB8DA
                                                                                                                                                                                                                                                                                            SHA-256:B1387FC641165772F7BC8BE570D715ACA4600BA2E6EE1E077C429FFF0A2141A4
                                                                                                                                                                                                                                                                                            SHA-512:5851D83C8BC3A45FB2CD5BFF39D9F7D0249A8B24CD76F68D684E2EA7AB7BCAA59F25C616B19848848F57BD0D22A98ABA4D6ABCF09ED995504D2F77A7C918C4B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Get your free web protection from McAfee by clicking {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} to continue staying safe online with these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Keep changes",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Allow",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Enable extension",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "to finish setting up WebAdvisor.",.. CHROME_ENABLEMENT_GUIDE_C

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1447
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4796973972364285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT81my6MaXBldRzVenBldR+MQOAz/HQ2BldRiud91QHIc0x81mHWsLqZ:M1m/MaRlXVeBlKMQOAz/HZleudEr0O1F
                                                                                                                                                                                                                                                                                            MD5:B06E874B75DB06AF31E27A6777125A9A
                                                                                                                                                                                                                                                                                            SHA1:9FC503A284699005EDAED5298EADA9570C2AC809
                                                                                                                                                                                                                                                                                            SHA-256:FD442877FCD4B5675BC89560AF9AA0D8F65D0B210E475948DEC7B3C8F73C6690
                                                                                                                                                                                                                                                                                            SHA-512:B63C7F427BDADCE2AA87F471E622D1B8DEFBE3A4CDA3B8B90131BDC50483216E2B599D3A6E1DB6CC080D3913E7B07B751CA3E8B5404E1C65D8DB997CD457764E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Disfrute de la protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para seguir estando protegido en Internet con estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} WebAdvisor de McAfee. para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHR

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1434
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.490245911694074
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTBWmy6caQmDdJVe9mDdsMQOAzdmDdQ0a0yLh1mHQOHaD6bcyf:Em/caQs/Ve9s6MQOAzdsuPRLh1mHQOHJ
                                                                                                                                                                                                                                                                                            MD5:7934A991E83E591012BBCB36B32FE17C
                                                                                                                                                                                                                                                                                            SHA1:856EFEB616C1CB681CB7DDB7EE00F7A574BCCA53
                                                                                                                                                                                                                                                                                            SHA-256:13478DBD467AB0487C1E5E6981FF9FE002950D140958B1C10D69BEFB91AFC07C
                                                                                                                                                                                                                                                                                            SHA-512:C2E6957F9698D09D8CAE34C3E29D4C45772D8E0F96E39B2C6BEA23A604A898915993BAC60C8F4823EA39F70E70E92CC28774E63BA502D6F8EB2EBFABA742E710
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenga su protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para continuar seguro en l.nea con estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1371
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.514062388372
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTigoQ6AHPXTSgVCPP3TOcJ9PgTKTSzogH07RQuzSZCsQJwziNzji50:PZtXbVQ3qcJt3+zVUVXXN2mNzb
                                                                                                                                                                                                                                                                                            MD5:C11C2E114B2A6F237B261EC19B8BEC29
                                                                                                                                                                                                                                                                                            SHA1:C73EAA2B9007C99C29B916F320D698814767E176
                                                                                                                                                                                                                                                                                            SHA-256:BA07EF798138D122D9B26E25B4BDEFBD71FCD2EF95FFBE970B04E2B7F01B638C
                                                                                                                                                                                                                                                                                            SHA-512:4692508899A33C48F0D81C37F8D60A3EA6C242F73520030A9F8111BA1D178C8F928377DC3303C4B06E00B10F0F12385A91C8C32655D4A4DF08EE095F1C05A97C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hanki McAfeen verkkosuojaus maksutta napsauttamalla {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, jotta voit k.ytt.. n.it. lis.suojausominaisuuksia: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, jotta pysyt jatkossakin turvassa verkossa n.ill. lis.suojausominaisuuksilla: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "S.ilyt. muutokset",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, ett. McAfee. WebAdvisor ottaa n.m. lis.suojausominaisuudet k.ytt..n: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Salli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ota laajennus k.ytt..n",.. CHROME_ENABLEMENT_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1453
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.477282790404569
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTBU39MC7soZ8JyVt0oZ8JVuh6oZ8JTm6Tb41mgENWKY:S7BasV3aT6HahmKU18Wf
                                                                                                                                                                                                                                                                                            MD5:7ACE0A130BA84C20BC753560A39FC3AC
                                                                                                                                                                                                                                                                                            SHA1:3129A62EA602421FA9C9A50FB994E309F55E6C9E
                                                                                                                                                                                                                                                                                            SHA-256:92A1DC3042262895BD1D603EE56A39CA4EBEFD6B2CB2D07DD77C2A8935A177F7
                                                                                                                                                                                                                                                                                            SHA-512:4CBE637A0C03F3432798885B7F74DB1B27066B946946A21DFB9D38B6383F40C780B0ED463BCC67EA7AF292BD71673B161C4AA176CA15573A1C024B87E524A493
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenez votre protection Web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .voluer en ligne en toute s.curit. gr.ce . ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Maintenir les changements",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Autoriser

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1510
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.511138243337798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTCKMC7mZ8yHVt2ZGNZ8ysMQu0Z8yQjSFbV+bzFtWr4W3Yk4:yq7ma0VwSa7MQu0apeFMpm4If4
                                                                                                                                                                                                                                                                                            MD5:C0D83F2606D3911533B465FC0609A990
                                                                                                                                                                                                                                                                                            SHA1:AE0BC3DECF5FE89377AA3E54AF828C9A2CE7AE83
                                                                                                                                                                                                                                                                                            SHA-256:1E46602375593F2A1A3F9C617FE1F5708E3C5B89005E374BC5955F3107AC0EB6
                                                                                                                                                                                                                                                                                            SHA-512:42421231CB492391F56F56B050350CAAF447C14405210DB65117E0BA37E5CEC93F377713C7221FEF1C733FED506FD3576AA73134C4AF519F8ACB84406247798C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "B.n.ficiez de la protection web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .tre prot.g. en ligne avec ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conserver les modifications",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_PERMISSION_ADDED_CONTENT

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1402
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.605945453831213
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HThh5mCPPDSIuREwP3ycRCCPPDmetuqELFbiFpVtgDSQe:Rh5mCPPDSI6xP3ycRCCPPDm6pELFOFpd
                                                                                                                                                                                                                                                                                            MD5:B48A573CBD12E2316B85A204D4FBDAD2
                                                                                                                                                                                                                                                                                            SHA1:9CC89D5A27C0324293CD9F4B46DC472FFC413F07
                                                                                                                                                                                                                                                                                            SHA-256:078D1E600833DB2CF2CD790969E7AED023D624D07FBF37C312E2F9C2F1FD696C
                                                                                                                                                                                                                                                                                            SHA-512:B7204DFE8C7522050F4D9BFBDE57D7C93ED10BF308C7CF501D990F07934AEA67B5F7168C6ABFCFD573E5B484EA6120BD1D6A567639C9CF8F1050B031BBE10934
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Dobijte svoju besplatnu web za.titu od McAfee-a klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste nastavili biti sigurni na mre.i s ovim dodatnim zna.ajkama za.tite: McAfee. Sigurna pretraga, Blokada oglasa i blokadu alata za pra.enje.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Spremi promjene",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Odobri",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.i pro.irenje",.. CHROME_E

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1518
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.684072809816461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTt3WD/Pwd03L7mtPsJePwd0kYGc8hQwde/WCpeT4zAsjWGTiuySP:5EP20bStUwP20kYGcIQ2e/JYeAsyPva
                                                                                                                                                                                                                                                                                            MD5:08F22E6CD990F85E90DD1BBBF644E760
                                                                                                                                                                                                                                                                                            SHA1:4AD9DAF31E3B8EF591B6DFCB1D4056AE498E5372
                                                                                                                                                                                                                                                                                            SHA-256:2BCA96E400BA0ECB110319BDEB778A7007C4BB86824E9B333A4A02D6091F4DAF
                                                                                                                                                                                                                                                                                            SHA-512:43114E2906BB0F2E91346B44267B958FC6F44CA1B9B22020297F60D3CEB8A6B1A77AE755937EC2B1DD28888F5A01C861DAC613726F58FFB21BDDA0C0322FB4C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "A McAfee ingyenes webes v.delm.nek ig.nybe v.tel.hez kattintson a(z) {0} elemre.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "B.v.tm.ny enged.lyez.se",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s bekapcsol.s.hoz.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enged.lyezze a b.v.tm.nyt",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, hogy tov.bbra is biztons.gban legyen online a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s r.v.n.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".rizze meg a m.dos.t.sokat",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, hogy a McAfee. WebAdvisor bekapcsolja a hozz.adott v.delmi funkci.kat a McAfee. biztons.gos keres.st, a hirdet.sblokkol.st .s a k.vet.blokkol.st.",.. ADBLOCK_PERMISSION_ADDE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1405
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.470628074845407
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT1z0nFTVKnrpGpcJVKnrpGNG7FTVKnrpGrjQDej2lDuzg4nG/EI:Fz0FTYrpGpcJYrpGNGBTYrpGrjQCj2lP
                                                                                                                                                                                                                                                                                            MD5:D187101AB2A09E69D3D9474B183D2AB6
                                                                                                                                                                                                                                                                                            SHA1:8BC05D19076F379C5CFA7014C930053760BA1B89
                                                                                                                                                                                                                                                                                            SHA-256:C8664C436AFF1C74C102163C1FED6D7B0DB833F526C8B570FCD786F48F2E999D
                                                                                                                                                                                                                                                                                            SHA-512:B2DE7601881219BB8842723DE8B90297507D80AFD4F4EEA473332C835DE0CD080D395DE583E94A6F7435C914B78390B3D2223783DE48A4D123EE74D6B84A5557
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ottieni la protezione Web gratuita McAfee facendo clic su {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} per attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} per restare protetto online con queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Mantieni i cambiamenti",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} a McAfee. WebAdvisor di attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Consenti",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Attiva

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1682
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.753080129074989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:x8H0vGRwMvNaRw8CvrbQRwA8vxvovyZWBMJg:a2UwuewDrWwA+pyqW/
                                                                                                                                                                                                                                                                                            MD5:CFA55C1C9412CEC2CAAFAE5984CAA8A1
                                                                                                                                                                                                                                                                                            SHA1:C4EA1EEB4608F9C7207D42856EA625A9CC24D27D
                                                                                                                                                                                                                                                                                            SHA-256:40F54EFB2D93BBA2E2B54BEEA45FE0E03E4B6A67E582174B5D40AD9EAE02BD9F
                                                                                                                                                                                                                                                                                            SHA-512:7FF993FE2B032A1C46D4758AA1B3B7B90CA73F642F9A2CCF79CB916F810E0176794D99D0A850152BB374D1CD41F4AAFB79C0DBA63A6D72EA1439C7BBE566FF18
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}................. Web ............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}.......... .... ..........................................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}.......... .... ..........................................................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".......",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "...... ..........{0}.......... ...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1350
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.993932181742526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT5dVhbu+vNh0/p7OvmksBv01I+vqNhGjB+Xx2BARLr:pXvkJOvmdBvAvq5B2kP
                                                                                                                                                                                                                                                                                            MD5:229D8B8895150E8E89DFE570519D8494
                                                                                                                                                                                                                                                                                            SHA1:15D137A9BB8700EC4A2D8882B7BB9CD1CC8AF6A9
                                                                                                                                                                                                                                                                                            SHA-256:6E31ED28D9717DA17BFA53DF73BD100B239C8667E455C99DEEB2663AD0A8F755
                                                                                                                                                                                                                                                                                            SHA-512:4386E7A890359FF41AA6C45418BE802CB499186B070B1E16F5DA418C41CE80F36DB0698448D2C82A7C902D2B54BC08E51CE073A0FA4BA0D25497698FBEBD96E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}. .... McAfee. .. . ... .....",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}. .. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}. .. .. .. .. .... ... ... ... ..... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".. .. ..",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "McAfee. ....... {0}.. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: ".. ..",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1389
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.552383373710434
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT7bqCaYyGIG3aYEgdXCCaYIRSPuA9/3QFNC+Ammy:rWCaPQ3a3gdXCCa1oPuAN3K8+p
                                                                                                                                                                                                                                                                                            MD5:7ABDE3BAD088675E38F12CA8CC858760
                                                                                                                                                                                                                                                                                            SHA1:678E1767D1C64CBCFD728945EC78964FAD7018E8
                                                                                                                                                                                                                                                                                            SHA-256:6E7A3D8E17712BAB8DD1BA0DDFF613ECFE56209D721822FBF2DB306910B3854A
                                                                                                                                                                                                                                                                                            SHA-512:8579512CC4D8D010DAA05A2DE1AAAA885330B3B53A249FF26931918EE583023F88365CE396C2E2B8DD0744CCA331E47D6AA7C87C58A185093A9F4A1857423685
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfri webbeskyttelse fra McAfee ved . klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for . f. uavbrutt nettsikkerhet med disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold endringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillat",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktiver utvidelse",.. CHROME_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1362
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.493661481803267
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT+2CwmVpm7KECQc6WpV6LqKECh6zhpTnKECZ6BMcpS3KfwDwzxFz6jcju:ulHXQc6CVsph6znTCZ6BMIS3KQAxFKl
                                                                                                                                                                                                                                                                                            MD5:6068CF22C755EBD19E7C7AC4566068B1
                                                                                                                                                                                                                                                                                            SHA1:3E5A4E7831EC3A5E656B8B618D02335A8CC0F13A
                                                                                                                                                                                                                                                                                            SHA-256:0BB60CCC68E2D3C6A508CE25B51D81D2F19B1AD85178524EA599DF928EF9501D
                                                                                                                                                                                                                                                                                            SHA-512:BF88D280591BEF0126F382FD0ACB3FC6ABAAABC020EDB107D309F2DF4A93E7BAB7692B62E15ABADA7C52D6C685AD980FCA29775BB4540870D7F77CC7D245208F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Activeer uw webbescherming van McAfee door op {0} te klikken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} om deze functies voor Extra bescherming te activeren: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} om online veiligheid te handhaven met deze functies voor Extra bescherming: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Wijzigingen behouden",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} dat McAfee. WebAdvisor deze functies voor Extra bescherming inschakelt: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Toestaan",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Extensie inschakelen",.. CHROME_ENAB

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1445
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.687452069807768
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HThG9K7qoBXUUyTNHyAoBXs0W17ZGoBXQLVTEaWjNwc4ucB2GA7USu:xG99IXnkHyAIXs0W17ZGIXQLVoaKNwc4
                                                                                                                                                                                                                                                                                            MD5:BBC7FD8415E6E3B7706934888FB2EAA3
                                                                                                                                                                                                                                                                                            SHA1:F84C8276B214ED75B5631B3A83A05EF091BDBAE7
                                                                                                                                                                                                                                                                                            SHA-256:87FEA2D66CCA7C64DC3CDD3FF5494B209C3712557F4B5B7E9F80D18746BF0257
                                                                                                                                                                                                                                                                                            SHA-512:64553D121FCBD8E267C205F2E47877E38FB4E4516AE2E98A6FA9926669DC23CA064D537415C4AC2F522855262AF9DE617D33952A688CF217D3696B47856713D5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Otrzymaj bezp.atn. ochron. w sieci Web od firmy McAfee, klikaj.c {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, aby w..czy. funkcje Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, aby zachowa. bezpiecze.stwo w Internecie dzi.ki tym funkcjom Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zachowaj zmiany",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} programowi McAfee. WebAdvisor na w..czenie funkcji Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Zezw.l",.. CHROME_ENABLEMEN

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1387
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.505792858974644
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTBsKJqk3NnebNgHbrxkHjFRt7Siu4nUiIZl:yaqk3NnebNg7rxCFq4nYD
                                                                                                                                                                                                                                                                                            MD5:93ACE843B100C1DAA1FE32EFE375E770
                                                                                                                                                                                                                                                                                            SHA1:0DC3DCBB0355DFD3D79C745C80F18A729AFD9E6B
                                                                                                                                                                                                                                                                                            SHA-256:1B0A54F2A0FDC04C15F6CA1AC348C8B58248D25D47E52BCFBF31C77DAAAABC55
                                                                                                                                                                                                                                                                                            SHA-512:3E56C4423C8C8947C84B4CAEB04E6D58EBC11609066A9F862E62DD645A89AD545D85D545FE6923A5BCBEFD47298A714DC68673D9834D06DDE1E061D0D5C3CFC4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha sua prote..o gratuita na Web da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter seguro com estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} o McAfee. WebAdvisor para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ativar extens.o"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1439
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.509730809793475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTBV0k3gQWF3+be0GQWF3+hgoQQWF3+vxkHjJYPJWg0:D0k3gQWObe0GQWOhgvQWOvxCJuWg0
                                                                                                                                                                                                                                                                                            MD5:CD67AD3CBCF5ABBA02EC8A74C9682AAA
                                                                                                                                                                                                                                                                                            SHA1:15EBA7F343B5B8017BF3E458508CBD751F5EDFB1
                                                                                                                                                                                                                                                                                            SHA-256:2A18DDD7F37E8175A91595CB1DF0FAF4FC33136B7C3E94F04266A0B5DDC0D40A
                                                                                                                                                                                                                                                                                            SHA-512:6FC1A7AAD317F21CA38A6FF566BB8B27B5A9F8851CD92A2CFFE3167441A68F21C56353A5F8459B9193D51BF1FBC9CCFF71A7DFCB05220A03F7D4FA6139DF2885
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha a sua prote..o Web gratuita da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter protegido online com estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} que o McAfee. WebAdvisor ative estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. C

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2030
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2389156698598605
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cjVIb3DoC64sVmb3D1tazjVIb3DzImiLvyxvMoi:QVi3Z2VM3enVi3v2vyg
                                                                                                                                                                                                                                                                                            MD5:C3A987B9AD24315E7713E2CBDA867000
                                                                                                                                                                                                                                                                                            SHA1:2E1777A1B306D35D1A29486AC09F2D31D7F6AE57
                                                                                                                                                                                                                                                                                            SHA-256:A13F9A8BFC7487B906E485277E05FC0CDD898ACB447890B55D95EAB4B9EFDA3B
                                                                                                                                                                                                                                                                                            SHA-512:AE92FACCE527CDEBBBB56AE7376A17277555732B2D444EACB44DC782FF857DDD2549F453C9FDE232D75BF76CE1E7F83D99CEB85A7C395E1E5377E68197B2F026
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "........ .......... ...-...... .. McAfee, ..... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, ..... ............ ......... ....... .............. ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, ..... .......... . ............ . ......... ......... ............. ......... .............. ....... ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_SEARCH_W

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1420
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.806357329480763
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT/iSRyjWeDvEPpRK2NF1I5DyjePD+hCf3c4kcrBlWF8x:P3YSeYpccF1Ic6Chm3jtAmx
                                                                                                                                                                                                                                                                                            MD5:25F7E80CBBF78362DD46936F1293CCFE
                                                                                                                                                                                                                                                                                            SHA1:85D30C6410BEA4A4361C08222A0698D1C33ADB7F
                                                                                                                                                                                                                                                                                            SHA-256:F3BD98BBB824883DAA209924E9676259C014ED39BB7AEA717EBCA1846D08E2B9
                                                                                                                                                                                                                                                                                            SHA-512:A91AFE73BFF7CBD96BAC0B846249D619AF226A4101A6CB1EFD432519C80EF9F41F8B1ECB1D7C4C4BA752F3408101F6357F478E2D21B13B7706A2DB91F00F5BE0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skajte bezplatn. webov. ochranu od McAfee a.kliknite na mo.nos. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapn.. roz..renie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a.aktivujte funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapnite roz..renie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} a.nestra.te ochranu online v.aka funkci.m zv..enej ochrany: zabezpe.en.mu vyh.ad.vaniu McAfee., blokovaniu rekl.m a.blokovaniu sledova.ov.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechajte zmeny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor a.zapnite funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Povo.te",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Zapnite r

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1338
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.635744905742948
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT4eGvvtCawa+dCIHrFwa+Npp1mCawa+rUoDOGnDk/flbhlZRmn:IeCvtCawa+dCIBwa+NVmCawa+rUoDOGV
                                                                                                                                                                                                                                                                                            MD5:16BC3BCF0766E9D1BE6C6E9E69EB48E5
                                                                                                                                                                                                                                                                                            SHA1:06EFDB3C104FC91B9AF1B15D2E9A6A9CCF848532
                                                                                                                                                                                                                                                                                            SHA-256:E8D2504729C03361D7D7E52C1991C008468D94BDA31346121EF7E6C25873A62A
                                                                                                                                                                                                                                                                                            SHA-512:DB617851863B3F4B4348D5FF15B51225C94A197C69577A9F14AB53524C233881DD58D3A0E9081D5794BA4158CA8583F6A15697E590644EEFDD5D5BA1189296AB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ostvarite besplatnu veb za.titu kompanije McAfee klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste ostali sigurni na mre.i uz ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zadr.ite promene na",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Dozvoli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.ite ekstenziju",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "da zavr.it

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1361
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.647077111768158
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT7ecjfypbD4qpbD02gVpbDYX/P33zMc2N9jkHu:rDOpbD4qpbD0JVpbDYX/P33zd2N6O
                                                                                                                                                                                                                                                                                            MD5:6E9C0635BB2057998EEA910AA6853EBB
                                                                                                                                                                                                                                                                                            SHA1:8E10D4738E4520E9E7FC6EBD912ADD75E915024E
                                                                                                                                                                                                                                                                                            SHA-256:7FF985F4B97BE26E7281A7D755C2FD2757627F01AFB8B670DBE067063BE8EE8A
                                                                                                                                                                                                                                                                                            SHA-512:0DC3576DED02972B1A4BCEE27F17D4253BB921C7A985CDA2D8DA79D7086C139BD8413DB6F6FC861684506AB90F502581732679E183EC6B39E813D5867C3DBB2D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfritt webbskydd fr.n McAfee genom att klicka p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} f.r att forts.tta h.lla dig s.ker online med Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Beh.ll .ndringar",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Till.t",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktivera till.gg",.. CHROME_ENABLEMENT_GUIDE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1404
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.681986531007875
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HT3Nd7QUN3Z/UVXMJgYZ/v94oIuZ/Nc7I4dBng5cFPkliIKCql:tBQUNGVcDxBc7HTFMliI2l
                                                                                                                                                                                                                                                                                            MD5:28F20893B2A4ED4675765FD8C0095900
                                                                                                                                                                                                                                                                                            SHA1:25BD043C0A790C0810034A609E720599A2282E95
                                                                                                                                                                                                                                                                                            SHA-256:97FAADF7C2412B155881520048D92B79276AC8B6778827FF99392515A56F2493
                                                                                                                                                                                                                                                                                            SHA-512:99DEEEEB38C1AF38DD28C61EACA778AE916438A5FA050FD89FE742DC3ECBF40F9248B6C079EE8655CF4CE01267AF2AB11094B234A7834D0B8EE7DDFE3A2D1920
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0} .zerine t.klayarak McAfee'den .cretsiz web korumas. edinebilirsiniz.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Bu Ek Koruma .zellikleri ile .evrimi.i g.vende kalmak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "De.i.iklikleri kaydet",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in McAfee. WebAdvisor'. {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: ".zin Ver",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "WebAdvisor kurulumun

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1303
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.291583352165866
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTjjZ8CKz+1CaxNs/CthZvG7qXdNqZBS:pQzaxmahZv9eZBS
                                                                                                                                                                                                                                                                                            MD5:6256306678C77FDEDA3B693EE8FD127C
                                                                                                                                                                                                                                                                                            SHA1:5F121EBA669DAF34206ED6BD6CF52F65ECE81311
                                                                                                                                                                                                                                                                                            SHA-256:FE5D54A3CEB50B68F8478255401812F1728DAD218AA682B26BCC02A84060A039
                                                                                                                                                                                                                                                                                            SHA-512:92763EBC5894EF75749668B5FBD57F5649BFB2BD04D90746C6360CDD38B9CC77146DF92F45974C81F70312E31859DCF1AD7239BF8DB6F4CA7F03E67677DDAC40
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} .............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} .................. .....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} .................. ..............................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} .... ...................... .....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1249
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.276892426445918
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HTAOzmcPZeSlGkyTDnZZeSlGCGtDcPZeSlGW17/10lQZ04QJ:dzmkCkyTDn/CCGtDkCW1LQJ
                                                                                                                                                                                                                                                                                            MD5:61644577A965E278A69D0FB294252E08
                                                                                                                                                                                                                                                                                            SHA1:FE30E80D6EDF71AC83491334C5C1433D67B2DD19
                                                                                                                                                                                                                                                                                            SHA-256:FF2769B8B4D9B72F20A5DD2CD7478745A215BCED22BEB03099AF0EEC1A2783B0
                                                                                                                                                                                                                                                                                            SHA-512:FB7A796B107133E9BD59830A9E9EE68A11A2BFD1411DA2EB7585B9D7B4046E527CF3B99B56088C5F20ABB28642A367FC942F199A3E2446D20A74A319026F9926
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} ..... McAfee Web ...",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}............McAfee. ....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}....................McAfee. ....................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor ...........McAfee. ....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "... WebAdvisor ...",.. CHROME_ENABLEMENT_G

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1048
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7432415026721815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGY406vV41eK+59CpMSqKBgvtdUeniGdZIV7mTTOkB:24e+59YMdZZZnOkB
                                                                                                                                                                                                                                                                                            MD5:0B456AD915226748362599A2DBD5D9A9
                                                                                                                                                                                                                                                                                            SHA1:27D61AF7830565A60C7A1318B1096E7154834549
                                                                                                                                                                                                                                                                                            SHA-256:AB752F1BAC0BBF18F3D34BC01AC2682F81810439C34256B37D2A1BE6377FF8D5
                                                                                                                                                                                                                                                                                            SHA-512:166F7D1D2AC050F87C511AB7DD118E111B752E4585808F901B386CC391B050CD79871795BD270EC82B19976B0194CD294EED4C000D0DC82309E8BCE844D65E69
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Zajist.te si ochranu v digit.ln.m prost.ed.",.. WAIFF_TOAST_DESC_1_COHORT_1: ".kolem n.stroje McAfee. WebAdvisor je chr.nit va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_1: "A. ji. nakupujete, vyu..v.te bankovn. slu.by nebo proch.z.te web, na.e bezplatn. n.stroje v.s pom.haj. chr.nit . a kyberzlo.inci nebudou m.t .anci.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, kter. chr.n. va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Povolte n.stroj WebAdvisor a zajist.te si ochranu p.ed viry, malwarem a dal..mi hrozbami pro va.e online zabezpe.en..",.. WAIFF_BUTTON_ACCEPT: "Zajistit ochranu",.. WAIFF_BUTTON_REMIND_LATER: "P.ipomenout pozd.ji",.. WAIFF_BUTTON_DECLINE: "Ne, d.kuji"..}..//5281157FA202A3ACB6985DF6A37DBC2C92FC64C84A911E2263AC4E7FD7626F4509D52721CAE91AEB52

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):986
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.468750891107369
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uG92vXRwV/YIehPFXc9vLfcRwV/YIeSP/GIi7dZMVIQ8g0SUZ/:nVYC9rVYttZg0SUZ/
                                                                                                                                                                                                                                                                                            MD5:77FAFE7BBFF990E28B4E6CAA20FF6612
                                                                                                                                                                                                                                                                                            SHA1:1BB3197CB4A7EF18D4F39CA528DBC61BA8520E07
                                                                                                                                                                                                                                                                                            SHA-256:8D706BF7ADFC4E4664FD5923A4EB8CBF96680090D826CB90EC55AD1C3E970292
                                                                                                                                                                                                                                                                                            SHA-512:F5BF80577CE396A3E125E2494FB904B31DC8FBC02E507B2049D677185957AD303A3339164F425D36581F682EDB5B54D26A5F3191890D12306E659206316F8CF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskyt dit digitale liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Uanset om du bruger internettet til at shoppe, g. i banken eller bare surfe, holder vores gratis v.rkt.jer dig i sikkerhed og beskytter dig mod cyberkriminelle.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et gratis v.rkt.j, der beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiv.r WebAdvisor for at beskytte dig selv mod virus, malware og andre onlinetrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "Sp.rg mig igen senere",.. WAIFF_BUTTON_DECLINE: "Nej tak"..}..//7B3F9909029C3471478A8B02DAB7CAFD947DED99B103970A120E544EF09BA6E985D3683EFF2C6E89258831B931C765333C6E9C94F898D76626482305AFB8C30B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.448818060596771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uG+QvxOeGg/OA9kNlv1VOe3F0Sui7xQd/y/QVZrX:QWX9GftF0SJxMa/urX
                                                                                                                                                                                                                                                                                            MD5:945A1356867E3FE35711AAC588C792B9
                                                                                                                                                                                                                                                                                            SHA1:29FD3FA6A3555A2DCE33259D2C362831714610AC
                                                                                                                                                                                                                                                                                            SHA-256:797D02E9F63C56BB45017FC7E3BB9F79D85069667466289BA59B62C9D7F85EFB
                                                                                                                                                                                                                                                                                            SHA-512:DEFD3DE75ED23BCD88C723289E6600BC61E617F386325167C30B2485700B8AF9F0B23CDB33DEC437473D1B3C4BE42B99B692191003D73FE8037734212E867186
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Sch.tzen Sie Ihr digitales Leben",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ob Sie nun im Internet einkaufen, Bankgesch.fte t.tigen oder surfen: Unsere kostenlosen Tools helfen Ihnen, sicher zu bleiben, damit Cyberkriminelle keine Chance haben.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Das kostenlose Tool McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivieren Sie WebAdvisor, um sich vor Viren, Malware und anderen Bedrohungen Ihrer Online-Sicherheit zu sch.tzen.",.. WAIFF_BUTTON_ACCEPT: "Schutz einrichten",.. WAIFF_BUTTON_REMIND_LATER: "Sp.ter erinnern",.. WAIFF_BUTTON_DECLINE: "Nein danke"..}..//705C455284B398DB85CC2B60531E9BF2B91F7B11BCE6B051B019960772D83D4C9EDC5D334210DD00D5842D329F139BE678EED973

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1606
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.11484032317632
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGwvlT6DePnEHleEnM+na8cEseDrXHrRvu1QGRXePoEHlesD3ir3rwqDijGduak:4HEHXnjKEXDrXrgKeEHXbirDduDiu
                                                                                                                                                                                                                                                                                            MD5:8D3DD6637EEC2C51EFE99C3F74466D4B
                                                                                                                                                                                                                                                                                            SHA1:325BEA07ECAE89F01BDE24007FFA4CE429F41940
                                                                                                                                                                                                                                                                                            SHA-256:5ACCD5F69B676A4B58D33D548F9569EB65CF398FFE9B68388AA1BFA5191C3025
                                                                                                                                                                                                                                                                                            SHA-512:48F14AB09333D4C2BCEE7F3EEF54EA884CD0E868B921979904450166CDF66F8A35FC9B21CDEC75B5B769C4C2B04E73BFE846AA8AC1B8EA41ECD259CAF2B995F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "......... ... ........ .... ...",.. WAIFF_TOAST_DESC_1_COHORT_1: ".. McAfee. WebAdvisor .... ..... .. ... ......... .... .......... ........... ... .. ...... .. ..... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".... ............... ......, .......... .......... . ........... ... web, .. ...... ........ ... ....... .. ... ......... .. ........... ........ ... .. .......-........... ... .. ..... ..... ........ .. ... ...........",.. WAIFF_TOAST_DESC_1_COHORT_2: ".. McAfee. WebAdvisor ..... ... ...... ........ ... ........... ... .......... ........... ... ... .. .. ...... .. ..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):915
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.485289593543227
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uG/4Iv74Ge+uVfWMhCHJHvU0hGecZrD5i9dwdS/ViwvV:l4guUMgHJM06ZSdsSdV
                                                                                                                                                                                                                                                                                            MD5:F92D779EAAAE55A31BCAF3E345B6EA9E
                                                                                                                                                                                                                                                                                            SHA1:F3AD7E0FA59DAB9B1A1B95F464C3EFA4469B5923
                                                                                                                                                                                                                                                                                            SHA-256:512F56FCDD9FA3412729625935347B10E5A75C966F77704117D2BB8E2E69943D
                                                                                                                                                                                                                                                                                            SHA-512:AB3CB1425051788C0D6ED8B82ED1EF697C0A9EDFA58C03CB3AE8FB32289A437BD034F027575E3672438BEC73C48D577AA8DCEE9682BA27A7372C03BBB893E0A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protect your digital life",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor works to safeguard your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Whether you shop, bank, or browse the web, our free tools can help keep you safe -- and cyber criminals won't stand a chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is a free tool that safeguards your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enable WebAdvisor to protect yourself against viruses, malware, and other threats to your online security.",.. WAIFF_BUTTON_ACCEPT: "Get protected",.. WAIFF_BUTTON_REMIND_LATER: "Remind me later",.. WAIFF_BUTTON_DECLINE: "No, thanks"..}..//F13762CCD6FC20E1B52C858144967E692EB22C7D5B04964FF197DDBE74B35756F2636FB3AFE8FB5A0608A39AB12E2B0D9426EB4623665CD3FE877855C3969CF7++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):965
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.436239874948396
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGKvMwKimzpe4sTtkAFvZxR/mzpeWLdvRYjiOdSXkHVySdEhe:V/RcKkxspJYbSXkQ+V
                                                                                                                                                                                                                                                                                            MD5:6CCC38A61AEF9934A5B1815901A5E110
                                                                                                                                                                                                                                                                                            SHA1:CEAAECFFA977D59EE52D0EA74B5988464C73B2E4
                                                                                                                                                                                                                                                                                            SHA-256:AB64003948AE90664F4AE574854BF6FEAF4AD33FA9C5F7C60AD28C5272BACDC3
                                                                                                                                                                                                                                                                                            SHA-512:8D2CB2F699E92A3ED0B85A56D009609DB41DB7080C40F7D9D1303C3E1D3C88E584D05BF38CE211C41CD696EBF1D8DC2681E8C04133A827330D70EA539ECB2015
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja su vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor est. pensado para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nuestras herramientas gratuitas pueden protegerle al navegar, realizar compras y gestiones bancarias. Los ciberdelincuentes dejar.n de ser un peligro.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita pensada para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para mantenerse a salvo de virus, malware y otras amenazas para su seguridad en Internet.",.. WAIFF_BUTTON_ACCEPT: "Protegerme",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//E430E0443B01D62E8F18D991ED2A0A0BB09FFB8E3DAFB82B9AEFEDB8C25C719E825F15DC42CA9B9267185DC6A83B1057BB634439363A58527D7C0E5C4066E4A1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):938
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.457166962637053
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGSvyUpep4n0OlvZxxzpeWLZV2iadSXkHVHQzEI:R4nHxP9KSXkl4
                                                                                                                                                                                                                                                                                            MD5:05B756F8022568981FF15FA9B43FACC3
                                                                                                                                                                                                                                                                                            SHA1:E467120C7E6DA2868A8493B11EF9A46F80039230
                                                                                                                                                                                                                                                                                            SHA-256:C78EAF8B5D7F5056487B03886D23646D2786324C56345D835B8BB292052778FA
                                                                                                                                                                                                                                                                                            SHA-512:25ABB3D8F1B52E8012FC09FB312C87D5E85B73512B6D056FFD976C811ACEFFAA234824C6BFF48135C15274566B35B852040B7B3CEBE55FCC20B2D98DED5275A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protege tu vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabaja para evitar que su informaci.n caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Sea que compre, haga operaciones bancarias o explore la web, nuestras herramientas gratuitas ayudan a mantenerlo seguro, y a derrotar a los cibercriminales.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita para evitar que tu informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para protegerse contra virus, malware y otras amenazas a su seguridad en l.nea.",.. WAIFF_BUTTON_ACCEPT: "Prot.jase",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//EDEC7644536F08210664C6DA1D3296E17AD581EA4406EBF731267112F9F05298D4C58AE72E4A8A7994BD222E60BE0DD8D3D4C4B7CF900EE46D8414E7FBE82144++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):992
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.522067171971699
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGrvpj8feM9FkTJ/XvQEbJjZjeX3EliRDd8tmQV95Qc:3qF4Z59lQEmdo
                                                                                                                                                                                                                                                                                            MD5:256AD474E95AC8C8196FAF5FC5E7E67F
                                                                                                                                                                                                                                                                                            SHA1:70E4367931271E8ED13B49B0419C3131B8BA2AE3
                                                                                                                                                                                                                                                                                            SHA-256:6D61F861C9D6D589E7F9503C7FB9F56B652845749991EB048C7CB57703F83266
                                                                                                                                                                                                                                                                                            SHA-512:9BB640555A4235DDAC03877CA937FBEB41A94145257116A4E07BA89163FE64A6C2FBF09FF8B36002CF6E729EDC704973C65F4D8850C65F13CF6609A30E769052
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Suojaa digitaalinen el.m.si",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor pyrkii est.m..n henkil.kohtaisten tietojesi joutumisen v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Miten tahansa viet.tkin aikaa verkossa . ostoksia tehden, pankkiasioita hoitaen tai sivustoja selaillen . pysyt turvassa maksuttomien ty.kalujemme avulla. Kyberrikollisilla ei ole mit..n saumaa.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor -ilmaisty.kalu est.. henkil.kohtaisia tietojasi joutumasta v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ota WebAdvisor k.ytt..n suojautuaksesi viruksilta, haittaohjelmilta ja muila tietoturvauhilta.",.. WAIFF_BUTTON_ACCEPT: "Hanki suojaus",.. WAIFF_BUTTON_REMIND_LATER: "Muistuta my.hemmin",.. WAIFF_BUTTON_DECLINE: "Ei kiitos"..}..//D04F820D2B0455D8E9DBB1BA08EC3707CCC31AA1ED8945E2AFEF8ACDF28C76497D85D8841A0E353886BED4DA2F0C749BDADB1698CEA985B269B974F19EA2B297++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1082
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.430324895927245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGNwvlMmlPcePzFzW0AvZrONq2lPce+XRKjwihGyAdCVqzAQuccMI:SMmlxpq0YrR2lkRKRUU9B
                                                                                                                                                                                                                                                                                            MD5:FAE2BF0652C3A09B72D3FBB6302F9AA7
                                                                                                                                                                                                                                                                                            SHA1:D70A18039BF3FB030AAD2D10A549D5ACFDEE9A4D
                                                                                                                                                                                                                                                                                            SHA-256:B49A16ED8218207D54EF934325172743528800A77CBD5F770409E5F90EFA33E2
                                                                                                                                                                                                                                                                                            SHA-512:2DD69F12EE0755ED08BEB24388F8D8334A98A9DC0880F0699B2DEDFAB6D43546E42C1A4B1CAD8942656AD531016A384C69EF020D2E97EAEC9EAE3EADA04CA541
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre univers num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor oeuvre . s.curiser vos donn.es personnelles et les emp.cher de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Quand vous magasinez, effectuez des op.rations bancaires ou parcourez le web, nos outils gratuits contribuent . votre s.curit. -- et les cybercriminels n'ont aucune chance contre vous.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui s.curise vos donn.es personnelles et les emp.che de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, les logiciels malveillants et d'autres menaces pesant sur votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: ".tre prot.g.",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler plus tard",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//6ECAFF7EBDA9AD6618FFC47FA41B054F05A030888F0D2AB1

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1128
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.402508955862292
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGmowvBtNhlFsceiA/6FVFzupllnF4vZrJ5NhlFsce+XvJ+wiZQdqVqDD9:eNhllA/6FVFOlOrJ5NhlNUMH
                                                                                                                                                                                                                                                                                            MD5:2E2E06A01F4766C8DDD3B6F5D0F6B752
                                                                                                                                                                                                                                                                                            SHA1:1402F5B07CE59959386EAF576EB4E3309CC8EA11
                                                                                                                                                                                                                                                                                            SHA-256:EF2DF4CFB5B5A8C2F62454B8CB1AE9ED9D8109F0714DA86AF3377B4F0E830326
                                                                                                                                                                                                                                                                                            SHA-512:E62F90D43240D01C0E9D2E59EAB8991B0D61079F41D5128877303D0752E5BDE36DFC771EF03371C38F5EAEB6C144D3999105CF1D1C36ECC09AD3DE732BB73729
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre vie num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor s'efforce de prot.ger vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Que vous fassiez des achats en ligne, effectuiez des op.rations bancaires ou naviguiez sur le Web, nos outils gratuits vous aident . rester en s.curit..: les cybercriminels n'auront aucune chance d'arriver . leurs fins.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui prot.ge vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, logiciels malveillants et autres menaces pour votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: "Obtenir une protection",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler ult.rieurement",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//EA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):970
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.53684099046014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGjvA5v/6FewAv/dHvav/6Fe0QhJ4Mmi6dwVu863JVQjSXh:S5vyAvlSvSG2M0H1My
                                                                                                                                                                                                                                                                                            MD5:2C2EF6419A4146CEBF9490BB41E213FC
                                                                                                                                                                                                                                                                                            SHA1:D67637CCD33A2E2C959DC530715A77647A4A43B5
                                                                                                                                                                                                                                                                                            SHA-256:A9531C569889C5C7E65866EA7431533987FBFA16C0D80046D4073B5D0D4365B1
                                                                                                                                                                                                                                                                                            SHA-512:5D9B15F5DCE61E69AA2760A27CF41EC71DCDACD11F605787ACE2D6071C81088DA02A43CADFD9349850AC49C53ED98D3ACFBB65B2763601028813D8661691A8B7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor djeluje kako bi za.titio va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, bankarite ili pregledavate web, na.i besplatni alati mogu vam osigurati sigurnost - a cyber kriminalci ne.e imate .ansu.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatni online alat koji .titi va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite WebAdvisor kako bi se za.titili od virusa, zlonamjernog softvera i drugih prijetnji va.oj internetskoj sigurnosti.",.. WAIFF_BUTTON_ACCEPT: "Za.titite se",.. WAIFF_BUTTON_REMIND_LATER: "Podsjeti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//C2004829C342DD4C714297110BC9ADA2F6D4CC8EB3605A79E5290A775BA0ED702C46625E8AF1FC06FE2366551B2E742EBB09A6DF86CF5A1FDF247D8897318A7E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1111
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.602686551909707
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uG7bmvSr5Mycde/FsuaVvQG2Qe5MycdefYasTyrikPId7r6QVbTzV/K3nDJJ/:RTUju5UJ3TyVE7NzU3ndJ/
                                                                                                                                                                                                                                                                                            MD5:215936230336E79835B741392148AE73
                                                                                                                                                                                                                                                                                            SHA1:F444714F470318205D0506E8BCC864DA8B93256F
                                                                                                                                                                                                                                                                                            SHA-256:2C395124CB19D2BBF519EB911AD53BF51D7562C82FF7209A5555AE658E0A6BA9
                                                                                                                                                                                                                                                                                            SHA-512:1355AB668092A14A877A189F4B78B839AF3DC37B7CB2863396684FC064977C5B02056F8205B4DAA55BCF39B7FA8294841FCA8446D1FD2FD1515A8EBD556A15E9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Gondoskodjon digit.lis .let.nek v.delm.r.l",.. WAIFF_TOAST_DESC_1_COHORT_1: "A McAfee. WebAdvisor megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ak.r v.s.rol, banki .gyeit int.zi vagy b.ng.szik online, ingyenes eszk.zeink gondoskodnak v.delm.r.l, hogy az internetes b.n.z.knek es.ly.k sem legyen.",.. WAIFF_TOAST_DESC_1_COHORT_2: "A McAfee. WebAdvisor egy ingyenes eszk.z, amely megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enged.lyezze a WebAdvisor funkci.t, hogy biztons.gban legyen a v.rusokkal, a k.rtev. programokkal .s az egy.b vesz.lyforr.sokkal szemben, amelyek online leselkednek .nre.",.. WAIFF_BUTTON_ACCEPT: "Gondoskodjon a v.delemr.l",.. WAIFF_BUTTON_REMIND_LATER: "Eml.keztessen k.s.bb",.. WAIFF_BUTTON_DECLINE: "K.sz.n.m, nem"..}..//65DF69CC7B4DFA70F0D

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):978
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.363993895689114
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGKk2vkvtdeLny8MK9GEreLYvl6lvtdeVHD/ikdCeitVo0MJ:tBQxMK7eLjYCeN0O
                                                                                                                                                                                                                                                                                            MD5:E30C0F9EA1225C5FD8B0AE7F9F9D6299
                                                                                                                                                                                                                                                                                            SHA1:90894D52636109F18A019EA6CD740048C8E18BD9
                                                                                                                                                                                                                                                                                            SHA-256:404B4F86C70726C074B59948DB3BFEE9EC22A276C61D1B73577A8D039DF1786D
                                                                                                                                                                                                                                                                                            SHA-512:E67649001162F6619762736570DA1EF984686D517B5433EC5552BB6C3DCD1B59AB873B9A661CBD552DD859479FE137F749821A46FBF0C82859E56B00C6EE2379
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteggi la tua vita digitale",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_1: "I nostri strumenti gratuiti ti aiutano a restare protetto e tenere alla larga i criminali informatici quando fai acquisti, esegui transazioni bancarie e navighi in Internet.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uno strumento gratuito che impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Attiva WebAdvisor per proteggerti da virus, malware e altre minacce alla tua sicurezza online.",.. WAIFF_BUTTON_ACCEPT: "Proteggiti",.. WAIFF_BUTTON_REMIND_LATER: "Visualizza in seguito",.. WAIFF_BUTTON_DECLINE: "No, grazie"..}..//ED0BC458F485C244D37F2D439A10D49130004DB7AE94C8153D2AD2F1EA18323EA3D27CD1C4191997F71E2D60C1AE7C4C56BF560C4B40405F00473211DF797DE5++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1220
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.720561231216306
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uG7QvTYRFqOqeEnckuxTvlRFqOlesuhxkOQihdPvIVbfTxVWiK:ZQYRFqkZrRFqcuzBvPv0TTWiK
                                                                                                                                                                                                                                                                                            MD5:0E7C5CB269541284E952B41AADFD3F06
                                                                                                                                                                                                                                                                                            SHA1:A39A02E759C2EF95ABD26AAE4CBE5E99E7600112
                                                                                                                                                                                                                                                                                            SHA-256:866EFDCA5DBEF77B63A5E30844242EB831B633DAE6AA47D096D0E8D8C2E34485
                                                                                                                                                                                                                                                                                            SHA-512:286709D251AD6775EA6986A55D9D453BF14B38F9BC72540F3EBF0453BA38DD2C33A7652FC97103F11CFE6EC2292B0A981F39BF1C8AC63853323386CF6DA8A149
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: ".... ...........",.. WAIFF_TOAST_DESC_1_COHORT_1: "...... ......................................",.. WAIFF_TOAST_DESC_2_COHORT_1: "..... ............ ................................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "...... ............................................",.. WAIFF_TOAST_DESC_2_COHORT_2: "..........................................................",.. WAIFF_BUTTON_ACCEPT: ".....",.. WAIFF_BU

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):986
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.998055861973347
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGqSv513heSk6BcSVpFrhjvG13DaJe/MhCowW/irdijVAJv59PehLqQ:0cdFvrhqD0QRPii590qQ
                                                                                                                                                                                                                                                                                            MD5:571DBB13922DDDE8E2ED3C79A672AA46
                                                                                                                                                                                                                                                                                            SHA1:3B981620CA381C58783AF247BE77C865D4B58AFA
                                                                                                                                                                                                                                                                                            SHA-256:55B10A54F36AAC21512D3994A543A37083B610D15598457F9EBBBA261F0A5F14
                                                                                                                                                                                                                                                                                            SHA-512:CE9A7B91DC0F58E91F6DD10857255229E7349767BB5FB7E8030E0417E1F440079DA7CB339EE43BF5D16103E99EEAF2854199FF31201161CFC4CAB97F7454F3BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "... ... ..",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. ....... .. ... .... ... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".., .. .. . .. . .. ..... McAfee .. ... ... ... .... ... .... ... ... . .....",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. ....... .. ... .... ... .... .. ......",.. WAIFF_TOAST_DESC_2_COHORT_2: "....... .... ...., ... . .. ... .. ...... ......",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: "... ..",.. WAIFF_BUTTON_DECLINE: ".. . ."..}..//222D8263193BC4AEB75631BA71E12257A78A197F4F707886DADFD14C12C1F265E506B9750FA5E612B5CB0C073C5258F0310AD2ECD61E14E13064B30555E80D16++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):962
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.486271804331691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uG9IvAh1IerDGuH9tvIzzh1IeLkGAlIi7dkVpFlXic:fLd+LtkHtSDic
                                                                                                                                                                                                                                                                                            MD5:C13070E5BDF6B5B1AAAF9F72B2BF5668
                                                                                                                                                                                                                                                                                            SHA1:F1D20DB4E08403A434402774A9BA3B47486AD6E0
                                                                                                                                                                                                                                                                                            SHA-256:8CF583206062D1FC176835506362045DFE259033DDFC2CAD41DC660CE9A7D46D
                                                                                                                                                                                                                                                                                            SHA-512:764B1A9BB3BDC66E1C6C2F24C25885AD43F8913FC8B110719D82BA7DC309C30327C35310EED269E2F93EEBD9B23E48E3DC303818999A9318D63EA89DBD00A970
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskytt det digitale livet ditt",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Enten du handler, bruker nettbank eller surfer p. nettet, kan de kostnadsfrie verkt.yene v.re holde deg trygg . og nettkriminelle har ingen sjanse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et kostnadsfritt verkt.y som bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiver WebAdvisor for . f. beskyttelse mot virus, skadelig programvare og andre nettrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "P.minn meg senere",.. WAIFF_BUTTON_DECLINE: "Nei takk"..}..//5C3D661F48995F966A70D69180093AF77593D6984D7E3E1B7CB92A522988BA35B4DD093C990693523A8D42488660EAD0D427DDBED16D587258218B5552232686++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1008
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.379834205254167
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGCbQvNQ/JHeGLwpBgvNTHUQ/JHeHgjQui8QydMiQVFxZ0jWZH:wbE+JjwpMU+JeaQuHxs0K
                                                                                                                                                                                                                                                                                            MD5:1FAF74B1D3C6CB333558917CE2366938
                                                                                                                                                                                                                                                                                            SHA1:D5436164B931F2E3F9F0D859150148F5A80C60D2
                                                                                                                                                                                                                                                                                            SHA-256:EACEF0D43993776299429F90F4DD764E5FEB3B1ED978FFE7EDE0F279845DB0C8
                                                                                                                                                                                                                                                                                            SHA-512:A6B683D751DD9CFB6E9D1C741DAE35D327B9C06511CCAFF8DB48B25BA3D783D7D1E4658AEF6E9B17DFCD23A1F95CC431D760DA8142B2D798C166C6780861982D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bescherm uw digitale leven",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beschermt u door te voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Of u nu online winkelt, bankiert of surft, onze gratis tools kunnen u helpen om uw veiligheid te handhaven. Cyberciminelen maken geen schijn van kans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is een gratis tool waarmee u kunt voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Schakel WebAdvisor in om uzelf tegen virussen, malware en andere bedreigingen van uw online beveiliging te beschermen.",.. WAIFF_BUTTON_ACCEPT: "Zorg dat u beveiligd bent",.. WAIFF_BUTTON_REMIND_LATER: "Help mij herinneren",.. WAIFF_BUTTON_DECLINE: "Nee, bedankt"..}..//8362F99913AAD084BDB46AB898ABB1B71CCBBE63CA4FE3454EAF281967E3EEEC7CAFC88FB801881146DA0BEE784D01C6C37E41C5ACB0219E5C7420D7B6

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1093
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.661563477710932
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGVNFvLnLYFCeTKTv0vmNGHKZYFCeoVmPbYCjisi2d8VVNNy33hOZ:PnLaKTvdckXVmPbvUO8Dy3ROZ
                                                                                                                                                                                                                                                                                            MD5:3525DDB2F30F7565DDB6ED18BCCC04D8
                                                                                                                                                                                                                                                                                            SHA1:B0532E3E00BDDD5A087AD613F029D9C52DA6CB8F
                                                                                                                                                                                                                                                                                            SHA-256:F237B09229DBB9C7AA0F35240E32A31001A5BCBD9A3C7E7D15D12284E8503A87
                                                                                                                                                                                                                                                                                            SHA-512:EE28A057BC388BD3EDA7CFFB7FB0F3BC113DE8F5E8D0C3E04B8C3EF123390D8C48C4EB4DA42DF4153820A76B8F899DA2E7EA58E906AAA005C7B4BD4A463F710A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bezpiecze.stwo w cyfrowym .wiecie",.. WAIFF_TOAST_DESC_1_COHORT_1: "Rozszerzenie McAfee. WebAdvisor dzia.a w celu zabezpieczenia Twoich danych osobowych przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nasze bezp.atne narz.dzia pomog. Ci. zabezpieczy. przy zakupach, korzystaniu z bankowo.ci lub podczas przegl.dania Internetu . cyberprzest.pcy nie maj. szans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Rozszerzenie McAfee. WebAdvisor to bezp.atne narz.dzie chroni.ce Twoje dane osobowe przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_2: "W..cz rozszerzenie WebAdvisor, aby chroni. si. przed wirusami, z.o.liwym oprogramowaniem i innymi zagro.eniami dla bezpiecze.stwa w Internecie.",.. WAIFF_BUTTON_ACCEPT: "Skorzystaj z ochrony",.. WAIFF_BUTTON_REMIND_LATER: "Przypomnij mi p..niej",.. WAIFF_BUTTON_DECLINE: "Nie, dzi.kuj."..}..//F3E38B302B10D1809203477C6527315E0B003

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1007
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.496378454894593
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGWvGqe4TqfWHvxYLqeo3L9iGdtHVzWgtX20:JsTmLA3LNtx20
                                                                                                                                                                                                                                                                                            MD5:8899A12D177374A1E773048D3CF9BCB4
                                                                                                                                                                                                                                                                                            SHA1:DAE5F43D4F2BF92A0B52E96B4A38C39D81175632
                                                                                                                                                                                                                                                                                            SHA-256:8675BCC36472BA7C972E8FD8D1AB534759012B861E6832558E33FB078C62D6D9
                                                                                                                                                                                                                                                                                            SHA-512:9ADBB4BA346FCCD2E55B86ED787DACF758EC864EB016CFB471894A5D1CCD5F937AEFB9991AD6197A7224E1104DA42656F9B942265987E8B1FC60DD7FBDD618D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabalha para impedir que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Seja para comprar, fazer transa..es banc.rias ou navegar a Web, nossas ferramentas gratuitas podem ajud.-lo a manter-se e seguran.a -- e os criminosos cibern.ticos n.o ter.o a menor chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uma ferramenta gratuita que impede que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para proteg.-lo contra v.rus, malware e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Proteja-se",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar-me mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//B4C8C55D0A9539728374305BCD57564250DFE050C1D5B937463EE1107E10765048755FC4FCC83C8A4D3BD82246DF57DC7ED4B9CDFFC8D4095D3FC686F7C

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1038
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.460077956162041
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGWvXqemtvxo8lo8Fv0YYqeorp9i7d0HVCjRkz:munlVYArpm0ojCz
                                                                                                                                                                                                                                                                                            MD5:BD668E8B6F75150D66047408468BACC6
                                                                                                                                                                                                                                                                                            SHA1:95FBE849771C0A6A448381618FCC53C2D9B6886F
                                                                                                                                                                                                                                                                                            SHA-256:103D4067070A4E77C137D708DD74826A17DA20F4E79FE8F06AEBDC2B0AB9F49C
                                                                                                                                                                                                                                                                                            SHA-512:F795402684B32C7ADAC4AFCEB4CF244396F8232895C3BADD213521F20937BD055CCFE08F5A00A38CC1A31FFE2378ADAA17C2B8CE70508BE8B4047FCBD54ADB2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "O McAfee. WebAdvisor trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Caso fa.a compras, realize opera..es banc.rias ou navegue na Web, as nossas ferramentas gratuitas podem ajud.-lo a manter-se em seguran.a, e os cibercriminosos n.o v.o ter qualquer hip.tese.",.. WAIFF_TOAST_DESC_1_COHORT_2: "O McAfee. WebAdvisor . uma ferramenta gratuita que trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para se proteger contra v.rus, malware, e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Obter prote..o",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//87F2E6FC174E1AFAEBD92BBD958E990F3143F5AC780C18B8E4780B71B0871BA4590E7316B59458017C37EB813DDE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1396
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.223729678928805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGgmLHv4r6HeS0WPHH7XQfOc5TwvFovr6HeyHiM7avIixQd3ImlVXxrUV+THv:amMm7Uh2zaq46y+7
                                                                                                                                                                                                                                                                                            MD5:3820BB070D453754C89877D64E66D0B7
                                                                                                                                                                                                                                                                                            SHA1:74747863FD2E68BAE4C4A4EBAAA0EC3E2201DE9A
                                                                                                                                                                                                                                                                                            SHA-256:8620FB0C1C61B902F06C2905C07E756C7C227C8AE0CC3C546DAC520E462FB727
                                                                                                                                                                                                                                                                                            SHA-512:497F221C2FF74897322A24CF6471E96E8AB555A021F2CB70E777824F64B9BC2325D44C15266083DFBE2FEBD521C83C1AB1AF0FC922525644CF0335C55BCB74AA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........ .... ........ ...",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ............ .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".......... .. ...., .......... .. .. ......., .......... ........ ... .............. ...-........, .... .......... ........... ....... .......... .... ...... .. ..... . ..................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . .......... .........., .............. .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_2: "........ WebAdvisor, ..... ........ .... .. ......., ........... .....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.785420919757499
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGqvUTke2+u4Z2M2vtd2keuEAvECuiFdCVt9kHn:s2Ovphn
                                                                                                                                                                                                                                                                                            MD5:BEC1657844380EC152D41F26DB72F2AF
                                                                                                                                                                                                                                                                                            SHA1:4CE896C7DE3BF1CD4A730C10B1E6E283F378CB05
                                                                                                                                                                                                                                                                                            SHA-256:66F51D95DD48CF20C5B2877C611254A971789A6DC1FF178585242364D683668F
                                                                                                                                                                                                                                                                                            SHA-512:B2420F1E5C049D7822E47EFD70FA535CD0BB07274B506AA54C2F50E8E519F74AD89B33044496111BC56CE07B1D363EF7464A86B01EFF582BDBAAEE95F87BB6D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Chr..te svoj digit.lny svet",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor v.m pom..e ochr.ni. osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Na.e bezplatn. funkcie v.s ochr.nia pri nakupovan. online, elektronickom bankovn.ctve alebo prehliadan. webu a.nedaj. .ancu kyberzlo.incom.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, ktor. ochr.ni osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Zapnite WebAdvisor a.ochr..te sa pred v.rusmi, malv.rom a.in.mi hrozbami, ktor. na v.s ..haj. online.",.. WAIFF_BUTTON_ACCEPT: "Z.ska. ochranu",.. WAIFF_BUTTON_REMIND_LATER: "Pripomen.. nesk.r",.. WAIFF_BUTTON_DECLINE: "Nie, .akujem"..}..//45D6D7954CEFC05DC754717DDDA93C26C85735147608EDC37BCCA3BF92981532CD0DBBBE7FB9B0BCC90593A5942D92AAA2792BF8437A71606F52FD73B9B27F81++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):962
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.563925494198125
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGjvY4FembeVgtvKSFe0WLmLTlwFi1dAVrSDhzW:mlQJnlH2SNW
                                                                                                                                                                                                                                                                                            MD5:704420A9E993429FB96DEBC48984A686
                                                                                                                                                                                                                                                                                            SHA1:D371618971305C0DAEF262752F424B47348415C2
                                                                                                                                                                                                                                                                                            SHA-256:A7C9BEFC06A8B3707DAED444A6203D65E5B95BF25A4333D536E1436BF0738B8F
                                                                                                                                                                                                                                                                                            SHA-512:0A5393A9C55BFA78192A341AB0E32B6BA158ED0A8867C55A0F817B9C1F95BE7689A1B27490BBABD8ECC5BF5970367479A63A7871B9094C8E850B8AA56A6AE5B4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor radi na .uvanju va.ih li.nih informacija od padanja u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, koristite bankarske usluge ili pretra.ujete veb, na.i besplatni alati mogu sa.uvati va.u bezbednost-- a sajber kriminalci ne.e imati .anse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatan alat koji .uva va.e li.ne informacije od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite da vas WebAdvisor za.titi od virusa, malvera i drugih pretnji po va.u bezbednost na mre.i.",.. WAIFF_BUTTON_ACCEPT: "Za.titi me",.. WAIFF_BUTTON_REMIND_LATER: "Podseti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//8A7A7BBFCEF77E27295AACBFEB5CEBBEBFA26AD5C32C16902DB2E046A8CF6B63ABE6BFA03A189B662D7EB6897C0761E75AA09CCDB385FBE833B4917657B4C5EE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1002
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.500667627680436
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGKlvc49IeIuZR6/Otvo6WT8E9IehgNMxi72dUVIX/jCRtJP:Y9au+2M8E9nqMSOPjGJP
                                                                                                                                                                                                                                                                                            MD5:129F0DAB4D2D66B187CC855602D4C926
                                                                                                                                                                                                                                                                                            SHA1:5351212D61AC1A3D73DCA135BC0013E5723F2FAB
                                                                                                                                                                                                                                                                                            SHA-256:1875E44310F4D4A44EF35173459058CFD6665E8038AEFB324F0E6ACAB58082B4
                                                                                                                                                                                                                                                                                            SHA-512:4F5D59BA0D6F0AF39A6D640EBE71692514EAC5B70B44735AE5BA3FF0777AEEE372A6AD145D96E3FF35DA0F43B5B6191B0D58E9643401902CB425D2EE282994DF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Skydda ditt digitala liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor jobbar f.r att f.rhindra att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Oavsett om du shoppar, utr.ttar bank.renden eller surfar p. internet kan v.ra kostnadsfria verktyg hj.lpa till att h.lla dig s.ker -- och n.tbrottslingarna kommer inte ha en chans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor .r ett kostnadsfritt verktyg som hindrar att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivera WebAdvisor f.r att skydda dig mot virus, skadlig programvara och andra hot mot din s.kerhet p. internet.",.. WAIFF_BUTTON_ACCEPT: "Skydda dig",.. WAIFF_BUTTON_REMIND_LATER: "P.minn mig senare",.. WAIFF_BUTTON_DECLINE: "Nej tack"..}..//6A7B87963BAD2A034B7A9B0F706F606BEB8B063A849E7F99C8F54871957BEA7DDAF93BBEBDE58A6A3250F3AAF93F0B00D27AE0DEFFEC4525B048D11DCCDAF8E4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1061
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.631054618724672
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGS2QvNaIeIse0jz0CtBsvzCOvje4DFkNHiNQd1NHVbaOQ2k:PaahjzHtWbnZMHxk
                                                                                                                                                                                                                                                                                            MD5:9E474EFCA83308514B37F9592AFD7D44
                                                                                                                                                                                                                                                                                            SHA1:228F1579B706CCE1B9350EC44076071A69D44A7C
                                                                                                                                                                                                                                                                                            SHA-256:A5245FB0B6C4D54D4180024574D44AAB17A86A15C54A13EF54219771276989E4
                                                                                                                                                                                                                                                                                            SHA-512:5EA893F077B72AD9B253B674B019153305F4E406C56AC82A30B53628BB50CA59C99FB42D2A486B5A0F2892699036D89CDE3668A1C6AAD7E077902093C5B036FC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Dijital ya.am.n.z. koruyun",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ki.isel bilgilerinizin yanl.. ki.ilerin eline d..mesini engeller.",.. WAIFF_TOAST_DESC_2_COHORT_1: ".ster al..veri. yap.n, ister banka i.lemi ger.ekle.tirin, ister web'de gezinin, .cretsiz ara.lar.m.z g.vende olman.za yard.mc. olur; siber su.lular.n hi.bir .ans. kalmaz.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor, ki.isel bilgilerinizin yanl.. ellere ge.mesini .nleyen .cretsiz bir ara.t.r.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Kendinizi vir.slere, k.t. ama.l. yaz.l.mlara ve .evrimi.i g.venli.inize y.nelik di.er tehditlere kar.. korumak i.in WebAdvisor'. etkinle.tirin.",.. WAIFF_BUTTON_ACCEPT: "Kendinizi koruyun",.. WAIFF_BUTTON_REMIND_LATER: "Daha sonra hat.rlat",.. WAIFF_BUTTON_DECLINE: "Hay.r, te.ekk.rler"..}..//D2F6708E64E1593BD7A3A0C02E12F4833D18B66AFDFFDAE77CD4646C057234045E3D4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):917
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.332666918466607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGFvQsaInleBd82wvxsnInlehoyliIodS8VqiBnBh4qhjz:RaI4i2ZnI9Dyq1z
                                                                                                                                                                                                                                                                                            MD5:E2F297335C6C421C7C079F32EF9EC703
                                                                                                                                                                                                                                                                                            SHA1:CBCFBAC1B668F45AC4094B4959438DB3EF9D97FA
                                                                                                                                                                                                                                                                                            SHA-256:D2706B69BDD37D6D8D119EC88B4C9B2A72E0F9A8F07698A71456FA25DDD77650
                                                                                                                                                                                                                                                                                            SHA-512:2A5DD2E4BF46EECD46411532BB49648DFDB029D892C2555D744E356D3CC69DCA172E73E4B998367D18E489AC887B44D8E93A8A8F7105C7C9E18D015D43D4BA7D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: ".... ...................",.. WAIFF_TOAST_DESC_2_COHORT_1: "........................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: ".... ............................",.. WAIFF_TOAST_DESC_2_COHORT_2: "................................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "...."..}..//7E1B9A1E5C32E1A98E2A32470E34762F4E7FEBE769F99D4D6EA46B84B77EF25025C8BB26D42881AF2EE05CCA6FBE17CF899696A428738DD53132B2AF9456466E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):915
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.36668015504765
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7uGYvJeiCCpqKvZeedNsyinkdSgVq47TW30wmRE5:GJRNxtT65
                                                                                                                                                                                                                                                                                            MD5:A27D77F1987B5D1E2150FBB12A40E90B
                                                                                                                                                                                                                                                                                            SHA1:F2FCDD08BC5A006254DA7493A9A568ED505D3582
                                                                                                                                                                                                                                                                                            SHA-256:F9D8C507B59139F173A856B2125C9E1130388496658115D8DB74A27CBD189B2A
                                                                                                                                                                                                                                                                                            SHA-512:F34DB70870587F20DCE66E37EFDA7E40C32EFC2977C47B52D18595B1C561BB9D4E559D460DEC333C335A51FECFEB4D7ACF723BDC00FDA4B9E2EDC3D4CE867C83
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor .....................",.. WAIFF_TOAST_DESC_2_COHORT_1: "...............................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor ..........................",.. WAIFF_TOAST_DESC_2_COHORT_2: ".. WebAdvisor ...........................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "......"..}..//6E84C1AAA5CBEBB5A5CBDE3AFF2DBB91AFB6895037E42A195A6084896E0F0EBE5B4B9223264CD844AC1878AE6E52454069EF8276156FD9E8F26226507BAD33B0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4962
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.645182296543807
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Ht5PSpPUGEAopoM4odOR9EPH1h1bTzUXToCnqIK92n4laxOQDgf:rqpcGEAQ54ROdhlTCTXqIKM4lansf
                                                                                                                                                                                                                                                                                            MD5:D80A0D574B332C670D1CBE0BFA95D8DD
                                                                                                                                                                                                                                                                                            SHA1:2EAB02F241B941F0553F32BD1C8FA6644CC52007
                                                                                                                                                                                                                                                                                            SHA-256:440028E29265E732D3007F1FEE8D5E67CC3AD893147DF12177F90C31B6FC3B68
                                                                                                                                                                                                                                                                                            SHA-512:7EB1A36F9663934F3E4B95F1DF07285CEFDDA14044655A7CCF021955ADC322A44A24A822D003B1C613A96E7A9CB30B1F07657FB152E4CB40185FFF1C82F51836
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ete svoji ochranu na internetu . ZDARMA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Jen tak d.l!",.. OEM_TOAST_VARIANT_INFO: "M..ete se na internetu c.tit mnohem bezpe.n.ji. P.idejte zabezpe.en. vyhled.v.n., abyste dokon.ili ochranu p.i proch.zen. internetu McAfee a zv..ili sv. bezpe.. na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Aktivov.n.m zabezpe.en. vyhled.v.n. jste dokon.ili nastaven. ochrany p.i proch.zen. internetu McAfee.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Zku.ebn. verze antivirov. ochrany McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana internetov.ho prohl..e.e",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prohl..e.e je va.e linie obrany proti nebezpe.n.m webov.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4454
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.395923614178725
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Hud7h5xpL1yuPQacJspPbkwriNTSwcvEFyFQFgrXirAw:M7hTpByuodJspPbrriNmwcvkZFgrSAw
                                                                                                                                                                                                                                                                                            MD5:6EDE9954CC5AC0624CF9623B2DC8C6D7
                                                                                                                                                                                                                                                                                            SHA1:097BBD50D8D4ACA1F17DC55F1DE87E5786105E18
                                                                                                                                                                                                                                                                                            SHA-256:1A12A5D3AA55C8254AAFFE588E37C1A1F42FAF5BE896340D0F9CF386B748C3F5
                                                                                                                                                                                                                                                                                            SHA-512:AB4A3CD3CACF1CB83B04C1325B7ABD40FE9282CD7475EFB1DD52684299A8B394388B04C1DBCB88DFFB9DACD21348C3105A347EEF47F0C8CBA915A604DF9215DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "G.r konfigurationen af din onlinebeskyttelse f.rdig . GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.dan!",.. OEM_TOAST_VARIANT_INFO: "Du kan have en endnu bedre beskyttelse online. Tilf.j s.gebeskyttelse for at g.re konfigurationen af McAfee Web Protection f.rdig og forbedre din sikkerhed online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har afsluttet oprettelsen af din McAfee Web Protection ved at aktivere s.gebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversion af McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeskyttelse er din f.rste forsvarslinje mod usikre websteder, links, downloads, malware og meget mere.",.. OEM_TOAST_VARIA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4525
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3542257187142255
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Hu7HbtZh8r8XUawmvah/R70a0+PNIk02+qjdLcSpQkwqJ7:yHbF8rbme/RRpOk02+QtcSukwW7
                                                                                                                                                                                                                                                                                            MD5:4D8E78CDF5B01FF205264861F935F25A
                                                                                                                                                                                                                                                                                            SHA1:BB21E73EB3CA74F4B65053C65FF89C709F1C087E
                                                                                                                                                                                                                                                                                            SHA-256:C44D8BD83D8095A2790DF4B985A38AD4E8F45C9E6372C493DB45E8AD2DB68F73
                                                                                                                                                                                                                                                                                            SHA-512:82D3BB4C9B451656C6B7F27D0B39C45F9091A4C495C12D769A4AE7EB9AA38D2FE03B9E4D4BDC16681EFA00537164B51DB22A3EE10A7DBEBD4EA4230792C2CEAC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Komplettieren Sie Ihren Online-Schutz . KOSTENLOS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Sie nutzen nicht alle Funktionen!",.. OEM_TOAST_VARIANT_INFO: "Ihr Online-Leben k.nnte noch viel sicherer sein. F.gen Sie Online-Suchschutz hinzu, um den McAfee-Webschutz zu vervollst.ndigen und Ihre Sicherheit im Internet zu erh.hen.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Sie haben den Suchschutz aktiviert . der McAfee-Webschutz ist jetzt vollst.ndig eingerichtet.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee-Testversion",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Browserschutz",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Der Browserschutz ist Ihre erste Abwehrreihe gegen unsichere Websites, Links, Downloads, Malware und mehr.",.. OEM_TOAST_VARIANT_F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6944
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.100360169240959
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HwrU5F9ob1w9r4vQZEiH/MkCyf9Wxi8+cw2tV9fnozQRfQ7oRZ1:QrU5FixMrp/MksxbhtV91I7oRb
                                                                                                                                                                                                                                                                                            MD5:366BE26D1DABCF44941F7E8758593762
                                                                                                                                                                                                                                                                                            SHA1:E4B5D7A1094D7EBF2CB68B3E2585DFC837A82B6F
                                                                                                                                                                                                                                                                                            SHA-256:C487BD06C96A74F4422CC3A605606CD67A94A01D468CCF58AB25EE5B1E1B13FA
                                                                                                                                                                                                                                                                                            SHA-512:88D086AB955970A36EF96D46D502ADADAFE8EA9128AAD36E02053A97F7E33748E4E56735CB3708C34836029F741652A429A9DE37AA7A1CADF41053D3985CDDC9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........... ... ........... ... ......... . ......!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: ".... ........ .. ..... ... ........ ... .......... ......... ... ......... .......... ... .. ............ .. ........... ... ......... McAfee ... .. .......... .. ........... ... .........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............ .. ....... ... ............ ... .......... McAfee .............. ... ......... ...........",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...... McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABL

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4727
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.36058489621146
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HVm7IJTUE/c0dnhD6HaTKz+cfItWHMtDJHRLWyk7mEQheMrm:IYUcno6mpbONH5Wt7mPheMrm
                                                                                                                                                                                                                                                                                            MD5:E0D1193B0CC7EF51835BE39F21D30ED6
                                                                                                                                                                                                                                                                                            SHA1:0392666A0BCB0BA990BCDFE3C7FF4F3BE9B91476
                                                                                                                                                                                                                                                                                            SHA-256:0AF79C4732DA48724BCF47105D3CCDF92DF695D8C2B03EA50B6387BA1B7AC91F
                                                                                                                                                                                                                                                                                            SHA-512:C570448E90A342BF2FF2CA9F87EA4A938816888AFA0709B8A8E6AB8ABD42C6B964FB0F384F62487ADD1AE0449829053EDD5549FF3378063A30B30D4736AFBAA2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Refuerce su protecci.n online GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Muy bien!",.. OEM_TOAST_VARIANT_INFO: "Puede navegar con mucha m.s seguridad. A.ada una capa de protecci.n a sus b.squedas en Internet con McAfee Web Protection.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Ha terminado de configurar McAfee Web Protection con la protecci.n para las b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Versi.n de prueba del antivirus de McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n para navegar por Internet",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es su primera l.nea de defensa frente a sitios web, v.nculos y archivos de descarga poco seguros, adem.s del malware y otras amenazas.",.. OEM_T

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4645
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.367337782235457
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H+uLpSRLUr0y8YDhD5MkLb6kyoRV41uRyrF4QVT2:euLiQgu4kLbLyqMuRAFjVy
                                                                                                                                                                                                                                                                                            MD5:96936BE4F463AA7A97CCDCC6D7E38FDA
                                                                                                                                                                                                                                                                                            SHA1:011B0F6B7A7B3826F42B8A4A8BB75A23C66413AA
                                                                                                                                                                                                                                                                                            SHA-256:226F1709B477ED59E059D846CBBD0740CD3CBA52B8A5FC3D385653BBF8120E23
                                                                                                                                                                                                                                                                                            SHA-512:6004A728BD3641189E00233FBBFAFE9C230BA056D2D82022677A4F01094339DEEB9F250AA4EA83356CDA7EF4776544555015B58A33F988147DBB55089A82787B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa tu protecci.n en l.nea. .GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Fant.stico!",.. OEM_TOAST_VARIANT_INFO: "Puedes estar mucho m.s seguro en l.nea. Agrega la protecci.n de b.squedas para completar McAfee Web Protection y mejorar tu seguridad en l.nea.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Has completado la configuraci.n de tu McAfee Web Protection activando la protecci.n de b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prueba de McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n del navegador en l.nea",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es tu primera l.nea de defensa contra el malware, los sitios web, las descargas y los v.nculos inseguros, y mucho m.s

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4369
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.381721523071525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HCY1buqqISrqXmaENWWAyROr+DTVgjifdQhmX:i2bURGOAlyROrWgjCChmX
                                                                                                                                                                                                                                                                                            MD5:DDBD8D7DF71429833887385483B3A5C1
                                                                                                                                                                                                                                                                                            SHA1:B9F565FB8C1DD39A8F1D8A9ABB55497F36AB5B55
                                                                                                                                                                                                                                                                                            SHA-256:0E4B946A8DAC2E39CCD305FA8E77BCF047FA2D8121D5768C38FC14E01A3465BE
                                                                                                                                                                                                                                                                                            SHA-512:DE34EF6290B94E1562D67957B6AB900CDE691529498E67313A87D3090B6A37149578FC5D514E54196D83D771C3C351E5D52D3277FEF6E23E930D7EA2FD5438DA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "T.ydenn. verkkosuojauksesi . MAKSUTTA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Hienoa!",.. OEM_TOAST_VARIANT_INFO: "El.m. verkossa voi olla turvallisempaa. T.ydenn. McAfeen verkkosuojaus hakujen suojauksella ja paranna turvallisuuttasi verkossa.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Viimeistelit McAfeen verkkosuojauksen ottamalla hakujen suojauksen k.ytt..n.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus -kokeiluversio",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Selaimen suojaus verkossa",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Selaimen suojaus on ensimm.inen puolustuslinjasi muun muassa vaarallisia verkkosivustoja, linkkej., latauksia ja haittaohjelmia vastaan.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Hakujen suojau

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5002
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.357219757014203
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HZzGKZjPEluOR2wzvjc8/MWaAE+XZKn3mTvARBdphbmbQQQJA3jqtQjQ7cHSg:lVEzx/Zk3uvAdfdJo1jzj
                                                                                                                                                                                                                                                                                            MD5:155C5AB5ACCA7FCAD52B027038664601
                                                                                                                                                                                                                                                                                            SHA1:2C84796616DBBF81DA3E5BC1AE1788C1F1D5C4B7
                                                                                                                                                                                                                                                                                            SHA-256:E7E37A4223C5574C5B79FC4F323EFA27AA7122797FDC22F24273518A0285B936
                                                                                                                                                                                                                                                                                            SHA-512:AD8FE82F1B4C53E3854284A6FC1E3C1D33DD1EBA01D52F33D32B3416D8D0FC4FE83025A888505D99C1C235AF823FF66E85FC1939A087A290D32A75CF7E34755E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Compl.tez votre protection en ligne - GRATUIT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Quelle bonne d.cision!",.. OEM_TOAST_VARIANT_INFO: "Vous pourriez .tre beaucoup mieux s.curis. en ligne. Ajoutez la recherche s.curis.e pour compl.ter la protection Web McAfee et pour renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez compl.t. la configuration de votre protection Web McAfee en activant la recherche s.curis.e.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation gratuite de l.antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur est votre premi.re ligne de d.fense contre les sites Web, lie

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4951
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3675775101006735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H1dQtHATWE0/hUcGNyFmjjc8md8QPSsnRxKGF7juyNmYSff9j5rQgTX:VKtrE0pIUL6sR727FBygTX
                                                                                                                                                                                                                                                                                            MD5:B214EDD31788DEF196D4BDA2A185DD1E
                                                                                                                                                                                                                                                                                            SHA1:76F1DB2A00C17FB55177CA032766A02704C1CBE9
                                                                                                                                                                                                                                                                                            SHA-256:2E2182FE39CB31234CD5821A98828FFC7F05C5FBD0694EEABD430FA6DED5C003
                                                                                                                                                                                                                                                                                            SHA-512:9C0435F4F1651F675220D1E4B8428BD17B64E788EDD21AE608B67E6FEB3AF75FD8806AE3AEC3525AFC2D1482DE767397F00ED75FF26BB593D3B92D6B5ED63B59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Terminez la configuration de votre protection en ligne . GRATUITEMENT.!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Bravo.!",.. OEM_TOAST_VARIANT_INFO: "Vous pouvez .tre beaucoup mieux prot.g. en ligne. Ajoutez la protection des recherches pour compl.ter votre protection web McAfee et renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez termin. la configuration de votre protection web McAfee en activant la protection des recherches.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation de l'antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur constitue votre premi.re ligne de d.fense contre les sites

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4651
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.463795354688797
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HCsNsKVqer5TZNOZG9OBhwMsvA0+Ovho6rQYBI9:zNsiqsZ4cM6A0+Ove60YW
                                                                                                                                                                                                                                                                                            MD5:501D00D2EBC4945959F2D6DB1A14EEFB
                                                                                                                                                                                                                                                                                            SHA1:69EEC6B51EA50AE6E8E9F30C0B0A23EA5367647E
                                                                                                                                                                                                                                                                                            SHA-256:0E234C8B89D046404045E2A712C6838C899235A2A41BEB267941E0DB5107824A
                                                                                                                                                                                                                                                                                            SHA-512:AAD39758A81C5CE662DFD0BB3FBB053DB32A4093CA3B533B801F882A620DD55A74C9ECA770C634C5F654B494101B3CCA17C7DE4C4BF89A612F87D4E1C1C2AB01
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dovr.ite svoju online za.titu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tako treba!",.. OEM_TOAST_VARIANT_INFO: "Na mre.i mo.ete biti puno sigurniji. Dodajte za.titu pri pretra.ivanju kako biste dovr.ili McAfee Web Protection i pobolj.ali svoju sigurnost na mre.i.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Dovr.ili ste postavljanje svoje McAfee Web Protection omogu.avanjem za.tite pri pretra.ivanju.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita preglednika na mre.i",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita preglednika va.a je prva linija obrane od nesigurnih web-mjesta, poveznica, preuzimanja, zlonamjernog softvera i jo. mnogo toga.",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4620
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.539111754845767
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HfqjRDpi/v3XWyYNDX5XcmPcnrW2S6CatskM0QlHCp:/q7gGFDX5dorWKskCFCp
                                                                                                                                                                                                                                                                                            MD5:8F3FD935C0BB5FFD63E021122CCF9D76
                                                                                                                                                                                                                                                                                            SHA1:CC25856FC3E5B571845A153E2647008E9D6BEE6D
                                                                                                                                                                                                                                                                                            SHA-256:6ADD6F420B6EA9E1DB45C79809F848276C3B3A0B988EC6EEC6135999962F2C69
                                                                                                                                                                                                                                                                                            SHA-512:D328C62E1D52A52C9A8402FA7EC4F3194FAEEC4E8ECC92C6B653D8E2CA3A4F75F32ECAB3AAFBF54010CD8E47D99D3EFB7CD88EB57DE0F1BF8F6E4328815C3DF3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Eg.sz.tse ki online v.delm.t . INGYEN!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Nagyszer.!",.. OEM_TOAST_VARIANT_INFO: "M.g nagyobb biztons.gban lehet online. Enged.lyezze a v.dett keres.st, hogy teljess. tegye a McAfee webes v.delmet, .s n.velje online biztons.g.t.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "A v.dett keres.s bekapcsol.s.val befejezte a McAfee webes v.delm.nek be.ll.t.s.t.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee v.rusirt. pr.baverzi.ja",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online b.ng.sz.v.delem",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "B.ng.sz.je v.delme a frontvonal a nem biztons.gos weboldalak, hivatkoz.sok, let.lt.sek, k.rt.kony programok stb. elleni biztons.g ter.n.",.. O

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4608
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.237023474585658
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HQj/oecik1Rs8CwrTww7Jr6QdIBOG1XY4RO2YC+qQAjMVL:4/obl1VnUw7Jr6QdIh1XY4RO2YC+pCMp
                                                                                                                                                                                                                                                                                            MD5:AC66BA2ED12DD9C411DA7807CA3AB822
                                                                                                                                                                                                                                                                                            SHA1:49704A3709617571B3190BE203DF4DD908CB5FBB
                                                                                                                                                                                                                                                                                            SHA-256:507391D53118C7223677B6E3B8A5B306E8CF8B804AB8312123446D85DA5A3098
                                                                                                                                                                                                                                                                                            SHA-512:B9ECF6BCFE4588074820EB6E4D1FA9ED8652EE3ADF5C3CAD95ECEB63031BC970784E7B31D200EE9E729FB993B24EDB151BB9098AB654A9E390181E5D01D0B844
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa la tua protezione online - GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ottimo!",.. OEM_TOAST_VARIANT_INFO: "Puoi migliorare notevolmente la protezione online. Aggiungi la protezione delle ricerche per integrare McAfee Web Protection e migliorare la tua sicurezza online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Hai completato la configurazione di McAfee Web Protection attivando la protezione delle ricerche.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prova di McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protezione online del browser",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protezione del browser . la prima linea di difesa da siti Web, collegamenti e download non protetti e dal malware.",.. OEM_TOAST_VARIANT_FEATURES_DISAB

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5215
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.864645907791899
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HaYG+SPT4mep9K9B95H1bccLyf/9f71bYwNKiVEVH9skXbrbQCQ6L2nKQKUG12K:q+SPT4mnh5d/KVYwNZiZ9RrOJ6gK
                                                                                                                                                                                                                                                                                            MD5:48F97C116108EE647F8CB084ACA1061D
                                                                                                                                                                                                                                                                                            SHA1:7B477A4BB92AC699CB0DB14DB15DAAF3462A795E
                                                                                                                                                                                                                                                                                            SHA-256:609237AD93361B1970E0B716F98B96E22573097D80135506BA09ABDA32E144E0
                                                                                                                                                                                                                                                                                            SHA-512:F58F8BCA36CE4409DE3893E3D133627C58BDA4C6F48762B3C2DB5EAEA12C625DA40E59728F147D474960FB2144C2912C6344606C5E5CCC6A2EDC7863787E2C29
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "................. - .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".......",.. OEM_TOAST_VARIANT_INFO: "............................... McAfee Web Protection ..........................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".............McAfee Web Protection ...............",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "..... .............",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".........",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4770
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.834199135632937
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HNby+JvldshnPhOVGUZoI+0MYAT2T1eHEzdaVQkwpSMHdr:tGk3sNhxHI+0cUKu06kTM9r
                                                                                                                                                                                                                                                                                            MD5:D229C7C4C1F0DD17D1EA378D1B064118
                                                                                                                                                                                                                                                                                            SHA1:42A0C0010C9DD6FD3FB32D4C2BE4B4253D08740B
                                                                                                                                                                                                                                                                                            SHA-256:52E62EAED42CBB578CC70999DF709B52B649D5675E3F431C7B59C5D81B7370BC
                                                                                                                                                                                                                                                                                            SHA-512:4E40BF22333561DAC150A54ABE283309EB1B89FF9758E9E6442A6519D6DE917521B4359A27A8C0C7A0713CCDEF89A25AD68F4159C038F351F52B6C9A0F71C41E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "... ... ... ... ......",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: "... ... ... . ..... .. ... .... ... McAfee . ... ... ... ... ......",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ... ..... McAfee . .. ... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee ...... ...",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "... .... ..",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".... ... .... .. . ..., .., ...., ... .. .. ... ... ......",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4467
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.379517540748781
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HqSH3f2pqCBDGeE36ZmcQf5xPCN1LeCYrWbVhYqeQGE/MSE:KmW4eClJ/PCN1LXYr2LYqdGE/xE
                                                                                                                                                                                                                                                                                            MD5:D18D3F399728DD12F88889400B4FA691
                                                                                                                                                                                                                                                                                            SHA1:E7D80F94E03D8A0CB2CDB029AA722A5BAB46410F
                                                                                                                                                                                                                                                                                            SHA-256:68D78BC683FF59575467FA9F39E2FE864FDC4280C8677C441044710632DB9B91
                                                                                                                                                                                                                                                                                            SHA-512:C5C77DEC2D57A4A3CF3377F6281174C530E341F51ADE09C19EA337F9A6C8C2A7B57B96349B30F65844B8AF82936329B5D391F2FE78B7626B6096A70C740D092F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Gj.r nettbeskyttelsen din komplett . KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ikke verst!",.. OEM_TOAST_VARIANT_INFO: "Du kan bli mye tryggere p. nettet. Legg til s.kebeskyttelse for . gj.re McAfee nettbeskyttelse komplett og forbedre nettsikkerheten din.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du fullf.rte konfigureringen av McAfee nettbeskyttelse ved . aktivere s.kebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversjon av McAfee antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Nettleserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Nettleserbeskyttelse er ditt fremste forsvar mot usikre webomr.der, koblinger, nedlastinger, skadelig programvare med mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4299
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.37954739360316
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H2AwS9S9NzRHuSpGikmkH4XRgPKvpR1E1B2azPDcF2g+FeksVMkgR1pfQ5hr:WAweeN9hGikmkHDKpRS1EaTDw2g+FfsV
                                                                                                                                                                                                                                                                                            MD5:272A2E091BEB2272D7321ABE108D31E8
                                                                                                                                                                                                                                                                                            SHA1:2711C644960BB9C964619F3F26A3D1DFEAF90746
                                                                                                                                                                                                                                                                                            SHA-256:627DAB36506F5874F959651AA936099BF31507D4CAAF79E96365433D64322901
                                                                                                                                                                                                                                                                                            SHA-512:0EC512CBFC0BE4ADC8970B374BA3EDF78B018BCE68A46B55A4FF96DC3393DB1B41E8715FBB81E595615AD97599C3ED586687BA5CE43E11AAC221312A14F5A303
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Voltooi uw online bescherming . GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Goed gedaan!",.. OEM_TOAST_VARIANT_INFO: "U kunt online veel veiliger zijn. Voeg zoekbescherming aan uw McAfee-webbescherming toe en verbeter uw online veiligheid.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "U hebt het instellen van uw McAfee-webbescherming voltooid door zoekbescherming in te schakelen.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Proefversie van McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeveiliging",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeveiliging is uw eerste verdedigingslinie tegen onveilige websites, koppelingen, downloads, malware en meer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Zoekbescherming",.. OEM_T

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4749
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.581947984855599
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HeH6Ry8L5clQB1MuoIbuNO8Q2STtWQLpXsJi6jiTZ/80zthQX2wgcl:+Ht8tclQB1AnO8Q2STtWQLpXsJrEZ/8N
                                                                                                                                                                                                                                                                                            MD5:97AABFAC4BC891F2C35F09D5DEAACFB6
                                                                                                                                                                                                                                                                                            SHA1:8DBE7AEF374BBE8C4D29E67755AB3AA42A8A6B36
                                                                                                                                                                                                                                                                                            SHA-256:921F9588367507FFB2E155F37E4011400C5C997E343B085861F7ACB117B319FB
                                                                                                                                                                                                                                                                                            SHA-512:259D3DA3CC9666C0A5A06CD5C32750A02C75D19A06D3C07ED7CAEE73473366A883E02651608E4D3464D4FFFFCC4852452CD4EA4DAFA47107DABD03293D7BDB3E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Wzmocnij swoj. ochron. w Internecie . BEZP.ATNIE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Dobra robota!",.. OEM_TOAST_VARIANT_INFO: "Mo.esz mie. znacznie wi.ksz. ochron. w Internecie. Dodaj ochron. wyszukiwania, aby wzmocni. ochron. funkcji McAfee Web Protection i zwi.kszy. swoje bezpiecze.stwo w Internecie.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Uko.czono konfiguracj. funkcji McAfee Web Protection poprzez w..czenie ochrony wyszukiwania.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Wersja pr.bna programu McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrona przegl.darki w Internecie",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrona przegl.darki to pierwsza linia obrony przed niebezpiecznymi witrynami, ..czami, pob

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4556
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.389950553479833
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Hlahgzv62PaQaLuR89CrPnzGS77lq+XQsBC:FaqvFL7R89MPnzGS77U+AsBC
                                                                                                                                                                                                                                                                                            MD5:627D62246EA849E3823CB44DA1D8DFC5
                                                                                                                                                                                                                                                                                            SHA1:421FC163038B611F6B29C5306331E0725871CA1F
                                                                                                                                                                                                                                                                                            SHA-256:5145465559F0C5F67D3AD7B07170ABCDDA2D3639DC51A9F18C5B93BEFAB1C6C4
                                                                                                                                                                                                                                                                                            SHA-512:076E6717C87073C4559C66320853361ED6C05E2E96BD4C66B6C25687DEDD068F787C288F02BF8D0FA2BE8AD97C6F9DA1F59BC49ABA2F3C32B4C7104273145FC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Conclua a sua prote..o on-line GRATUITAMENTE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ". isso a.!",.. OEM_TOAST_VARIANT_INFO: "Voc. pode ter muito mais seguran.a on-line. Adicione prote..o de pesquisa para completar o McAfee Web Protection e aumentar sua seguran.a on-line.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Voc. concluiu a configura..o do McAfee Web Protection ativando a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o gr.tis do antiv.rus da McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o do navegador on-line",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o do navegador . sua primeira linha de defesa contra sites, links e downloads inseguros, malware e muito mais.",.. OEM_TOAST_VARIA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4478
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.370623994510734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HI2q8anq+9cCh9FcTVvtObxsp0R1vsfYRq+XQwCc:o38eq7CTWRvtO6pe1vsfYg+AwCc
                                                                                                                                                                                                                                                                                            MD5:2A76152D14793AFD1ADD1B5EB30A5015
                                                                                                                                                                                                                                                                                            SHA1:CB351E46E20EE5E37E8C12C38966FF939929EC0C
                                                                                                                                                                                                                                                                                            SHA-256:C691ADB641E71F8FC9F9A144C357BDF1F0BB7CD8BC21C234E40E3442B3520DF4
                                                                                                                                                                                                                                                                                            SHA-512:311293E9F37A0AB09DA78F99BE0C6E6D8D30CF360F8CA7273792FDC8EF503CC1423B247E2BB709EBC77B4E46FD91AF28253FCE01A8EF283F3EB425AB5C7F809B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Complete a sua prote..o online . GR.TIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Boa!",.. OEM_TOAST_VARIANT_INFO: "Pode estar muito mais seguro online. Adicione a prote..o de pesquisa para completar o seu McAfee Web Protection e aumentar a sua seguran.a online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Terminou de configurar o seu McAfee Web Protection ao ativar a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o do antiv.rus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o de browser online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o de browser . a sua primeira linha de defesa contra Web sites inseguros, transfer.ncias, malware e muito mais.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "P

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6441
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.190585989195741
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H3P3dV2BQF3iK4ttHiUWB3E4L2bLrrDSiaA1oSUd0BSO+Vft1ZQpmvfR6/:v/2Bo3L4iPdMPnSvA1UQbGf6pMfR6/
                                                                                                                                                                                                                                                                                            MD5:B598CC6240BDC7756AE9BE89334A1BD0
                                                                                                                                                                                                                                                                                            SHA1:152CB1B0CFEFE33D041E1B0EF8D71B505E31897D
                                                                                                                                                                                                                                                                                            SHA-256:61D74121D469B56F7823E83C669267EE923FE0A66A72F2B2FD4954C8AB70CEDB
                                                                                                                                                                                                                                                                                            SHA-512:59375E86447199DC4649FACEC4552A92D132C67425FDA39F2DF6D9986B8176CE99D6D67E80AD224BA23269D658965B432B759C9803872EB3F07BC8EF59ABE21B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "......... .... ...... . ......... . .........!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "... .......!",.. OEM_TOAST_VARIANT_INFO: ".. ...... ........ .... ............ . .......... ........ ...... ......, ..... ......... McAfee Web Protection . ........ .... ............ . ..........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ......... ......... McAfee Web Protection, ....... ...... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "....... ...... McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "...... ........ . .........",.. OEM_TOAST_VARIANT_FREE_LABE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4713
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.638720688354164
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Hu/cMHiS0zIB64Vb8JmdTv6zInPVO+mMQ9bf:2c+iE64xTdTvPVng9bf
                                                                                                                                                                                                                                                                                            MD5:98C22BBD3E4136933A5F0EB6707AA884
                                                                                                                                                                                                                                                                                            SHA1:AABB26A2BA9EF05C609D01948011319AF7D286D2
                                                                                                                                                                                                                                                                                            SHA-256:398C43FF634071AD03814BD05A8374373C55EA7B7D4FE747AC42E6AB7F2B0109
                                                                                                                                                                                                                                                                                            SHA-512:FECDB71569C419261B9E6290F918FF2702ABAF92CC2E21C4EF0BE52E2DC6426B6E572C74BD73FA7EDD74FCD719B5AB7D3E6881CE46E754F325523CD70810645F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ite nastavenie online ochrany ZADARMO.",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Chr..te sa.",.. OEM_TOAST_VARIANT_INFO: "Aj online m..ete by. v.bezpe... Pridajte ochranu vyh.ad.vania do produktu McAfee Web Protection a.zv..te svoju bezpe.nos. online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Zapnut.m ochrany vyh.ad.vania ste dokon.ili nastavenie McAfee Web Protection.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Sk..obn. verzia antiv.rusu od McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana online prehliada.a",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prehliada.a tvor. prv. .rove. ochrany pred nebezpe.n.mi webov.mi lokalitami, odkazmi, stiahnut.mi s.bormi, malv.rom a .al..mi hrozbami.",.. OEM_TOA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4628
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.428196140824858
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H7718TA7STZFOZGOA9wSdASMoNNPDgYK0hQOLYBB8:b7glDu8ASMAtjK0mOEBS
                                                                                                                                                                                                                                                                                            MD5:C3D070FCFB31E3CEBE62044DE51CCECE
                                                                                                                                                                                                                                                                                            SHA1:C771BCB9E8B93B0E2CE2115D6AC18AF7E4A0E571
                                                                                                                                                                                                                                                                                            SHA-256:FF97B78D705C00E778EF02F4E39544383BD2EB80CFA77F0862B64D101DC93923
                                                                                                                                                                                                                                                                                            SHA-512:2540494AF41DEC6B839EA1DB15405D6BF310611CBDA3F8E1C36CDE3BB3B2BDC61A6EFF0A8E03F47A21ABE5BD61A118BEE279699505AB9038010D75D09C7140A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Upotpunite za.titu na internetu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Prava stvar!",.. OEM_TOAST_VARIANT_INFO: "Mo.ete biti mnogo bezbedniji na internetu. Dodajte za.titu pregledanja kako biste upotpunili McAfee Web Protection i pobolj.ali bezbednost na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Upotpunili ste postavku McAfee Web Protection omogu.uju.i za.titu pregledanja.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee antivirusnog programa",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita pregleda.a na internetu",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita pregleda.a je va.a prva linija odbrane od nebezbednih veb lokacija, veza, preuzimanja, malvera i jo. toga.",.. OEM_TOAST_VARIANT_FEATU

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4220
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.441230452443078
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HkTQd3F1N1KuBfzHv7afFmZMfSseE08bwzGt9S0NpQIrCF+AQmGIXe:KWVBbz5vsec0zK9p1LL/IXe
                                                                                                                                                                                                                                                                                            MD5:CE23978A62AFD467DDBD64F786E74750
                                                                                                                                                                                                                                                                                            SHA1:7089283981168AB8808979A599E353D81151C1EA
                                                                                                                                                                                                                                                                                            SHA-256:2FFCA48116362E5B65F6526568EFBFAB54678B685A67C9772E64E359DAB5FBFC
                                                                                                                                                                                                                                                                                            SHA-512:19BA48D404A3251345E8E0095165C966F138E16C576B84DF6B4BED9EC8D7EBB0F445B88D4F7ACDF5FFC47C192BE073DBDB533183AC662CCA4F54A57B7FBE0511
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Fullborda ditt skydd online - KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.d.r ja!",.. OEM_TOAST_VARIANT_INFO: "Du kan surfa mycket s.krare. L.gg till s.kskydd f.r att komplettera McAfee Web Protection och f.rb.ttra din s.kerhet online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har fullbordat inst.llningen av McAfee Web Protection genom att aktivera s.kskydd.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Provversion av McAfees virusskydd",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Webbl.sarskydd online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Webbl.sarskyddet .r ditt f.rsta f.rsvar mot os.kra webbsidor, l.nkar, h.mtningar, malware och mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "S.kskydd",.. OEM_TOAST_VARIANT_FEA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4525
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.522367101435932
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HsafCWrSckFzm3EzHFSCvXV4lsQtFT7rk:MaKWrSzm3EzHFSCP43Pvk
                                                                                                                                                                                                                                                                                            MD5:83B37F5846940C7D0EA2E0CCC9730D42
                                                                                                                                                                                                                                                                                            SHA1:F969AFAB823DA412A382D590490C96F9643ED6C5
                                                                                                                                                                                                                                                                                            SHA-256:27D79933371575B66BE1D5D1AB23983C2EBF5CCB7657E293645AB54C1AC682C4
                                                                                                                                                                                                                                                                                            SHA-512:4C6870BBECDF899595101E3ED38C75F686DD741E83D6FDCBB313146C3E918A63831BD4F5CD1856904EE89D86C88B5C1A8ADDB23D037F988DA33811D95A14340D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".evrimi.i koruman.z. tamamlay.n - .CRETS.Z!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tebrikler!",.. OEM_TOAST_VARIANT_INFO: ".evrim i.i .ok daha g.vende olabilirsiniz. McAfee Web Protection'. tamamlamak ve .evrim i.i g.venli.inizi art.rmak i.in arama korumas.n. ekleyin.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Arama korumas.n. etkinle.tirerek McAfee Web Protection'. .evrim i.i kurmay. tamamlad.n.z.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus Denemesi",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".evrim i.i taray.c. korumas.",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Taray.c. korumas.; g.venli olmayan web siteleri, ba.lant.lar, indirmeler, zararl. yaz.l.m vb.'ine kar.. ilk savunma hatt.n.zd.r.",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4033
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.105667869437987
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H69N08pRNQ/OJJNZsjB90G3Qm/aCQVH/s:a9+qN7JJ7mBKUQCaBN/s
                                                                                                                                                                                                                                                                                            MD5:E2A29E09F6DACDC784DDB305145981EB
                                                                                                                                                                                                                                                                                            SHA1:90CE562A9CA481445DEFA4051AA29197D615CFB3
                                                                                                                                                                                                                                                                                            SHA-256:BE94B132161BA6BE1C36C0AC54E4C85B9C0A983856C2BA58972733013A18368B
                                                                                                                                                                                                                                                                                            SHA-512:634E868A5F22EE4D485E762FD3AE4AC550F56EAF8D7BF8CEA92C73248344DC2B38CD7D3FFD03D8BA021EAC82C8309B0685CFEB45CD3DD03B2BA9122F8CC545B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........ . ..!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".....!",.. OEM_TOAST_VARIANT_INFO: ".......................................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".......................",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...........",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC: "......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4288
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.170207978583642
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:HummxlGEjsinJjE8X7IujB0LbIF5fFrQTyKhw:OmmOvkEU7IuN0+5fF0vhw
                                                                                                                                                                                                                                                                                            MD5:C59D8300FCE50936AD4AAF33E704BE1E
                                                                                                                                                                                                                                                                                            SHA1:16AA3BBB5F5A1CFC47B0C218DB3CE2676C7031AB
                                                                                                                                                                                                                                                                                            SHA-256:7EDF77479CFEEFC6CF3645E1C1746DFA64896387149FE386276DFFEE6414FEC7
                                                                                                                                                                                                                                                                                            SHA-512:556E11F63BDA6B2636C33DD2FED75ED770F390A3D3753F6B3EC3F8FCA1DBDC446CAB14EEC82D408917F138527B70E62339B32DA24D211CE64B74D62927A3418B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".......... . .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......",.. OEM_TOAST_VARIANT_INFO: "................ McAfee Web ...................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............. McAfee Web ......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus ..",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".....................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3415
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.663699321642511
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:calbcPcTkV6hxvM/L4PgzN/6hxO232sN4agGuI:GUwdkec2sN4agGuI
                                                                                                                                                                                                                                                                                            MD5:F871A43BEBA4D0A0E63B9F8413FC1556
                                                                                                                                                                                                                                                                                            SHA1:E0572DE3E310E9DB3AAF334476DBA3F9A2242FE0
                                                                                                                                                                                                                                                                                            SHA-256:0EB7329CF81505809CDDD246F514C48447EF06DCA11F04FDFF77C0D3E4C0EDF8
                                                                                                                                                                                                                                                                                            SHA-512:09959B7178B93541D2484E60B39124F84062E856EB8A9A43815A6B59D589C2F431BBAFF612D80FCC5193EB6E48141E886A696FA34A1AAC23D16CC5114392F730
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "N.pov.da",.. HELP_FAQ_TITLE: "Nej.ast.j.. dotazy",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Za.lete n.m e-mail na adresu",.. ABOUT: "O aplikaci",.. ABOUT_DESCRIPTION: "D.ky aplikaci {0} se m..ete na internetu l.pe rozhodovat.",.. CREATE_SAFER_PASSWORDS: "Vytv..en. bezpe.n.j..ch hesel",.. DOWNLOAD_CONFIDENTLY: "Stahov.n. bez obav",.. SETTINGS_SS_OPTION_ALL: "Informovat o bezpe.nosti v.sledk. hled.n. ve v.ech vyhled.va..ch",.. SETTINGS_SS_OPTION_NONE: "Neinformovat o v.sledc.ch hled.n.",.. SETTINGS_SS_OPTION_SS: "Informovat o bezpe.nosti v.sledk. hled.n. pouze ve slu.b. Bezpe.n. hled.n.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Vlo.te nebo zadejte adresu URL.",.. TRUST_SITE: "D.v..ovat str.nce",.. DONT_TRUST: "Ned.v..ovat",.. HELP_FAQ_SECTION_ONE_HEADER: "K .emu slou.. aplikace {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "D.ky aplikaci {0} se m..ete na in

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3222
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.389308428477568
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cIWPf2VFTTGDGMZO4WVFwT/s9vyNnma/DvOvEiFk83qS8sDQTjmHBgp5M9i:9FMZAOgFiizJMjmWp
                                                                                                                                                                                                                                                                                            MD5:05F93BEE6174DEC723063D1FABB017FB
                                                                                                                                                                                                                                                                                            SHA1:39FFF628464B472569FC7B718CDE87C561A6E923
                                                                                                                                                                                                                                                                                            SHA-256:0190AE9C1E2DB7367CF7457A2D6B44DA7728016FA1E165C305C9163363CD144A
                                                                                                                                                                                                                                                                                            SHA-512:0F4504701EBA305B041A478D58FBA00472319CC8ABFF567C10D4C415A6CAD82788CEDF17B55B2DE44270AB057348122E99AF00E986C371720A5DD4F8DD0A522C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Ofte stillede sp.rgsm.l",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Send en mail til os p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. CREATE_SAFER_PASSWORDS: "Opret sikrere adgangskoder",.. DOWNLOAD_CONFIDENTLY: "Sikre overf.rsler",.. SETTINGS_SS_OPTION_ALL: "Fort.l mig, om et s.geresultat er sikkert i alle s.gemaskiner",.. SETTINGS_SS_OPTION_NONE: "Fort.l mig ikke om s.geresultater",.. SETTINGS_SS_OPTION_SS: "Fort.l mig, om et s.geresultat kun er sikkert i Sikker s.gning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Inds.t eller skriv URL-adressen",.. TRUST_SITE: "Har tillid til websted",.. DONT_TRUST: "Har ikke tillid",.. HELP_FAQ_SECTION_ONE_HEADER: "Hvad er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. HELP_F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3302
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.379842622310449
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:c5vPqTKqMocuMD9nd/9j25ktHec9VYwpu4sD2oitofo:BNMVLac+uYwp9sD2pt2o
                                                                                                                                                                                                                                                                                            MD5:CB4C262098602CC60EEF4532583A7545
                                                                                                                                                                                                                                                                                            SHA1:8E9204F995238A74BB55EA8E93C09B6AC800F73E
                                                                                                                                                                                                                                                                                            SHA-256:B372D32C799A248F585654AFACDA7800EE196EF2F70C4028BCF225B85330760B
                                                                                                                                                                                                                                                                                            SHA-512:C55121C8A351F5329C56B1ABE7D7D5B3425BE78F4891BB789E33D21EE24BB2309684FED1C01BDCD46884CACB3E34131B66FB23A1DF6C043BEDC1582D725857A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Hilfe",.. HELP_FAQ_TITLE: "H.ufig gestellte Fragen (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Senden Sie uns eine E-Mail:",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "Dank {0} k.nnen Sie besser entscheiden, welche Websites Sie unbesorgt besuchen k.nnen.",.. CREATE_SAFER_PASSWORDS: "Sicherere Kennw.rter erstellen",.. DOWNLOAD_CONFIDENTLY: "Sichere Dateien herunterladen",.. SETTINGS_SS_OPTION_ALL: "In jeder Suchmaschine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_NONE: "Keine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_SS: "Nur bei der sicheren Suche Bewertung von Suchergebnissen anzeigen",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL einf.gen oder eingeben",.. TRUST_SITE: "Site als vertrauensw.rdig einstufen",.. DONT_TRUST: "Nicht als vertrauensw.rdig einstufen",.. HELP_FAQ_SECTION_ONE_HEADER: "Was ist {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Dank {0} k.nnen Sie

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5323
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.035439820478563
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:czSqYMiAFSTIbO48c2aO490VuVMGzqRcAF+gx/ijYz2HC8Tt7iVJnIjz1NCPcWFs:DMO8w3BVGt22jz1QPltZIHt1v
                                                                                                                                                                                                                                                                                            MD5:543396848C547A85C940508FDDBCACF2
                                                                                                                                                                                                                                                                                            SHA1:7F735CBCD5A0E1A2F263DECE666F33E4CF033475
                                                                                                                                                                                                                                                                                            SHA-256:E2BEED1B0D6CFC53B4C82650E622BBE97B6692832208DF64A164EABD25560F86
                                                                                                                                                                                                                                                                                            SHA-512:249C363EF57B0F15EB92E88C22D9B122FC12C7B2F6E6BEC71CC07D7B771D80155F25ACE84C9F66E34A08EDA9515D231205C4232428BD6DFCA18FECCAA0F5867B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "...... .........",.. HELP_SUPPORT_TITLE: "..........",.. HELP_EMAIL_US: "....... ... ...... ............ ............ ... .........",.. ABOUT: "...........",.. ABOUT_DESCRIPTION: ".. {0} ... ..... .. ......... .......... ......... ....... .. ... ......... ... ... Internet.",.. CREATE_SAFER_PASSWORDS: "............ ............. ........ .........",.. DOWNLOAD_CONFIDENTLY: "......... ...... .. ........",.. SETTINGS_SS_OPTION_ALL: ".. ............ .. ... .......... .......... ..... ....... .. ........... ......... ..........",.. SETTINGS_SS_OPTION_NONE: ".. ... ............ ..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2970
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.359520151385515
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cwr9pTTyT7Few0MxjU99E/E0v7StLuJHTuiGextXq/JXTGpUx86NQ4QeQr4+8Lke:cwr9pPyTEMxI99E/fTStLOz7xtulGOxh
                                                                                                                                                                                                                                                                                            MD5:48CB347553678CDD242A99A86CA779F4
                                                                                                                                                                                                                                                                                            SHA1:4808DA1C10503C75787100D1C55ABE725ABADD16
                                                                                                                                                                                                                                                                                            SHA-256:00E932898E972214C2218FFAB0C957A37B4317C1DAAD07C09040DCB2F470ADC3
                                                                                                                                                                                                                                                                                            SHA-512:6A96500AC41139CD89DA2D93E91DAC5A6F4EE9577B316952A4D7855B6D82CDB86A97A3F1696B771BA7F8242F09F69F761F8274198A89B557CAA60279EFC75FDC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Frequently Asked Questions (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Email us at",.. ABOUT: "About",.. ABOUT_DESCRIPTION: "{0} helps you make better decisions about what you do online.",.. CREATE_SAFER_PASSWORDS: "Create safer passwords",.. DOWNLOAD_CONFIDENTLY: "Download confidently",.. SETTINGS_SS_OPTION_ALL: "Tell me if a search result is safe in any search engine",.. SETTINGS_SS_OPTION_NONE: "Don't tell me about search results",.. SETTINGS_SS_OPTION_SS: "Tell me if a search result is safe only in Secure Search",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Paste or type your URL",.. TRUST_SITE: "Trust site",.. DONT_TRUST: "Don't trust",.. HELP_FAQ_SECTION_ONE_HEADER: "What is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helps you make better decisions about what you do online.",.. HELP_FAQ_SECTION_TWO_HEADER: "How do I share {0} with others?",.. HELP_FAQ_SECTION_TWO_CO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3318
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3850350116755745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cDEMyiTKKM+hOeBgn/qfBJq3/GQjD7mQujWoIcsW:vieH+g1D7mfIcsW
                                                                                                                                                                                                                                                                                            MD5:1ABB132302373913E044F5156D9CC718
                                                                                                                                                                                                                                                                                            SHA1:20B85AA4B6306CCB0BB125E5E49E5E073B763991
                                                                                                                                                                                                                                                                                            SHA-256:0349E70A1860DC9771D2EAD686D0210CB0F1782320AC9B04DB71D2E5E69210FA
                                                                                                                                                                                                                                                                                            SHA-512:B8B1EC3B6ABD0F1182D7918E0C16C471B02C4BE1B4E82E99A2A8EDFF2789DEA36D625CA43256861AA30C87834135730D39A7E928EA789CD074AFC0D79D87AA1C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico a",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} le ayuda a tomar decisiones m.s fundamentadas acerca del uso que hace de Internet.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con seguridad",.. SETTINGS_SS_OPTION_ALL: "Informarme si un resultado de b.squeda es seguro en otro motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No informarme de resultados de b.squeda",.. SETTINGS_SS_OPTION_SS: "Informarme si un resultado de b.squeda es seguro solo en B.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Confiar en el sitio web",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} le ayuda a tomar decisiones m.s fu

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3269
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.397713898219972
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cDEMRrT9tM+hOeBJDfE/ZABFWeLT91e5kkmpouToIc2eoxkPnsP:SRO+gEDUkkmAIc6yW
                                                                                                                                                                                                                                                                                            MD5:97E9F25CBE09014C9906AFD501BEAFA0
                                                                                                                                                                                                                                                                                            SHA1:BE2AF679DD853D45B9DD60358414545A82B90EB1
                                                                                                                                                                                                                                                                                            SHA-256:17C0012EA577B98F47FFAE2429659F4FBE58F0224D3FBE598EFF4EB54B151226
                                                                                                                                                                                                                                                                                            SHA-512:EF677C7E908147AE73DC4052A428E3F620B213A2E3E4DD1FB3AEA09E3AC5DADD98BAE6F7181470DBC49AAAF17D32630429395DB9C5F70B61D7CB2918903D1C4D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} lo ayuda a tomar mejores decisiones acerca de lo que hace en l.nea.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con confianza",.. SETTINGS_SS_OPTION_ALL: "Comunicarme si un resultado de b.squeda es seguro en cualquier motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No comunicarme sobre los resultados de b.squedas",.. SETTINGS_SS_OPTION_SS: "Comunicarme si un resultado de b.squeda es seguro solo en b.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Sitio de confianza",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} lo ayuda a tomar mejores decisiones acerc

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3156
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.33605601525227
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cFjnmzGSTEMQHo+X/lFYpHNVbA5yZq0Ui4M:dzGSxDlNFR8i4M
                                                                                                                                                                                                                                                                                            MD5:D8FF9BDC8147DA96CC69F322C4FA6ACC
                                                                                                                                                                                                                                                                                            SHA1:65960751D1CDB2250BA4D9879D41CF5F599FA704
                                                                                                                                                                                                                                                                                            SHA-256:EFBD90EE29D723EDBA33CEB4B65CA4D8B2C58F6C71B5F9A5F0D1E4C746DE0051
                                                                                                                                                                                                                                                                                            SHA-512:E84907162A1D82A7EEAA1B42B8132FA3722A3835D5552F75DDBAB0E95E674A271307DA77B9A6B5D5C1366E577A43CC0A82B3987810579456279DF9AD5B061B92
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Ohje",.. HELP_FAQ_TITLE: "Usein kysytyt kysymykset (UKK)",.. HELP_SUPPORT_TITLE: "Tuki",.. HELP_EMAIL_US: "L.het. meille s.hk.postia osoitteeseen",.. ABOUT: "Tietoja",.. ABOUT_DESCRIPTION: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. CREATE_SAFER_PASSWORDS: "Entist. turvallisempien salasanojen luominen",.. DOWNLOAD_CONFIDENTLY: "Luotettava lataaminen",.. SETTINGS_SS_OPTION_ALL: "Ilmoita, onko hakutulos turvallinen, miss. tahansa hakukoneessa",.. SETTINGS_SS_OPTION_NONE: ".l. n.yt. ilmoituksia hakutulosten turvallisuudesta",.. SETTINGS_SS_OPTION_SS: "Ilmoita, onko hakutulos turvallinen, kun k.yt.n Suojattua hakua",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Liit. tai kirjoita URL-osoite",.. TRUST_SITE: "Luota sivustoon",.. DONT_TRUST: ".l. luota",.. HELP_FAQ_SECTION_ONE_HEADER: "Mik. on {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. HELP_FAQ_S

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3475
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.380064521367525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cyXk9LMTrBXOkXco29M5t6QUxT//fM5NzyKt6yQjheF:zZR+ksoX4xgbyK1QjheF
                                                                                                                                                                                                                                                                                            MD5:1D1010C1A91C8E03E85C55B9F4A8130C
                                                                                                                                                                                                                                                                                            SHA1:02549B15939F77C47606480F4190F50485F81C27
                                                                                                                                                                                                                                                                                            SHA-256:36424E6C178278FDA2EEEA0ED4F2769E2AE3F8CA97E99B1DC3B430FB20D67EAA
                                                                                                                                                                                                                                                                                            SHA-512:6D5B9227D893145AADC501540A6E2A630536C0C354E83862710023102D3560FC609BD70B7FFE9271F4CC6491A22205901975DE9963F4AB492274A8961E1F32DA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Soutien",.. HELP_EMAIL_US: "Envoyez-nous un courriel au",.. ABOUT: ". propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre de meilleures d.cisions sur vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.er des mots de passe plus s.rs",.. DOWNLOAD_CONFIDENTLY: "T.l.charger de fa.on confidentielle",.. SETTINGS_SS_OPTION_ALL: "Me dire si un r.sultat de recherche est s.r dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne pas me parler des r.sultats de recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si un r.sultat de recherche est s.r seulement dans la recherche s.curis.e",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Coller ou saisir votre URL",.. TRUST_SITE: "Faire confiance au site",.. DONT_TRUST: "Ne pas faire confiance",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3557
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.410531724928662
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cyXkPWgMTpX56126MJk7OQTxN//i46XeNWtd0lDqKStVGC4jRgoO9:zrN1XU1G2xKnINCieoM
                                                                                                                                                                                                                                                                                            MD5:E9A8D60AAE57F78CCEC75BEEE14B6122
                                                                                                                                                                                                                                                                                            SHA1:71652B16C1ACDA2FB300873F1B33A52A398F20F0
                                                                                                                                                                                                                                                                                            SHA-256:C837B7D43825F402B8CFE9C23F788D86CF74BF9AC3CA91CFF19235F6F5BB5AEE
                                                                                                                                                                                                                                                                                            SHA-512:2F3E398B5B5001BD2C242659EBDCCB02BA3CFB059961D4F4BAB6B0C409EEDA012F9949D327DC099E890929B2310692D499E15270D61CB2B8CC41427D4A04E87B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Contactez-nous par e-mail . cette adresse",.. ABOUT: "A propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre les bonnes d.cisions en ce qui concerne vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.ez des mots de passe plus fiables",.. DOWNLOAD_CONFIDENTLY: "T.l.chargez en toute confiance",.. SETTINGS_SS_OPTION_ALL: "Me dire si le r.sultat de la recherche est prot.g. dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne rien me dire sur les r.sultats de la recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si le r.sultat de la recherche est prot.g. dans la recherche s.curis.e uniquement",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Collez ou saisissez l'URL",.. TRUST_SITE: "Approuver",.. DONT_TRUST: "Ne pas approuver",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}.?",.. HELP_FAQ

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3286
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.445102457415404
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cv359TfWlMbZ5ur/cOKc+vOOES9Wxt9yzoIEZUDrBdjoe2o:iLW2yYlVES9+96UuDrBdjoHo
                                                                                                                                                                                                                                                                                            MD5:4944158CB57A53158D69C4A1F0974A8D
                                                                                                                                                                                                                                                                                            SHA1:72279B039A08651B100A87921731559AC752D71D
                                                                                                                                                                                                                                                                                            SHA-256:D020049D2A1057C240AE486A431BDEEBCD055F7BF5D5464E1944EEA47817344E
                                                                                                                                                                                                                                                                                            SHA-512:A3F33A763D1305A2D09C63E9F46A275B5955585DF06EE3547716E03FA6A6707C88BC8B3275C3992DB4474AA69B3134E539EFEB82596C514EF8B31D737F751E1F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: ".esto postavljana pitanja (.PP)",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Obratite nam se na adresi e-po.te",.. ABOUT: "O aplikaciji",.. ABOUT_DESCRIPTION: "{0} poma.e vam u dono.enju boljih odluka o tome .to .inite na mre.i.",.. CREATE_SAFER_PASSWORDS: "Stvorite sigurnije lozinke",.. DOWNLOAD_CONFIDENTLY: "Pouzdano preuzimajte",.. SETTINGS_SS_OPTION_ALL: "Obavijesti me ako je rezultat pretra.ivanja siguran u bilo kojoj tra.ilici",.. SETTINGS_SS_OPTION_NONE: "Nemoj me obavijestiti o rezultatima pretra.ivanja",.. SETTINGS_SS_OPTION_SS: "Obavijesti me ako je rezultat pretra.ivanja siguran samo u Sigurnom pretra.ivanju",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Zalijepite ili unesite svoj URL",.. TRUST_SITE: "Mjesto smatraj pouzdanim",.. DONT_TRUST: "Ne smatraj pouzdanim",.. HELP_FAQ_SECTION_ONE_HEADER: ".to je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} poma.e vam

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3670
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.573215491924637
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:c491zbQ9T9aMhF7fQdq/SvRonzXfFNtvf1B1BER7yU8p:tbQ9hfQfRonzb/3iRGU8p
                                                                                                                                                                                                                                                                                            MD5:E4FD82A296AC2A08459CC0350283A319
                                                                                                                                                                                                                                                                                            SHA1:24C9D4A5144E23C62E02B2EF507DD982B84815BE
                                                                                                                                                                                                                                                                                            SHA-256:8F307EC1E7959E22410B15998004E9D6E1211AAA7FEEA01A1D41431272969A3B
                                                                                                                                                                                                                                                                                            SHA-512:9C31ADA08A11B5CB507671E74A675F9D4F9743DA8A2A31ADE2C2DB2BAC62B89291CE9C42FAEE24EDCC2A8BE1A69883C4A43DBFBA225B6FD455D7700C871731BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "S.g.",.. HELP_FAQ_TITLE: "Gyakran ism.telt k.rd.sek (GYIK)",.. HELP_SUPPORT_TITLE: "T.mogat.s",.. HELP_EMAIL_US: "K.ldj.n nek.nk e-mailt az al.bbi c.mre:",.. ABOUT: "N.vjegy",.. ABOUT_DESCRIPTION: "A(z) {0} seg.ts.get ny.jt ahhoz, hogy jobb d.nt.seket hozhasson az online vil.gban.",.. CREATE_SAFER_PASSWORDS: "Biztons.gosabb jelszavak l.trehoz.sa",.. DOWNLOAD_CONFIDENTLY: "Biztons.gos let.lt.s",.. SETTINGS_SS_OPTION_ALL: "T.j.koztasson a keres.s eredm.ny.nek biztons.goss.g.r.l b.rmely keres.motorra vonatkoz.an",.. SETTINGS_SS_OPTION_NONE: "Ne t.j.koztasson a keres.si eredm.nyekkel kapcsolatban",.. SETTINGS_SS_OPTION_SS: "A keres.s eredm.ny.nek biztons.goss.g.r.l csak a Biztons.gos keres.sben t.j.koztasson",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL beilleszt.se vagy be.r.sa",.. TRUST_SITE: "Megb.zhat. webhely",.. DONT_TRUST: "Nem megb.zhat.",.. HELP_FAQ_SECTIO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3280
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.322858493506595
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cF+xiITUmLgSM+xy07Zg/ikrQs9N46fkjorok0jQxsT0:QIIag/+fENbsErI0xsQ
                                                                                                                                                                                                                                                                                            MD5:8FAF76184E737C9A673519A387EFC9F8
                                                                                                                                                                                                                                                                                            SHA1:8608FF2194C635F1193FBCADDECAB2F768E00DAB
                                                                                                                                                                                                                                                                                            SHA-256:EF0AB3D766B85F225C532B3E83D2291E838F373826A891071BFBE2E589F6D9E3
                                                                                                                                                                                                                                                                                            SHA-512:BACF279DB501BD08FF110FF02FAC569A3D5ECB36DB0A52292721F95DC6C8B9FB77584101A98B37496CBE54B9FBB7C6AE47FE577D44577C03ED1EEA02B5257FB7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Guida",.. HELP_FAQ_TITLE: "Domande frequenti",.. HELP_SUPPORT_TITLE: "Assistenza",.. HELP_EMAIL_US: "Contattaci via email all'indirizzo",.. ABOUT: "Informazioni su",.. ABOUT_DESCRIPTION: "{0} ti aiuta a prendere decisioni pi. consapevoli sulle attivit. online.",.. CREATE_SAFER_PASSWORDS: "Crea password pi. sicure",.. DOWNLOAD_CONFIDENTLY: "Scarica con la massima sicurezza",.. SETTINGS_SS_OPTION_ALL: "Comunicami se un risultato di ricerca . sicuro in un motore di ricerca",.. SETTINGS_SS_OPTION_NONE: "Non comunicare nulla riguardo ai risultati di ricerca",.. SETTINGS_SS_OPTION_SS: "Comunicami se un risultato di ricerca . sicuro solo in ricerca sicura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Incolla o digita l'URL",.. TRUST_SITE: "Considera affidabile il sito",.. DONT_TRUST: "Non considerare affidabile",.. HELP_FAQ_SECTION_ONE_HEADER: "Che cos'. {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ti aiuta a prendere dec

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3760
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.753349775330985
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cFuvhOT6tGCuqZu0KMV1V6Gq//0bNbJkKjixAwRm4wegixVU0is:1YGtGCuyu0HfDFBPiKem4/gi/n
                                                                                                                                                                                                                                                                                            MD5:FFA3A4CED29FC57F7FE708B693081466
                                                                                                                                                                                                                                                                                            SHA1:4D3EFACD7EA8D75FD10B0A436068513CA77CC89A
                                                                                                                                                                                                                                                                                            SHA-256:EEFBA8E4306B833BDBB6EF34AC3BA3D1C954884FBAF9BFC9F31DBB7F3E52E263
                                                                                                                                                                                                                                                                                            SHA-512:1DFE28F724D7A3AA98DD3B1C82F4FDADF263EEF79CE162A174FF0C854E352FA11743D916B5D52B9EFEA4A67A5680F00A079C3A1DF1C53CC052C5FDF3562094C1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "....",.. HELP_EMAIL_US: "........",.. ABOUT: ".......",.. ABOUT_DESCRIPTION: "{0} ...................",.. CREATE_SAFER_PASSWORDS: "...............",.. DOWNLOAD_CONFIDENTLY: "...........",.. SETTINGS_SS_OPTION_ALL: "..........................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: ".... .....................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL ................",.. TRUST_SITE: "........",.. DONT_TRUST: ".....",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} .......",.. HELP_FAQ_SECTI

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3451
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.831296283324677
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:c0hbqh5TgP81LM2z7i6B/+XP6HUdYXx/gAw8otAJ2y8Bwz:JWQ8S76X6Avot3h8
                                                                                                                                                                                                                                                                                            MD5:880B0F87BF8597D04D777EE0A1D0EA7B
                                                                                                                                                                                                                                                                                            SHA1:544F51D79814142A094080CD852568B44DC3D0A7
                                                                                                                                                                                                                                                                                            SHA-256:CF77A7008D152BCEB9EA18C8EDB3847F146499BF5AEDA0B30638902EE6D5E99D
                                                                                                                                                                                                                                                                                            SHA-512:730B5F056480B5EF05C000958152F84A19DA2788BBC355BDB4B8D4FFC987AE3A6AED15B23B4D62E45BBD24DD7750DF7A587D49284FEC3BCC28808087C340C980
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "... ..(FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "... ..",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}. .... ... .. . ... ... .. . ... ......",.. CREATE_SAFER_PASSWORDS: ".. ... .. ...",.. DOWNLOAD_CONFIDENTLY: "... ....",.. SETTINGS_SS_OPTION_ALL: ".. .. .... .. ... .... ..",.. SETTINGS_SS_OPTION_NONE: ".. ... .. ... ..",.. SETTINGS_SS_OPTION_SS: ".. ..... .. ... .... ..",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL. .. ... ......",.. TRUST_SITE: "... ..",.. DONT_TRUST: ".... ..",.. HELP_FAQ_SECTION_ONE_HEADER: "{0}. .....?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}. .... ... .. . ... .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3107
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.354780956543607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cA9ffAT6MuE50WT/CGoDAUtGZpn2g3BBInl:ejVoxtepD3B6nl
                                                                                                                                                                                                                                                                                            MD5:F89A4D759BB256E0AE34D07AA128097F
                                                                                                                                                                                                                                                                                            SHA1:74CA1C9DD2DB91225AF71CF31FEC9B86D3722895
                                                                                                                                                                                                                                                                                            SHA-256:C362F0AA07F0C7279037FFF5249DAE0BF91EDD0EB3C9F24A5C785C86E776AD12
                                                                                                                                                                                                                                                                                            SHA-512:6E81DFAC71F232BEEDA49387B9DC069F649E262670AB0251EFEE1D62C3B859EBFC5C7CBF87317A87D94E7AB27C43AD4296995528B507B38D775A9CAC30136A35
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Hjelp",.. HELP_FAQ_TITLE: "Vanlige sp.rsm.l",.. HELP_SUPPORT_TITLE: "St.tte",.. HELP_EMAIL_US: "Send oss en e-postmelding til",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. CREATE_SAFER_PASSWORDS: "Opprett sikrere passord",.. DOWNLOAD_CONFIDENTLY: "Last ned uten bekymringer",.. SETTINGS_SS_OPTION_ALL: "Fortell om et s.keresultat er trygt, i enhver s.kemotor",.. SETTINGS_SS_OPTION_NONE: "Ikke fortell meg om s.keresultatene",.. SETTINGS_SS_OPTION_SS: "Fortell om et s.keresultat er sikkert, men bare i Sikkert s.k",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Lim eller skriv inn URL-adressen din",.. TRUST_SITE: "Klarer omr.de",.. DONT_TRUST: "Ikke klarer",.. HELP_FAQ_SECTION_ONE_HEADER: "Hva er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. HELP_FAQ_SECTION_TWO_HEAD

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3196
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.325138480606689
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cwMUf5ztTk0aUPDMavouzNv/lzz0TldANPQ3tBvlv4mP:rhtaUQWiMctBvBP
                                                                                                                                                                                                                                                                                            MD5:EBD941D8B6CC18ECC655D9E444EEA044
                                                                                                                                                                                                                                                                                            SHA1:B38030392BB2CC67BDC8A67DB71D9595D72A6DA2
                                                                                                                                                                                                                                                                                            SHA-256:C86C4B612C9C099F20A060AC26534F83E79A8228F7A42BEB0FB956AA5344BB7F
                                                                                                                                                                                                                                                                                            SHA-512:F48A97D9A338B501F6C35DF24FD81FE830E652A8BBFA54399DEE76D9A1E1FDD49D40E2403C60BCDF78BDF08BE8050DAF0AE577ACF2D8F09D7464C057B02CE790
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Veelgestelde vragen",.. HELP_SUPPORT_TITLE: "Ondersteuning",.. HELP_EMAIL_US: "E-mail ons op",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. CREATE_SAFER_PASSWORDS: "Maak veiligere wachtwoorden",.. DOWNLOAD_CONFIDENTLY: "Download probleemloos",.. SETTINGS_SS_OPTION_ALL: "Laat mij in elke zoekmachine weten of een zoekresultaat veilig is",.. SETTINGS_SS_OPTION_NONE: "Niets zeggen over zoekresultaten",.. SETTINGS_SS_OPTION_SS: "Laat mij alleen in Beveiligd zoeken weten of een zoekresultaat veilig is",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Plak of typ uw URL",.. TRUST_SITE: "Site vertrouwen",.. DONT_TRUST: "Niet vertrouwen",.. HELP_FAQ_SECTION_ONE_HEADER: "Wat is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. HELP_FAQ_SECTION_TWO_HEADER: "Hoe kan ik {0} met

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3433
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.622827756522604
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cnWv3LDTIKXe8FDXdIzMn5VRe/8gAR+3jRsFAEEGs6L49l0v2dUPJJS:ZPUKpFDOIiRc7EA+lXUPJJS
                                                                                                                                                                                                                                                                                            MD5:4F4886EE3ED1FC57ECB4DD56D9166101
                                                                                                                                                                                                                                                                                            SHA1:72DBF92E71EB1C9E148553869333DCADDD0A5908
                                                                                                                                                                                                                                                                                            SHA-256:FD7BC0FEF7BE5A6FCBD83DDAB00A0DED02E7551C5D96B0DD1CCEE71168493FAA
                                                                                                                                                                                                                                                                                            SHA-512:C4065D12C00413170B3795298778054B15329FFA99C5CA0DF7C5B10AA6AA58108960817586067CC656494F744D7C2C139DD8D63F758992F779F3CECDC0387983
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Pomoc",.. HELP_FAQ_TITLE: "Cz.sto zadawane pytania",.. HELP_SUPPORT_TITLE: "Pomoc techniczna",.. HELP_EMAIL_US: "Wy.lij wiadomo.. e-mail na adres",.. ABOUT: "Informacje",.. ABOUT_DESCRIPTION: "Program {0} pomaga podejmowa. rozs.dne decyzje podczas przegl.dania Internetu.",.. CREATE_SAFER_PASSWORDS: "Tw.rz silniejsze has.a",.. DOWNLOAD_CONFIDENTLY: "Pobieraj bez obaw",.. SETTINGS_SS_OPTION_ALL: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania w ka.dej wyszukiwarce",.. SETTINGS_SS_OPTION_NONE: "Nie pokazuj ocen wynik.w wyszukiwania",.. SETTINGS_SS_OPTION_SS: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania tylko w wyszukiwarce Bezpieczne wyszukiwanie",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Wklej lub wpisz adres URL",.. TRUST_SITE: "Zaufaj witrynie",.. DONT_TRUST: "Nie ufaj",.. HELP_FAQ_SECTION_ONE_HEADER: "Co to jest {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Program {0} pomaga podejmowa. rozs.dne

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3252
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.398695869071252
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cc0m2Tpgz2z24eMgUWy0/IULhYRukp+ATR8tXVfNTO:wloYdMIuQ8FVfhO
                                                                                                                                                                                                                                                                                            MD5:37A7999929C49F24CDCBF140F3F09862
                                                                                                                                                                                                                                                                                            SHA1:BDAAD3CADD678C2460EE64A1457168B1BC944D33
                                                                                                                                                                                                                                                                                            SHA-256:D424D1177FDD8CB85349090241D844DE1271DE014735B0E72A31719A5A354E74
                                                                                                                                                                                                                                                                                            SHA-512:7D08EDC69FFB9976B12E62EE2ED275313F2305089B070667593434DFA4FB532261EA41C7D032A07D5E8CF34E615A763E0CB6BBB465EE5F41BC9D504B3FF6278B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas frequentes",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie um e-mail para",.. ABOUT: "Sobre",.. ABOUT_DESCRIPTION: "{0} ajuda voc. a tomar melhores decis.es durante suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie senhas mais seguras",.. DOWNLOAD_CONFIDENTLY: "Fa.a downloads com confian.a",.. SETTINGS_SS_OPTION_ALL: "Avise-me quando um resultado de pesquisa for seguro em qualquer mecanismo de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me avise a respeito dos resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Avise-me quando um resultado de pesquisa for seguro apenas com a Pesquisa segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Copie ou cole seu URL",.. TRUST_SITE: "Confiar no site",.. DONT_TRUST: "N.o confiar",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ajuda voc. a tomar melhores decis.es durante suas ativid

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.391466214051842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ccGmQ7XTlHUszMAqjI/O/rgZaFWCG3Ix5amxnFJ:I7hHUlmwamxnv
                                                                                                                                                                                                                                                                                            MD5:B45D6F2128C5542807A7A5D0B45D14DA
                                                                                                                                                                                                                                                                                            SHA1:7A2A7C67AB9CFF949DE93966534F185E8657FB25
                                                                                                                                                                                                                                                                                            SHA-256:D9EE59321AA24CE0A2405C259B0A8E9353D8CF2210C3F17B14492D44A5FB7937
                                                                                                                                                                                                                                                                                            SHA-512:9011814BBD1919C3126105C5F3FB353E8B76BF124DCF34D5E7FA4E4D3027A3FB1585F0E4E9DCA75D8D26AD10CF068E42CB54DEEDF7C0234F34A0B5CEC7A49802
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas Mais Frequentes (FAQs)",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie-nos uma mensagem de correio eletr.nico para",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "O {0} ajuda-o a tomar melhores decis.es acerca das suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie palavras-passe mais seguras",.. DOWNLOAD_CONFIDENTLY: "Transfira com confian.a",.. SETTINGS_SS_OPTION_ALL: "Indicar se um resultado de pesquisa . seguro em todos os motores de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me informar sobre os resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Indicar se um resultado . seguro apenas na Pesquisa Segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Cole ou escreva o URL",.. TRUST_SITE: "Considerar site fidedigno",.. DONT_TRUST: "N.o considerar fidedigno",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . o {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "O {0} ajuda-o a toma

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4697
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.050341236557548
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cgyp6VTFkLeMF+TXVjM/2m9VzTUmw9+WTnoXTAqsvm6:LVRkHARMH4TnoDAqsvX
                                                                                                                                                                                                                                                                                            MD5:F8B9070B9698EFBA530B6064D8928AC7
                                                                                                                                                                                                                                                                                            SHA1:C2E41EAB9AC16D0EAE526FE4FB3957D4B7607F79
                                                                                                                                                                                                                                                                                            SHA-256:7A04B3B43652D44E82D9FD5C7CD546AEC3B41E4085D39610E4694A37E1D9BCD7
                                                                                                                                                                                                                                                                                            SHA-512:9A562DC9BE253FF73FE223690D9B56ED86064538D077F6D791E39246600D171F28C0B24A55BE20B447E4229BD046D56DF1E1469292E968D94FD2C56DF66BE79A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "..... .......... .......",.. HELP_SUPPORT_TITLE: ".........",.. HELP_EMAIL_US: "..... ........... .....:",.. ABOUT: ". .........",.. ABOUT_DESCRIPTION: "{0} . ... .........., ........... ..... ......... ........... . ..........",.. CREATE_SAFER_PASSWORDS: "........ ........ .......",.. DOWNLOAD_CONFIDENTLY: "........ ... ........",.. SETTINGS_SS_OPTION_ALL: "........ . ............ ........... ...... .. .... ......... ........",.. SETTINGS_SS_OPTION_NONE: ".. ........ . ............ ........... ......",.. SETTINGS_SS_OPTION_SS: "........ . ............ ........... ...... ...... . ..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3534
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.657001911592916
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cwP+i9HTsGeKlMMUjY3n8BEM/f0vlJuOquLlXElBfoWagWpWrdimER7r+05+qmY:cwPb9HTcKaMUy8aM/sX0ajnecmSr+WmY
                                                                                                                                                                                                                                                                                            MD5:88840FD2BC5DE71C8E30124FCABF723D
                                                                                                                                                                                                                                                                                            SHA1:71F1D3326FF650FC55414E6B956F66F49B220E1C
                                                                                                                                                                                                                                                                                            SHA-256:A89FA5261EAE41F0C6EB53DAEEDAFC8B5D898EB76E973FE5AEF21D3839BF0902
                                                                                                                                                                                                                                                                                            SHA-512:7C9DDC20B8E6BC7A7D0DCD0950F2BA47050761CEC6A0681515A4B82150945360B414B7AABE72DFDEED58D484472DAFDD67461A380CEF5BB06E11BDE45435EC1A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Pomocn.k",.. HELP_FAQ_TITLE: "Naj.astej.ie ot.zky",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Po.lite n.m e-mail na adresu",.. ABOUT: "Inform.cie",.. ABOUT_DESCRIPTION: "Aplik.cia {0} v.m pom..e robi. lep.ie rozhodnutia o va.om .ivote online.",.. CREATE_SAFER_PASSWORDS: "Vytv.rajte bezpe.nej.ie hesl.",.. DOWNLOAD_CONFIDENTLY: "S.ahujte d.veryhodn. s.bory",.. SETTINGS_SS_OPTION_ALL: "Informova. o bezpe.nosti v.sledku vyh.ad.vania v ka.dom vyh.ad.vacom n.stroji",.. SETTINGS_SS_OPTION_NONE: "Neinformova. o v.sledkoch vyh.ad.vania",.. SETTINGS_SS_OPTION_SS: "O.bezpe.nosti v.sledku vyh.ad.vania ma informujte len v.zabezpe.enom vyh.ad.van.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Prilepte alebo zadajte adresu URL",.. TRUST_SITE: "D.verova. lokalite",.. DONT_TRUST: "Ned.verova.",.. HELP_FAQ_SECTION_ONE_HEADER: ".o je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Aplik.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3203
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.453100214404126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cvh5lgT19NMMgHg8/9WQqRZt8JZZmVau8KP8jvv/FUD8VSk:BhlmJXPdSD8VSk
                                                                                                                                                                                                                                                                                            MD5:019F2DCD38DE33EB9C39340CE8F782A8
                                                                                                                                                                                                                                                                                            SHA1:5542AA5B078B6B7C03823D2A796D494480032B0A
                                                                                                                                                                                                                                                                                            SHA-256:AAB9EA2AFDCE9A645F331486C9617547A7BE9C1EFA7B8DA09182FBF1A212D45D
                                                                                                                                                                                                                                                                                            SHA-512:FD1969910D898F7CDBDDE969624873DEC4A64AB9F5E4EC82B0E92D2F1BA176088DAAAEED1BD8C4630378F0F37959EBECDFDF87501F75F2EAEB64633B733BBFC9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: "Naj.e..a pitanja",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Po.aljite nam e-poruku na adresu",.. ABOUT: "Osnovni podaci",.. ABOUT_DESCRIPTION: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.i.",.. CREATE_SAFER_PASSWORDS: "Kreirajte bezbednije lozinke",.. DOWNLOAD_CONFIDENTLY: "Preuzimajte bezbri.no",.. SETTINGS_SS_OPTION_ALL: "Obavesti me u svakom pretra.iva.u da li je rezultat pretrage bezbedan",.. SETTINGS_SS_OPTION_NONE: "Ne obave.tavaj me o rezultatima pretrage",.. SETTINGS_SS_OPTION_SS: "Obavesti me samo u bezbednoj pretrazi da li je rezultat pretrage bezbedan",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Nalepite ili unesite URL adresu",.. TRUST_SITE: "Veruj lokaciji",.. DONT_TRUST: "Ne veruj",.. HELP_FAQ_SECTION_ONE_HEADER: ".ta je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3145
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.46340323219285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cayPkTXsNMjOlH/PROv5eFqNzXl9Rjz8BU5w:3Dsu/TNl9Fz3w
                                                                                                                                                                                                                                                                                            MD5:7B25A2C2903107E9A9BAA126A7EC7FD4
                                                                                                                                                                                                                                                                                            SHA1:F76B2BF5FEDEA54286D22524BE68D026FA1E0968
                                                                                                                                                                                                                                                                                            SHA-256:DE34F4B7584B21028415A2BB09C17B6F6618A016F49802BCC9B753C756892E9E
                                                                                                                                                                                                                                                                                            SHA-512:EAA6DE1D0A394E1EAD843D9C189F5BE4FF88512B7062DE44AD3AD9D82AEC62CD095D4AEE67E28CF40D7AF6C44E7520E69C003690A637F3936F6EFC43584F2281
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Vanliga fr.gor (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Kontakta oss via e-post p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. CREATE_SAFER_PASSWORDS: "Skapa s.krare l.senord",.. DOWNLOAD_CONFIDENTLY: "S.kra h.mtningar",.. SETTINGS_SS_OPTION_ALL: "Informera mig om s.kra s.kresultat i samtliga s.kmotorer",.. SETTINGS_SS_OPTION_NONE: "Informera mig inte om s.kresultat",.. SETTINGS_SS_OPTION_SS: "Informera mig om s.kra s.kresultat, men endast vid s.ker s.kning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Klistra in eller ange webbadress (URL)",.. TRUST_SITE: "Ange som betrodd webbplats",.. DONT_TRUST: "Ange inte som betrodd webbplats",.. HELP_FAQ_SECTION_ONE_HEADER: "Vad .r {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. HELP_FA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3451
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.523016979092692
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:cUCFiIkATzMz/k1/DJMWeTc3a/B6eCVt/zes6t3K8SLcwl39cNyZw:gngIDKQ/ei/Bik39cNl
                                                                                                                                                                                                                                                                                            MD5:B8F95BBC704669A8172B338F3F27AC00
                                                                                                                                                                                                                                                                                            SHA1:6283755A6AE7FB754290A42F921A60439532B917
                                                                                                                                                                                                                                                                                            SHA-256:D3B92A4226A301168F8D223F493F7DE12E90246B24BA4B99CD99A8EBF0DF4221
                                                                                                                                                                                                                                                                                            SHA-512:4F220234EE93DD38FAD4CA2191962DD6D97D267F1BBB72E78B8A407BF5F85785C3675B6AFEA7187D735BD5837588D9A1B54A9D70125D78251B2FAE5B75B126B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "Yard.m",.. HELP_FAQ_TITLE: "S.k Sorulan Sorular (SSS'ler)",.. HELP_SUPPORT_TITLE: "Destek",.. HELP_EMAIL_US: ".u adresten bize e-posta g.nderin:",.. ABOUT: "Hakk.nda",.. ABOUT_DESCRIPTION: "{0} .evrimi.iyken ne yapaca..n.z konusunda daha iyi kararlar alman.za yard.mc. olur.",.. CREATE_SAFER_PASSWORDS: "Daha g.venli parolalar olu.turun",.. DOWNLOAD_CONFIDENTLY: "G.venle indirin",.. SETTINGS_SS_OPTION_ALL: "Herhangi bir arama motorunda bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_SS_OPTION_NONE: "Arama sonu.lar.n. benimle payla.ma",.. SETTINGS_SS_OPTION_SS: "Yaln.zca G.venli Arama'da bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL'nizi yap..t.r.n veya yaz.n",.. TRUST_SITE: "Bu siteye g.ven",.. DONT_TRUST: "G.venme",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} nedir?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2969
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.156573438528102
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cii4bo8iTBSeLHzMP0jnlOe/50vovlun8uTAlHWx3sMvZpSIOeN5SfKj0gPBFlpg:cii4boXTNHzMP07we/OQvl08GN8oZkIa
                                                                                                                                                                                                                                                                                            MD5:10E36ED7123345F89D67DD3F8FF64772
                                                                                                                                                                                                                                                                                            SHA1:19FDE1FD119959625FB38A7EEF93B566BB771485
                                                                                                                                                                                                                                                                                            SHA-256:74E75A2E66BB9FB60FB61384428E4FE6E9D007166EF00B25DF936CB9B8193F95
                                                                                                                                                                                                                                                                                            SHA-512:6E25231ADD1539EE008973D842A6B3F2A62E6F87BAFDFC2B757F0449CE4F016FE04DF776C7A50605B0556BDC0949DECDAA4511C6E3832B8922FB20B790664D9A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: ".........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}.................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: "......",.. SETTINGS_SS_OPTION_ALL: ".....................",.. SETTINGS_SS_OPTION_NONE: ".........",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "..... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "...",.. HELP_FAQ_SECTION_ONE_HEADER: "... {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}.................",.. HELP_FAQ_SECTION_TWO_HEADER: ".......{0}?",.. HELP_FAQ_SECTION_TWO_CONTENT: ".

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3046
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.153142415513714
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cjEUAb0CTgSztJYMreb0j9ruR/o0v5uJufDeQO1LDohNp+i6Zj5dCQU8+N/SoAu6:cjpAbxT2Mru0p6R/TBmWDVMz7fU/N/Sh
                                                                                                                                                                                                                                                                                            MD5:DB4DB05A90949698175842C391F190CA
                                                                                                                                                                                                                                                                                            SHA1:2911A24FD51496DFCC3CB00C5E381E699B602F05
                                                                                                                                                                                                                                                                                            SHA-256:05A76C0173B32A83A01A64606E51A527E86BCC4EC7F8679A9FB6FDF8FF660890
                                                                                                                                                                                                                                                                                            SHA-512:6D38E9E4A78AEF0FBDB7FC0D0CC957C282732D44CDEF26F71F3294B734930F62497BF17CA891A53860B7512CE79E890195CCEFEC82EB84C2978336D201FB3FA6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "..... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "...........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0} ..................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: ".....",.. SETTINGS_SS_OPTION_ALL: "....................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "....... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "....",.. HELP_FAQ_SECTION_ONE_HEADER: ".. {0}.",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ..................",.. HELP_FAQ_SECTION_TWO_HEADER: "......... {0}.",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3708
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.707977313474772
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Kar2MPa6uw0VE2HYP9ouKQaMF2B8KVj5YVj8nn:K8zb0VE24FfKQXF2B8an
                                                                                                                                                                                                                                                                                            MD5:C998D198B25754E1B734C47719058DCA
                                                                                                                                                                                                                                                                                            SHA1:A6D21DB11C10FB07584ADFF4BEC98B2CD586501D
                                                                                                                                                                                                                                                                                            SHA-256:A49C162B23A9864D0CBCAE9583E152BEE08DE319C1F104448B7AD62A6742843B
                                                                                                                                                                                                                                                                                            SHA-512:5A33E7FD555298A6D3296A87FA11FD894010443119CDC2CBDB53CA6B301C061207CB98D093C538E6663F384690B83E43640ECC62C167734ADB8BCDBC30250D3C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknut.m na mo.nost {0} dokon..te nastaven. programu WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nejste si jisti v..e uvedenou zpr.vou? Bu.te bez obav . va.e soukrom. je v.dy na.. hlavn. prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Pokra.ujte kliknut.m na mo.nost {0}. U. to skoro je!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "P.i p...t.m vyhled.v.n. budete po..d.ni o proveden. akce {0}, abyste dokon.ili nastaven. funkce Bezpe.n. hled.n..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponechat zm.ny",.... SETTINGS_OVERLAY_CONTENT: "Klikn.te na zpr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Bylo p.id.no roz...en. McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otev.ete nab.dku prohl..e.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3577
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.443266641472095
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:AqjTIrwTeQCMF0yt0nWmumEbX0B57Oye2wos/ctmwufpsdb4jHpsd9rijT26Hi1:JIsdCMYnWmnEc7FxtmwipsGpn2B
                                                                                                                                                                                                                                                                                            MD5:641FDDA6922D624D3762022A6F436991
                                                                                                                                                                                                                                                                                            SHA1:89034BFF6F8913C66C462F9429DA93529D900B9D
                                                                                                                                                                                                                                                                                            SHA-256:D3B6CC6C238DFEADDDF7A010CE2DA62651E6583F0D8B2907427F686A66329C05
                                                                                                                                                                                                                                                                                            SHA-512:0EB56197C34FA186387A20DA30C15C5A3DCCADD06A9FCDC840CBC81E2A7463BFF72D03FABAE0CC929CB5E6079190162CC024709988632F555768EC74DBB08876
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik p. {0} for at fuldf.re konfigurationen af WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Er du i tvivl om, hvordan du skal forholde dig til ovenst.ende meddelelse? Bare rolig . dit privatliv er altid vores h.jeste prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik p. {0} for at forts.tte. Du er n.sten f.rdig.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "N.ste gang du s.ger, bliver du bedt om f.lgende for at fuldf.re konfigurationen af sikker s.gning: {0}",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold .ndringer",.... SETTINGS_OVERLAY_CONTENT: "Klik p. meddelelsen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-udvidelsen er blevet tilf.jet",.... INTRO_OVERLAY_CONTENT_1: ".bn menuen i Edge for at konfigurere Web

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3813
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.419907887207429
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:KClwI7loU8z+JpKGZVp978ACtA6YI2l46D6sITl2klcHU:KUToUfZVp978AmA6Rw46D6sIp2+v
                                                                                                                                                                                                                                                                                            MD5:2D4368B55AEFAA1041255C5DD7C4AD9D
                                                                                                                                                                                                                                                                                            SHA1:71CCD1C7DC2D94BCEE59F94F0E6B9083670F1E6F
                                                                                                                                                                                                                                                                                            SHA-256:27B73E8D9D2D3B7726F6083991BA7E9696C0ECFF68DF81740A471914D2C4D51F
                                                                                                                                                                                                                                                                                            SHA-512:5734C76EA3A58A10C33D9D0A97715DE913A5DA2D8DA4E373AC1F3B4B4588F34AA43D3662FF2F7445F2F657CECE63A20273EF54A2F96FE00F558A82C192A94A34
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicken Sie auf {0}, um die Einrichtung von WebAdvisor abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Sie sind sich unsicher wegen der oben angezeigten Meldung? Keine Sorge . der Schutz Ihrer Daten hat bei uns h.chste Priorit.t.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicken Sie auf \"{0}\", um fortzufahren. Fast fertig!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bei Ihrer n.chsten Suche werden Sie aufgefordert, auf \"{0}\" zu klicken, um die Einrichtung von \"Sichere Suche\" abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".nderungen beibehalten",.... SETTINGS_OVERLAY_CONTENT: "Klicken Sie auf die Meldung \"{0}\".",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-Erweiterung wurde hinzugef.gt",.... INTRO_OVERLAY_CON

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5373
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0649577064183555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:PKUYel5agUIM392dF9xVV/vT2Kc9xKU0L8:aePhFLCcQ
                                                                                                                                                                                                                                                                                            MD5:F58476DB96526F060D24AF87AA8D13BF
                                                                                                                                                                                                                                                                                            SHA1:B39899610A15788E123547D39A221345A0572C1F
                                                                                                                                                                                                                                                                                            SHA-256:972CC73A0634EB70CDD0FB3995C198795208E455BC6BEE3BB95D0C2A24BA7DA2
                                                                                                                                                                                                                                                                                            SHA-512:DB49DF900472AC57FB497DA08AB492E25E403BDAFC36B7EC744C37FDEE762D43715FA991618F974DE41AAFC37AA2B80C5ECD4E0117B1EE31E370BC932D1548D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "..... .... ... {0} ... .. ............ .. ....... ... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "... ..... ........ ... .. ........ ......; ... .......... . .. ........ ... ..... ..... . ...... ... ..............",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... .... ... {0} ... .. ........... ...... ..........!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ....... .... ... .. ...... ........., .. ... ....... .. {0} ... .. ............ .. ....... ... .......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3473
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4726351551459285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:hX+nTmLZpNvS6qfKmtBBiNgsbjBLNZoIJon512xyQy6ihdt7+JjlSL:FpfqfKwegw7jen2AL
                                                                                                                                                                                                                                                                                            MD5:4FF2797578510E55ADFC08F7D06FF7BE
                                                                                                                                                                                                                                                                                            SHA1:4A4DD7A9D239F0B7BCDA59F85C6554D6FECD2C6D
                                                                                                                                                                                                                                                                                            SHA-256:B2D7C45978D4BD0B992F165460876119FAF769FA63AEA5B16DBCB83C1D1411B3
                                                                                                                                                                                                                                                                                            SHA-512:DF37BC04800BCDD00F5053AFEDC0BA12E771CD3A6321447BF9622BB70E5F99DFD17FC50F0D4530B30D6CCDCE14309FAB5F689792756FFD54CBEE972A1956A140
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Click {0} to finish setting up WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Unsure of the message above? Don't worry &mdash; your privacy is always our top priority.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Click {0} to continue. You're almost done!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "The next time you search, you'll be asked to {0} to finish setting up Secure Search.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Keep changes",.... SETTINGS_OVERLAY_CONTENT: "Click the {0} message.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor extension has been added",.... INTRO_OVERLAY_CONTENT_1: "Open the Edge menu to start setting up the WebAdvisor extension.",.. INTRO_OVERLAY_CONTENT_2: "Avoid risky sites while you browse, shop, and stream with free web

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3561
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.430186150112123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:795vs3WVLAOOxYqGEsU9b5TaBl/t6/Pv5L:7LvKVk3U9tTa/E/PBL
                                                                                                                                                                                                                                                                                            MD5:96BAE9F3B4EE2BC8CBBC849C058F1F14
                                                                                                                                                                                                                                                                                            SHA1:D5A5C2F470C0962501FB1CCFAE259635A0B228A2
                                                                                                                                                                                                                                                                                            SHA-256:9FEB1EEAC7386160E393CF79FE43B8730FE96D83654C2FA2C629B118FD2071E5
                                                                                                                                                                                                                                                                                            SHA-512:12E0F999852B2BA3A71DC24D42A057A044DC449146E4C88521EE3AD4049F4FC9012424355421EAA7AA98F549420992F56C73ED4ACD4315F9F9D024FED17B2C33
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para terminar de configurar WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".No est.s seguro del mensaje de arriba? No te preocupes; tu privacidad siempre es nuestra m.xima prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. Ya casi has acabado.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para terminar de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se ha a.adido la extensi.n McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para empezar a configurar la extensi.n WebA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3447
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4115819628021375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:78BzdBs4G8LY3WBrDACAOuN0/4L9U1m4yxO2loA5nAQ1m4M0j+wbTcO1zPOE+sQE:7qs4c3WBLAOuAd6j9bTNbOEQyNxe6x1r
                                                                                                                                                                                                                                                                                            MD5:7E11BC255CEDBF1C432EB3209F15C29C
                                                                                                                                                                                                                                                                                            SHA1:1071658B65CBEA324F335E43D13555BC4C6D6A2B
                                                                                                                                                                                                                                                                                            SHA-256:F41490105FD1DF9DA3AB997C61D11303A17C3ECE3C82EA58FBDA237AC9475A5E
                                                                                                                                                                                                                                                                                            SHA-512:01A497D4022E354C0C1E354AD1A1D93B44B15D9F124988087435FAF81B9BFBB7DEC64160D324AA66D77000FC8A36BA5DAB7FCEFC8CFAB7ABF7263C710F8559C7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para completar la configuraci.n de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".Tienes dudas sobre el mensaje anterior? No te preocupes. Tu privacidad es nuestra prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. .Ya casi terminas!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para que termines de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se agreg. la extensi.n de McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para comenzar a configurar la extensi.n WebAdvisor."

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3511
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.433601626158511
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:PNyeWArmSSL0jMwX/Bz7N208N2Kv7qw0qhah7ddaXETuMgPl+5UAeWjh:PMYGwvBz7Np8N7wj1ddaUi145UArh
                                                                                                                                                                                                                                                                                            MD5:8E8E0E35935EE264DB5552EB6F40F161
                                                                                                                                                                                                                                                                                            SHA1:6161A72F23C4E004615215A5407692CBCC6DC835
                                                                                                                                                                                                                                                                                            SHA-256:AA6A45A74D1EE13A2729D29F0DFA36FBC3CE0EA9E70FF47A4739B01519FE146E
                                                                                                                                                                                                                                                                                            SHA-512:AF56EC47524863339F53E910161A18CFEEB5A0D04C493950401C32B396D1E503B8183779E62593900CCF5485B88BF3E1FCB8E323D2C278CE7AB78313D35FB2F0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Napsauta {0}, jotta voit viimeistell. WebAdvisorin k.ytt..noton.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Etk. ole varma yll. n.ytetyst. viestist.? Ei h.t... Tietosuojasi on meille aina t.rkeint..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Jatka napsauttamalla {0}. Melkein valmista!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Seuraavalla hakukerralla n.et pyynn.n {0} Suojatun haun k.ytt..noton viimeistelemiseksi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "S.ilyt. muutokset",.... SETTINGS_OVERLAY_CONTENT: "Napsauta viesti. {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor -laajennus on lis.tty",.... INTRO_OVERLAY_CONTENT_1: "Avaa Edge-valikko aloittaaksesi WebAdvisor-laajennuksen m..rityksen.",.. INTRO_OVERLAY_CO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3808
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.388112307347255
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:RvCshWLo4LeWU3EWP8/41QYd2WwawjOk51nBXwQw81NimwIu4W8u4kVusc82:hVt3EWPmWFwawSkpgQNYmwIHbHMc82
                                                                                                                                                                                                                                                                                            MD5:2A9907478E1242053238088E822E10C0
                                                                                                                                                                                                                                                                                            SHA1:377AEF681CCFA8E1F023E5B320583AE619035658
                                                                                                                                                                                                                                                                                            SHA-256:80C75BBB67965632561D99842398EBEB84A93304C441972702A30893FA51D8C2
                                                                                                                                                                                                                                                                                            SHA-512:A69592750C27E8825A109B4F02C3EA969111A28F2E39A21CB043A9B7882B41F16A15E7EFD5DE7DD28A7CEC26A58D32DD66242F357A922AFEA2E0F0B25BE748F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous avez des doutes sur le message ci-dessus? Ne vous inqui.tez pas. votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin.!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuez une recherche, l'action suivante vous sera demand.e pour terminer la configuration de la recherche s.curis.e.: {0}.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Maintenir les changements",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3820
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.38898451160846
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:q4Hj53EWP1ww63K2z1gUYmwEF2HfuVHfuf4t:q4HywPUYZ0C2N2f4t
                                                                                                                                                                                                                                                                                            MD5:4D0816D122C8D7796BE201654A29CED9
                                                                                                                                                                                                                                                                                            SHA1:7CE747A827FE2746F2BCD36E090CFFFF48470400
                                                                                                                                                                                                                                                                                            SHA-256:4232F8FC8A5F9BCF515C8AF072ECEC5518631A1BC28FD52B7EAF60F069A61B15
                                                                                                                                                                                                                                                                                            SHA-512:4E47761CBD1C5D32AF204C72078BCEDEBAEB572563E41E195252AFCEA3C1F6C8EE51B95F943F965252FA618C53C332A5152E94B10DE95A12FF285AB8EA9B120F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous n'.tes pas s.r du message ci-dessus.? Ne vous inqui.tez pas, votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuerez une recherche, il vous sera demand. de {0} pour terminer la configuration de la recherche s.curis.e.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conserver les modifications",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CONTENT_1: "Ouvre

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3559
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.506605270523123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:iKtsjv9hNkY6z3qRQRMmCxgFXNNXxXlU201Ii8tT:iKev9I3oQRMmCxgFXNNXxXlv0ii8Z
                                                                                                                                                                                                                                                                                            MD5:EF228055678709F1A3BD90D5B819A9D8
                                                                                                                                                                                                                                                                                            SHA1:87282ADD3C89D3DB9BC631171A0BFF49A9469091
                                                                                                                                                                                                                                                                                            SHA-256:15CD9D16120A4C1269288F77A474F265FB231EEDDBA93CFF78A14EAE42DB4751
                                                                                                                                                                                                                                                                                            SHA-512:9885B2742A7D585F00C1E2314274593304E7B2302C540B78E460FF0416AF9446F58F533C5A25F3FE8C519F67CACCEA819DFD384B67A667D3D94AFE9F9249EFFD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite {0} kako biste dovr.ili postavljanje WebAdvisora.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni p.to zna.i gornja poruka? Ne brinite . va.a privatnost je uvijek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite {0} za nastavak. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Sljede.i put kada budete pretra.ivali, od vas .e se tra.iti da {0} da zavr.ite postavljanje sigurnog pretra.ivanja.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Spremi promjene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano je pro.irenje McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni izbornik za po.etak postavljanja pro.irenja WebAdvisor.",.. INTRO_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3871
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.602009747939861
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:BjeL2klA7qs9fOpTbYFBbyN6t6rksl9EJky2twp+2mTpTChLO:x7qwmJLrksTE74l4xO
                                                                                                                                                                                                                                                                                            MD5:40BAC50309DE29A51FBAA7C7B7614C6C
                                                                                                                                                                                                                                                                                            SHA1:CE3C5D5EE196CC8BF4769AB3968EA9EA9CC4ED8C
                                                                                                                                                                                                                                                                                            SHA-256:4FD642D0EC932E954F8557914F10444DA8EDBB10051F7C2FC1D8FDC86B4C2469
                                                                                                                                                                                                                                                                                            SHA-512:706E2BBB1D753F33DFB99BAEEC961FBF75FB7D2D498421FD170EB35EB36CD4D5420338330EA072D6F8ADF6AE36BCF39D69E5B06A661A374FF944EBECBB778AC2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kattintson a(z) {0} lehet.s.gre a WebAdvisor konfigur.l.s.nak befejez.s.hez.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nem biztos a fenti .zenetet illet.en? Ne agg.djon. Szem.lyes adatainak biztons.ga a legfontosabb sz.munkra.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kattintson a(z) {0} elemre a folytat.shoz. Majdnem k.sz.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "A k.vetkez. keres.sn.l megk.rj.k, hogy fejezze be a Biztons.gos keres.s be.ll.t.s.t ({0}).",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".rizze meg a m.dos.t.sokat",.... SETTINGS_OVERLAY_CONTENT: "Kattintson a(z) {0} .zenetre.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Hozz.adta a McAfee. WebAdvisor b.v.tm.nyt",.... INTRO_OVERLAY_CONTENT_1: "Nyissa meg

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3451
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.344589816613212
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:9w0wJWteojRUyUw5Jaw5+/3Aw+ydJPwRO:9VA0jB9aK+vA+PIO
                                                                                                                                                                                                                                                                                            MD5:81CB8D5FD3B01083E970FFA61E010E06
                                                                                                                                                                                                                                                                                            SHA1:7C1A0B4757C1A7E1F82CCDE8B2513B74F6D10979
                                                                                                                                                                                                                                                                                            SHA-256:F787775A89A6092C23121166B69FBFBB35EF04F91EAB29D7A93747205CCC7193
                                                                                                                                                                                                                                                                                            SHA-512:6FC1CD91819BD1CAB549FB566C8F1C70EF0A781B8B2FA749E2826B0A08089B8BF830ABD730B9497B7743759BA7C3D839E47E0181E559FADFA669DE5B49007579
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Fai clic su {0} per completare la configurazione di WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Hai dubbi sul messaggio mostrato sopra? Non ti preoccupare: la tua privacy . sempre la nostra priorit. assoluta.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Fai clic su {0} per continuare. Ci sei quasi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prossima volta che effettuerai una ricerca ti verr. chiesto di {0} per completare la configurazione di Ricerca sicura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Mantieni i cambiamenti",.... SETTINGS_OVERLAY_CONTENT: "Fai clic sul messaggio {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'estensione McAfee. WebAdvisor . stata aggiunta",.... INTRO_OVERLAY_CONTENT_1: "Apri il menu di Edge per iniziare a configurare

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4710
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.642394532687395
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:5mF9hGIitPqUUJnILJn90N3l3QLzb3Nl3CprHEwPbbDiabGdtiDR9hGml:5mF9hC91nQmLzTNoprH1b3JbctiDR9hN
                                                                                                                                                                                                                                                                                            MD5:40EC496FF3B16AD5D9B49BC61E349777
                                                                                                                                                                                                                                                                                            SHA1:F5A0A04E3BCA25870820FFDC0D2A2ACDA3650BA4
                                                                                                                                                                                                                                                                                            SHA-256:20DA1F1E6EE95B6CDE92E243247E07BE6D8601D222C3C6320D1779FF066709E4
                                                                                                                                                                                                                                                                                            SHA-512:E69A56ECD4EC4A52A27C0E9FFA2C1BD2FA207403F56FDC78E6EC2249EACECE0F9B51EFF49AC6DE104B6A4F86E11D936510A46F0BC38E9E7FB1CAAE10D6473743
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "[{0}] ..............................",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "..............................................................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "[{0}] ..................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".........[{0}] ........... ........................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".......",.... SETTINGS_OVERLAY_CONTENT: "......{0}.......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3733
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.887951192706537
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:QYCvdMrjNB9ZGI4BGSS1FdMUB2dgSG36cBJsg57AB2vCC1vyqtYIvdC3DFx:36ynuBGpFyUBkYBJsmcB2ZGQMTf
                                                                                                                                                                                                                                                                                            MD5:78C0E3B8EF89855CF74D9735B05EB2D2
                                                                                                                                                                                                                                                                                            SHA1:D5EC54DA3090870B487F2A4D4BBC49AB337706D9
                                                                                                                                                                                                                                                                                            SHA-256:32AE924A8C54D177D67A8F608E0AED8D0817607BD3959E65FF22DA5EC9D26DEE
                                                                                                                                                                                                                                                                                            SHA-512:D4A1D29B2AF6034769C8424FAEE186FE23AF89BEF591A49E94AACCFCE17711AFF29D7BFAA8CEE80F0868BA48DAA3A4195456C0829073639F0B66573B48537086
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "{0}.(.) .... ...... ... .......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".. .... .... ......? .... ..... ... .. ... .. ... ... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... {0}.(.) ....... .. ........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ... . {0}.(.) .... .. .. ... ..... .... ......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".. .. ..",.... SETTINGS_OVERLAY_CONTENT: "{0} .... .......",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. ...... ... .......",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3225
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.455750009049743
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Kx63r03o9AwnQ5deXavDKYw7unkf56lQepfbVdqwqkMpHCxdnlpZ9R0lpZ9OCZ+J:JQjwncYXavDKvukfwlPpu1pHSTpJMpG/
                                                                                                                                                                                                                                                                                            MD5:F29423841931CA660FD7D4F41B1DBD41
                                                                                                                                                                                                                                                                                            SHA1:075ACD28B596AEE1BB36C27C475532D588D873E0
                                                                                                                                                                                                                                                                                            SHA-256:5FBF41C522DF5051E20EE0B349F807DD0DA5C7B6691F03EB3A45D330FAAEFFC6
                                                                                                                                                                                                                                                                                            SHA-512:327A8F8B5D4BFE052C77B244DC7CE363ABF7ADB11DC4A7D635EFEC670A6DAF0D61338C3636EC81DCB08FFB7C758635374E9F72FE1228E80EA52C9FA04EBD5B87
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klikk {0} for . avslutte oppsettet av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Usikker p. meldingen over? Ta det helt med ro; ditt personvern er alltid v.r topp prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klikk {0} for . fortsette. Du er ferdig om et .yeblikk!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Neste gang du s.ker, vil du bli spurt om . {0} for . gj.re ferdig oppsettet av Sikkert s.k.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold endringer",.... SETTINGS_OVERLAY_CONTENT: "Klikk p. meldingen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-utvidelsen er lagt til",.... INTRO_OVERLAY_CONTENT_1: ".pne Edge-menyen for . starte oppsettet av WebAdvisor-utvidelsen.",.. INTRO_OVERLAY_CONTENT_2: "Unng. risikofylt

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3315
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.385121666693169
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:hYNSUmrH9+LhVyH81/nxxM3P7zLFSOXYNXwBxrcB5w7qTF951eUq5j6YUNGUlG5h:qWoM81/3czLFLYNa4BO7qTB38/am
                                                                                                                                                                                                                                                                                            MD5:6C112DCBFD4D10CB62944825EE3F19AE
                                                                                                                                                                                                                                                                                            SHA1:D9E9A299492AF4264520EBFBD623B75E8FBEF83A
                                                                                                                                                                                                                                                                                            SHA-256:8482F69E601E8547B0C2799F2ACD759E2FAD1F03BC37AD9918EF4706CB3E13AC
                                                                                                                                                                                                                                                                                            SHA-512:246841E4873F6C068831425CFB16F014E5D9CB5FCFAA97020590929CEE1A0FE526602CC9409548791B78844DC8ADBF92B5A34D801B2BEAC1DAE4E5F93EECEEF4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik op {0} om het instellen van WebAdvisor af te ronden.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Twijfelt u over bovenstaand bericht? Geen zorgen: uw privacy is altijd onze topprioriteit.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik op {0} om door te gaan. U bent bijna klaar!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "De volgende keer dat u zoekt, wordt u gevraagd om {0} om het instellen van Beveiligd zoeken te voltooien.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Wijzigingen behouden",.... SETTINGS_OVERLAY_CONTENT: "Klik op het bericht {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-extensie is toegevoegd",.... INTRO_OVERLAY_CONTENT_1: "Open het Edge-menu om de WebAdvisor-extensie in te stellen.",.. INTRO_OVERLAY_CONTENT_2: "Vermijd risi

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3592
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.645829178436089
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:UMCvtaaOZWKfNNz9KqIbQUZW9TRNcWRlP+im+oS+oGIUwI0qUEob:UMC1aaOIxbQUI9TRpR95mhShnUB0qUD
                                                                                                                                                                                                                                                                                            MD5:F5DC1F073659EB263F74C6CABE5C59FE
                                                                                                                                                                                                                                                                                            SHA1:65C510E3B8DBA4EB52F1A82FF0A9561DDFFAEB09
                                                                                                                                                                                                                                                                                            SHA-256:6E745822ADA8BA9D207CCCCF16D03CDC60E2AE3C5457F32B23AB860D804CB1DC
                                                                                                                                                                                                                                                                                            SHA-512:C1E9553B112FA3F1F52A2A37710D8A175F0179EDF2E9F4C257A61860941A3F8CF52AAEEF11D1811B2478F28747C227B996AECC53A779D38A98F556451EB39DB3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknij przycisk {0} aby zako.czy. konfiguracj. funkcji WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nie masz pewno.ci co do powy.szego komunikatu? Nie martw si. . Twoja prywatno.. to dla nas zawsze priorytet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknij przycisk {0}, aby kontynuowa.. Ju. prawie gotowe!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Przy nast.pnym wyszukiwaniu pojawi si. monit o u.ycie opcji {0}, aby doko.czy. konfiguracj. Bezpiecznego wyszukiwania.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zachowaj zmiany",.... SETTINGS_OVERLAY_CONTENT: "Kliknij komunikat {0}",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano rozszerzenie McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otw.rz menu przegl.darki Edge, aby zacz..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3368
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.413930768580624
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:tjbF/wH+Rr2fvbIvn/UL1KcIdlOd0/a6Xge+wbkQYlH1SQakQE1JsV+RUkjHFEi:tBRKXbIv/U8cc0dGvgObgbIc1JS+RUkt
                                                                                                                                                                                                                                                                                            MD5:AD0B1C286A1EDCFCD76D7241DE966872
                                                                                                                                                                                                                                                                                            SHA1:5824DAE43BC89A4AC9F007A860799274D89E9E94
                                                                                                                                                                                                                                                                                            SHA-256:D33C8D9261F6590ED4C805B0D436E243D50D64FF6603FC89CB341E0D2BEF774B
                                                                                                                                                                                                                                                                                            SHA-512:28562E30998965297D5069153F26C7A8FE37AD093305B66A041FBE23E23C37387ED17411A5D8CF3BBC81A758626FF8E06BF20C9D5E3D2C3E61520B9062589754
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o entendeu a mensagem acima? N.o se preocupe . sua privacidade . sempre nossa prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase terminando!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez em que pesquisar, ser. pedido que voc. {0} para terminar de configurar a pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3444
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.411633748019912
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:tjpqgDOioBH+uVr2fAFn/Ua15v+IX6RE70OHXd1aVrTwbX1ZH1ppxRXpxjJsJJSF:tcgHxIKIF/UyvFz7d+J0b5H3JgJSgnD6
                                                                                                                                                                                                                                                                                            MD5:3A244FC91A287F70C3F88FA38DDA09DD
                                                                                                                                                                                                                                                                                            SHA1:6E551D5A950EF3945A24BE7303CDB0C5F0A9FFBC
                                                                                                                                                                                                                                                                                            SHA-256:934C199C26A23EFBF3572A5683C7BA0333F4536371A39F77724F3F561E6641A2
                                                                                                                                                                                                                                                                                            SHA-512:7AA916F066D4D8C3BDC2B762DCF27A50DCF3D7CB177CDCA5C0DF90F6F9A22E65FA6934465E1670E9D541CAD48E8D15A0E41E70CC8273C8154205096364A0243D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o tem a certeza sobre a mensagem abaixo? N.o se preocupe: a sua privacidade . a nossa m.xima prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez que pesquisar, ser. pedido {0} para terminar a configura..o da pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem de {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o do McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4888
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.135844832512529
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:km1cmOcoujLEUXirQfZVaSy/lcv8xv0pv6eyH5Z6LX6L0YA5ANvPuYV1kwgkebOl:bSP52Z7Iqv8IvzSt/vPuYV9gkbEYZM+J
                                                                                                                                                                                                                                                                                            MD5:0D167E87D451A21855ED70CD6B314563
                                                                                                                                                                                                                                                                                            SHA1:FCFCE95C861428B47CBD17E7A39778249EE1DA32
                                                                                                                                                                                                                                                                                            SHA-256:6161E0CD535C80C8073B09EEA04E41EC393C3CD4C3E225578BFA3C8CC8896EDF
                                                                                                                                                                                                                                                                                            SHA-512:F222578C1672F4E8D9BA94A60A555020A269F632674F7C5559CD98DD43D9DB18E505A3EDF645500C92B42E4EFAFFDA2E678E811136DAD8CD76CCB1C7B8C8D5CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "....... {0}, ..... ......... ......... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "............ . ......... ....? .. ............, .... .................. ... ... ....... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "....... {0}, ..... ........... ..... ......!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".. ..... .......... ...... ... ..... .......... {0}, ..... ......... ......... ........... .......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "......... .........",.... SETTINGS_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3645
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.650230217070017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Za1q+c5nLPgGcp7rGEaqHNGXaGWSnEBCkt:Za1CcGcpPGEaoNGXaGWSnEBCkt
                                                                                                                                                                                                                                                                                            MD5:ED72D7708B2D551ED68DF78FCF5B2E2A
                                                                                                                                                                                                                                                                                            SHA1:C8C79F33E82B0D6F6A16ACA582B28589DE10481D
                                                                                                                                                                                                                                                                                            SHA-256:49C1E8B45304E35C6B0D3040CEC7829C2433524044CB5C0F6D1210A40F1D8296
                                                                                                                                                                                                                                                                                            SHA-512:5389733E068655B2CCF7838CFF8F024BCD8E9BB4408E87FFC44832371C77D386EEFE916E5040DCD3B75CF292B6B11C2E68943A1C35492E5A56D9BF41B7729548
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na mo.nos. {0} a.dokon.ite nastavenie slu.by WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Neviete, .o znamen. uveden. spr.va? Nemus.te sa b.., va.e s.kromie je na.ou prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na mo.nos. {0} a pokra.ujte. U. to skoro m.te.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Pri .al.om vyh.ad.van. sa zobraz. v.zva {0}, aby ste dokon.ili nastavenie funkcie Zabezpe.en. vyh.ad.vanie.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponecha. zmeny",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na spr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Roz..renie McAfee. WebAdvisor bolo pridan.",.... INTRO_OVERLAY_CONTENT_1: "Otvorte ponuku Edge a spustite nastavenie roz..renia We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3448
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.521041895588274
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:bOKu5rhXVaOiD7jvSrPKPq/BhedVJDBDKOTV08Eyj8GmS4kSOhi7ICcX7E0o7X7g:CKwa7ruIwBho7Pjxm+FhiJcrERrEzt7
                                                                                                                                                                                                                                                                                            MD5:C40105ED737E2E633DDC19ED6756E72C
                                                                                                                                                                                                                                                                                            SHA1:2BC63BEFCE326D84CD609DBA90933BC24BC59BD9
                                                                                                                                                                                                                                                                                            SHA-256:317A85AEFB469859C880AD999CEA9AD20C4F5BF5BDCE71850514F68D509EA173
                                                                                                                                                                                                                                                                                            SHA-512:638A4399388CE8826997851587EA92C324687E1363FAC661A37CDCF9494235C9860CED7B0A7D5E9B25A2FE2AC47BECA7CEAE7043FB67B1B6124BD0E0554C5424
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na {0} da biste zavr.ili pode.avanje WebAdvisor-a.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni u gornju poruku? Ne brinite . va.a privatnost je uvek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na {0} da biste nastavili. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Slede.i put kada budete pretra.ivali, od vas c.e biti zatra.eno da {0} da zavr.ite pode.avanje bezbedne pretrage.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zadr.i promene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodata je ekstenzija McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni meni da biste zapo.eli pode.avanje ekstenzije WebAdvisor.",.. INTRO_O

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3419
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.521805415367657
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:XLtr87bPTBKfvmX6L9AvAMbEFGt9M+WRRZJ1aq3CTCc2Qp:btkPdKfvLLGS3ND4
                                                                                                                                                                                                                                                                                            MD5:AEC72920D1F5DA0AF85610AB2DAC461C
                                                                                                                                                                                                                                                                                            SHA1:E613864613EEF534F45B6E5D3EDAB660E38D0216
                                                                                                                                                                                                                                                                                            SHA-256:CE4290DA708FE5AA55607D16FE05389AE21EB1A8733A76ABA87D5FE5FB63CF65
                                                                                                                                                                                                                                                                                            SHA-512:F413D67ABBDB88BB2813037608E0F9DA0C3A0C650E839674A7B6AA92707B658965839051AF469F5DF7B9F394531BD3987F7A36A534EF3A1CF929F3165A755D17
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicka p. {0} f.r att slutf.ra konfigurationen av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Os.ker p. ovanst.ende meddelande? Oroa dig inte . din integritet .r alltid v.r h.gsta prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicka p. {0} f.r att forts.tta. Det .r n.stan klart!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Du blir tillfr.gad att {0} f.r att slutf.ra konfigurationen av s.ker s.kning n.sta g.ng du s.ker.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Beh.ll .ndringar",.... SETTINGS_OVERLAY_CONTENT: "Klicka p. meddelandet {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-till.gget har lagts till",.... INTRO_OVERLAY_CONTENT_1: ".ppna Edge-menyn f.r att b.rja konfigurera WebAdvisor-till.gget.",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3505
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.554744362519657
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:8gTrSRlazqTSoc8T4mq+pxP3yfK2XsCzjW3A/O20qVw:LMTSzUtCBwYw
                                                                                                                                                                                                                                                                                            MD5:A7173B3EAD43A8D5301C7A5442CB3D3B
                                                                                                                                                                                                                                                                                            SHA1:C83DC50C27DCDCC99CCC0E12C4FF259AE524BE05
                                                                                                                                                                                                                                                                                            SHA-256:71F31DE21EFE9CFEC913EB2EEC52894A2412FBBFE741C20480D3DD045332EC45
                                                                                                                                                                                                                                                                                            SHA-512:26D3D574348AA21BBF8B27CC5AE2F5A98310717BED45FCEA3B26695BDA2CCB1288E5A57EE536737E6E660B3B72D8AE664C98C9D2AE8FF1F53AD350AA5B961BBD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Web Advisor kurulumunu tamamlamak i.in {0} ..esine t.klay.n.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Yukar.daki mesajdan emin de.il misiniz? Merak etmeyin . gizlili.iniz her zaman birinci .nceli.imizdir.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Devam etmek i.in {0} ..esine t.klay.n. Neredeyse bitti!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bir daha arama yapt...n.zda, G.venli Arama kurulumunu tamamlamak i.in {0} i.lemi istenecek.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "De.i.iklikleri koru",.... SETTINGS_OVERLAY_CONTENT: "{0} mesaj.na t.klay.n.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor eklentisi eklendi",.... INTRO_OVERLAY_CONTENT_1: "WebAdvisor eklentisinin kurulumuna ba.lamak i.in Edge men.s.n. a.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3122
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.220541310459122
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:6UrfcU6lnW9tyEQeLJrcwfrZaq0KSVnUUJfQpro06zK:6UrkF0t2excYzSVnUU9KrwK
                                                                                                                                                                                                                                                                                            MD5:CF9BA9622517F9642078F3C01CE61CF5
                                                                                                                                                                                                                                                                                            SHA1:0261D3DBFE5A723017EDD9BC015C925163A13A81
                                                                                                                                                                                                                                                                                            SHA-256:12C661C5C1F8EAE585C6D743B05BDA9096B0475CC41E9DB26387F21B4398FAED
                                                                                                                                                                                                                                                                                            SHA-512:DA0C00FFAAF4350CB8D061C5BE33563309EDC46BD2D619BB3C6588741C559F2F9D425E8E8FA3795DC9BA7377484124F6665389CEE137DAC48E93BEA171587E50
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: ".. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: ".. {0} .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: ".. {0} ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: ".... ...........",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ................",.. INTRO_OVERLAY_CONTENT_2: "..........................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3232
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.286798640112844
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Fnm6KjBr0E5eC+WKA4DKoYwWAV85brkeUwmxm3VBpRBpG2m6teF6h:JbM5dtKPDVfeZrkRwGm1pDbc8h
                                                                                                                                                                                                                                                                                            MD5:E45EB827E5EBE243FBE994E91B00399C
                                                                                                                                                                                                                                                                                            SHA1:39C4882C2737426D927E0A91B58413B0C1B6AA23
                                                                                                                                                                                                                                                                                            SHA-256:E9517A04120C77F9EB73BACE215C3808FA7B6549F450033B36A1504BFE4F5CE5
                                                                                                                                                                                                                                                                                            SHA-512:656A920AD1A7F4AE9C6C33E981180D14A9CFD365BC05CD70439AF80E394D3C983A76BCA3A427E85DAEA0CA326FF22029571AA36CBA026EB60F75122252B6E613
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "... [{0}] ... WebAdvisor ...",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "... [{0}] .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............... [{0}] ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: "... [{0}] ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "... McAfee. WebAdvisor ....",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ........ WebAdvisor .....",.. INTRO_OVERLAY_CONTENT_2: "...............McAfee .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.461291185013134
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRtWqUZMRPathM:pCPR+2cyeBmNEfSU8ZpoXSHaUiqnM
                                                                                                                                                                                                                                                                                            MD5:F851EFACADD835F0159C27502E46260E
                                                                                                                                                                                                                                                                                            SHA1:7E1B2F3B44C06237A23F1F6950FA63625839B1A6
                                                                                                                                                                                                                                                                                            SHA-256:B6E414FAEDA10946F1BCA79E27739A197877A5193F51CB81F79D7BB7A7A26380
                                                                                                                                                                                                                                                                                            SHA-512:BADF5CA6616D26C07BF15DABB11E7C28E3AD486F6A2E7B99DDEBEDD6269350A254E68355B7FAD3EC0153D508F3F46B52049D6CDB475E4200F8FB3A943DFF810F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B6D270D887AA3AD5A716125ABA1EDAE8704F8734590ABD1A024EE56C72C6BA0F86EFE3A4FE091821DB0AED95400E3719260E47A0DC599B133FCE7EBCDCAAD691++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.479172348957691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHxyeddu2SyiZ9JyV+n:CRsyeBmWfV8ZSXSH0udu2diZ9k+
                                                                                                                                                                                                                                                                                            MD5:1FCA4C01F8025426FE58612F4A712595
                                                                                                                                                                                                                                                                                            SHA1:FEA75A5DB7E98D7B5863F85C0DFEF471FE35A2D9
                                                                                                                                                                                                                                                                                            SHA-256:37A443BB771B6D206407A38CCBC1B114E829906A633EE288EFEFAB0682DA935A
                                                                                                                                                                                                                                                                                            SHA-512:374CE0D0ACE099A1876DAFA83067E77DF026C09028724AAE77146737EF189543EBC9DA3BB66498F8306664160FE59F8FFB595141320D182D9FCF5AF24ECFF068
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//1E5A015257B1E89E81798BF6D2E3C4A434BE9A2D7E0F18D3C9D155D88F81C1A2D522F1A1057164E1E3C6D931AD0B4F9568D58F2470359B0891D6EB9E54C06CEF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467402670832129
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH7U+RRumknxVkZh:CRsyeBmWfV8ZSXSH7jRq+
                                                                                                                                                                                                                                                                                            MD5:D4F64363675C08E40A55A3E90E8779A9
                                                                                                                                                                                                                                                                                            SHA1:C85521A5853390431138734CFA4024372DD36BB0
                                                                                                                                                                                                                                                                                            SHA-256:A77027313030396B803CD1E878906C47E228B8C6577F842AFCE4329DCA552DCA
                                                                                                                                                                                                                                                                                            SHA-512:8C7D7AF0B4C607954F075E847DBE6BA5DE83FCD89E5971AAA0F383BC49BD42D4FBD9A5E33F40B8F1370A139E7813005DD461311327F4F0FE5D786BBFE416BFDC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//A768A71BCF302D4AE04575F430739FC849AF8A0EE437B3E56AEA24A3CB35EAC2EFCDFBCADA202B5D1E443C8E4F5F4D8B035E18CFD270F630D69629E19DAAB96B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.493127774604479
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHkeoGGa47JO:CRsyeBmWfV8ZSXSH7kDJO
                                                                                                                                                                                                                                                                                            MD5:81C0A897F9D758D3F8508D35AC8D0CE1
                                                                                                                                                                                                                                                                                            SHA1:AFD7BB0517C3DD740FBD87E04C47BA8AE6F262EF
                                                                                                                                                                                                                                                                                            SHA-256:D642AEA76257013253505BC48C3C6BA3029A9DAA42292ABFF901DE9D5C7679E1
                                                                                                                                                                                                                                                                                            SHA-512:01CD3E88228C524E78FC2B52749A6BF516E7411C21A0B94DA48E04E4774C70CAD4FBEACDA4ED8DC00F0E576E330E8229232ECFF25FEBBB32DE2B220771823063
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//30CA9B7D87A866D6ACF206633528D83777C8C261CFFF709F4BAB1D556E8A5FE950710B284ED167754C4B3B534DD6495B9D751FAE2EC09EC726FC4FE952315FF3++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.477918177313886
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRUkMSSjV6k2lM:pCPR+2cyeBmNEfSU8ZpoXSH3CInvNbv
                                                                                                                                                                                                                                                                                            MD5:F53232A30B3582FE393A7F51BACF7EED
                                                                                                                                                                                                                                                                                            SHA1:C7F04EFE60CE3D2673F322A452096A1138D24B5F
                                                                                                                                                                                                                                                                                            SHA-256:831DDEC9F2C80E790E83C7063E6DF4569A93CD6DD5AECFC9BC1A514323F98CE1
                                                                                                                                                                                                                                                                                            SHA-512:1FF633B6856C976049D5A2C75EF351BDD2D253B086593500806AA902E82A7C1006AEB641BB8676472950A3BB5689889F60BF5D98A848D0BDF8023C0508AA3067
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//56F5ADEEA067779F1F4B795C3714785F4871D247CFEFCF94546CD930F722CE4ECB62AEA8F0FB794583A709D6F8470C225AD053CD2ED296CD0E68F1FE980A041A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4696829929288535
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRYD/isdshUJka:pCPR+2cyeBmNEfSU8ZpoXSHJ/XwuUO
                                                                                                                                                                                                                                                                                            MD5:50516C839C5D8C56B88334466DD09F32
                                                                                                                                                                                                                                                                                            SHA1:76306EED0A669FBB689D7C803B6D0F85DDF13554
                                                                                                                                                                                                                                                                                            SHA-256:2B8FB2EF47F8302F5A2652B3D1F80C86D2A6892A32C5F0C752F02F6CCCB67525
                                                                                                                                                                                                                                                                                            SHA-512:A5C4672D1F3D58F71F0BD253EAE17C016823417130DDEFC13EF8C14435046EAD959C4493E31685C96E3C5C7BDA81CD7D504C82000AB58BC896B2C90D179302EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//FC3B951EC08DE164EC585A90C03639912CFA49E7AE71315B7CD6ACA0C7584560171A1584EC9A877909747B125AA2A4A4A22088A0DE2B4FA0DB225AC3AF716174++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.488376987322762
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHYS5WIJGc9ewt:CRsyeBmWfV8ZSXSHY2R42
                                                                                                                                                                                                                                                                                            MD5:89D6C9EEB638D8DEC4E835C939FF3B7D
                                                                                                                                                                                                                                                                                            SHA1:AC02A0B6523DB68BDC58C6156FAA33E1E4BD441E
                                                                                                                                                                                                                                                                                            SHA-256:819A842BA403DB89F473B3626281EA2240F768DC852C22D8BFE71054C2EB5207
                                                                                                                                                                                                                                                                                            SHA-512:27D0F0FBCBA05B9ECDCD2AA3B085755AF9332FB3998CC4E972AC95ABA6E38CB9DFB913AE7082534D30F65EB77AD2786A3485AC09C0E22E1D5F12DDAD99830329
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//D62EA0242B20D1B039933FB3E7DB642656900A575505A164BA8B93B072083A508D1D6C14255F5F3A53B1FA2191170E9E7E0A092B76819B06DA021764DFDE29E0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.492911726228479
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHWfrVl8iB/CD:CRsyeBmWfV8ZSXSHWzVlRBKD
                                                                                                                                                                                                                                                                                            MD5:0E82D31FA650A5FB79C67093AC1F50F1
                                                                                                                                                                                                                                                                                            SHA1:E10FAA42C905057FA474C7C4FD2F22BE22F46C85
                                                                                                                                                                                                                                                                                            SHA-256:68BD2756ADD7789903BEEE1E7D6069D713F636018E1509326DB3B25D6858C210
                                                                                                                                                                                                                                                                                            SHA-512:C6DDA3BD37AFA5B2731449A0652344429EB531234E8FB195614D5ECEFA4E77AEF1705908E042AF169C8B38E71915411863B9CCE50E58D9A87E8C3D274EC1977E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6F23615C6288FC2645FF22F027EBDE5A0262899B13926A50F69E7EE5C72552CB974C8586A970DA7267BC7313FE74F8B13CAD43399A6C1C0F3AB57CF28B0419F8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.463857822769162
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHCWEk4UpdB4hs:CRsyeBmWfV8ZSXSHyk4Pi
                                                                                                                                                                                                                                                                                            MD5:3792DE93D44D6289EE5388349D729607
                                                                                                                                                                                                                                                                                            SHA1:815BCB52DAA7E4FDC98F1FBD8F2E3D9A8B14E4A0
                                                                                                                                                                                                                                                                                            SHA-256:800B0417BA5C8A3DB3A243CB9254D44C0EEA953B2F544E9AF201E462C4D5AE6B
                                                                                                                                                                                                                                                                                            SHA-512:757E13905E249BF36BC0A743B7D4A728C54633644D6E198E3231DC728A3A1A3D507AAF2EBE40C3B09794759AE458C9A3DFF5E202D528BC79B9201B230CC66641
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//66ACA5C20E972445DEB27AF18C4AE3193E49262ED3E8E38568BED15D740EBB7199AB389DCA190C46B90952420A7ADF9668DD413858E917C1247D59EE4645D18E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.48254289768309
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHVS3BImvNOMXc:CRsyeBmWfV8ZSXSHVS3BBO1
                                                                                                                                                                                                                                                                                            MD5:45B28CDACC34949350960E06F6C98856
                                                                                                                                                                                                                                                                                            SHA1:638E59990FA4D70D1207779F0F57A7BE018A41BA
                                                                                                                                                                                                                                                                                            SHA-256:998ECB94CF0A065D2702BC62543989C6B23E01EC0832759481FF9E58FC43842E
                                                                                                                                                                                                                                                                                            SHA-512:709B224AE50FD9BC0C576EC180A5D6E850DFB951E36FD9DA9519E02B0897C9BD69D367E88B561A4DAB09C8850D4038EA29F0D090328D352F7AC5E0DEE90B87FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//2C75E9CD1849B054F7046B2BA198CFDCA4D8426C5942E99E344F5FF6C8D7575BE7177A0784F986BD9D7AAF4C9008D37E3F00382CF31AA93A421F6E74A76C99EA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.492610578011585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH5dijZHHXtmRhuG:CRsyeBmWfV8ZSXSH5dijFM2G
                                                                                                                                                                                                                                                                                            MD5:5ECF99BF16BC4898A39B78775C1FFAC0
                                                                                                                                                                                                                                                                                            SHA1:059256EB40024CB0F06F9D56694A4F37AC17FDC1
                                                                                                                                                                                                                                                                                            SHA-256:6F186379B072E3FBA8F5018F4D8F59E825458BA9BC24E24CEAEC698E6954A310
                                                                                                                                                                                                                                                                                            SHA-512:F4EEFF34EA782407FF3AFF56790215A1934251C27CB7B883DC3D41DC5EE5748E619F7C6C7DABA770FD2F07D9AD4867EA432D6D14EF7BEB70E907D01691D0385C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//49685C4BB3F61FD03BA56D994F3EC5F2CC9121877FAE2D7BDBCB22B6DD8AFAD9044F714B954B8C514773CFA9EC14088B70A32E4848D0068742D4287630D04129++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.483922645463424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHDGXUexD6Au6Wg8nod:CRsyeBmWfV8ZSXSHDG0ARDei
                                                                                                                                                                                                                                                                                            MD5:BD9412EDEF442D466606CF0B60C95546
                                                                                                                                                                                                                                                                                            SHA1:52C820E3E8B2DBCD15F2364CDAAD53B96C04C737
                                                                                                                                                                                                                                                                                            SHA-256:D61E9DAC65BE83C197C9BECFC913AF79399BFD22BB99E4506FE0CF5352F480E6
                                                                                                                                                                                                                                                                                            SHA-512:3ED79C9183EE0C82A51DF473F15CBDD2B7DA471CBBE362F4F952F000BC725E653693C04A7592AF8161E3B97C7E6990AD2FF32275D7EDAF3589ED99FB5D9D697C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//48BB32968381D536094FBD15C9BC0F445BAD1EC06932E03B9FAC004CECAB4D2C274FE216AD06848EF648388BB3E3C88945725C85AD572227E165DF0327AEDDBF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.462293227116516
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHTmX6eNHRUo:CRsyeBmWfV8ZSXSHThU3
                                                                                                                                                                                                                                                                                            MD5:2DBC44F9BA34A2EDA3880E0BF39A6761
                                                                                                                                                                                                                                                                                            SHA1:10E34E1921DDE19718DC1D067097C5978E93D591
                                                                                                                                                                                                                                                                                            SHA-256:D5313B63C8EAAED4251B5EEE3B9CF53ACA2F2C13B74C59F5B0CE94DF8D59E951
                                                                                                                                                                                                                                                                                            SHA-512:BA1355D632C77BD096D2C9BAF01A9CB2E7DAC45058AD6842F162E640B2C9CB4320E2067C14BF1B6B50C9E7F479EFEF3A0E44F0710CB50D445DE5B9D791E81CCA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//F615E347B1727ABEE77E3FECDC21542A4266928977DE9E0AC792E34B2F9F6356BD5BDA4E8B7F279BF4367093893E959D4C9CA5C4A1E575798BC6ED267AFF8FB5++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4717096752512004
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHY1ycmkhujWuic4sk:CRsyeBmWfV8ZSXSHY1yfWZc4sk
                                                                                                                                                                                                                                                                                            MD5:4FB4D752F6A57E650535D6B1B9455D36
                                                                                                                                                                                                                                                                                            SHA1:0BEA700966FD703B9B7FB0B4D5ADD214A92D16E2
                                                                                                                                                                                                                                                                                            SHA-256:3F9DE6A678A9989FAE457B7F0066F9B9C46E32AD5E601B9A7BA30D2DCE7D8F83
                                                                                                                                                                                                                                                                                            SHA-512:65B196A6DE0043A870C0AEE1CDCAE30C24A7BAF061677701CC3D7A2B501F0A41E5EBEB99D99D6DA6D4DFC59B38B4C5CE35F9360082F339BB9E323C60AD5EB677
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//8F40F7704B250A1D68472AFC4D67F7AF67C5FBCAF8A1CED37A9DC11B47A3C365A842CAF16345BEE2F5EF1A9DFEF5AA727360091DC4DB8AB68AA35278C3FC6D69++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.470472064074934
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRqLt57ltuUPKO:pCPR+2cyeBmNEfSU8ZpoXSHfZ5pt1T
                                                                                                                                                                                                                                                                                            MD5:406861BD0494D46A7EB20B1821BF9529
                                                                                                                                                                                                                                                                                            SHA1:2E039788D392FC5C59CFEC1DD21B936786CF4879
                                                                                                                                                                                                                                                                                            SHA-256:3A3B6FE9F0BEBC41B0DD70DF811EAB2B9AFCBDD51BBB695B47BBD7BE2EB31764
                                                                                                                                                                                                                                                                                            SHA-512:A483CFEA51109056671531905D8F4DB171C532A9943D7201670BE63A4335099016E94A0852FF246D72652DD8543092DE269B25735A548881CDFE1BF18B952CF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//5615DB4C31FAC25E55E2C92098E555AE4B7061328BF7AD23D759202E333AA3BFEB62F9923E4F25EAB259CA520FDA4AAF17DB707C92885DD1B93D9FA968A42B89++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.471730030790368
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRjehgnQqSZ2Os:pCPR+2cyeBmNEfSU8ZpoXSHxaPSQOG/
                                                                                                                                                                                                                                                                                            MD5:217B843ECEE12A8C67A35D06AE99D2BB
                                                                                                                                                                                                                                                                                            SHA1:445CB8CF2BF965DBBC18854FCF0AF2B740F76174
                                                                                                                                                                                                                                                                                            SHA-256:FF122073C8E58111616B91A39E0DFA616C11408020605D1EA1C4CA746A2455B5
                                                                                                                                                                                                                                                                                            SHA-512:0F915C5B06493A1BF46477A81E2EAFD65B69F34CFFFB2F9CD4CB8568AF3823EFD763761B25161870DF933FF15CF87818DD940B53CD11FF60FF97DE73883DE9DA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//9F72E0FB3B27749E6171AB885A21CC3C51D315CEBAA1B5157799CF0351F1C6EA3BD3D3F8C3C7458015D97CBC9601D95A3E9666A6734491A59D96B9C2A7967328++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.473708421161808
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHFbn3bPwdWW:CRsyeBmWfV8ZSXSHlUUW
                                                                                                                                                                                                                                                                                            MD5:098CBD8DC5053578AEF341E2A2618FDD
                                                                                                                                                                                                                                                                                            SHA1:232EA126694E06A0A68B5A38D7CBA8FF4ECB735E
                                                                                                                                                                                                                                                                                            SHA-256:2647296C825B78036CC30648CF4E0F744BBA48468C2419975DF762EF7A9DE156
                                                                                                                                                                                                                                                                                            SHA-512:A3192EBAB170488774F7265F11EC78A5928CBD8366524B2222EF036396047DCBA0BF36063D33B9EC7EDFF5AF2766A15901338FEFE8A0F7A93B01B5D24A8EFCCE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//48520D268612E1E85074EE09C4566105ACFA0CA6F7764818BA367FDBCE7BEAA36FC2E35712790E774372EFD3B16D68FA5C15129825CEF83A0C3A0CCB5AA81137++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.486840278540761
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHA/e6v8OghdW72dn:CRsyeBmWfV8ZSXSH4s02d
                                                                                                                                                                                                                                                                                            MD5:4418B667658DE1FF93D1EE5BF84AB4CB
                                                                                                                                                                                                                                                                                            SHA1:8006390A89FFECF5A04185E01117CF116CC4084F
                                                                                                                                                                                                                                                                                            SHA-256:157541CA02923211F6915A94E86AFF5340F02A735CB068853076951717771ABA
                                                                                                                                                                                                                                                                                            SHA-512:2C63B40F93E0C3B3777DB300CFC32ADF3DFEA436653D3A992996E8C4F5033C900B3B5552343D4AB9DDD9EDC18F0F59CF35524E9D36293D5554525A87410FA1DB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//69AC2955206173C9E6CD2A8F70BAA855A43DC3792BBD95D7909E2DAD326FC72502801B829F72955CB49087F4B7555E11729F138DF26BAA2510DD45F0AA8C43CA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.480021267330034
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeReTGqLTR4Cy7/:pCPR+2cyeBmNEfSU8ZpoXSHt9g/BDSr2
                                                                                                                                                                                                                                                                                            MD5:CF885578AC4828AC6503BE7CA214D099
                                                                                                                                                                                                                                                                                            SHA1:2179AB4273E58D95432D61E8C0FF883FEA763341
                                                                                                                                                                                                                                                                                            SHA-256:D319043C24707408EB251BEC915BC7FF9FB94CE6561902152901C94DB926FF9E
                                                                                                                                                                                                                                                                                            SHA-512:E96EE54453DCEF06E60F65B3C83504347C442C6E2C07145A35A520646C7611077B61FDDDA955D0CCBA1E6597878201EE98064516162A89482BE3D4944E13C5CC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//57A55861E6606D90F01FF3B35EF82FB0776244C8B5269BF22BDAEA80BE6AC265A27F3B6B5E5E258204D4A4A309B21BD7E004A72AF5E78C9AFB938C8ACF917ACE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.45181985428985
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeR7LsMgjNY/h57:pCPR+2cyeBmNEfSU8ZpoXSHUsUr4vcn
                                                                                                                                                                                                                                                                                            MD5:A7002E78FB59661750716B1AE19F1542
                                                                                                                                                                                                                                                                                            SHA1:116BA5FC50FF76F83810858BEBD37BBFD3AD2DC0
                                                                                                                                                                                                                                                                                            SHA-256:B08EE5B9D582D6223ACEEACB844732AFBF54E63C9226A8053087612DDB99BC94
                                                                                                                                                                                                                                                                                            SHA-512:CB8D31CB53F2B948DD5815B333983B9980CCFD84CFAFC2645BADD520012624C90EFE899A7F7493557433FDF5715E5F4C54B29A8DCB2E8D0A4E130C9F20A82360
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//5DC51EAE8CBB5ECD51389CD91E8D116549D85E5CDC71133CE016EE2503A7D1B893A3CB2420FBF2548D9A8E09B7EDBE1963394BF6F6BC10B1FA8CADE14A4F8B97++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.484908383820972
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH94UWHCeE3kw8l:CRsyeBmWfV8ZSXSHb9yl
                                                                                                                                                                                                                                                                                            MD5:524596E2C7887EB48B2A1D8381E178AC
                                                                                                                                                                                                                                                                                            SHA1:A7F1B1D2BEF2F9157D246DBCBAF1CA822D96201E
                                                                                                                                                                                                                                                                                            SHA-256:7C0921E02303A4E770F15B5E456226CA1EE1DC690DAC0BD2FA8C914F55CF5E00
                                                                                                                                                                                                                                                                                            SHA-512:22BD56A890E043CEDA054953CC96C05EA7041FEB7D8CF1484EC7BB242DCF96D5ACB273611841FA6EF8779D6379F68272CEFF3D6D49D527B88B866F2D29350866
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//EBEFF53261003409B2AAD56ADA2ABEA17103D60E9FE81FB2622FCE1BD74551F2A2FD4BA059874501C4D6E1F0597A32288394124A831FCB22694213CF9508AEEC++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.503387774821352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHXHj2nTbdRndO:CRsyeBmWfV8ZSXSHYR4
                                                                                                                                                                                                                                                                                            MD5:7542D76C7D92823EFD4A4D611D147DE0
                                                                                                                                                                                                                                                                                            SHA1:F5F4D5D39CC20E7E1A3FC1E7954EB80C62E305F5
                                                                                                                                                                                                                                                                                            SHA-256:65F0A36F452344AD682CFE5BAEDE152E951EF837A7E649F973CBA5E49FCDBF19
                                                                                                                                                                                                                                                                                            SHA-512:9F0EC700C0D339EAA810F5666723E79E2D0F74D89DB1A69B28AED41F8F856E977ECFC00AE8819241E0D82D2B06B8795C562C6A43CE114FADF4A2A44E91601F1E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//7C28FE4000A0DD98AB49410E7CF66DFFF445600629F76C9FA879D002303BA2F2F99C1282EC810614F2B369BFFA768B28558958AB0AEE495141236331D98730BF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.446185744151203
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHF5+zKlsa3O:CRsyeBmWfV8ZSXSHFFd+
                                                                                                                                                                                                                                                                                            MD5:A6306FB31C84DAE0F03C9777BBA5970B
                                                                                                                                                                                                                                                                                            SHA1:3AA6341E7E6CFBE232F28EFA9D67EA49F7CDCF70
                                                                                                                                                                                                                                                                                            SHA-256:FAF7AC098A5D6F800E29D1413905BE616116A04ACA2784B6803BBBBA1C685026
                                                                                                                                                                                                                                                                                            SHA-512:8797EA6BBD307F40257A5C5558F9E722DE27D78B38AEB0DA6B170BBEA10756F6CEFF06DEB5DB8086E3E05A09E18B00BA6BF647FB5541D0581B142712C0649B62
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//BD16C4EC7684CE8B3C31A50ED26A308128ECDCE00C2E2A87676212B09890862C031D3E848000FE97BE69B803DAD0B1CB82CD12CF4DF2D9DAC4962C93B41B1513++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.480376341970164
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeR+EHYXVXpXqAZ:pCPR+2cyeBmNEfSU8ZpoXSH0eGHDy
                                                                                                                                                                                                                                                                                            MD5:0750287F76B0ABB7CA178C1EAEC0CC37
                                                                                                                                                                                                                                                                                            SHA1:318882F530AEA3CA0D1C8264BE9F46356CF703D4
                                                                                                                                                                                                                                                                                            SHA-256:3D093DC768311B7B70CFCF649A9A56CC6D1D73086606CE768AA326B82F5B15D5
                                                                                                                                                                                                                                                                                            SHA-512:A9F4CF06E64245E9675BEC32F2848C97D2EC9EAB5F0162AA98E6426D1F36DE611CEBA88AADF01ADD564B3BEFF828A273A2750DC2AFD7520A5654E0209BDCDDF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//100F0D7283DA156A62F5A202AB2960D43AA1C8DE03264EEFB9E2D20D77173C0D2F57EF33AC87459BBAED309FE7A931356CEC78A1F356BC193EE96117E55B4080++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.492091669465854
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHETkyvbV8cpoh:CRsyeBmWfV8ZSXSHET3DV8cmh
                                                                                                                                                                                                                                                                                            MD5:15943C6CEB8CB108FFBE93FF4436326F
                                                                                                                                                                                                                                                                                            SHA1:FD8E5148FE8B981077D95CDB86443A4BE00767BE
                                                                                                                                                                                                                                                                                            SHA-256:E67C68A06890305DA1582D0CCC7306152CFBD60865F8265C4D0389B804679E0B
                                                                                                                                                                                                                                                                                            SHA-512:7D618EB1B0B32A68A9F5A6AE7CA9A7FF4B6742BB53CC97A3FD1C5219FBB6160150936AB7D01099229984C9D7AA87A172389ACE28BF306041BFD15B382BAA0E03
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//3694E86E6C27B14695ADFEE4FD14BCBA7443F183719540185DC90D2A71E189F32938D016ABDB1F5906721179D862E70673FB9FEFA1D6E7AB60D38518BA77468D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4636786816405465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRfdFd+niNSVdv:pCPR+2cyeBmNEfSU8ZpoXSHB33XEubcY
                                                                                                                                                                                                                                                                                            MD5:C3DABCD27D52EC4A729E584603E253BA
                                                                                                                                                                                                                                                                                            SHA1:A183FCC0420C0A28107FBC19AE3D7EEA79C92AD3
                                                                                                                                                                                                                                                                                            SHA-256:31FC3CCEEE0FC6229059BFF65181ECB837DFB648401752693582472DA7DC6B76
                                                                                                                                                                                                                                                                                            SHA-512:F9797082009CBE7C4435017732CD09C5AEC332C830F88A1F82A5993E37A79B3F2CEC788BA38AD0FFE9B60D97841646A20E408A7E1A2AB27E4510BB26F429A2D2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//7E6F2D8C2787AB7089CEDC3A4E307C8B98B1D1265962DC587C1B625E81F9AFF9E0B41EB189ED3250DF1E88803A3BF57A5FA2E0A7AD862B9CE38F368CCBC70FAF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):411
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.481160883204284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHoK+bSZpuQnsD:CRsyeBmWfV8ZSXSHoKcQsD
                                                                                                                                                                                                                                                                                            MD5:C0C47BE6026E0BE8981068918F1A5340
                                                                                                                                                                                                                                                                                            SHA1:F32C8E44E91303DC0FDF7EA745B0AFF7A616F6D8
                                                                                                                                                                                                                                                                                            SHA-256:89C322DF5DA53A2E6226E35342C316F56AEC2A0138F531C7A45D89E48092DFB5
                                                                                                                                                                                                                                                                                            SHA-512:96FAE08FE16A463AE89CC2200BCACE9A9289DD015E96B61BE5D6D9035ACDD60BFB4DECA2A0C3805674DAB572B5CA6FEBEEA35B8515749CC217F6DF838C45F1F9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//128B8A91DA30B9760EDD2C072F99B5D6EC64F1BAE2AE7AEAA88541342DE1E44541F607D67F4ADFA2C57A36CFC00885219DC4B8BB6241F99813EC551721AAF7CA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):716
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.607011971536562
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRTouifdRnMA2ndBN:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9z
                                                                                                                                                                                                                                                                                            MD5:DB5296C11A4E1E23249BFBA40CE350D8
                                                                                                                                                                                                                                                                                            SHA1:85C35D7E41A25D99378F2814874547D87010913F
                                                                                                                                                                                                                                                                                            SHA-256:957F3FFE17A9069F4750CD36096BD997349B53A1952A67D5C1F9FD6B5851EEF2
                                                                                                                                                                                                                                                                                            SHA-512:2D143620D9B37B28EE8F16FEBA6F422C3B4765D7D22976C941609BA283AD6636B4306C7D0E32ADF7595B7B01E0CE86F29FDF452EA6739483ACE1EF206809D77F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//81042082CF7CB241A3443F862EE0EECFC8376F5C371C52B28F8DEA321E42D8840BC343D8FABC64A697B28E43C4C1C1BFA5EC01A85A0790B68226181A356241BD++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):728
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.532507354590994
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bikzbkLwT5zxjAHo8wN9wuRTo36ClngbD3CXh:7e9SlNLiafLYFv9KO4dWIOHo8wN9ZROf
                                                                                                                                                                                                                                                                                            MD5:7B935965B36524190BD312B61B43A078
                                                                                                                                                                                                                                                                                            SHA1:52C05B0B95461D1B80543AA032422F91BA6BC72B
                                                                                                                                                                                                                                                                                            SHA-256:3C137CDC865081F47A2F8062CE7B9A3F951F992F236B974582589CD8014A8AAF
                                                                                                                                                                                                                                                                                            SHA-512:2EB7186ACFC3570FA08F39225B4198616547627CFFDAB9D47A58A25FF9FEFD8EC68AEE886622983E404E87C918024888DC39FF1C94B0BA7499ADFF08864C356D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3E820E543090689D74FF63DE8AEDAAE21AE9AB8C7D697AED71A8150A8BAE9004FC3F4C908202E74DEBAF28611421437720982EFDCC7CB2A2BA103910200151AA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):695
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.523104478615486
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRTo4SruEFqcgZwh:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZR4
                                                                                                                                                                                                                                                                                            MD5:40ACF45F141BA18E03507C2082902777
                                                                                                                                                                                                                                                                                            SHA1:DAB8213D3E5FFF5838D1CB873E65784B635DE966
                                                                                                                                                                                                                                                                                            SHA-256:CD252FEECF3EE19E9C849783C416E9B782BFD3D681C658FB1464DABFCB839019
                                                                                                                                                                                                                                                                                            SHA-512:189881E6F381CA9F6392C7B9DBD302C119158997C1B6D9E23E9D2EB375FA54FD453DE6515E073A59F6AFC14132571B4C3ECE176DA75B9244A1CD5224D6348A99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//49321CFEBE589D1646EB716015DFBDDDBC5CB3611EF0CC5F0E546054368EF7FFF2A13B5AF228BB9481A39AE66C23F091EECA5628AEFC29837E2DAA08BDF0F01A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):750
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.752183544639771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRToElNyhV3eEX2:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9h
                                                                                                                                                                                                                                                                                            MD5:25AC661CB1DA437FE20306E83B1F0752
                                                                                                                                                                                                                                                                                            SHA1:44E4613D0C73D7A51F4C649022AD3117E4ABFD7A
                                                                                                                                                                                                                                                                                            SHA-256:262AC8842829AFEEACDF6F83AF411381669D507CD3D60A51BA200C9F13385F28
                                                                                                                                                                                                                                                                                            SHA-512:B8B8C5DA963A5EE2A0357C45B70A8DE1465135A8764BF8251CEA65A8F56568796C663116F2EF58B91192F538D17937CFB9A83C580247CC74E172B94A35EECB9B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7AA3959D20712220C1EE8D6030BFEABD0FE618A56739AEB295AA1FDD7536506322ED0BDF68CE43EF03EB8900FAD16939DE7E65016BB3BC3B1C54618D07E1FC9D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):688
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5142215205780944
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRToXk7YVbFXyREIa:7e9SlNLiafLYFv9KO4zkCWIoT9ZRekU9
                                                                                                                                                                                                                                                                                            MD5:5B28705E4840EF14D1893BE363B803BD
                                                                                                                                                                                                                                                                                            SHA1:10BF34AF49949E96B94A2A0E013BB156683B4D3E
                                                                                                                                                                                                                                                                                            SHA-256:4E0D93048BB7F2995CCB68C151BDBD5D8589948F81DE2280502831DE03DCE62D
                                                                                                                                                                                                                                                                                            SHA-512:FE75224A87BE247C7114BB049ED25F55F427F1CDBDBBD685366F036E8891B270214F77958A6D8A905B66DEC529129C644321E5125A1C5317099DA2C780A8A4B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//4880C596D977ADDC5F6D3DE47F016E24850A8A25B6B56EC102FB57BE17EF30F108D9A49AE7BFD248E08C2CE6AE5D4B173F602DEC34B0926DFA5EB9F879CC09F1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.532615699841096
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToroabkmwYn:7e9SlNLiafrFv9KO40gnWIqgV9ZR5En
                                                                                                                                                                                                                                                                                            MD5:8E6F1DCBF2BBDD4812FA4F2DAB9C43A8
                                                                                                                                                                                                                                                                                            SHA1:180B797F99229214046DCB1C5BC9F2D646A75E13
                                                                                                                                                                                                                                                                                            SHA-256:D2BE5B199291B5BAB255A83AE6B0AA82D0EFE0E0DECF8937DB521C6708DCB980
                                                                                                                                                                                                                                                                                            SHA-512:5C4373EAD81032E51B69798A250890B9A2FBC9A63D26749A72CEB93B7F43682BF883BC1C10F273C92DA13996DD466130AD28803E42A78DD5BE0FD3B3B05FCBA8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7AA804C15F6975C084E7F423A39B1C4D1E061F52EE01933A21C16015FB0611C02DE575E939968EAE27B083C0DD9A5D7D263C3CC462F91B26A3EF4321880F1C8F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.522511534706463
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmgnbkLwT5zxjcglP9wuRToTZ/xVUhxkeGdnEV9F:7e9SlNLiafrFv9KO40gnWIqgV9ZRK3Vw
                                                                                                                                                                                                                                                                                            MD5:98EFE7D3B444951AFDCB0ACBB730C25E
                                                                                                                                                                                                                                                                                            SHA1:EC3799399BA47D27AEAC09EB21B7E18714E1B2E7
                                                                                                                                                                                                                                                                                            SHA-256:10252291B3535DBCB63E84374010830ED20530C03A4E25B2A499120FB356FAAF
                                                                                                                                                                                                                                                                                            SHA-512:89CC94F506B6F0DCE08A037EC0ACA6821A2DBF258A2043AFA4D2884B14A21540F0467CA01E0B7909D38FE16997A034E50CCC04D9BA8BECDE2616143448128D69
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D230E1F1A500DB032A710473C3AECDA773F053E1419B3DA43B5CF22F51D59DF2B34B096545A072A09360F6AE735D8607C07EBE0C97AA8BF78D6E1D3083E3556B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):692
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.533689253513386
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biu6gbkLwT5zxjAHo88WN9wuRToGKheR22I6n:7e9SlNLiafsv9KO4RWIOHo8Z9ZRLEA2A
                                                                                                                                                                                                                                                                                            MD5:D0C17F7AE5C3DA9BE7BC96245E9D0F5E
                                                                                                                                                                                                                                                                                            SHA1:9BF2CDBA16C3CCCCD7A2E069086342333B573D0D
                                                                                                                                                                                                                                                                                            SHA-256:DCD5D47D3477438074B190ED1E00A72ACF74401354646F02CF00A1A77205D317
                                                                                                                                                                                                                                                                                            SHA-512:48C3C0647EABF13366E919EFB7E7A24B520917098852C49DEEA36CF430A8879C2225A2997C4F8B75A1F86CE3E5C0BEC68E714BD6D1DF2B6FA8B767FD16820DEE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//BC956D6A6A53E1F7AAD19F3D631FEF940A670FD790C7DEB3A241CABBBF67E2083B495DBB95B04F2262B036B552D8A56A0044921BF062E1DD666173CB9843DB94++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.55151240094457
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRToEkhTpm8n:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRSz
                                                                                                                                                                                                                                                                                            MD5:BC4A141B5CBC453B3F05FE63DF0BA5B3
                                                                                                                                                                                                                                                                                            SHA1:0855321761C9A7035A8798FC211F597B2BCD24CC
                                                                                                                                                                                                                                                                                            SHA-256:6C373DF185597E9B942D5738D1077919AF981DBEAE5A2DB69F7D06BB58137EC1
                                                                                                                                                                                                                                                                                            SHA-512:85AF7B1CDD91DA5F1BBAD996866C42B6EFB2D8A35A52799F85C025361C211AA2BC40B1869CEE7A50EC9A24FC3B8862A58A290258D741018AB6E5B350541CE0B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0F0F9CFDACF5B41C6C177531339BE320FAFEF6A800775EC347D5D488EFA8F8317B5DE20B713422F1FBFDC13EC57F67B1CC08B1A30C59525F06DEC2E0D56A5668++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.530208948535214
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+QdbkLwT5zxjAHo8g9wuRToc3PJYs5aA:7e9SlNLiafLYFv9KO4QdWIOHo8g9ZRnf
                                                                                                                                                                                                                                                                                            MD5:C44E59985A55311E7F6BAA87EF993B98
                                                                                                                                                                                                                                                                                            SHA1:12134E8C69120B2FBC8AF82E1BE8183DB5BB898E
                                                                                                                                                                                                                                                                                            SHA-256:32E9956A1AB7DFDC54EB77B1FFFCDADD2DFEC0CA5B4D38F2A5B950A79F5D062D
                                                                                                                                                                                                                                                                                            SHA-512:2ADCC224B551C403FF00FC21311FF9D842027FB2BEDE9F64B66F08A128D561517721CE3C72BC5B8F38D70E7FF526C911BB99BEC23021DC5589B80BF7DF2203B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//998ED52278AF698342457AFEF2ABFC43EB8E1CA85C5511CF6E5DEEC26B18184BDA7A567652CA7982A1162D16F248961F2D98D598A2792DAA948A5069C85CE9A3++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):703
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.518105253351284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRTo9g3Zlw:7e9SlNLiaflv9KO43BoWIVT9ZRdPw
                                                                                                                                                                                                                                                                                            MD5:DC378106F4DEAEC0CABD0F5E88A515AC
                                                                                                                                                                                                                                                                                            SHA1:F67E647DD898830A46A8B6480D8806E2A73917BF
                                                                                                                                                                                                                                                                                            SHA-256:CCE7D0C8F783F6D14436AEFC89B8879A4700AE8BC1DC5912D0B9C2EBF365A0A3
                                                                                                                                                                                                                                                                                            SHA-512:39DD91FE9AFBCC7D4D31134315360D595A83A845799C256147A71B94A08696FDAF383867CD51961950821D75CCD4748EFD0D844AC6F9568038AC8649D235C4C1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//A493FBFB5AE3EC66777ECF1DB2BA30F9F1F4A6E6DFCBAC4EDA0DA7443D2DC28F3CCF659841F3F6446712C6D8D47AC143ED02C8A4EAC11C700573E2C920ABF9C2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):699
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.599467220659489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRTo4dzeBXMPjZS:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwvo
                                                                                                                                                                                                                                                                                            MD5:04D4B5B205C463AD95BD36318E6714AE
                                                                                                                                                                                                                                                                                            SHA1:8F2D5223224D0DB4445D37B29F624DB2C56BA0E8
                                                                                                                                                                                                                                                                                            SHA-256:6C47EA4147DB11C121F90CB9456CCB273AB45B7D3BF291F795DE4D99CA8DA668
                                                                                                                                                                                                                                                                                            SHA-512:DEF6234A83BC211AE3CA539A282400869A8FFF95ABCDB90C2F31436D0A27EA2BBA26A0094089196C8F1C173E52FA6A1AD1C50E369148DE4908C07BF4433AB738
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//CD9F5CF6CBBBA54C3F23A659D3912D647862A87F5273FB0E2DBFF22941D2BE434F1A6538BE7A4CD09D28EF385A95B92D9C48A687DBE1B013FBAA731521673633++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):697
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.539019069592982
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNkbkLwT5zxjm79wuRToCaP1QsZzXt7lP8:7e9SlNLiafVv9KO4akWIo79ZRBYasZdm
                                                                                                                                                                                                                                                                                            MD5:66DA2DC63D6A3925D48F40AEB602D502
                                                                                                                                                                                                                                                                                            SHA1:A53F5FA1B97FC7CAFFAEDFF3E3FD7B8C0725D2A7
                                                                                                                                                                                                                                                                                            SHA-256:1638AB11E485CA57AEC94F987B5B0CA7B9D0B8B09CD7B80A36FD3DCF0BC3F55A
                                                                                                                                                                                                                                                                                            SHA-512:13766D0071C8B96FA222645026C7BBDF78D1C629C0C5A7FE7796A3F05384C652B36602D792A8C9106E90C1B0623DC11AEB7BFBE4DDBBDDBB1BFC7AB409B474CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//01F59DD33A54B1B634D2DAD086EB337D2F51F8692DD0CF7F590351097B7C81BBFA9106E0E29D53425605E0B0A607D8C11B05FFF8CABBAA10DA77B6B84C1D138E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):808
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.738433406660423
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZRenKLs:K9fLdICdfA49XLAWIOfUHFqms
                                                                                                                                                                                                                                                                                            MD5:AE48A5FF7596694A4FD1AB26F50B00E3
                                                                                                                                                                                                                                                                                            SHA1:702780AC40822B2ADD3139E0B7B123834CA4B487
                                                                                                                                                                                                                                                                                            SHA-256:6DF0DEA4086371AD6A3F1DAFA584FD2531F0229DFC518396AA3434F3DFEFF7A6
                                                                                                                                                                                                                                                                                            SHA-512:DC188AD001508C0BAD665E7AD9886551283E5B16BC590FCD5B14373401ADB137119C93FFA68C69B939E1989D6861449A4C200D7BDACDD97BAD82190B51BC272D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1C4184071F95F14CF00EEBD3AB4A7D7995B06EC7F97188DFFC294ECA8E75AF545331449C57697749715F92FE166E2E4AE3D22882960F462CE6F6996A1E75D592++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):742
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.822041209914263
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRToQciKdyhQyVSTrF:7e9Ed13isnfVtv9kc4sWIViQ9ZR8yQDl
                                                                                                                                                                                                                                                                                            MD5:DC7B76F9DE7F35276C2143C5EB102EBF
                                                                                                                                                                                                                                                                                            SHA1:8D2AB5544CCB298761AD43B3644041023B758BDD
                                                                                                                                                                                                                                                                                            SHA-256:B7AF107F96B56FC6FCBC642A0A6F94F0ACF0352A2FC8D6A30B0DC4F7A78F3576
                                                                                                                                                                                                                                                                                            SHA-512:B231589775366E1B6B4D12497F321E9A93D2C8DF0C5CC1BBCBA1012CE8BD4429FEFA91BE68EEC9C797649FA2A14FA7DA8342F23023EA4B17C6F6F1B194EF7BFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//AAFA73BEEF104F5ADBF69569B45268191B8C4082876E870E1484D98FA17AC8F7275EE9083D7D9FBE552E3144770D5820AE3AA2B0FCC2E732A3BA80B338CE1904++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):696
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.563291933943177
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRToSdP3oynrr:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZRZ3v
                                                                                                                                                                                                                                                                                            MD5:DD4688CB4523EE561CA94C2DA49E335A
                                                                                                                                                                                                                                                                                            SHA1:8047EC0B501FA264F945957C0E362310B1CE66E7
                                                                                                                                                                                                                                                                                            SHA-256:3F1E1DD5CE540E4DC4C06313851F35FFD1D7DFB27961059FD32947F2D8661F05
                                                                                                                                                                                                                                                                                            SHA-512:9FF8C8392F336D7291574542505A8175693CA1534D4BA26977F1817E261727FF5CBBC31788A23735E7617950F06DBA20EAEACA563399A492EA155E48B60CD191
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9E9A1473D0E14AFD79647DE49EBDB6500B342965F5C3E5F660CA5BE56755AB544CE8034283771B76E169B8FCC0E95742C6CAD1E238FC2211EB505CF6BC884601++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):746
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6087546952598295
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biqLEnbkLAWB2CT5zxjAHo8CW9AWB2CuRTo4r/0Wp:7e9SlNLiafyv9KO4zLEnWtB26OHo8CWo
                                                                                                                                                                                                                                                                                            MD5:12B1FCF468BEEA23810C5E29E00955A3
                                                                                                                                                                                                                                                                                            SHA1:1C5829EDEBAB9768FA20308DE723FB452A09BD2D
                                                                                                                                                                                                                                                                                            SHA-256:F214DF27C228AF7545300A18535433501C730B035A46E5F9C5B6D8EA134ED3E1
                                                                                                                                                                                                                                                                                            SHA-512:8309B74B03D8D2E5F55ABA411DA06B604B74586438CF13CEF59A92E07C0EC9D5B389420B73CB98558ACD0B3266311E861CFAE71D63ADAEE639A128872461BEFF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//CB6340B4EFECAB3E71CB08FD5C0F4C5285E77639F0E2D8361F3498F4A47F78E2FAAB43BD5148673AB645AC0AC3E22C9D3110834DD0FE917B44E73BE905B94BD7++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):709
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.547492619756502
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRToozzFT2bGG:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRkH
                                                                                                                                                                                                                                                                                            MD5:8826C3D661F02DF18E529EE006C0074E
                                                                                                                                                                                                                                                                                            SHA1:3B34EB20315AC50282146A4204D3EBB1BAB9E5A2
                                                                                                                                                                                                                                                                                            SHA-256:AADC501672DFC69A1443DB6DF6E7E265105AD0D35E2970A0BE0B581934EBFBA8
                                                                                                                                                                                                                                                                                            SHA-512:8299A48AA7B13FB6CC757FE0D01FC33073218FCE89E0AEE014A5550FA8EB0DA43295E9B81113E523CBAB26531CDEE98EC65D7D3E3FE9742A640651381E2D934D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//17FDDA361C160E1D310873ACC18B2A0ADD5102010B762EB776BD100F17C46301160D84E653EC76428F9ED2C2B81B441B716B90800DF6CCCA3ACA5D867D193D60++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.538511894040431
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRTo1AMvVqghkK2a:7e9SlNLiafBv9KO40HWIOHo8K9ZRqA3w
                                                                                                                                                                                                                                                                                            MD5:FDE3D3EA8FE84835283B9B56430EC29E
                                                                                                                                                                                                                                                                                            SHA1:1264DCF81224D50E00668F2AB05954205445704F
                                                                                                                                                                                                                                                                                            SHA-256:F320951C0B9E57DDF7A910E0B94F4125B15320C8656CAE832DA0D1DAC46604E3
                                                                                                                                                                                                                                                                                            SHA-512:1DEE807E2BEBFDCB144421FD9CE53EF5CC26352CDC29E784498727C6966F92CDBFAFEE0E9584F25361ABA2726AB656FEAB3FC8D7A65348AA939D1BC1A398E0BD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//B6B6A9911A08317B36CCB25A27F2A509E5FE6E73002120AD1BED572BE9D87A7CFDBA2607ECB9E5023860C494E0F4F0708E84CEEF8BFDA4F07F53491FD9BFBEBF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.537523162423459
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmuybkLwT5zxjmkf9wuRToc79Bz72b:7e9SlNLiafBv9KO40nWIoK9ZRHpBz72b
                                                                                                                                                                                                                                                                                            MD5:14C56FFA20920CCDE1B19B733CB85FAB
                                                                                                                                                                                                                                                                                            SHA1:474AC88709CE4B55BB54137F467949B09CD147EB
                                                                                                                                                                                                                                                                                            SHA-256:9E00583D89A3A1C5717D2D1659E4AB128F86AD0801B2B3BA5F85F3CF7BF170C2
                                                                                                                                                                                                                                                                                            SHA-512:EEF3A6C625083AFE5261ED7659B63E59D793228B7A07F791833EFCAD699F239D0C3B60BEAB2C65F194AEBF4019B16086E6D81D429DF42A96294FA15ADB83E0AB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D630EF6834C2DF4F454AAD8AC93FCDBEA26EF7FBE1396FC5E95D2ED564E46E5A122BBC1943EB4F39BC54CD5FCC0768C696B62861C1259FF82F57120574CAC80A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):751
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.762905150784842
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kf96v9LuO4biq0epiXbkLwT5zxjhKgE9wuRToJ2UwvOlBtORchW:7e9SlNLiafUv9KO4zrWWISt9ZRfvOlDo
                                                                                                                                                                                                                                                                                            MD5:D37EE749862FB89C64AC60108D7DFBF9
                                                                                                                                                                                                                                                                                            SHA1:20647A50F8807D09819EEF6C2CD29230882373B1
                                                                                                                                                                                                                                                                                            SHA-256:9F3AA8EBCDD309AFDDAE08C5331CFF223DCCDB026BBB20618A09AB84C26789C8
                                                                                                                                                                                                                                                                                            SHA-512:F0FA804CC1DDAC94CD15B5414A12B89F97E6997B02E14337C0DEA619F5D83AAE3F78456DCAECC896E79B8DAB1074F8EDC9CC3041AC863DC55658F65B753EDFDE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1BBCF622DFC15CFEB9A52B5F5D981C8B8413EDAEA7B714254A99AFC82C962439630225D096E319595DC777402B74CF57B39402B61FB4A77DAF7FA0278366CFF5++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):719
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.608359372203038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRTo97tJVLLjpPhv:7e9SlNLiafNv9KO4uWIOHo8+9ZRY7jVr
                                                                                                                                                                                                                                                                                            MD5:039A4B97702E56DDDD98E64526364190
                                                                                                                                                                                                                                                                                            SHA1:39FE5D4FAA2B83D9F7930D5EF64711BCAD9E4830
                                                                                                                                                                                                                                                                                            SHA-256:FB4283F741112BFA20A09C4693585AEF9521D2A7D70D66440030D957DF819DAC
                                                                                                                                                                                                                                                                                            SHA-512:C8403E82680B6FE1E2FF9FA14969ACD4C33AE3CBF2D6C1291AAD10A10B63B4F35D6BA7F7D7614DF1C481E300564EF39FAA39D9D079DF4F6FFB9F6A99304A609F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E574C8953368BE6E9E4E2131834E332BB1EF2B469C106EA92F119638AB8BD08E79E61753671722021A4AA0BDCFA111B5319B3EAEA44DBCEA84E4DDFB9109EDB0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):706
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.563197455028977
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToJhfbkEm2Z:7e9SlNLiaflv9KO4cjWIVT9ZRetRzZ
                                                                                                                                                                                                                                                                                            MD5:0B067B696A6F2B7FDAFC6E733872401A
                                                                                                                                                                                                                                                                                            SHA1:E804B3A048F3381C3E8DBDDD2DD51F0C11156971
                                                                                                                                                                                                                                                                                            SHA-256:B42F2EC3B128DEA5FB95E19BF3C9B0794D7DF0E9A9CEA51199C3D69C252AF9BC
                                                                                                                                                                                                                                                                                            SHA-512:204EE91380D9F87C8895EF29EDDD3FF2A1E4E79B423DE38DBCD6CFE79ECAF22E30CC4A79D1B756C9D9658D7347C088D89B4185D1ACAF347F91AF08391E1AA61B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//81CD68B5ABFBD1D2EFFC9A3778314BDBB771A2770E9125B7369851DF9C36434CEF054A284B0CED6E3AEF5F9E4D745F2507A51DE8375215334BA83E007F2E1661++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):690
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.533144558424333
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRTo2kRhFSVhfXn+h:7e9SlNLiafLYFv9KO4JGWIof9ZRdE/0I
                                                                                                                                                                                                                                                                                            MD5:49BD8D622ABF07A89C6450F6760A934A
                                                                                                                                                                                                                                                                                            SHA1:FC7C55ED457358DB7A0A34042F3E17AB21A000D0
                                                                                                                                                                                                                                                                                            SHA-256:5491BC1348519AB1130D9E1859272FA7336B6386E6F002E92C725007E1BFC8CB
                                                                                                                                                                                                                                                                                            SHA-512:BE3210541077EEBC083B43E330AC32C2ACD6092D658D9E725B2D1467D6A7FC5B7769506007E110DA390BFAD12C3FED038601E34E1405949AB233D42A5D51D0C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//99592B3FDCD482063EFDD4D0D71A45608159E4B410EE9DA426896483C35C9A1576F22AF8CC2225CAB446BF6640B248A7E04B2250D9880E21EC2D34AFBA6F0592++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):696
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.546230689160202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRToBebfZkED:7e9SlNLiafGv9KO48QWIuv9ZRpRL
                                                                                                                                                                                                                                                                                            MD5:0A399950FB2D1D80725F3CEA6BE75322
                                                                                                                                                                                                                                                                                            SHA1:F78707F7288CC04320CBD855830F7D0D5C5862D5
                                                                                                                                                                                                                                                                                            SHA-256:11BCB1325493DD7886DB10309A616EA8ADF395D470759ECE01540DA39CC02B31
                                                                                                                                                                                                                                                                                            SHA-512:3978A9F55ED7075C3642C385818C0A099FA914BDFE67CBB36AF94773BE4447D6BC838DD605D7FAFD2DA0915403BC2435B664F5AA8E88C14928B13604CB2C7EEB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//459C6B15A94C2BDDB33AC8749C4799657210EC421A307BD0DFEA6943FFE5A4E0E3F6D7E94E3FC34F7581AE498B26A46ADAC1C962E3C5AF1E01563551E7C83D3B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):713
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.911021719409146
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSuKxi7s6kfF6v9bgbiE4ebkLwT5zxjtDYv9wuRTo4QCejK:7e9uui7s/fsv9bg/HWIv49ZR7QCejK
                                                                                                                                                                                                                                                                                            MD5:61254A9C6CE57B8FB6DAF5C47840C53F
                                                                                                                                                                                                                                                                                            SHA1:D9B109B65B5B725D90E4366FCDEE509012FB0751
                                                                                                                                                                                                                                                                                            SHA-256:BD6876CAE0889DB066FB4F8F7FA38ED517023806C7D41341C7522DBC0E412FC6
                                                                                                                                                                                                                                                                                            SHA-512:31A0C944BB7EB098AAFE2FB280D21248834F3AFB7CE21D818C8CED3CFD95D0EC8F61F6023BD8EDC3178AC39AE7A9059EFBA35A474E18BC8C697DB9546B6CA9E8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//C49666C6D17B3380489032D792278402A58C50CA24B473ED94B458FE49F52BF29B7E9CBB0FC9915FCDFCE0CCE37FB45A71D3DB9EF0EF754DDD0177BFEFDAA76F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):694
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.692484981098063
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRTosTKGxVWv2KA7thn:7e9SlNLiafsv9KO4d1WIG49ZRknmhn
                                                                                                                                                                                                                                                                                            MD5:A62FE1D5E76F93DE63A6CE0848412310
                                                                                                                                                                                                                                                                                            SHA1:951E5AF2615D9D352124599DD8B1E0A5796479B3
                                                                                                                                                                                                                                                                                            SHA-256:FAD192A1E13114CFC65AA7EBDA0589240B08C8516ADAE145F2CF7309B5156CD3
                                                                                                                                                                                                                                                                                            SHA-512:FB1D86DE2F4975AB293B10062854A3D7944664109EFF5679011D4E22AEF3FAF8C6A611BCBE67BEEC343DF89B0C7DD8C062349CB223302791F595585C97657BB5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//DA60579E457B68E8BEED2C221EB14808A61CCB56CE7A89168B68C6933874687459C88D14DCF7061DF466EE138F540489BDA6C24DB96B3C8D0E348B97E735E643++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3828
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.64642851315268
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ElmtVPut9muF9guJVDWtfDUEWP4gU4zTA46AOifS:ELt9mG9gMVDMfD7VgUeb6Zf
                                                                                                                                                                                                                                                                                            MD5:9DF5817AC99A2270FD716B9FC0486028
                                                                                                                                                                                                                                                                                            SHA1:77DEA4A2DEBE4F345D2C6C9A1C70F8F861EBE7FB
                                                                                                                                                                                                                                                                                            SHA-256:BB094E476FD300084050EB7033F837BC2C83EB2259AD7A1E5B7423FCF47E54C4
                                                                                                                                                                                                                                                                                            SHA-512:A66B3AB4250FAE6B14041DF5BE430D70F48D5454945C36B87E30D61EA29C895A67D8DB1BE87C9DC722DBA7EEDA1E1A7B36535C22EC2D7D89A5BCB0F9409F6738
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.te z.jem o je.t. lep.. zabezpe.en. vyhled.v.n.?",.. TOAST_VARIANT_CHECKLIST: "Ano, chci po restartov.n. zapnout slu.bu Bezpe.n. hled.n..",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Hledat se zabezpe.en.m . ZDARMA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hledat bez ochrany",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechci bezplatnou ochranu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.e webov. ochrana nen. zcela nastavena . aktivujte ji zdarma",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ete nastaven. bezplatn.ho proch.zen. internetu McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chra.te sv. osobn. .daje",.. TOAST_VARIANT_1_INFO: "Proch.zejte web a vyhled.vejte s v.dom.m, .e va.e osobn. .daje jsou chr.n.ny. .ekneme v.m, kter. str.nky jsou bezpe.n. . a kter. mohou b.t nebezpe.n..",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3597
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3842718187609355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:w/A9Lqnt+lLcLvjcU7s1KWfENcDh22BqOQiiiWmD:etCLovj5AIWfENkBqBipD
                                                                                                                                                                                                                                                                                            MD5:809F0ECCA41097BA9C1005EA6C2315E2
                                                                                                                                                                                                                                                                                            SHA1:239B9FC0429C831377BE3D929B747A6AD6405541
                                                                                                                                                                                                                                                                                            SHA-256:62073A0F02AAE98F59D7F8E9DDA9963770C596BC4B2F6D2916B99127CE4AB797
                                                                                                                                                                                                                                                                                            SHA-512:CDA586059495375AAB310B1DD86B6BAB218FE3C90600266D08A7B92B7660B8E32944D6A4059648E442057DDEC77A9F011539C7AE2C3EA695412745E4D5887656
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du tilf.je ekstra s.gebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren.",.. TOAST_VARIANT_BUTTON: "F.rdig",.. TOAST_VARIANT_BUTTON_FREE: "S.g p. sikker vis . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.g uden sikkerhed",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke have gratis beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Din webbeskyttelse er ikke fuldt konfigureret . aktiver den gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "G.r konfigurationen af din gratis McAfee-webbeskyttelse f.rdig",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskyt dine personlige oplysninger",.. TOAST_VARIANT_1_INFO: "Gennemse og s.g, vel vidende at dine personlige oplysninger er beskyttet. Vi fort.ller dig, hvilke websteder der er sikre og hvilke der kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Fjern bekymringen fra

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3722
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.351128852216155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:MO3e8qGlKtiKL/7vdAmPegpo1fkJFfVQz4bLECx8Oo8Cn:xdqGYtj/7vdAjgpSfkJBVQ8bI6Bo8Cn
                                                                                                                                                                                                                                                                                            MD5:23D9E4AF68A0DDB2CFF642923E637626
                                                                                                                                                                                                                                                                                            SHA1:E8FE359770B47FF3F2959C45606009444B986B74
                                                                                                                                                                                                                                                                                            SHA-256:F057D5C511C8F09F222CC3BEA9F7BD3DBC09CB63B7FBB8B2CF1A85EC637FDBBC
                                                                                                                                                                                                                                                                                            SHA-512:A50E9EDD9333A5F6950A5D31A1CC599C674105310E8543AEAFFC763CD4D4DBB952133CB674AD767A4B3A7FCADF65A945BA65D62295E625AD1D06F06145A53441
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.chten Sie zus.tzlichen Schutz bei Online-Suchen?",.. TOAST_VARIANT_CHECKLIST: "Ja, die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. TOAST_VARIANT_BUTTON: "Fertig",.. TOAST_VARIANT_BUTTON_FREE: "Sicher suchen . KOSTENLOS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ungesch.tzt suchen",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ich m.chte keinen kostenlosen Schutz",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Ihr Web-Schutz ist nicht vollst.ndig eingerichtet . jetzt kostenlos aktivieren",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Schlie.en Sie die Einrichtung des kostenlosen McAfee-Web-Schutzes ab",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Sch.tzen Sie Ihre pers.nlichen Daten",.. TOAST_VARIANT_1_INFO: "Surfen und suchen Sie mit der beruhigenden Gewissheit, dass Ihre Daten sicher sind. Wir zeigen Ihnen, welche Websites sicher sind . und welche nicht.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6107
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.027955764189223
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:3/3ftrYEERsgXRx/+P5BLE27ww5X4e0TSS8bW0u2V:33trhEfXT+P5lrMSS8bEe
                                                                                                                                                                                                                                                                                            MD5:60A045B04FAC29D2BCDAA4D9C703AA79
                                                                                                                                                                                                                                                                                            SHA1:E699160370D45A9C91645860E69FDC0EE7B5C9D3
                                                                                                                                                                                                                                                                                            SHA-256:3ECAC5D0CF8C85DDEC75BBB6FF9422E70074E1BA403ED787CAF3BEC14FB1EF7F
                                                                                                                                                                                                                                                                                            SHA-512:47BFA77E692D3FBE445E5527FC854CFE574896AD972E7695B1AE9FFB393A11389DE2E69094915906900ADFD51D8A08FD4E22FA729DBA44431CC8D765BA57DC9D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... .. .......... ........ ......... ..........;",.. TOAST_VARIANT_CHECKLIST: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. TOAST_VARIANT_BUTTON: ".....",.. TOAST_VARIANT_BUTTON_FREE: "....... ......... . ......",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. ....... .........",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .... ...... .........",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". ........... ... ......... ... ..... ...... ........................ ... .......",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........... .. ....... ... ...... .......... Web ... .. McAfee",.. // Toast varia

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3367
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.342974172044833
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KDGTsDGspn5vrfL5mwfPUpGRtBRTyCM0RL+K8KfEKxKxUT4TyALYrkyL0LEtTC6w:XIisJlwrmtBJZM4d9AY4GbJpMlDlF
                                                                                                                                                                                                                                                                                            MD5:1660163EE26B4229DF7E588DB2260AC9
                                                                                                                                                                                                                                                                                            SHA1:184252895739FED4620867C8A2ACA42942D03E61
                                                                                                                                                                                                                                                                                            SHA-256:568AEB7FC55E9D872E0D8AA8F9AC7CC30F77D4AD701E2E9EA9397F43A106EA5E
                                                                                                                                                                                                                                                                                            SHA-512:D7A4CE1C70DACA9230D8A521257D197AB2691C6A024228CFD4406186CC722F8A3D360C7129FE32118918EBA5026A98E718F4F023EFC0946636EDA5273BEB8248
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Would you like to add extra search protection?",.. TOAST_VARIANT_CHECKLIST: "Yes, turn on Secure Search after I restart my browser.",.. TOAST_VARIANT_BUTTON: "Done",.. TOAST_VARIANT_BUTTON_FREE: "Search securely . FREE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Search unprotected",.. TOAST_VARIANT_BUTTON_NOT_WANT: "I don.t want free protection",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Your web protection isn.t fully setup.enable it for free",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Finish setting up your free McAfee web protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Safeguard your personal info",.. TOAST_VARIANT_1_INFO: "Browse and search with confidence knowing your personal info is protected. We.ll tell you which sites are safe &mdash; and which could be dangerous.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Take the worry out of the web",.. TOAST_VARIANT_2_INFO: "Browse worry-free k

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3632
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.364673344750352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ks358rLYfTJnrXJm8Up0RtjRoZgeCYSL+VKDKNuKA5K7oUlYZxBOGsdUXc+Kno3l:vRg0tjy4BONb9GEjiGWPc+BIIX1
                                                                                                                                                                                                                                                                                            MD5:BF050E49D7CAB25628DB8BCE20D14BB4
                                                                                                                                                                                                                                                                                            SHA1:B438C3936315F9A29B33C9D138BA4E57307D3AAF
                                                                                                                                                                                                                                                                                            SHA-256:D2F32B2596A984A5441A7831F2902E922D012D06EE4690957DB93946558174B5
                                                                                                                                                                                                                                                                                            SHA-512:19E61DF0272AC0993DE342FEE9C087B8D4C703F2526A16FD7160B0BB7E4BD4E1F2A4060A863CADE0DCE10510A4914800D4C151DC4C73FEAFDDE3B34008F9181B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Quieres a.adir protecci.n extra en tus b.squedas?",.. TOAST_VARIANT_CHECKLIST: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Buscar de forma segura GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A.n no has terminado de configurar tu protecci.n web: es gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web de McAfee gratis",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te indicaremos qu. sitios web son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Olv.date de los pe

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3652
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.363785076218504
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KHJS5wrLYl0ImbIrXJmfUp0RtjvZgPChBxZSLWKJKDuKlZKIUldZxecemv+G0pPF:QskmV0tjvHhHs4Db+XVpIWYcXBMN5ogJ
                                                                                                                                                                                                                                                                                            MD5:D8EEC929715A9DF9A38B29F05D80EEBB
                                                                                                                                                                                                                                                                                            SHA1:DAE2707418EA04A61CC8AFE5032698618FD195F7
                                                                                                                                                                                                                                                                                            SHA-256:B692A0F87B2F1E00430846CBBE62B051625678CF4FDB81C07B62B07951233C70
                                                                                                                                                                                                                                                                                            SHA-512:602AEED3822861AFC2599CC02F8CD229CFDCB819D8917BEC44C580C271191B66009D98DAE012E15A7FD72420D703EAB06D4B1FFD2F5E87D3E36119E2D8DB2A19
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Te gustar.a agregar protecci.n de b.squeda adicional?",.. TOAST_VARIANT_CHECKLIST: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Busca de forma segura, GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Tu protecci.n web no est. completamente configurada: habil.tala gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web gratuita de McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te diremos qu. sitios son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Navega por la

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3556
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.339456377097835
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:dWem9nFXHGetHHST0of6hMJHL5Y+jMp1t3NQh8Ybw/:shXmetHyYof6hMJHLm+jEt3NSFI
                                                                                                                                                                                                                                                                                            MD5:0C913D55EF724B8530CCF5F41CAC8B11
                                                                                                                                                                                                                                                                                            SHA1:4826895AA14392720341E5F6F5F6BBA92A73B278
                                                                                                                                                                                                                                                                                            SHA-256:42A1A4B21D7D2BC18CFCE115CC1B4368ABE5AA1609768F632C14DEE0DE337573
                                                                                                                                                                                                                                                                                            SHA-512:2CC6779C1CF2E9962F1B07BA8F2B63CF073446162DBB77CD598C3E2BAF27CAC6403D87A38A38CBAD88D7A4F17295F772B4B9B9D01DDA6B9600D799743EF19860
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Haluatko lis.suojausta hauille?",.. TOAST_VARIANT_CHECKLIST: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. TOAST_VARIANT_BUTTON: "Valmis",.. TOAST_VARIANT_BUTTON_FREE: "Hae suojatusti . MAKSUTTA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hae ilman suojausta",.. TOAST_VARIANT_BUTTON_NOT_WANT: "En halua ilmaista suojausta",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Verkkosuojausta ei ole otettu t.ysin k.ytt..n . ota se k.ytt..n maksutta",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Viimeistele McAfeen maksuttoman verkkosuojauksen k.ytt..notto",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Turvaa henkil.kohtaiset tiedot",.. TOAST_VARIANT_1_INFO: "Selaa ja hae huoletta . henkil.kohtaiset tietosi suojataan. Kerromme, mitk. sivustot ovat turvallisia ja miss. voi piill. vaaroja.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Ei huolen h.iv.. verkossa",.. TOAST_VA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3937
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.325964821898743
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:a/ScFsBmXt/CuFCNSCAQ9BYYmWJmn9AvwuHAnp/SsQWgXmm:aKOEAt/tFqSpQ9BhrmKYEApKsQwm
                                                                                                                                                                                                                                                                                            MD5:B4FB5C132BA39360D67409C27B22B5F7
                                                                                                                                                                                                                                                                                            SHA1:CA34DC1A3DFF6018396C61C7926F716699876476
                                                                                                                                                                                                                                                                                            SHA-256:9039B0D434395D14E3A4379A56D6641C1068854E3C92ED7A133D34637DB506E8
                                                                                                                                                                                                                                                                                            SHA-512:1EA6580113C51AEDB528C44B7D04E97BE4E6C630D0702B838C0C05ABD4340CEC2227BDE7D7DD1956913AE0AB69D7239C270BF85E46ECBB0BBFB7B11C6859BF16
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Aimeriez-vous ajouter une protection suppl.mentaire . vos recherches?",.. TOAST_VARIANT_CHECKLIST: "Oui, activez la recherche s.curis.e au red.marrage de mon navigateur.",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Recherche s.curis.e - GRATUIT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Recherche non prot.g.e",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne veux pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas enti.rement configur.e. Activez-la gratuitement.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Compl.tez la configuration de votre protection Web McAfee gratuite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos donn.es personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez avec confiance en sachant que vos donn.es personnelles sont . l'abri. Nous vous indiquerons quels sites sont s.rs et ceux qui pr.sentent un danger."

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.315456397756804
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:b34FUJtSNXfN0SPAuWXhC00ZmnfQR9SujAnV3Jy/BXP:bQMtkWS4umSmoCgAVo
                                                                                                                                                                                                                                                                                            MD5:BFDF3BC722A41AA7A3618F75E6E4B0A0
                                                                                                                                                                                                                                                                                            SHA1:04881EA1236333D2CE90EB2E3D47224DC715015C
                                                                                                                                                                                                                                                                                            SHA-256:712B394CE9F418593C3681890CE35B30DF72EC812B5C9282FEC8D82FAAFC0959
                                                                                                                                                                                                                                                                                            SHA-512:E124F5DC32777FFCA7949BC0484F8550257DE8080485984F518C47FF8DA43FFFED6B8AC7F6F7E5A9039589567D86A9E4D0605C53BB74DEF01B31F6F1D937FC6E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Souhaitez-vous ajouter une protection de recherche suppl.mentaire.?",.. TOAST_VARIANT_CHECKLIST: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Rechercher de fa.on s.curis.e . GRATUITEMENT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Rechercher sans protection",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne souhaite pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas totalement configur.e. Activez-la gratuitement",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Terminez la configuration de votre protection Web gratuite McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos informations personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez en toute confiance en sachant que vos informations personnelles sont prot.g.es. Nous vous indiquerons quels sont les sites s.c

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3635
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.452540996148989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ajcHGot9qU8FSKd49nVVtx5B9Psk+20fml6J:zBt9z8Fjd493txz/L0fml6J
                                                                                                                                                                                                                                                                                            MD5:EAB46F6683A79D5A035E8C10CE5DD638
                                                                                                                                                                                                                                                                                            SHA1:358C96352E9E8322F587880CC71812A7A1B63DB8
                                                                                                                                                                                                                                                                                            SHA-256:D7603EF311B20192D352C710572CDB506E12C3FC761DA0013B47AED9971E3E4C
                                                                                                                                                                                                                                                                                            SHA-512:03089D7109C155AAFED4A07A2480A22973B8F10196A98A7860CCCBCCC5AE03E5780C48633AD9424E41506FE7268F01BEACA148A3A3C7181DF246D956AAB873CD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodati dodatnu za.titu pri pretra.ivanju?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.ite Safe Search nakon .to ponovno pokrenem preglednik.",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Tra.ite sigurno - BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretra.ivanje neza.ti.eno",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a web za.tita nije u potpunosti postavljena - omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavljanje besplatne McAfee web za.tite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Za.titite osobne podatke",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte s povjerenjem znaju.i da su va.i osobni podaci za.ti.eni. Re.i .emo vam koje su web lokacije sigurne & mdash; a koje bi mogle biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3828
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.516462843717383
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KQpmKkwbL+sDfLlUpxKRtIC0vCGNAgc+LP+K5LK3TRKwJKV54QUQQ99P1s+l2cSm:6QtdTBPqw3Tg/UgbCx+lN4zm+n
                                                                                                                                                                                                                                                                                            MD5:8107D162C8AA34209B289445064BEB24
                                                                                                                                                                                                                                                                                            SHA1:1065E26A62DEFE8A31519B8F0440B7D000BE4708
                                                                                                                                                                                                                                                                                            SHA-256:9BA9F69154AA4E6C14666300CB3A158B96929D50896034205B404FBE92B29C92
                                                                                                                                                                                                                                                                                            SHA-512:B8229769D1610EECB7D568D9B45311C7AF2B1AD1F91C7B56736D0E73188456E5DEDF1B3DDDC0E0E55686E5EFE307F5BAA836F848C7B51E784A8A62552DEFBCCF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Extra keres.si v.delemre is sz.ks.ge van?",.. TOAST_VARIANT_CHECKLIST: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tom a b.ng.sz.t.",.. TOAST_VARIANT_BUTTON: "K.sz",.. TOAST_VARIANT_BUTTON_FREE: "Keressen biztons.gosan . INGYEN",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Nem v.dett keres.s",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nem szeretn.k ingyenes v.delmet",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webes v.delme nincs teljesen be.ll.tva . kapcsolja be ingyenesen",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Befejezte az ingyenes McAfee webes v.delem be.ll.t.s.t",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Szem.lyes adatok v.delme",.. TOAST_VARIANT_1_INFO: "Magabiztosan b.ng.szhet, hiszen szem.lyes adatai biztons.gban vannak. Megmondjuk, hogy mely oldalak biztons.gosak, .s melyek lehetnek vesz.lyesek.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3548
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.227943418578583
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:9xj3zLp7tpe0ddA4Pxt9Qmcnq1qYENfDI/0DEof2:T17tpe0sQxt9QZ+qHY0Xe
                                                                                                                                                                                                                                                                                            MD5:C12A415C3307B7AB0CF63DF0A06A2B11
                                                                                                                                                                                                                                                                                            SHA1:846C220B0D489635462E1C070B5ADB04557A3C64
                                                                                                                                                                                                                                                                                            SHA-256:35E2115826E9B7286606979AEE263AE60A58104ECA1CCC1846BC09F0EF44A8AA
                                                                                                                                                                                                                                                                                            SHA-512:7E0D07CA9158CFCF61934C9A227406F9D269571F6AC1FCE4ACCAE44E2847D8A0F1FA1346BE142FAEE6394432D478D74B8A75DA9E296A9B562D8429ABA245A402
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vuoi aumentare la protezione delle ricerche?",.. TOAST_VARIANT_CHECKLIST: "S., attiva la ricerca sicura dopo il riavvio del browser.",.. TOAST_VARIANT_BUTTON: "Fine",.. TOAST_VARIANT_BUTTON_FREE: "Ricerca sicura . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ricerca senza protezione",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Non desidero la protezione gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "La protezione Web non . configurata completamente. Attivala gratis.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Completa la configurazione di McAfee Web Protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Tutela le tue informazioni personali",.. TOAST_VARIANT_1_INFO: "Naviga e cerca senza timore sapendo che le tue informazioni personali sono protette. Ti segnaleremo i siti sicuri e quelli che potrebbero essere pericolosi.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Naviga sul Web in tutta tranquillit.",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3960
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.019688692738524
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:6hHMKEaeQVt4/aWso3rOx4mc2JYtwhnoIZH7So7:YB5ztO57Ox4mJ8Eogms
                                                                                                                                                                                                                                                                                            MD5:3CEED803E5C3B4DD800EB04FFC037B7D
                                                                                                                                                                                                                                                                                            SHA1:75114628EC31701F4C9534641E1985BB8F1D80C9
                                                                                                                                                                                                                                                                                            SHA-256:2503F01DBAE81E406759D4172E508275BBA1CA5E5294C3D6A427753FB39D08CD
                                                                                                                                                                                                                                                                                            SHA-512:2E8B64F008F3EAC25A494AD49F4636F9AB69BCC89B49C2B02D50333B46128E18FC4FF8ED1A1232CB5564DE993FAB367B6C737FAEDD012A460B3E3E9BA0BB64BE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: ".................. ...........",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "..... - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..........",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web ...................................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........ Web ...................",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "............",.. TOAST_VARIANT_1_INFO: "..................................................",.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3783
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9372530028539305
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KwNX9/6gkTR6wtUp7RtlvCI/Lg7KoR/+KNM2KHK4Uq0RxIZr1ZNpiL8s/cCM7R+2:P26Ft8+W/rNIqxmQlbe6q48
                                                                                                                                                                                                                                                                                            MD5:2B8214B6C9867827B7BA95C1EFE4B6D5
                                                                                                                                                                                                                                                                                            SHA1:1BBD83EA79CDD9BDF98836A1FD4351958D56D67F
                                                                                                                                                                                                                                                                                            SHA-256:452FC0B20B9DA056B9889C51B7F7AA8FB42F4F20C3DB9D3C6E8B3EB88D593560
                                                                                                                                                                                                                                                                                            SHA-512:98A0A9A72761CA38AA9C9A29505CCD95CC10DD15555CCB176EF2F981231FDD293E2FBD4F5795EE678001E0AB1E42F26FE85CBA36DE0149FD2470C4D85F61469A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".. .. ... ........?",.. TOAST_VARIANT_CHECKLIST: "., . ..... .. ... . .. ... .......",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "... .. - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. .. ..",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".. ... .... ....",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". .. ... .... ...... ... ........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".. McAfee . .. ... ......",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".. ... ......",.. TOAST_VARIANT_1_INFO: ".. ... .... .... .... ....... ... .... ... . .. .... .......",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3599
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3688204970538695
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:wMQx7teYFyZ8K3XdIcJK10kNeso2bMUaMZiBdL1:8teYFyZ8K3N9E10kNtoYMUaM41
                                                                                                                                                                                                                                                                                            MD5:8F56E3DB852D4CC0DB086A3B41987411
                                                                                                                                                                                                                                                                                            SHA1:71A19B8091169B39E67B66BE05D49F92F56BA056
                                                                                                                                                                                                                                                                                            SHA-256:23E37BFEAF0BB313C6B32E248391F26B811B96FEB065D83A2F2BB7AB5CFE2463
                                                                                                                                                                                                                                                                                            SHA-512:12E939E099DC8334DA355B8797009A2D371C0F6BD5ABB220CCD6BD271546F0F9114E1C60CAC6B783D9A831797E4C7EBE87FE4546AB9D6C1977255A4384B0A6A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du ha ekstra s.kebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. TOAST_VARIANT_BUTTON: "Ferdig",.. TOAST_VARIANT_BUTTON_FREE: "S.k sikkert . KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.k uten beskyttelse",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke ha kostnadsfri beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Nettbeskyttelsen din er ikke ferdig konfigurert . aktiver den kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Konfigurer resten av nettbeskyttelsen din fra McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskytt personopplysningene dine",.. TOAST_VARIANT_1_INFO: "Du kan surfe og s.ke uten bekymringer i visshet om at personopplysningene dine er beskyttet. Vi forteller deg hvilke omr.der som er sikre og hvilke som kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Slipp . beky

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3539
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.325743038067988
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:WupCvikhC0tR356VrLrVHgKFteK5/AhK/pxFoD4QkHM5u:WupCvikbt9AVrLrVHhuk/AhK/pxOD4Q0
                                                                                                                                                                                                                                                                                            MD5:3B7760CFBBC52770191A2C61C7B0B01F
                                                                                                                                                                                                                                                                                            SHA1:56EDF5D22E2891E8724BDA9DCEDFFC5F20B108D8
                                                                                                                                                                                                                                                                                            SHA-256:6D781417F65E7B1E50A493D5630C8217100EC3A4CC40266ABE4536F0AC35DB8E
                                                                                                                                                                                                                                                                                            SHA-512:2C1A7A1777931AB7F9FDE7508683C459C53A25D7CCF62FBDA878490E8CC4116146510A915F8DC12D828CF074EB103C803E2567AED67CEB440C007AF774FD4C82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Wilt u aanvullende zoekbescherming toevoegen?",.. TOAST_VARIANT_CHECKLIST: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. TOAST_VARIANT_BUTTON: "Gereed",.. TOAST_VARIANT_BUTTON_FREE: "Veilig zoeken . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Onbeschermd zoeken",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ik wil geen gratis bescherming",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Uw webbescherming is nog niet volledig geconfigureerd. Schakel uw bescherming gratis in.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uw gratis McAfee-webbescherming instellen",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Bescherm uw persoonlijke gegevens",.. TOAST_VARIANT_1_INFO: "Browse en zoek vol vertrouwen in de wetenschap dat uw persoonlijke gegevens worden beschermd. We laten u weten welke websites veilig zijn, en welke mogelijk niet.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Zorgeloos browsen",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3618
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.596787899184335
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:QrIqKLAst649Gs63IcBPevJwh8i8iiQlacMrIMXkIu:QcHtn9/pcBPevJwh8i8iiQlacMcMVu
                                                                                                                                                                                                                                                                                            MD5:C1E51183CAB8CB6CA65D0BE6CC857675
                                                                                                                                                                                                                                                                                            SHA1:13C4900BFF8AC98305A2A1B8B431A299179C2D3D
                                                                                                                                                                                                                                                                                            SHA-256:03ACA4D6989F8F16E23B8AB82FE06470968DED66D27FA80B2F279085E5350788
                                                                                                                                                                                                                                                                                            SHA-512:E1DBAFBB596DF80715A79DBAA5E3E292C2B72211C7101B3E591E353CFA89E95BB655DDA5B26517C1E81BC63CB132D788DE4D85833159882C8BFDDE7F48FFFBD5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcesz zwi.kszy. bezpiecze.stwo wyszukiwania?",.. TOAST_VARIANT_CHECKLIST: "Tak, w..cz Bezpieczne wyszukiwanie po ponownym uruchomieniu przegl.darki.",.. TOAST_VARIANT_BUTTON: "Gotowe",.. TOAST_VARIANT_BUTTON_FREE: "Wyszukuj bezpiecznie . BEZP.ATNIE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Wyszukuj bez ochrony",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nie chc. bezp.atnej ochrony",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Twoja ochrona w sieci Web nie jest do ko.ca skonfigurowana . w..cz j. bezp.atnie",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uko.cz konfiguracj. bezp.atnej ochrony sieciowej McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chro. swoje dane osobowe",.. TOAST_VARIANT_1_INFO: "Spokojnie wyszukuj i przegl.daj, wiedz.c, .e Twoje dane osobowe s. chronione. Powiemy Ci, kt.re witryny s. bezpieczne, a kt.re nie.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Spokojnie korzyst

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3738
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.345649785558925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KpaRlEpnKqfJuUuRwyUptRtbVaKjJOhCf+L7UKkKwKfK6TU0kPVdq54420uUFLt9:w3HtvJxfqFZC/tdHLwjL+zY
                                                                                                                                                                                                                                                                                            MD5:8AD24B0F04679C8ED9AB98ED8906D80C
                                                                                                                                                                                                                                                                                            SHA1:BAF843EAA9E41ACCD130038A189C1DB56F0229D9
                                                                                                                                                                                                                                                                                            SHA-256:E9DFEE5E6C78E54A9D77A3F33462F256DD3A887AF1F44D5D2E2A9BD4A0FDFB53
                                                                                                                                                                                                                                                                                            SHA-512:6E40CF4552552EB41CDE9361316371BECF4350195CEA0F54EAEC338044D44076768AE923F6B6D071681A0DC084F20F4F068285B1D490AC155481903FED9BEB6B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Voc. gostaria de adicionar prote..o de pesquisa extra?",.. TOAST_VARIANT_CHECKLIST: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquise com seguran.a GRATUITAMENTE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisa n.o protegida",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Eu n.o quero prote..o gr.tis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Sua prote..o na Web n.o est. totalmente configurada. Ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Conclua a configura..o da prote..o gratuita da Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com confian.a, sabendo que suas informa..es pessoais est.o protegidas. Informaremos quais sites s.o seguros . e quais podem ser perigosos.",.. // Toast variant 2 specific.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3683
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.333188562917313
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KVFTplRl0d61FB0yUpDRtbVaK6HOd0TZeC5p30BL7UKkKHKMKFTUBk30aB5qyQOm:GE3ttmud03zEPFqtvEezHWNdgQh
                                                                                                                                                                                                                                                                                            MD5:5ECF28F73D41D643E7715E73141ED259
                                                                                                                                                                                                                                                                                            SHA1:200BF26829AE61F756B992CF66C920A3B48A940E
                                                                                                                                                                                                                                                                                            SHA-256:61B970D4DB4AB72706557984C489B15143F8805517B87FAA3D3557EC1A6EA5DA
                                                                                                                                                                                                                                                                                            SHA-512:11F23BAA436EF6D0524DCC24D03C731BFAAAEA32C1CAB911304E144F5DFBDB6E0831E300EAD6E29DD8512A3516D4B252AC6976464890C6BE374AC80FBD879D03
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Pretende adicionar prote..o de pesquisa suplementar?",.. TOAST_VARIANT_CHECKLIST: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquisar em seguran.a . GR.TIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisar sem prote..o",.. TOAST_VARIANT_BUTTON_NOT_WANT: "N.o quero prote..o gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A sua prote..o Web n.o est. conclu.da: ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termine a configura..o da sua prote..o Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja as suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com a confian.a de que as suas informa..es pessoais est.o protegidas. Vamos indicar-lhe que sites s.o seguros e os que podem ser perigosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Deixe

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5374
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.132644537252728
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:/Li+T0t5WKRmY8vzQedwpNv473IdQ/NtRhB5:f0t5Dl8vzQex7DNPF
                                                                                                                                                                                                                                                                                            MD5:BA1EB3F25F4C18FFF45C0067D52CCB8A
                                                                                                                                                                                                                                                                                            SHA1:A6561DB59471A9EED34114F4FEC3BFEBB50CB30A
                                                                                                                                                                                                                                                                                            SHA-256:D61068F26158E564C4DC5773312B3BDDEC5B2362DAC0BCE2FDFEFD2D403D7CD6
                                                                                                                                                                                                                                                                                            SHA-512:AF1407FB4DAA032CF1CB99A327B01B525C3F174D1F0E1215DA4F466BADC3CA755C239CAF6AD8D76B413F3540556495EB10CBC1429D2269192A8A8A97C2D06091
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... ........ .............. ...... ......?",.. TOAST_VARIANT_CHECKLIST: ".., ........ .......... ..... ..... ........... .........",.. TOAST_VARIANT_BUTTON: "......",.. TOAST_VARIANT_BUTTON_FREE: ".......... ..... . .........",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..... .. .......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .. ..... .......... ......",.. TOAST_VARIANT_TITLE_NOT_SETUP: ".... ...-...... ......... .. ......... . ........ .. .........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "......... ......... .......... ...-...... McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........ .... ...... ..........",.. TOAST_VARIANT_1_INFO:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3752
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.64500872886784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:G/v3lJ6qJt9g29MgiL+tBjYE7+R8LB0HDDx+UN:G3l4At9g29MnL+tpYE7o8LB0Xx+c
                                                                                                                                                                                                                                                                                            MD5:2EF359E6BDF22EB8A810CCBA28D42BFE
                                                                                                                                                                                                                                                                                            SHA1:BA94C3BAF5CD56677630339189942A3B9DB371C7
                                                                                                                                                                                                                                                                                            SHA-256:189D8212CF6BCD87AC6226F2B9E6CE804F8BC64CAFFF144699EAD54B2C4ABBE6
                                                                                                                                                                                                                                                                                            SHA-512:D5F91D8D8094D706A1E741401E0A5A155FDE6738EB6F8A334DB441BAF2ED3213102C5E8A25E9549AB419920452AE1E9DF3F25B9E65A05AD0D28F5B45D0D9ED50
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcete zv..i. zabezpe.enie vyh.ad.vania na internete?",.. TOAST_VARIANT_CHECKLIST: ".no, zapn.. zabezpe.en. vyh.ad.vanie po re.tarte prehliada.a.",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Vyh.ad.va. so zabezpe.en.m . ZADARMO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Vyh.ad.vanie nie je chr.nen.",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechcem ochranu zadarmo",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webov. ochrana nie je .plne nastaven. . aktivujte ju zadarmo",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ite nastavenie webovej ochrany od McAfee zadarmo",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chr..te svoje osobn. .daje",.. TOAST_VARIANT_1_INFO: "Preh.ad.vajte web a.vyh.ad.vajte inform.cie bez ob.v v.aka ochrane osobn.ch .dajov. Uk..eme v.m, ktor. lokality s. bezpe.n. a.na ktor.ch hroz. nebezpe.enstvo.",.. // Toast variant 2 specific.. TO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.442839793599894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:5541sqXt9UFE+s49f8cQq5gAWFLrf9UQb/Ev:5Yt9UFq49LQqyfFvOQb/6
                                                                                                                                                                                                                                                                                            MD5:88033B59E8AFB7445BDBEB2C8417993A
                                                                                                                                                                                                                                                                                            SHA1:69D5163700EAB0CD961EB77E4657FFA778422B15
                                                                                                                                                                                                                                                                                            SHA-256:7D97F927A48CA19CBFA1F4FAFC65092A7052BAC3CE48ED4BEAB63382FD377E8C
                                                                                                                                                                                                                                                                                            SHA-512:AE6186EA4BB8B1ABD8043651FF96FB8B9D18009F7E27F7DA7FD4E391C4AD8A936C47F0C6BF43C9AE9D10E4B75AA482C4E2084AE319CF60408C1AEFE8DF05057F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodatnu za.titu pretrage?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.i Secure Search nakon .to ponovo pokrenem pregleda..",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Pretra.ujte bezbedno . BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretraga nije za.ti.ena",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a za.tita na internetu nije u potpunosti postavljena.omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavku va.e McAfee za.tite na internetu",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".titite li.ne informacije",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte bez brige znaju.i da su vam li.ne informacije za.ti.ene. Re.i .emo vam koje lokacije su bezbedne . a koje mogu biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite brigu sa veba"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3492
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4331381790030715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KaGqWQzrHqWU7B10Up8LRtXbY8ACXGiLuKcUCLK6LKVKo9U31Ta920FLlpx/TV5E:B6CtsQ2klVdM5+9npxU2oBZvOa
                                                                                                                                                                                                                                                                                            MD5:EC4978D8B324AD8755EE34FF4F58B365
                                                                                                                                                                                                                                                                                            SHA1:B8C4F863D72E4FF83A13160ADA8F0DDC30121BC6
                                                                                                                                                                                                                                                                                            SHA-256:4A25917264498CE426AAF32DE3CA41A0EE27DFFB94C6F37A7AF223E5FAFBB072
                                                                                                                                                                                                                                                                                            SHA-512:2CC6DF09DD0A862E8F09F1C5E29332AFE3901C5B927050B3B21D87C2D3A358D5C46DC1295E6D5FA38654A6BDDF6A6BDC31283D2D4F47D67DC060FDB89B03AF16
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vill du l.gga till extra s.kskydd?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. TOAST_VARIANT_BUTTON: "Klart",.. TOAST_VARIANT_BUTTON_FREE: "S.k s.kert - KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Oskyddad s.kning",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jag vill inte ha kostnadsfritt skydd",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Inst.llningen av ditt webbskydd .r inte fullbordat - aktivera det kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Fullborda inst.llningen av ditt McAfee-webbskydd",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Skydda din personliga information",.. TOAST_VARIANT_1_INFO: "Surfa och s.k tryggt i vetskap om att din personliga information .r skyddad. Vi ber.ttar vilka webbplatser som .r s.kra . och vilka som kan vara farliga.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Surfa p. n.tet utan oro",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3702
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.512861553302173
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:K2rafAlFLhKpoLQHdPUpI5LRtHyderOYC3LCyrsgLLsnLKIlIKfLKb3LKyjqMURl:CCIbtSgyGyouKx+bG/dDeFfQ3t16h87J
                                                                                                                                                                                                                                                                                            MD5:161EB0CAC326DD8A696FF36B77B22284
                                                                                                                                                                                                                                                                                            SHA1:A6E169A9C25928628064B0C96A1971CFEA1779BA
                                                                                                                                                                                                                                                                                            SHA-256:304C6C77FCB0319C3BE7B2892C16901BDE5624B64F67B65C742310BDE227E3D9
                                                                                                                                                                                                                                                                                            SHA-512:41B98683C147FF7C4B8A4AB55265798D222D8E0C142AAE243980F92082CDA83DEA7B332BC19468D807D7E209AA102006C6A58286FA4ED112E232243BBEE037DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Ekstra arama korumas. eklemek ister misiniz?",.. TOAST_VARIANT_CHECKLIST: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. TOAST_VARIANT_BUTTON: "Bitti",.. TOAST_VARIANT_BUTTON_FREE: "G.venli arama yap.n - .CRETS.Z",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Korunmadan arama yap.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".cretsiz koruma istemiyorum",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web koruman.z tam kurulmam.., .cretsiz etkinle.tirin",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".cretsiz McAfee web koruma kurulumunuzu tamamlay.n",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Ki.isel bilgilerinizi koruyun",.. TOAST_VARIANT_1_INFO: "Ki.isel bilgilerinizin korundu.unu bilerek g.venle gezinin ve arama yap.n. Hangi sitelerin g.venli, hangilerinin tehlikeli olabilece.ini size s.yleyece.iz.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Endi.eleri webten uzak tutun",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3220
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.328136364005078
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:KpV0YrIr3BkaxUpYNRtt5K2dCaLQzKeKGBKHlKCQUDlFJ5g68a1MzflHS/+xKAYj:aS9KotKvaLJ8CJFPl8aSwXNtl43isG
                                                                                                                                                                                                                                                                                            MD5:127E7A24D20FA921F2E2FD52950E9E74
                                                                                                                                                                                                                                                                                            SHA1:F771BDDCF7E42D19A7DAB6A930215E8EB648737B
                                                                                                                                                                                                                                                                                            SHA-256:302C3C1CE1DA31D88FB1BBDD2C3BCA5F389634E6DD139AC94CFE065F52BDC189
                                                                                                                                                                                                                                                                                            SHA-512:BC54A1DC7B0AA96B94131B7C27F4738AF86385288E1BC6B1BF21A996259C598077417BC3C3FCDE8D9C13D9AD98C9FC8A0C1DE55C0573927525C07411AE577C3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...........",.. TOAST_VARIANT_CHECKLIST: "................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "...................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".............",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: ".................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "......",.. TOAST_VARIANT_2_INFO: ".........................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3309
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.331568112595525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:LjGwO6t6wKA44s2xr92kwcK8jtUuhSSm7g:tt6wc4s2xrskwc3U6SS5
                                                                                                                                                                                                                                                                                            MD5:D398AC0CF963E48913B30665F979ACDE
                                                                                                                                                                                                                                                                                            SHA1:C182BA07A8D94F046BD5F294ACCE10870F72B273
                                                                                                                                                                                                                                                                                            SHA-256:AFE3A6D0DE20379F3F72952EA14C7E5029ADE5574305EDCAB6FA75C04A565D19
                                                                                                                                                                                                                                                                                            SHA-512:5ACFCEE56F632AED2EF7C399E04B2302B01493F89B5CE6A85A0CF898AFD8E843FC38526555242473C04149CFF5A5FFC4446C47C8CF16E0F1E66C76E5238A4179
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: "...................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ....",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".............",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "..... Web ...........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "..... McAfee Web .....",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: "................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: ".......",.. TOAST_VARIANT_2_INFO: "..........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2317
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.729487960185157
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvSUqYRSK+R28Y2zgJsQqpq/83qkj6B9nw4RJtlzgUh:C6UnSKOY2zegB6DnFh
                                                                                                                                                                                                                                                                                            MD5:0C2C981779735C436253DA9C520B7776
                                                                                                                                                                                                                                                                                            SHA1:441814F95F6B61F61E98FDA86F659F96A2096628
                                                                                                                                                                                                                                                                                            SHA-256:C6D956EE51A0546A962721C68A24688E7D64A696130E7BD6D3BD653D31F3AF36
                                                                                                                                                                                                                                                                                            SHA-512:D2D958011E8946D29306CDA774F7A2FFBF37E30EC11EE414F27FAA2065E9BF3AF7D242A0E93CDEBE9A88A247E6C203D02E9F9D3CF85D6600C5A28DA5215B6A2B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.te k dispozici dal.. mo.nosti ochrany",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Vy... ochrana je p.ipravena",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Vy... ochrana je vypnuta",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Tyto funkce vy... ochrany v.m zajist. v.t.. bezpe.. online. Zapn.te je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.e je nastaveno! Kdy. p...t. znovu spust.te prohl..e., budete moci s jistotou vyhled.vat pomoc. funkce Bezpe.n. hled.n. McAfee, kter. v.m uk..e, kter. str.nky lze bezpe.n. nav.t.vit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Je vypnut., proto.e bylo zak.z.no nebo odebr.no roz...en. pro hled.n., kter. je sou..st. vy... ochrany. Z.skejte tyto funkce zp.t.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2319
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4193601593801715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvJjkjVsFprf0Ksd4Ajfm0p4TS4Zudhmr:Ctk5Ux3Ajfme4TSwr
                                                                                                                                                                                                                                                                                            MD5:3CBF25481D4328F923CE3A91A025A151
                                                                                                                                                                                                                                                                                            SHA1:EEC5BADC3D9311E57D8494E370FF6F47B4A995CA
                                                                                                                                                                                                                                                                                            SHA-256:DC0AA3590319A49E81989C196D2277B8C85B4881C110E5C109E1426562FA3B72
                                                                                                                                                                                                                                                                                            SHA-512:AEFA46910EB7A4299D7EFE9BE3418E5AA5B8C405C5BE9D3FCBE35AFE8DB6E86B1D3D0E476D8FD04F879E6197DD97DB8FA0C9701576D2EE877EFF061DE95ECFEA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har flere beskyttelsesmuligheder",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er aktiveret",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er deaktiveret",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse ekstra beskyttelsesfunktioner forbedrer din onlinesikkerhed. Sl. dem til.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt er parat. N.ste gang, du starter browseren, kan du surfe p. internettet i sikkerhed, fordi McAfee sikker s.gning viser dig, hvilke websteder det er sikkert at bes.ge.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funktionen er deaktiveret, fordi s.geudvidelsen, der er en del af den ekstra sikkerhedspakke, er sl.et fra eller er blevet fjernet. F. disse funktioner tilbage nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sikker s.gning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser dig, hvilke websteder d

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2382
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.444409514726724
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvzhxfTyDKyA7h3CFycAOFsxEclSgif4r:C1xfeDS3CT2Is
                                                                                                                                                                                                                                                                                            MD5:E6A3CB39DEEE9F591845D5F9D74A7268
                                                                                                                                                                                                                                                                                            SHA1:2B64A66D915899E4439AB3DD9281C5988B58A4FF
                                                                                                                                                                                                                                                                                            SHA-256:F9DB2BC91DF545C68931E42F7346B1B22CED36868C2AF20903FC5B5033275A3A
                                                                                                                                                                                                                                                                                            SHA-512:3B96E4E6F8215AC14054173D4B86509B7A3AA88EA9E08B91D9E4529F31476B0A195F7A9DCFC1578E21CE243BF6D9F507CD812875AD974527D73B02ABC3E9C016
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Es sind weitere Schutzfunktionen verf.gbar",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zus.tzlicher Schutz wartet auf Sie",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zus.tzlicher Schutz ist deaktiviert",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Mit diesen Funktionen des zus.tzlichen Schutzes sind Sie online besser gesch.tzt. Aktivieren Sie sie.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alle eingerichtet! Wenn Sie das n.chste Mal Ihren Browser .ffnen, sollten Sie die sichere Suche von McAfee nutzen, um in Ihren Suchergebnissen zu sehen, welche Websites sicher sind.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Sie ist derzeit nicht verf.gbar, da die Sucherweiterung, die eine Komponente des zus.tzlichen Schutzes ist, deaktiviert oder entfernt wurde. Aktivieren Sie diese Funktionen jetzt wieder.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sichere Suche", .. SEARC

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3630
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.080980195677936
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvF/wyeEEyaSMAwEzb0h3hSBDAeuDFKUsGEE6+ihkxT7miUvX1:CNwyIyaSMAwsC38BDAeuDFKed0uHpUN
                                                                                                                                                                                                                                                                                            MD5:456200FB474CF447722CDE0A570D3B4C
                                                                                                                                                                                                                                                                                            SHA1:BCC8882FE28C579765B7A3F6CE9A4A3590C47CEB
                                                                                                                                                                                                                                                                                            SHA-256:4096AFAAE89B7554E00E25C13165BF328F7C7DEE8D283BF5D9AA8C19FBEC066A
                                                                                                                                                                                                                                                                                            SHA-512:B920C226F39E5E9304B850CD9F94DB7617886352041BE48C711565A61945AF929C9E7B1F041FF13F205F7E825E23BFA9D61862EB008238F6A76E40E2DCFA6739
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "..... ........... ......... .........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ". ........ ......... ..... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ". ........ ......... ..... ................",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "..... .. ........... ......... .......... ... ....... ... ........ online. ............. ... ............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .......! ... ....... .... ... .. .............. .. ......... .......... ..., ......... ........... .. ..... .. ... ...... ......... McAfee ... ... ....... ..... .....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2039
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.450247269606277
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Cv45dlzloc0Zvdr05DJMtWXS7bJ3sLEISkv2:CKHzloLZ25DJMtiUW4Nkv2
                                                                                                                                                                                                                                                                                            MD5:EDF64DD1F31DD3E3C4648429A2AF486F
                                                                                                                                                                                                                                                                                            SHA1:1F758B41EDAD1C2B2A1AADBD7AB8AA82CACDC8D3
                                                                                                                                                                                                                                                                                            SHA-256:4316024B024516146B6400F03243B6B1A266761A5EDE4CEB1ED10D31862BFF06
                                                                                                                                                                                                                                                                                            SHA-512:0399A80B97FA745E62B9B49AABE9F71A0AC06479FDD85B31CD180E96A04F3B5A4C53D2D0433C932C5EBBA75E6D832F0DBF4A52F8D47C63E0AC2AE56D71F89510
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "You have more protection available",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Added Protection is ready",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Added Protection is off",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "These Added Protection features keep you safer online. Turn them on.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "All set! The next time you restart your browser, search confidently with McAfee Secure Search showing you which sites are safe to visit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "It's off because the search extension that's part of Added Protection was disabled or removed. Get these features back now.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} shows you which sites are safe before you visit them.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Ad Blocker", .. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2325
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.420117640626021
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Cv7MkYFXTzGFoIEWPyovzQArVZGLIqSbw:C4TzGmIn7lxq6w
                                                                                                                                                                                                                                                                                            MD5:7658F28225786E98892301CD7477A9EA
                                                                                                                                                                                                                                                                                            SHA1:A71584A51F5AB0B73672D7097F4B08A1F1C63032
                                                                                                                                                                                                                                                                                            SHA-256:A588E1AC61D3D6FFAEA6D66B118DDEDC6549059099823EAA659ACC30B4B16DD9
                                                                                                                                                                                                                                                                                            SHA-512:4C21E33956547239C775103AF6C35CEFD249431DC3E5A253E76F069408AB6CEE54102ADF7B26F8923D935B1891887FDEEBF307EF7E4B762EB2FAA23D28900308
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puede disfrutar de m.s protecci.n",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protecci.n a.adida est. activada",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protecci.n a.adida est. desactivada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funciones de Protecci.n a.adida le mantienen a salvo en Internet. Act.velas.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Ya est. todo configurado. La pr.xima vez que reinicie su navegador, tendr. la tranquilidad de saber qu. sitios web son seguros gracias a la B.squeda segura de McAfee.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda incluida en la Protecci.n activa est. desactivada o se ha eliminado. Vuelva a activar estas funciones ahora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} le muestra q

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2241
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.460318416499153
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvdgWQIvN6tKQtqWmwUV5mOZzZCB4vhmUwRKJhZfeT5gAdFqdVtBcwKHvcJi9T:CvlQIjWZKTZ8Kp6c0jqrtqvEIq1ktsZ4
                                                                                                                                                                                                                                                                                            MD5:47D04FB85C253E87B85071CCA8E82C5F
                                                                                                                                                                                                                                                                                            SHA1:8F14A14EE859FF77AF309063C528D817E85D3872
                                                                                                                                                                                                                                                                                            SHA-256:9DC87CBB1CB275BF9357D5DE099F184A51C197E43978869CF9E1DCD4EDD2301B
                                                                                                                                                                                                                                                                                            SHA-512:59D1B0AF90A19F5DB0CD44DE6CCB25F4ECA555CB96E0E6C9A2B99E2895A35E403036384042CF6CDCE2B44A05C39417FBFCF0C768D30DF1240D4333CBA4219406
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tiene m.s protecci.n disponible",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Protecci.n adicional est. listo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Protecci.n adicional est. desactivado",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas caracter.sticas de Protecci.n adicional lo mantienen seguro en l.nea Act.velas",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".Todo listo! La pr.xima vez que reinicie su navegador busque con confianza ya que B.squeda segura de McAfee le mostrar. cu.les sitios son seguros para visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda que es parte de Protecci.n adicional fue inhabilitada o eliminada. Recupere esas funciones ya mismo",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} muestra qu. sitios son seguros ant

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2246
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.422506764815652
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvdgGvLPUQPmMdzpP5x4bICHA4fEOGVGd1Pwsx7LmNhI+a6soNxawi9dySBx70:CvXlmMd9m6mdFwWrZ6kxuFrCQeEf9x
                                                                                                                                                                                                                                                                                            MD5:D415538C892C4D5DE116CA7654BB9C05
                                                                                                                                                                                                                                                                                            SHA1:3C1C2016FA75540B02A0163F3158BC7AB4EB1FD5
                                                                                                                                                                                                                                                                                            SHA-256:04CB36F6ADD399E47D92CDED5D747BC08DB66EB42DD4D18909F798AB9AD468BD
                                                                                                                                                                                                                                                                                            SHA-512:E2AC11C50120B94100634EFB30A148799DAEFBB72C797A684E0FF52107CDB73E191DADB4299703C130EBF1C05D9FD1845BB68CD1AAFC44444795BF2692A31B9B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Lis.. suojausta saatavana",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Lis.suojaus on valmis",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Lis.suojaus on poissa k.yt.st.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "N.ill. lis.suojausominaisuuksilla pysyt paremmin turvassa verkossa. Ota ne k.ytt..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Kaikki on valmista. Kun ensi kerralla k.ynnist.t selaimen uudelleen, voit tehd. hakuja turvallisin mielin McAfeen suojatulla haulla, joka n.ytt.. vaarattomat sivustot.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Se on poissa k.yt.st. siksi, ett. lis.suojaukseen kuuluva hakulaajennus oli poissa k.yt.st. tai se poistettiin. Hanki ominaisuudet heti takaisin.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfeen suojattu haku", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} n.ytt.., mitk. sivustot ovat vaarattomia ennen

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2413
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4507518396761805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvmQM4M92AhLMdlzu5ZHl0l1nD2qqh2NW1:C+W42AhLmlzu5BkJyqNNW1
                                                                                                                                                                                                                                                                                            MD5:A170C6231FB8E004BABB8892997722CE
                                                                                                                                                                                                                                                                                            SHA1:FEE3EC85B9127C8C1FCDE05B80D0F48D4D815E90
                                                                                                                                                                                                                                                                                            SHA-256:C3C8359B289DD489A17EB59AD57CFB66CAEAD4414AB199EE7CC34191A889F88B
                                                                                                                                                                                                                                                                                            SHA-512:4AF251F416409BFF1E047C0087C6632DA3EE7B6E4AABB3DFE01BA07E7E7949240AF208F3C0328A75749887482A71C3549A3D509999D3C8A5991D3BC11716A91D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Plus de protection disponible pour vous",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protection accrue est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protection accrue est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctions de protection accrue vous apportent plus de s.curit. en ligne. Les activer.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Pr.t! La prochaine fois que vous lancez votre navigateur, parcourez le Web en toute qui.tude pendant que la fonction de recherche s.curis.e McAfee vous indique les sites dignes de confiance.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Cette fonction n'est pas activ.e car l'extension de recherche qui fait partie de la protection accrue a .t. d.sactiv.e ou supprim.e. R.tablir ces fonctions maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_ADBLOC

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2494
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.455177997293483
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvqwGuHF9o9/EuB8u5J5AxHaaydCPjPXSJY:CSwGeY/EuB8u5olydCPrz
                                                                                                                                                                                                                                                                                            MD5:03CD9B0142CADB6527FD60ECFA0960A1
                                                                                                                                                                                                                                                                                            SHA1:ABDC1DA6CB5A857FF1AC671144AE45FDF4F16F50
                                                                                                                                                                                                                                                                                            SHA-256:F6DBD6F2854457A60A371A8783294E0819014CD663A2FC340FC6C8EEF05C7D53
                                                                                                                                                                                                                                                                                            SHA-512:48B1F57F21E088F0DE70A582C521C66674AE286F261ED63000C743F3F4054B9CA60303ACCFC7B108DC5BC037A88493BA6332A1E8D44BD503123D8CB3499D1537
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Vous avez d'autres protections disponibles",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protection renforc.e est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protection renforc.e est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctionnalit.s de Protection avanc.e assurent votre s.curit. en ligne. Activez-les.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Vous .tes pr.t.! La prochaine fois que vous red.marrez votre navigateur, vous pourrez effectuer des recherches en toute confiance . l'aide de la Recherche s.curis.e McAfee, qui indique les sites que vous pouvez consulter en toute s.curit..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Elle est d.sactiv.e car l'extension de recherche qui fait partie de la Protection renforc.e a .t. d.sactiv.e ou supprim.e. R.cup.rez ces fonctionnalit.s maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2273
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.521363709106076
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvIoaSjp60i4X476LRiouHFshwFZcBwdaS3jB:CAejbVA8RcHFsh0ywAK
                                                                                                                                                                                                                                                                                            MD5:20FDE83B61D081A8627097D33ABB0CF4
                                                                                                                                                                                                                                                                                            SHA1:713026103FB526A6966A546773F90B6F140EE385
                                                                                                                                                                                                                                                                                            SHA-256:757CDDF3C03FEAD14D4302DAE6EA54DF669DEDC1F1416C5B3B8CD87FAB6A7D86
                                                                                                                                                                                                                                                                                            SHA-512:D12F6D989559564F5312B1BBAA6127114D45D19B6BC8460DDD2D71D4D025A2FB28EA4D5450A57C7FEC0AE209CAF8182695FD8538943D25BA1D524317C0BA1F61
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dostupna vam je ve.a za.tita",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcionalnosti dodatne za.tite .ine vas sigurnijim online. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Sljede.i put kada ponovo pokrenete svoj preglednik, samouvjereno pretra.ujte uz McAfee Secure Search koji .e vam pokazati koje je stranice sigurno posjetiti.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.eno je jer je pro.irenje pretra.ivanja koje je dio Dodane za.tite onemogu.eno ili uklonjeno. Vratite ove zna.ajke sada.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} vam pokazuje koje stranice su sigurne prije nego ih posjetite.",.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2388
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.632856540882606
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvtCmH9aqAIDT5WSSWp7IpKwYnZmT+FLepwiV3lwCJh:CFCmHMVIqtYY+BWx
                                                                                                                                                                                                                                                                                            MD5:462C0F951D1B386A4B3C5193310C0215
                                                                                                                                                                                                                                                                                            SHA1:FB8B470AB20A208450B5C52650D1972B290B4C0F
                                                                                                                                                                                                                                                                                            SHA-256:BEA8E0E706E9E7654A1A56ACC67F070E3C42C7AD2AF0C090EAF815F84C34C0ED
                                                                                                                                                                                                                                                                                            SHA-512:326135218D026A433E1712A48B956F008B0B671BB3EDD2C3A71F8791BF3AB9DD59C04656AD729E10F961A2CBFCA0BC5DC42E1958059D2A07A61E1B330B8BEFD1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.g hat.konyabb v.delem .rhet. el",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A tov.bbi v.delem k.szen .ll",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A tov.bbi v.delem ki van kapcsolva",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "A tov.bbi v.delmi funkci.k m.g nagyobb biztons.got ny.jtanak online. Kapcsolja be .ket.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Minden k.szen .ll. A b.ng.sz. k.vetkez. elind.t.sakor magabiztosan kereshet a biztons.gos keres.s funkci. r.v.n, amely megmutatja, hogy mely webhelyeket keresheti fel biztons.gosan.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ki van kapcsolva, mert a tov.bbi v.delem r.sz.t k.pez. keres.s b.v.tm.ny le lett tiltva vagy el lett t.vol.tva. Vegye ig.nybe .jb.l ezeket a funkci.kat.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_ADBLOCK_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2180
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.434245017398244
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvlUzrFEVioJofWr5HsJcxnyhXpwfJwTRraut:CpVioJoerVsJWylSm4C
                                                                                                                                                                                                                                                                                            MD5:CD1EE3ADF45BFFFFA79AF533BC0E5623
                                                                                                                                                                                                                                                                                            SHA1:2A26DB5D430373F5BB99B6763C6A0773AF0BE93E
                                                                                                                                                                                                                                                                                            SHA-256:ED275192EAC0FAF9C5500BC6ED786D6538A06A645EAB4CCBFD8C6FA13C55481A
                                                                                                                                                                                                                                                                                            SHA-512:D495A215198D8E3158A17B50292F10A9294F41BF48BA4955B55C9827FBC86DF24AEDDA8A9EC524F25AA66FE1759FB43E51960172393F661160587C55DEDE62ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puoi aumentare la protezione",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protezione aggiuntiva . pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protezione aggiuntiva . disattivata",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Queste funzionalit. di protezione aggiuntiva aumentano la tua sicurezza online. Attivale.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tutto pronto. La prossima volta che avvierai il browser, la ricerca sicura McAfee ti mostrer. i siti sicuri da visitare.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ". disattivata perch. l'estensione per la ricerca che fa parte della sicurezza aggiuntiva . disattivata o . stata rimossa. Riattiva subito queste funzionalit..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Ricerca sicura McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ti mostra i siti sicuri prima di visitarli.",.. SEARCH_TOAST_ADBLOCK_BULL

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2689
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.794258434875549
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CDihdOhGELq02HhMyCYaYPuMLmeStoN5PcvhvD8voTG/:CDihdsjz2BMRNkmTgg5wt/
                                                                                                                                                                                                                                                                                            MD5:BEE120816E0D810DD9EA2E487F9B3336
                                                                                                                                                                                                                                                                                            SHA1:CDC5130EB605B4E3CF1E12D9D9F3E6705188A8A2
                                                                                                                                                                                                                                                                                            SHA-256:67E0381E64EF4717BDD385FFEA8E8005D0F31E6754630B04EEA1DB3D8EC72845
                                                                                                                                                                                                                                                                                            SHA-512:F5DE7E6941576E23F385051E37E82A05DC9B8ABD58CE6BF6C5491C2D3478683AA6D2D8B30C626E3B0CEE09C0E01D546EA1825558832C202DA6381CB184A34718
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_ADBLOCK_HEADING: "..............",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "............",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "...............",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................... .............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".......... ....................... .... ....................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................. ...........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2396
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.921265621634402
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOVLgXlf/klv04CjUXktjHaQLKOudpQVg/xFSQXmYQgpyyqK4wQNqDhOnwIjup3:C8FJUXy6XlbSvYi3wiQbbOE
                                                                                                                                                                                                                                                                                            MD5:D3909D0A578BD19D0A1D1670A1AAF9E0
                                                                                                                                                                                                                                                                                            SHA1:A6BC641EDBD6990FE061B55D274EC9F56B71BFD7
                                                                                                                                                                                                                                                                                            SHA-256:88E107147DE1C2A77D23A456AA1F6F61E8707B293A870941B086B93C8FAD2C0B
                                                                                                                                                                                                                                                                                            SHA-512:1F918E55E8B54D265658BAEBFBEED0CA159506A94B6F63624E8D095D87D5B3CF786A9B2F4B39FA600B3699CD6CC8353E67FDE2663DCB8E4DF677D8C34C2ABB1D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_ADBLOCK_HEADING: "... ... . ....",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".. ... ... . ....",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".. ... .. ....",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .. .. .... ... ... ... ..... ... ....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".. ........ ... ..... .. .... McAfee .. ... .... ... .... ..... .... ... . .....",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".. ... ... .. ... .... .. .... .. ... ... . ..... ... ... .. ......",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee .. ..", .. SEARCH_TOAST

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.447068933751636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvJIksPYZC/uu6YZJN5QsKYmOArOhR/QExYqm:ChI1Y0/u3YYsGKrYShm
                                                                                                                                                                                                                                                                                            MD5:3D871FC36FEC2CCB6836529941BA5F66
                                                                                                                                                                                                                                                                                            SHA1:80ECC18AE74CA73644F480AC5AEC3F9FA4F51555
                                                                                                                                                                                                                                                                                            SHA-256:5327DDB24FD2877597BB58A2D91AE8486A6EF467DA7BD228A97D339EF471115D
                                                                                                                                                                                                                                                                                            SHA-512:C2EDFDA39F5DE2847D75BA53E0FE66BB0B1302A43E6DC71BB6FACDE475B7B6E3962444CF3404E4EB3BEE5146595229F51176557ED976BD4B351B1F0E082B0657
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Flere beskyttelsesfunksjoner tilgjengelig",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er klart",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse funksjonene i Ekstra beskyttelse holder deg sikrere p. nettet. Sl. dem p..",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt klart! Neste gang du starter nettleseren, kan du trygt s.ke med McAfee Sikkert s.k. Funksjonen viser deg hvilke omr.der som er sikre.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Den er av fordi s.keutvidelsen som er en del av Ekstra beskyttelse, er deaktivert eller fjernet. F. tilbake disse funksjonene n..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sikkert s.k", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser deg hvilke omr.der som er sikre, f.r du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2216
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.441770885282106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvKJpceq6RTcyrCBuH1ibZ/Pp93MK64kFUq5EpvnS8tYRQN:CQSN6Roy8uHwZHpi34Tqmpq8tYRQN
                                                                                                                                                                                                                                                                                            MD5:22C7B3D0E2654924A480F7E6ED19516F
                                                                                                                                                                                                                                                                                            SHA1:95A1DD003F4CB7503FBF5E0C84C9F7DD4205DA92
                                                                                                                                                                                                                                                                                            SHA-256:BF35762243238E4FFCB6A4180CC26BED391392D4637AD0D6B1B04EBA774CDC48
                                                                                                                                                                                                                                                                                            SHA-512:C7D177E122AE9EAD32DAFEC60C44642A9AFEBB5E2EB39DB0F7FAE7DE379DCFBD4B9F1653152BBE080CC673743F9DC3527120071258719883475D15BE5CEEB523
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "U kunt over meer bescherming beschikken",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Extra bescherming is gereed",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Extra bescherming is uitgeschakeld",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "De functies voor Extra bescherming verbeteren uw online veiligheid. Schakel ze in.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klaar! Wanneer u uw browser opnieuw start, kunt u zorgeloos zoeken met Beveiligd zoeken van McAfee dat u precies laat zien welke sites u veilig kunt openen.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Het is uitgeschakeld omdat de zoekextensie die deel uitmaakt van Extra bescherming, is uitgeschakeld of verwijderd. Schakel deze functies nu opnieuw in.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} laat u zien welke sites veilig zijn voordat u ze bezo

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2289
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.693595450677752
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Cv4058MjlxcXI9qWiXgwsIvE8QK0tKWhEZ0JILHVI16sSIIRXR6:CQ01jCI9qXXLsIvE8Q5K+EOgVIEsSFXA
                                                                                                                                                                                                                                                                                            MD5:D46D65FD391215103DA972BFEB4AEEE6
                                                                                                                                                                                                                                                                                            SHA1:277298EB45E5010CCB5DF90784CADFBE7AAA911E
                                                                                                                                                                                                                                                                                            SHA-256:ABC58810ABDE7908191E393DBBF4746AB19FCE5AD87002671E43E35308BEA252
                                                                                                                                                                                                                                                                                            SHA-512:88B1A9D613CFA99016640152DA7553B18A1672A27DAAC456FB2E81EF8DF4A41DB10C605C401CDFE600518CC61B0BD9C12B0A2E75C1E0E572FCA6874C8917E3FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dost.pne jest wi.cej ochrony",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatkowa ochrona jest gotowa",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatkowa ochrona jest wy..czona",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Funkcje Dodatkowej ochrony pomagaj. chroni. Ci. w Internecie. W..cz je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Konfiguracja zako.czona! Po nast.pnym ponownym uruchomieniu przegl.darki, Bezpieczne wyszukiwanie McAfee pomo.e spokojnie wyszukiwa., informuj.c o bezpiecznych witrynach.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Jest wy..czone, poniewa. rozszerzenie wyszukiwania b.d.ce cz..ci. Dodatkowej ochrony zosta.o wy..czone lub usuni.te. Odzyskaj teraz te funkcje.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje, kt.re witryny s. bezpieczne,

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2225
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.468802888887182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvVVlKrZ/ez2L3dpZszSJEufUo7G+DOHbO9R:CNq62LizsUoC7S
                                                                                                                                                                                                                                                                                            MD5:C5479A775A940AB8B006F5AC52D0AEF5
                                                                                                                                                                                                                                                                                            SHA1:B1C2DC285835D9CFFE5D5EC5119BE43B8B845639
                                                                                                                                                                                                                                                                                            SHA-256:D57610A7870EF33E78F512D0E2939326AEEAFE6C92C7C971F68133ACAD088896
                                                                                                                                                                                                                                                                                            SHA-512:D926A25E8F32E9F5BFAAE26E3416E33F8B471D6C038426074F36C4525B3BA052D3E6791D36418B17395491FB9A6CB8B7BFD6E1871941BFE51B5D754725691146
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Voc. tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Esses recursos de Prote..o adicional o mant.m em seguran.a online. Ative-os.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tudo pronto! Na pr.xima vez que reiniciar seu navegador, pesquise com a Pesquisa segura da McAfee que exibe os sites seguros de visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Desativado porque a extens.o de pesquisa que . parte da Prote..o adicional foi desativada ou removida. Traga esses recursos de volta imediatamente.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra quais sites s.o seguros antes de voc. visit.-los.",.. SEARC

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2324
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.472455841275005
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvOb9fKjnZdVrzzHUUFZeEi351TgV4/QbG9yluHNs:CWJmZTLUUFZgLQi9H2
                                                                                                                                                                                                                                                                                            MD5:4C9823C8BEF5A2C734BB53FC9E257DDE
                                                                                                                                                                                                                                                                                            SHA1:FBF3A15F971729070BD00B46CC47CAA462B4B31B
                                                                                                                                                                                                                                                                                            SHA-256:639F197D8F8C3202303433B4BD2840AFF969827666CF9A542A37296389A89EC5
                                                                                                                                                                                                                                                                                            SHA-512:EB716D33547A3ECEC0BFA183A068F1E15DD05B43B08D5FEC44218BBD800551BAF38B7A0B12BF71B1481AEB6E8A3B4AEE637D33F955B81F9D0D49B3033A8DC8A1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funcionalidades de prote..o adicionais mant.m-no seguro online. Ative-as.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Est. pronto! A pr.xima vez que reiniciar o seu browser, pesquise com confian.a com a Pesquisa segura da McAfee a mostrar-lhe que sites pode visitar em seguran.a.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desativada porque a extens.o de pesquisa que faz parte da prote..o adicional foi desativada ou removida. Obter estas funcionalidades novamente agora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra-lhe os sites que s.o seguro

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3288
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.141059039479208
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:COrsBqgVZBkBuYVCdpLVREi4c1rTZPNiNbdYH99W:CCsBqgVZiuYV8pLV16hz
                                                                                                                                                                                                                                                                                            MD5:22D735EEF522C4E8170F5102EEDDCA1C
                                                                                                                                                                                                                                                                                            SHA1:958829FA45AA5F1BBD8608B231B2119664B7CC09
                                                                                                                                                                                                                                                                                            SHA-256:85EF45E27F4196799E789F2AB383E95AA512C9CA8298BE050E88E0AA413E2D5E
                                                                                                                                                                                                                                                                                            SHA-512:C5C099C5DD551E5D8D11E5519A88C7B0FF9A31C2C874D017F053912C6A8BA7D40968E6113A3655B2807C9DF9C6ECC1FB66E4ADCD5DDC8354F71D3380FC61F0AE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ". ... .... ...... ............ ... ......",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".............. ...... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".............. ...... .........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .............. ....... ...... ............ ............ . .......... ........ ...",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "... ......! . ......... ... ..... ............ ........ ......... ..... . ....... ....... ........... ...... McAfee, ....... ........., ..... ...-..... ......... ... ..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADIN

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2276
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.757275405968279
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvdg0FQ8YIcT3JOzrgffdIxL8EHbgnDHKXldVV/aVcFUC7wQi0o0ekfSanwIN7:CvW8zM6pE2VDVGc377SI//Dn
                                                                                                                                                                                                                                                                                            MD5:DA9A233D89807AD112E53DF4098035AA
                                                                                                                                                                                                                                                                                            SHA1:0801012D61EBF23C3F84395E0C015CED5678EEEA
                                                                                                                                                                                                                                                                                            SHA-256:466B8D3ADD30EFAAA43FAB8EF5D08DE24DF27F6D1A55AABCD51A11EBAD036561
                                                                                                                                                                                                                                                                                            SHA-512:D27142F059B5ACD4C6EFC6AF0F598E0E6377409791F1ADD1C2DC9E4459352CA3A1BE443A566A59F67B57E4CF3A57A82923DE2580B40D97824D2533C540A13C40
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Pon.kame v.m viac funkci. na ochranu",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zv..en. ochrana je k.dispoz.cii",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zv..en. ochrana je vypnut.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Uveden. funkcie zv..enej ochrany v.s ochra.uj. online. Zapnite ich.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.etko je nastaven.. Po re.tartovan. prehliada.a v.s zabezpe.en. vyh.ad.vanie McAfee ochr.ni pri prehliadan. a.zobraz. str.nky, ktor. je bezpe.n. nav.t.vi..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funkcia je vypnut., lebo roz..renie vyh.ad.vania, ktor. je s..as.ou zv..enej ochrany, bolo vypnut. alebo odstr.nen.. Z.skajte tieto funkcie sp...",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} v.m porad., ktor

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2217
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.546873505900963
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:CvzaSNcoHl5A0Pt0opbUbFpGbQg55EfVL0Bv:C5NH5AatiFpNMcu
                                                                                                                                                                                                                                                                                            MD5:B05426DC1028FBA92476ED1E97886139
                                                                                                                                                                                                                                                                                            SHA1:B15C22AC569DF5AFB856374FBFB31189FE852D47
                                                                                                                                                                                                                                                                                            SHA-256:D09F32E45B16CB2E09059D2AB07D97CE0C1387479016396E4E3CCA95E4998562
                                                                                                                                                                                                                                                                                            SHA-512:112583445439E3B9A2CCAF443A963B3804C308CC19EAD5F019F79E0B8D45EF0E7D4AE3020EF39ADDA4B5C9775433DCE4F44556C1C5F085D6C15E0108528FD17A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Imate na raspolaganju vi.e za.tite",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcije Dodatne za.tite .ine vas bezbednijim na mre.i. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Slede.i put kad budete ponovo pokrenuli svoj pregleda., pretra.ujte sa samopouzdanjem uz McAfee Bezbednom pretragom koja vam pokazuje koje lokacije su bezbedne za pose.ivanje.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.ena je jer je ekstenzija pretrage koja je deo Dodatne za.tite onemogu.ena ili uklonjena. Vratite odmah ove funkcije.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje vam koje lokacije su bezbedne pre nego .to i

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2111
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.543696804404092
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Cvg5Lf7jC1iVJkbJ1YJbYChTRpe4ScwPJ:Co53MbUJbYChTJSZPJ
                                                                                                                                                                                                                                                                                            MD5:24BB8DA8AB968CD1B7CD5EFC8B031399
                                                                                                                                                                                                                                                                                            SHA1:6CE449ED4A4F0D9DEBBC0B670D59A00B62BA2D1C
                                                                                                                                                                                                                                                                                            SHA-256:124ABE68CEBA14043CDC616E2C63D8917A1560F8517B4757C74D8BDBC3B8EFE9
                                                                                                                                                                                                                                                                                            SHA-512:0899F7F92DD79C9852A7E4004F76E6D007807B2A81F04B9F46CE50A1A0EB5E47F6717A6AAD46B01C13EB3BAEAAE9F50558BB45F26645518C83984E17FC6F6281
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har mer skydd tillg.ngligt",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ut.kat skydd .r redo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ut.kat skydd .r av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ut.kat skydd-funktionerna h.ller dig s.krare online. Aktivera dem.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klart! N.sta g.ng du startar om webbl.saren kan du s.ka tryggt d. McAfee s.ker s.kning visar dig vilka webbsidor som .r s.kra att bes.ka.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Det .r av eftersom s.ktill.gget som .r del av Ut.kat skydd inaktiverades eller togs bort. F. tillbaka funktionerna nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee s.ker s.kning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} visar dig vilka webbsidor som .r s.kra innan du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Annonsblockering", .. SEARC

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2206
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.575774364688543
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvdg/UOH95vCfoXiRvLa/sGcdDSqi+2O1ebxZQ25BMblR/B2sK3SZ/Z9vKlmCX:CvSG/GoSqi+Z7bQspvKG68ddHO
                                                                                                                                                                                                                                                                                            MD5:31B4A818999F869C3F9D44F0BFAA17EF
                                                                                                                                                                                                                                                                                            SHA1:18476D058236619E2858AB88CBAC5CC1046458D9
                                                                                                                                                                                                                                                                                            SHA-256:67776DD645C1890363D09DBD04DB8ABAE442C47B984926DBB61633874E622ECA
                                                                                                                                                                                                                                                                                            SHA-512:253FD4EEB0B9F9B6E50386C405722371BFAF717796F9B4C75FA97A40C69971D91CDE54ADD324E0A27CC51D90E1B040950BF58DA162511EB1156124BBCC6A9CA8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Daha fazla koruma se.ene.ine sahipsiniz",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ek Koruma haz.r",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ek Koruma kapal.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ek Koruma .zellikleri sizi .evrimi.i korur. Hepsini a..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Her .ey haz.r! Taray.c.n.z. bir sonraki ba.lat...n.zda, hangi sitelerin ziyaret edilebilece.ini g.steren McAfee Secure Search ile g.venle arama yap.n.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ek Koruma'n.n bir par.as. olan arama uzant.s. devre d... b.rak.ld... veya kald.r.ld... i.in kapal.. Bu .zellikleri hemen geri al.n.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ziyaret etmeden .nce hangi sitelerin g.venli oldu.unu g.sterir.",.. SEARCH_TOAST_ADBLOCK_BU

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2043
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.269213588165262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOZgVstn8dWjt8EWNjtM7LLyllJtjEcjt/dcz58qNAMdstxjl7BnwIj8WvPJb4:CjBt/wppKWMGzRl9Tc
                                                                                                                                                                                                                                                                                            MD5:27FC42112C8774D79FE7F38F66CC78EA
                                                                                                                                                                                                                                                                                            SHA1:9C1ED6314E0C4ABE96B19618226A42D357E31D64
                                                                                                                                                                                                                                                                                            SHA-256:E15A74C80A1DA6EB4093EDE2B8AB165693EBF82F580199494C18CB44DA6C7455
                                                                                                                                                                                                                                                                                            SHA-512:C7D3F4670E555C1D5B9B62AF5AE3B2DE964BFFA69B790FACDD406C7AC7085C9AFD8FA82C8F44E5059E75932545E5731E101C8047F536F01D09E031B09362E88D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_ADBLOCK_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "...................... .....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "........................ ...........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: ".......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: ".......{0} ..........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_2

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2123
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.276375097282816
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvdgQyNha9y+lmmhIlHCbMKEW2+Z8d/9t6Hj4mQjKKgcjSlMXmIyuiSlGlSBYx:CvaX+Mm6t8MZoD+KKtSr5FlITWiyv9R
                                                                                                                                                                                                                                                                                            MD5:D67C4BE258B6A5B138519361D4336203
                                                                                                                                                                                                                                                                                            SHA1:2F89EE3093715E40469FA2EF519C53A1FBAB1AB6
                                                                                                                                                                                                                                                                                            SHA-256:22C8E78F51D823C588A37B1205E6DEE2DEFEF49CD9873E34C333AD94A0566333
                                                                                                                                                                                                                                                                                            SHA-512:51D308902A38FEF1053DC1D9BBA5259E8C433A999ADD2325E52063A8617CF50CE4542F34DD174D96AC5AE294B3B307397B6D2E7773255C00CF145F7F70E9D1DF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".......",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "................McAfee ..............................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee ....", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0}.......................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):908
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.696241443857236
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HUDAS6FXOqZG1g4zBFU+K6IPHf7q4qtoxmqDR3nC8+U:7HbzFOKGy16IPTq4pDRy8z
                                                                                                                                                                                                                                                                                            MD5:DD3EB93CFAD57A236C56A67FB7AD27BD
                                                                                                                                                                                                                                                                                            SHA1:6725B767017A6ACB38A7762F84D58E8338E7E390
                                                                                                                                                                                                                                                                                            SHA-256:6D8BD93EC30E7C6953F30F1C52FE28CDF79939BDC62397A0CEE216F14E89545A
                                                                                                                                                                                                                                                                                            SHA-512:88D7EC9B31E932A4C914979E8F9FC3466EC3925DA85469318E0AD1FAB959047FE6DBC1DC069583AFD57CC8809D404A1F05C3F7AC4FE796A1325FA48953AA2F41
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. prov.d.n.ho pomoc. vyhled.va.e Bing upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete vyhled.va. Bing doplnit o slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_SUB_FOOTER: "Po restartov.n. prohl..e.e zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz..",.. SEARCH_TOAST_YES: "Ano",.. SEARCH_TOAST_NO: "Ne, d.kuji",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz.."..}..//D7EB2E15A2D79597DB8F40F5083DBAE181A55570F4ED79308B7B1DC57D78F01829B4F39E5D6D7810B4116C5FEBB7F979514F2911CB1788FC63390A39458A9552++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):807
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.47273821285326
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HaufsEtijFTUd42Vd+PQhF2FAZeP/dHIpn:++s9TUd42Vd+Y3Vetopn
                                                                                                                                                                                                                                                                                            MD5:A8C3214F1586406617F656FC1DD0ADEC
                                                                                                                                                                                                                                                                                            SHA1:A154A57FB180B327110722D2855E99AEEEADC491
                                                                                                                                                                                                                                                                                            SHA-256:C200CBFC4E420DEA2449FDE09C6444AA7DF7F76937AB1315CC943903C1E73296
                                                                                                                                                                                                                                                                                            SHA-512:696686241938EEC2B1F74ED81DDD78F5C970826F9057EFF2C9C05C11465336430C1C74A9E4FD0A743581A1E94D770674F374105D775E2E94101FA5740C2B85D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i Bing-s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du f.je Sikker s.gning til Bing, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r Sikker s.gning til og .ndrer standards.gemaskinen til Bing, n.r du genstarter browseren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tak",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r sikker s.gning til og .ndrer standards.gemaskinen til Bing."..}..//17E2B22C86716230707468D6124D7090117EB949499397E6EA74F15018667CA2E9D5DDEC4C672AEECFCEF2936B2F9D3D463A2D24A7E80550BDAA1B6018BF8424++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):863
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.342626850424149
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HGgFJZ+X0qvX66Q+3F2wlPQ+1EbieAeZ6:SAJZcVQ+VjVQ+1wieAeZ6
                                                                                                                                                                                                                                                                                            MD5:984A84E9EB0DF6990A5CA3BA724B530D
                                                                                                                                                                                                                                                                                            SHA1:6F4BD231789F7A1BD46F994F785476DC29667313
                                                                                                                                                                                                                                                                                            SHA-256:520764E44EDFF4530473733213179C3080361436EF2B13638B55B3A8029181CE
                                                                                                                                                                                                                                                                                            SHA-512:9AE5BAD02EED8328D480E7E54E907D67C382D3E43BA2028E2839067510D206E814E855C3D8D09137B8351F3A91C9D8B0B3BCFC9BFD4A89F4BE15AF38DDE6FA78
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Bing-Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "M.chten Sie die sichere Suche zu Bing hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_SUB_FOOTER: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing, wenn Sie den Browser neu starten.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nein danke",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing."..}..//CBB43CC5690BD038A2C9F7B1B839D27E63D21EC139ADDAB553E9856DE1108F7234CF148D821C8D640CCE92F107696F10D2BD60C64ACA78CAC2A740DA131DFF0C++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1522
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.961078917753637
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HB3IsMXLr2bnATla3ybWG2hbiLy+wgjxUbiPjghEa3V:W2UTlaLvbiVGbibghES
                                                                                                                                                                                                                                                                                            MD5:FD9D39C2CFFE3721AAC272095F403247
                                                                                                                                                                                                                                                                                            SHA1:E31565B1A9E0037D288C5210A9641ED0B12C1D7B
                                                                                                                                                                                                                                                                                            SHA-256:CF96779344B9198ED791D9619656F6821250BBC43D98509321F4A713736D7782
                                                                                                                                                                                                                                                                                            SHA-512:45D234AFB354AF918D505A5408C508B97701DBDC774F6CC3A967F4EB1455C937A2376D6328D3BC36F5F4EE7F3A6A210D5462D3E231057D856B185AB6453B5AF5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "... ......... ... ...... ........., .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ .......... ... ... ........... ... ......... .. .. ......... Bing.",.. SEARCH_TOAST_BODY_TEXT: "...... .. .......... ... ...... ......... ... ......... Bing ........... .. ..... ..... ... .... ....... ... .... ............. ...........;",.. SEARCH_TOAST_SUB_FOOTER: ".. ............... ... ...... ......... ... .. ........ .. Bing .. ............. ......... .......... .... ... .....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):780
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.351505252116324
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HdW9H3npSuVNTzLo4uiJH7IyOtS9eDqt1IyX3G6TPDXqJKen:7H8XpSuVNTzxcCeD7MTPLden
                                                                                                                                                                                                                                                                                            MD5:33B5D4E23441E8CDFA7823C883E8DC4E
                                                                                                                                                                                                                                                                                            SHA1:D3579E81762BE74A21B18C41264D1FE132C9DF8E
                                                                                                                                                                                                                                                                                            SHA-256:2A034AF44E3438B62F295FFCC14779101307AF4859B87171285A41944CB441A4
                                                                                                                                                                                                                                                                                            SHA-512:9F5228D13BADBB67E03F2C78170F93B34FB9F6F5D2D4DF5B9F7068AF4A856984C6707461D3359F304F0F791AAF78A575EBC9440083CA2AD741881F44DD25B91B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your Bing search results.",.. SEARCH_TOAST_BODY_TEXT: "Would you like to add Secure Search to Bing and stay ahead of the bad guys?",.. SEARCH_TOAST_SUB_FOOTER: "We'll turn Secure Search on and change your default search engine to Bing after you restart your browser.",.. SEARCH_TOAST_YES: "Yes",.. SEARCH_TOAST_NO: "No thanks",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "We'll turn Secure Search on and change your default search engine to Bing."..}..//3572B3EC5B96E0F453F52C9E4EEF39B10422EA66B892E912C0AC5FE7C3BBA2D6F765A72FD10A7A2234D87166AB0E02749010A06B5B8CDD3A39F4F1B19E656836++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):834
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.410440212659386
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HTOW06YIJHM8MEIoyLLQZSUJHHrSXXY0Vqt15ZSUJk8jjDhgT3ZWR:7HqpQJHM8MnoyEpmHYGm5e87huUR
                                                                                                                                                                                                                                                                                            MD5:64FA1A2146949BA2CE54A2C21CAEDEB8
                                                                                                                                                                                                                                                                                            SHA1:0604273B4AE5A3806B7E40D59104651EA798B57A
                                                                                                                                                                                                                                                                                            SHA-256:EC4A20CC30EAC23D0E6E5C3DE5E5DB22B0835A0E5379035510318FCE0668471F
                                                                                                                                                                                                                                                                                            SHA-512:B44575C3D1A60C497C1B7C2AF19269AF01F6CA07BD571E1789379817E3CC326DA1FA7816DACB9443468F844175834D7547312EECFB74E37AEFFA93DC5E8C0ACB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No dispone de B.squeda segura, tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios web peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a a.adir B.squeda segura a Bing y olvidarse de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing."..}..//AD4D9869FF7C931A6EE9C8188F2C40B6BEFB49285151A178DF339E3F4578DC51B4DB016F088D01F5BD10713BD152B02C1973717C2D3C64B943A144D72EF64D22++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):848
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.368189199328249
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HT9+6YzsinKM8MEIe4LyO3KVoqZSUJHHrSXXY0Vqt1BbSUJbTpYnKETh:7HCsiKM8Mne4X3QpmHYGmbxTpKNh
                                                                                                                                                                                                                                                                                            MD5:2256AA263A7FFD9F065A11C9E8B2F474
                                                                                                                                                                                                                                                                                            SHA1:0715100326101923F8953CA06FB14D9DEFF48020
                                                                                                                                                                                                                                                                                            SHA-256:D33F96BAA5CA443B31B663B1488FE03CDBDF3E6C7EABFFF4768671651D81B964
                                                                                                                                                                                                                                                                                            SHA-512:E21DCF768DC8E7F526608262582EE407EF9CF8239A527B92782DD7E69354928CB12823810E3FC6902DCB3990EAE0923ED9AAF59D6D95DB59A2AD0C9758D67F2F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No tiene b.squeda segura: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de los sitios peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a agregar B.squeda segura a Bing y mantenerse por delante de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos la B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos la B.squeda segura y cambiaremos tu motor de b.squeda predeterminado a Bing."..}..//8C18292FED9BF5DEA2CD9FBA50BE97B4BBC3AA57198F476873FB4E128F8A80FA44406056C5CFF292A644F1E087F93B02D8371A3F56A66E8BC85FFCC56E4564BA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):837
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.413595987636439
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HMljiYYtHMjpJNnR9k9flAgPMfoRGpWfUfqt7foRjG8rCQbnYI5hn:7HQ2htHsNn+dWfoRVfeEfoRJFbYIb
                                                                                                                                                                                                                                                                                            MD5:01E041903397BBD803C9A41B39680EE5
                                                                                                                                                                                                                                                                                            SHA1:63E1302DAFD6BDB52527AC711180F9109A5104CA
                                                                                                                                                                                                                                                                                            SHA-256:0E2FBA1D2DC805FDC2F61338758B29710C55CCD98A1A0C0754079BE7711DA3A9
                                                                                                                                                                                                                                                                                            SHA-512:4C40AAF6A4BAB8D793600557922A9BE784E0DE17923756181AAD9E19FB96423AE19E0274BBFD17AE1DF5F131DAED7D14FD1E0B7A7FC471575D11AF6ADE92AAB9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat Bing-hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.t. suojatun haun Bing-hakukoneeseen, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_SUB_FOOTER: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing, kun k.ynnist.t selaimen uudelleen.",.. SEARCH_TOAST_YES: "Kyll.",.. SEARCH_TOAST_NO: "Ei kiitos",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing."..}..//9B162E46E49C55FE52EB159C5E336BC07FB14F3710C03576967ECE86BE1AFF0275EDFC643D4DD27F5E81429DAA30B5999D23FC4033A704150F1B82297618970B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):927
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.367945636332484
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HW5WFTGeg5rqskm8wwbY6xQam8wwbYp1oOfLi:uWFTGeg5Wwv6Bwvpq
                                                                                                                                                                                                                                                                                            MD5:735E07D182A659392D5E36CD8564C9A4
                                                                                                                                                                                                                                                                                            SHA1:3099997B07EFE9EC6C0E29CF1AB3302FCA5C3D4A
                                                                                                                                                                                                                                                                                            SHA-256:2350FCBF7993D758897689F974EDC97558C7C488A89AF6EDAA23371ABA991DA6
                                                                                                                                                                                                                                                                                            SHA-512:F8D45D88B606762F746AC955F8A97DDCA0D039D157487503893AEF2450B94A10259CA3AD348FB2F9C1F1AD40F6C5064158EBED099DE4139F1741F60BED32FDE8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e n'est pas install.e dans votre navigateur.",.. SEARCH_TOAST_SUB_HEADING: "Recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Souhaitez-vous ajouter Recherche s.curis.e au moteur de recherche Bing et d.jouer les escrocs?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut."..}..//296B3AE03EB2D7BFBB0F186D36F0F9E259E40494184686308D86F1B94AF369B7016746D61EC238990A28C63894FF20BDFF7609367FEA89A49786D602530749DC++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):940
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.364304281579993
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HNL7EemtP5RTOpwemfw8uWY6xxAamfw8uWYFrxyf:R7EemtPaiwX6CwX4
                                                                                                                                                                                                                                                                                            MD5:236667171852EF648521EF5B366443BF
                                                                                                                                                                                                                                                                                            SHA1:CF15ED38382501ECEC3A8D2B155BE19D28D494E7
                                                                                                                                                                                                                                                                                            SHA-256:6ACB967A8769208ADD33DDD92A6C44DCB6C1746421A0131E5E98C44F8F5DDAE8
                                                                                                                                                                                                                                                                                            SHA-512:7461E755BEA89B29D0A23C3A4817E076829A8EA2FF9343D823A2ED9725576112C5B0843162C4217D6A1960DF97975E7C7920E7953ED8FDB1FFD498CA48C9C406
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche Bing.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous ajouter la recherche s.curis.e . Bing et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non, merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut."..}..//6BC507515415E4D4E6A970BEBA7E853F6DDDF786145A9E40422517F4D2E872C37B73364D9716F65B74188B3212124E7AAF108A9ACA0C4422C8D88881344AA791++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):798
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.445519478078725
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HM+9DuIg9sCZwzJl//L9hd9MuGvPJHCqtL9MuGtcqD0COjJGNOjR8ue3e:7HMogol25vxHCD5uqwCBsjBeO
                                                                                                                                                                                                                                                                                            MD5:F63EF0EDBA3F7F47C6001BCCC9081AA7
                                                                                                                                                                                                                                                                                            SHA1:6B66CDEACE72C521FF3A5AD4280A1B53410B89ED
                                                                                                                                                                                                                                                                                            SHA-256:BF0DA0B58390029FF6F01DB672F95AABDF2BE3E4D9607D76B3E48162AFA862B3
                                                                                                                                                                                                                                                                                            SHA-512:18C3F4DD438BEF24D320670F26CBECD74091FF49559F3C9A8D91FFCEC9A84EBA87B22B4D04C6A4C96DF2237AAE1770CA14789404ABD828871CD28B0E13615FD5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata Bing pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati sigurno pretra.ivanje na Bing i ostati ispred?",.. SEARCH_TOAST_SUB_FOOTER: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing nakon ponovnog pokretanja preglednika.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing."..}..//FF26113F8919556172AA2BC37C22B26D3FA4C542F4317596D0097D13D9284DD5F8E5CF67A60111F5CB4C764C8DAE658BD2E2BCABF6CC1347F49E37FF905A05A8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):922
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.580797666794498
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HL8d6oBd5US6Xdd7qQpuYeBdyEpFnY45EgpuYeBddpFtyXdM:q6ojijX/+QpuJjTYH+uJjj6M
                                                                                                                                                                                                                                                                                            MD5:C06E19A977F89C7C5AE85A66858095A5
                                                                                                                                                                                                                                                                                            SHA1:077F9BAFFE643F1A3596532870D694B4E21276D6
                                                                                                                                                                                                                                                                                            SHA-256:12FC4F66F509BB73DA40762544CF5F83424DBA6DF6256274586E4F289DCA03B6
                                                                                                                                                                                                                                                                                            SHA-512:1C92C05349800F641BEE7790812B41985C4EF6A9008459BA6B20803313817E95DFEA867438B4853E20CDB4DC1419203228ECC94F518F2C0B199516F0A375BB23
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a Bing keres.si eredm.nyei k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretn. hozz.adni a biztons.gos keres.st a Binghez, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_SUB_FOOTER: "Bekapcsoljuk a biztons.gos keres.st, .s a b.ng.sz. .jraind.t.sa ut.n az alap.rtelmezett keres.motor a Bing lesz.",.. SEARCH_TOAST_YES: "Igen",.. SEARCH_TOAST_NO: "K.sz.n.m, nem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Bekapcsoljuk a biztons.gos keres.st, .s az alap.rtelmezett keres.motor a Bing lesz."..}..//471C611C98D3BA8221C1ACA0A99109228A467912EB9CB1F7F6AF71BF86C83AE891BF60E895200AE9E1A63C51F66D79F9F19E61C23BCFD441826D4E787A9C8A5C++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):819
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.271148302854568
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H1J1Z2psz/XEKapHoCv815HFl+pqtKHoCv8FC+hHDQ0sE:7HB8OXEhpICvoFlIhICv5eHDpsE
                                                                                                                                                                                                                                                                                            MD5:BEF2FA55D0CFE8B5271EB3317B400AFF
                                                                                                                                                                                                                                                                                            SHA1:D6E84964A6CEA618AFF8532232ACD7CD8363128C
                                                                                                                                                                                                                                                                                            SHA-256:4AAED94035BE232F25668FC307BB5CF244BB6B2598A5D5D96059270DCCD5CA0F
                                                                                                                                                                                                                                                                                            SHA-512:9636B0D2E9A1399807826F6571C541570ADA57DB6826775558929B8BE80F4FA4577D5F9C83AB6CF781043EE76EC08F06F3B0BDF7835A1AE6218C87532FB616FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche con Bing.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi aggiungere la ricerca sicura a Bing e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_SUB_FOOTER: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito dopo il riavvio del browser.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, grazie",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito."..}..//A94CF7A8F20E7D838A2EF39EBEA9C85B84E062DB01DFEE8FF87194BD733AD683846F5323706D6B8BB054F22F44925091F7F4F116A9C769ADDEBAB2930D6FB7D9++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):943
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7284548371061454
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7H8PQbHaQ4gy2XLCreYv6RlqkYvwLHCnxWmFfP:4PQzanP2XLInvKc1vwLHCxBB
                                                                                                                                                                                                                                                                                            MD5:DE01EB6387B38E1E0EE3448AB7F782DA
                                                                                                                                                                                                                                                                                            SHA1:1FF3EDA3605D809CCB2FBA0EA76DC36833F951E1
                                                                                                                                                                                                                                                                                            SHA-256:E1059730310785486F3B86F6EE15728A243309E209762A170AF4A0F856792215
                                                                                                                                                                                                                                                                                            SHA-512:7511D0A40EF12356FFF670D1D95FE5DED6AC1EE8FC30558AA9422DE9A7F354E259F35DF40CA24D615A5B296AF790C0E58CCDB125BBAA9DC605C5F5F4237E801F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING: ".... .....Bing ....................",.. SEARCH_TOAST_BODY_TEXT: ".................. .... Bing ........",.. SEARCH_TOAST_SUB_FOOTER: "................ ...................... Bing .......",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".... ....................... Bing ......."..}..//58DB55B3768E0E6E5B5492445CE9B4E38FB5F9BBDA9B546A5B090B8EBCEB8E96149E38216C1E37F3BC813D568C76D476AC69C4BF160C8D4A9B4466B0FF469418++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):823
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.90121582199106
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HN1I68EVZFj2F/40kOv8k16xQl07Cqtk16xQl8QxXenV1vg8EVb:7Hx9E7ka8kg7CtgcevIbt
                                                                                                                                                                                                                                                                                            MD5:190F5726DCF5FB58506EE92817E8D160
                                                                                                                                                                                                                                                                                            SHA1:BB13E30432E3DFFD21329DBFFD2988DABE0F73D8
                                                                                                                                                                                                                                                                                            SHA-256:6CE05219284984C0C84E81A3D76155C0E56A4DFD0C3E8544BAA6A96366C68FD1
                                                                                                                                                                                                                                                                                            SHA-512:1367264FB7565CEF51D3C4803A9D6601BD02F92C361C19202359BEADCC6E3792D83E0B58A645034375E8C9500386706C09FC090D41CCE836A23C126BB562B75C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... Bing .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: "Bing. .. ... .... ... .. ........?",.. SEARCH_TOAST_SUB_FOOTER: "..... .. ... . .. ... ..... .. .. ... Bing.. ......",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ... ..... .. .. ... Bing.. ......"..}..//6505EAE079072CF03C35A0BCF324EDF0D051C9A29CE6A157D13EA99A3269B773D7EDD57CF7CE2765BA0CD491BBC4C1E07B1385B92D348479FD502592D69CEB51++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):759
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.397673684344552
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H4jM/QjBU4dkyU/6FkbS7CWJCYfUfGKF2cFqtEFJCWJCYfUqdDigYc6u:7H0MojXdUCFHtrfyGKF2yZtrfbdDigbp
                                                                                                                                                                                                                                                                                            MD5:2E99E308D1F2109E3EB5673418D1E170
                                                                                                                                                                                                                                                                                            SHA1:D4069DCB8A7807B36F899B7E37120789948C6505
                                                                                                                                                                                                                                                                                            SHA-256:757AA5D109D04E8736E95CE0DAC5DE31C355B3BCD87BECC41C266E6BB02DDD72
                                                                                                                                                                                                                                                                                            SHA-512:4811D2C0DFE9EABCC48474D427ACCFB961D992929FB5D5C92D93E555E6D09C1B5E23AAB412A08381C0EDE200F75F5E572E3410A2BD9E9EB08F3A630ABF7A5710
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke Sikkert s.k - v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i Bing-s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du legge til Sikkert s.k i Bing for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing n.r du starter nettleseren p. nytt.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nei takk",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing."..}..//5F0ACA02384B0B1DDEDDEA4E622C6ACFBBA9AC775E501D9AA7BCD803CE206F4D00DDA9AA4B2C4E834447944DBB382629EA1E7B92C97E8AA6639D3B2445535F5A++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):807
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.371941033340013
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HrtakxOEfqPZq7oYde5XPCF2sbde5XXg4ivXv:vkk8jPtYwRoDw/ivXv
                                                                                                                                                                                                                                                                                            MD5:6ACA59654E636A6256A885C5FF7AB285
                                                                                                                                                                                                                                                                                            SHA1:A362EB6309DEBDF4B4C7B3A84CCC53545EFE7A97
                                                                                                                                                                                                                                                                                            SHA-256:15D4F2213D58FE81AE887323842D53C371C44304F721651D2A182C567B00D09C
                                                                                                                                                                                                                                                                                            SHA-512:B6F063277F94B87C323F31ECECDEAB7E0579CEC3E996690E175EE212ABACA18C99FA2557F0F6EAF4DB98E8FB2C7C35788EF8E5EA6AB004D14126E351B3C4BDF1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten op Bing vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u Beveiligd zoeken aan Bing toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_SUB_FOOTER: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine nadat u uw browser opnieuw hebt gestart.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nee, bedankt",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine."..}..//90A3C2CC16DD6E61DF50513E9CF12D4ACEBB880C8488D129EF4128793ADBABEFEFD3CC681DDAFC05DA209CAC09F7E42F310A0E32E4D5592DB871020DCF1DF2DA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):840
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.569683330534252
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOnXZoB12oBsflpBcPMfaBpgXJveZsBpgXJM2oES:qXZI12IAdcMGaX7aXmpES
                                                                                                                                                                                                                                                                                            MD5:29AF94AE64518FABD05859E537859B27
                                                                                                                                                                                                                                                                                            SHA1:8D3235231EDB044ADCA790A4EC661593A0C47783
                                                                                                                                                                                                                                                                                            SHA-256:335098AEA3C6AD604D368E8874F18C00DF4DC2362DC774AA1809D8D8588433A5
                                                                                                                                                                                                                                                                                            SHA-512:5DD5A6E06D88CD4FDBEC8F3320F5A30BF63314B1A986B41ED92971812302E5C862197DDEC81D5D4B2845A351C1B650CFFFB7F1B37BBE087581B11BBDB681044A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwa.aj, nie masz wyszukiwarki Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING: "Bezpieczne wyszukiwanie eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Chcesz doda. bezpieczne wyszukiwanie do przegl.darki Bing i uprzedzi. zagro.enia?",.. SEARCH_TOAST_SUB_FOOTER: "Po ponownym uruchomieniu przegl.darki w..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing.",.. SEARCH_TOAST_YES: "Tak",.. SEARCH_TOAST_NO: "Nie, dzi.kuj.",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "W..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing."..}..//1416BAEAA1E8DC9FB01CC5942B7AB32E55C269AC1C447F8C8E0C5A4DB34067B054951D5DF878B3FF22D63DE711A63AC949E05F1A448BCFC873064D418B8B3AED++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):836
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.285589242432961
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HEJVEPlVLVGGWF/7Qy7XTLYG7MJgZ6GuISWM8jgqtNpG7MJgZ6Gu9dw1bYgkeKT:7HouiF/rDTLdtZy6MTZtZy9dw1kglRMn
                                                                                                                                                                                                                                                                                            MD5:186BA2F89FFD742BCD852FD64928555F
                                                                                                                                                                                                                                                                                            SHA1:C78CAAF5419A0D97149A5E37EEDFDDD4C6291C90
                                                                                                                                                                                                                                                                                            SHA-256:0B2ED9A1F7D9AE3A7D49C39D77129865A2D8B555EFD32817A12C8FF8A0A0360A
                                                                                                                                                                                                                                                                                            SHA-512:A24A7BC4B22C7D8C6B0DEEA5E513061E71AB56ABD98491222B864B70A863DDE3184E733EF3824DDEA22E32EA358629B7E46ED652815778F77501C55675D7F46C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Gostaria de adicionar a Pesquisa segura ao Bing e se antecipar aos criminosos?",.. SEARCH_TOAST_SUB_FOOTER: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing depois de o navegador ser reiniciado.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing."..}..//3DFC3ED64CF5624A5C95AB95672C228197C6D2946C2630444B8C504FF1BCCAAC7D78C10DB0C2369ED9A1D5CCBCD237394E6FB02902E2180E9FEF0141B33CBC75++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):823
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.326116036965008
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HR7EVLOEcQWFnQgj7366Jb7yg4HjSa8jgqtMJb7yg4HjmHmnKkiej/hUB1pfpN:7HRrnFjjhJbOg4uaTRJbOg4UmUffpN
                                                                                                                                                                                                                                                                                            MD5:814E9FD99597DF428A1C96BCA8EF54D3
                                                                                                                                                                                                                                                                                            SHA1:747780C6757006DF7C37507C6CF3D2C386088D03
                                                                                                                                                                                                                                                                                            SHA-256:5FD74B8D86978592C99797C82C9B5DBCF4DF39A4966FC9D49122201EBB9DEE00
                                                                                                                                                                                                                                                                                            SHA-512:148A23C5A74B80DE5122270267FDDC2A788340493E32027D9E399C09111EF5E546400067411BE805F1E071D8A1B74F115F225475FBAF04C6130F1E0C80E92CEE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "N.o tem a Pesquisa Segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa Segura ajuda-o a evitar os sites perigosos nos resultados de pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Pretende adicionar a Pesquisa Segura ao Bing e antecipar-se aos malfeitores?",.. SEARCH_TOAST_SUB_FOOTER: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido ap.s reiniciar o browser.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido."..}..//3ADD7AA81BB1F718C16F08CBB9278CA002CD88F68AAFF2805ECA9E2CE610ED7CA8D1D6936868D43FCA7435F670972AFFC1C52FEDD361A9E73E0713D32630CFA6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1189
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.119818521492952
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7H0i5Cke6gyt20qJNs2OSVptfnZMtXye4qfjFsX58cMtXye4qfGbuRrXC:IMCke6gyJqjbOSfNnS9yHiT9yH3bu4
                                                                                                                                                                                                                                                                                            MD5:60AB3B563463A9E08D4B64FFFBDA895E
                                                                                                                                                                                                                                                                                            SHA1:79825BBCAA5376E308AB42CF13F25D354CB73BA6
                                                                                                                                                                                                                                                                                            SHA-256:A95637B3BD5ED6E4023316D04DCA914475270E22DD28F748BA2D50A75F2AAABF
                                                                                                                                                                                                                                                                                            SHA-512:6A7BF0422EAF98E9864621FF4DD7AC193397C0D16FA4FF4C5E7D8B37FA2811EC54A0F8BFF028D977E4C6C20C459E7622BEA089A858D9478946DAA427649EDBEC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ...... Bing.",.. SEARCH_TOAST_BODY_TEXT: "........ .......... ..... . Bing ... ...... .. ...............?",.. SEARCH_TOAST_SUB_FOOTER: ".. ....... .......... ..... . ....... .... ......... ....... .. ......... .. Bing ..... ........... ...... .........",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "..., .......",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ....... .......... ..... . ....... .... .........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):959
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6939003261924
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HUMukzWX/lJxvkgn45U1bORyg+yqto3botZcH7GujcO:7HmVXDxTbOsg+yR7GY
                                                                                                                                                                                                                                                                                            MD5:7E6A7D98F075CC06A999D86E0B1CAB85
                                                                                                                                                                                                                                                                                            SHA1:BC307DB0C63AF504DF6D818CA74652C80058FFF3
                                                                                                                                                                                                                                                                                            SHA-256:8E697444A3FA730E04678223A65A399EE128654946BFF9B22057408424949098
                                                                                                                                                                                                                                                                                            SHA-512:29A905E185B9A866B286657FBFF3C7FD3FF5A89C59A859013725290276ACDD4D511BFB6D775A0ECDBA350B4504A93A1E9567CA872290684194EB1AE654E76A40
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te zabezpe.en. vyh.ad.vanie . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s vo vyh.ad.vacom n.stroji Bing chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete prida. zabezpe.en. vyh.ad.vanie do vyh.ad.vacieho n.stroja Bing a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_SUB_FOOTER: "Po re.tartovan. prehliada.a, povol.me zabezpe.en. vyh.ad.vanie a.zmen.me predvolen. vyh.ad.vac. n.stroj na Bing.",.. SEARCH_TOAST_YES: ".no",.. SEARCH_TOAST_NO: "Nie, .akujem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme zabezpe.en. vyh.ad.vanie a.nastav.me vyh.ad.vac. n.stroj Bing ako predvolen.."..}..//F30FBBFFAC8BF094BA0C9CC48B559167997843BBE1434D1E74F5C047BC4A24AFB168958537A233543B1CB6A644A0E23B23BE45C128E3F122DD0615A423A69218++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):791
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.510569695619325
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HM3Rzi2T//nHkpIUaSB1kd1BgqDHCqtMB1kd1Bgq+gJXUVkfMYQe2:7HM3B0T3kd/DDHC53kd/D9Xl2
                                                                                                                                                                                                                                                                                            MD5:138F2D03891CC914DB968E5416D50FE5
                                                                                                                                                                                                                                                                                            SHA1:3B903BA97391A41DFE5C2C2138BEA4BAD2C22700
                                                                                                                                                                                                                                                                                            SHA-256:0AD9A41B3DD75050132E9FD59F809550932D22C99C9DA77F66FF77343CA8C925
                                                                                                                                                                                                                                                                                            SHA-512:33C07B186D87ED9B74C41E59EABDCCAAD35FF7968545B224A4768D4E5A035B27AF2FAE8ECE15BC06DBBAF1AAEFF252F50304BC81675035B108179142C0271360
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u Bing rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati bezbedna pretraga u Bing i ostanite napred?",.. SEARCH_TOAST_SUB_FOOTER: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing nakon ponovnog pokretanja pretra.iva.a.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing."..}..//14F2F27F742F0C235064833749659CBF24E64C422A910B0DBDC0C638D8BF82FA963093E972C3E9C97D6B5E720751A8ADDD2D7B173B820D6406A0EAD561948605++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):847
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.461375321474466
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HBZa8gL2eN/Ttn2gW6DTXMoOF2FTnZ2gW6DT+f4aB0Am+rn:CuY/ZrT70GZrT+f4aB0yr
                                                                                                                                                                                                                                                                                            MD5:344D3D96A37024A2610FB88876243AEE
                                                                                                                                                                                                                                                                                            SHA1:B1F1E91403336B0194A093D094D1C996A2C8FE74
                                                                                                                                                                                                                                                                                            SHA-256:F9738A002C0FA2AC1AAB24310785077752D3705FF38E14AFF118055829162A91
                                                                                                                                                                                                                                                                                            SHA-512:9CAAF541069DACA9E313D66AFC70BC41A0CBEC399B1C39E00AC322F19B885D937A84E5524FA6BE715AAD8294EB6FDFE7A43E8DC2D7A44B6C7C092878A6864A0D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i Bing-s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du l.gga till s.ker s.kning till Bing f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_SUB_FOOTER: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing efter att du startar om webbl.saren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tack",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing."..}..//1520C61D58008FABF3DA731DACF866BCE4D03BAD4FAA6F82AACB04EC99F8E81D61EEC696FBF7C17AE7CB843D0B5F292DA58616632E8E98BB4BE82E6C010E2A15++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):857
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.548557917975657
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HMhMT4PwAf00hBLUF8Tt7zYE3MKUR59HQmeonSqt9UxQme7ozWANgzCp:7H8O44Yh88x/YE8PJfTnStf5Go
                                                                                                                                                                                                                                                                                            MD5:8F03A0C6AFDB9EA1B61946EA897FFBC8
                                                                                                                                                                                                                                                                                            SHA1:C5BA6537AFD26F948906197BE3F43B5A1649F982
                                                                                                                                                                                                                                                                                            SHA-256:FC62A59023C589C69AE3CFCBE7292FA08586E3B51DE5F755C9B8F429218A1AD6
                                                                                                                                                                                                                                                                                            SHA-512:43D24278E0E0CE37B157B1D917D4725860BD5571B8B9F6982522CA810680273B88553D82AD7AAC596188D5A0E99AEDD4F53F996F1898CB664CA4884041AA811F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi Bing arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "G.venli Arama'y. Bing'e eklemek ve k.t. ama.l. ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_SUB_FOOTER: "G.venli Arama'y. a.ar ve taray.c.n.z. yeniden ba.latt.ktan sonra varsay.lan arama motorunuzu Bing olarak de.i.tiririz.",.. SEARCH_TOAST_YES: "Evet",.. SEARCH_TOAST_NO: "Hay.r, te.ekk.rler",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "G.venli Arama'y. a.ar ve varsay.lan arama motorunuzu Bing olarak de.i.tiririz."..}..//56D0EF1182A907986B6143F6F690B3F277FCD2C934EC21D77F347D44053DA14D3C0E2F5A21BA5123CDF5C283D239F4A31E5C9391C9A0A9766AA9739B91C877A1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):777
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.208889278971132
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HujCHVLkr96S4fnyHd99zfnyHfvOkdAh:UCHVA92fnyLhfny/7a
                                                                                                                                                                                                                                                                                            MD5:E067F30453C3DBD99C807C35788FEE99
                                                                                                                                                                                                                                                                                            SHA1:9B1ACB0A8462EFFE93419FCD7F8948BF6F0FDEC2
                                                                                                                                                                                                                                                                                            SHA-256:4BDD9BA9581F906D6B2FD6F4090D684B64D2619FCC9D4126F32CA3BE134D98B8
                                                                                                                                                                                                                                                                                            SHA-512:15E6528227B6E38FD60A27E689FD169F582CF2D5C992DDB4EB57418C158B60F83A37A657D689AE9AB0FAB022667E31A5FBDA1132DD04D8ED7BA9E0D4EB5A931F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "......... . .....",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......................... Bing?",.. SEARCH_TOAST_SUB_FOOTER: ".............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "..................... Bing."..}..//30FB0E9A5DC41B33AFED3B5F39C6874384159243470B0CBCE5A1EBCF9158A048DC626A4DEEF154B8E4B9FFAAEC6EF8214C55057158C3DEA450E29AC4E5260487++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):747
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.166050030834144
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HdRjeD31S5BdlevclAZKdKX0S19HS8KFy9qtNSNv7l2Hc47PgOUXjdqQ78wh:7H76D31Sy8AZKIz19Hd79qU7l2H2dqQd
                                                                                                                                                                                                                                                                                            MD5:042C0ED212E913678C438F32BC026798
                                                                                                                                                                                                                                                                                            SHA1:DA1A55A9DCC752E235D8C910D378A9FA4EC97631
                                                                                                                                                                                                                                                                                            SHA-256:EE8ADE895B4752D9CC7D2D3C5EC9E8CABDBBA885B27E4E2066EDE1003FE0EBCF
                                                                                                                                                                                                                                                                                            SHA-512:A0D83FCBFDA09A23CDEC5BB31DA01F0BCC1E985FEA34EF10BAAA607B0540A02AD5D939B8C1F9B0920BCE958B732347739A9557423FE9691E7BCBE6C39A6CDBB3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...........",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......... Bing...........",.. SEARCH_TOAST_SUB_FOOTER: "............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "...................... Bing."..}..//E96E16E118F9E42ECC89746E36A0B0A17DAF6227A4374B0E468DBE596B524F2CDBEBEE5554876658A5E252FC1116E6AFAA058E6A87B59C9615AC199781EF7B71++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7420
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.693322683746733
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CXLFSeinF0GY2zegRdgmgV+2bt9kuB9Ouy9kuv9FoEGopoMgLmVvuuxng:CXLF5WF0SHMt9kg9O39kIOEGQZVdxg
                                                                                                                                                                                                                                                                                            MD5:D5934F97950F53B9FCDE4EC2CFE82361
                                                                                                                                                                                                                                                                                            SHA1:AB406A46A03D3E76FE2B2953FC8E06CD750C1CD9
                                                                                                                                                                                                                                                                                            SHA-256:A0D44A8D763DAD8349B3582D6DF339E704EEEFD1DE5F88629EC104D282A220F6
                                                                                                                                                                                                                                                                                            SHA-512:3F62689B964572C5334CE0E72AD777C23C5ADA7200CA7C6EC70D511BB87F20184985F3ACBCD3F81573353237514D28D96D611E3776A216053BF8A2E17E864D24
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n..",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete p.idat slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ano, p.idejte slu.bu Bezpe.n. hled.n.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6899
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.421929762886686
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CjNwgL2CS6ddGw2jKK3A/BZ6mQNeTNlspRmbM1BM0t+lWcoLa8XcZ+lWch9FF/3k:CWToK3A/Bj32ttCWy8XgCWSj/o03Wwuz
                                                                                                                                                                                                                                                                                            MD5:C13A15425F870AF8A11C3D490D5B3223
                                                                                                                                                                                                                                                                                            SHA1:7E46762D8E0B2FC59F62A2DBDCC69DD5C85BEEFD
                                                                                                                                                                                                                                                                                            SHA-256:E8DE0042408ADC517DC3D9FC11144FBC2153B5F0334C95527979E6EC56D088A5
                                                                                                                                                                                                                                                                                            SHA-512:B43BAD94D60A76406D9094AA2A4C1A4431B5E069829488BB414EFDC751B711A050C9F0332BDC0A665C342ABEF88A05AA8D5C9DDDA2594DA18B1BD9D152EB6B51
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du v.re et skridt foran forbryderne og have ekstra sikkerhed, n.r du s.ger p. nettet?",.. SEARCH_TOAST_OPTION: "Ja, sl. Sikker s.gning til, n.r jeg genstarter browseren.",.. SEARCH_TOAST_DONE: "F.rdig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du tilf.je Sikker s.gning, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, tilf.j Sikker s.gning til min browser, og s.g som standard ved hj.lp af {0}.", // {0} SEARCH_TOAST_*.. SEAR

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7159
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.354772773199427
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:C9EB5FeK92iZaU3vFJMGNMmXdtUGj/7vFyDGkHEXcFtPV:C+5/btltJ/7vFOEMh
                                                                                                                                                                                                                                                                                            MD5:BC1F9F2BEC75574822B896D291779811
                                                                                                                                                                                                                                                                                            SHA1:8D46CD1C5921988F8EBA829720A3FABC95D40FA8
                                                                                                                                                                                                                                                                                            SHA-256:FB447279FE6D13E4A7C00032BCE88C08796B82CF88D574CBBCE452D3F8F3076C
                                                                                                                                                                                                                                                                                            SHA-512:94010C73B38C5EAF38488913783B3D6816D1392CC226BAFDFC50CF74B505C841DACDD2F9B39A07304CF075E358B2496A93AC9D145B384CDE311C96BCC86735C2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "Wollen Sie Internetkriminellen mit zus.tzlichem Suchschutz immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "M.chten Sie die sichere Suche hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, die sichere Suche in meinem Browser hinzuf.gen und Suchen

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):991
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.781833738030561
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOM3oeWURG11jdHDUUOSj6TrY3jdHjdVtiSTj6cUnjdMA8Y9pcO4FSp6CHwYn:7HOvMrWh1WTMBgF5Rj4kV9DD
                                                                                                                                                                                                                                                                                            MD5:E43A4FB3E24BDC02C36E10D415BA8526
                                                                                                                                                                                                                                                                                            SHA1:18B3CFF092C1DCBF3D1E1797EEF88DF9171F2448
                                                                                                                                                                                                                                                                                            SHA-256:7CE2DD673C1216ED61CD89746B70693F57A1D74DD723AA3411AC1480C5795791
                                                                                                                                                                                                                                                                                            SHA-512:C9AB248686ADB738008DBA744B7250220B7FF8CB171A9878B573E46A9109AA0590494584D8B872335CD089A981D9384208D400176EA44DD4616C39B5BC25E80F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "D.l.te si starosti s t.m, .e budete sledov.ni online?",.. SEARCH_TOAST_SUB_HEADING: "Pou.ijte prohl..e. DuckDuckGo s ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Soukrom. hled.n. s prohl..e.em DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zaji..uje, .e historie hled.n. z.stane v soukrom..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy ve v.sledc.ch hled.n..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude pou.it jako v.. v.choz. vyhled.va..",.. SEARCH_TOAST_YES: "Vyzkou.et soukrom. a bezpe.n. hled.n.",.. SEARCH_TOAST_NO:"Ne, d.kuji"..}..//B499664F4A4A52410F8A08F84BABCC773351199F0F0030779C08E339926E52529489B4B079B0E2024D2E7861F1F9EE1D74F31BDCED6951D85BE35DB280CE7E4B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):900
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.597464826785457
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyODmFK9r7NWME1jdHvyjC8C9JYBjdHjda88SjNwojdbnEl48twdBP4LMCJVj:7HOvCQ9NWMEcCrYFnwinQ4KwbP4JJx
                                                                                                                                                                                                                                                                                            MD5:24455D50D7EEE6F4CCDBE337D62B0362
                                                                                                                                                                                                                                                                                            SHA1:470E4884F90666CE16C9EC9C1539609361FBD181
                                                                                                                                                                                                                                                                                            SHA-256:8A445CCD25F08BECD73CBCF08573DAD4718743393792A5245D32FD81D1410193
                                                                                                                                                                                                                                                                                            SHA-512:7F8120FE1D35EFE7A9AD03CD5D8ACEA4FCD54605C2CD6C520E4AEDDB0D36DDF57167608ABAD8B69F91F221B3254136C5DC5139F557F2FF43C827BFC4CD415312
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du bekymret for, at der bliver holdt .je med dig online?",.. SEARCH_TOAST_SUB_HEADING: "Brug DuckDuckGo sammen med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonym s.gning med DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} s.rger for, at din s.gehistorik forbliver anonym.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikker s.gning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokerer skadelige links i s.geresultater.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bliver din standards.gemaskine.",.. SEARCH_TOAST_YES: "Pr.v anonym og sikker s.gning",.. SEARCH_TOAST_NO:"Nej tak"..}..//DF0DCAC24738D7493C2C09E7A0EB75E0FFFBCA2D3F769358A23886734A084558449C11CE5F147B5704253CEAD27239601039E72183310290E7388AF76CD29095++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):936
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.563732858745097
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOIV8tfCIjdHkjPqqbjdHjdar9jICnqjkjdAhalRVnzQYjLr3bAuna0qZtpvw:7HOvc8yqrLLBQ8avt5w
                                                                                                                                                                                                                                                                                            MD5:5D65D15474D9205751CE3A1611749407
                                                                                                                                                                                                                                                                                            SHA1:A6D1879485DBF7A3D869588A331B418060212ED5
                                                                                                                                                                                                                                                                                            SHA-256:608A42E0BEE34D686CA023C26D00047A51F69C5DCC2C80B68EEDFEAA3EE5A531
                                                                                                                                                                                                                                                                                            SHA-512:5FF3B3E149FA45B282FAEDBD22CC01525117F2861EB581477DD42E42288C4E403B7EE3CC1D7CD01DE9677D515C2FA96F03570EDA0DCEF840F1708D039D8EB991
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sie wollen keine Online-Tracker?",.. SEARCH_TOAST_SUB_HEADING: "Verwenden Sie die McAfee-Erweiterung in DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "Privater Suchmodus in DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} . damit ist Ihr Suchverlauf f.r andere nicht sichtbar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sichere Suche", .. SEARCH_TOAST_BULLET_NORMAL_2: "Die Erweiterung \"{0}\" blockiert b.sartige Links in Suchergebnissen.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wird als Ihre Standardsuchmaschine festgelegt.",.. SEARCH_TOAST_YES: "Private und sichere Suche testen",.. SEARCH_TOAST_NO:"Nein danke"..}..//68872893187EE67E1977E1DF4CD23A9D328D613FA7371BDC0F74A3C2C241B30EC0A34DA82D15A4022BE41A5578FCF6815DCD7C69B872A1A720440552C1AFF4F0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1278
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.509993877320771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvdVOfNkrI8gvMi3QonM4diUPg4qjulqCX2e:CvdAVktgfQoMmiUDqjfCn
                                                                                                                                                                                                                                                                                            MD5:8BBF4C888A46AA04BBAA23E0D99AA0F4
                                                                                                                                                                                                                                                                                            SHA1:51323E1A56885D18C488368156894348B7107A02
                                                                                                                                                                                                                                                                                            SHA-256:5A4CB6352FFE9A7808379D0912079062AFA450E5B2F7B300113DF4B9AFCA7630
                                                                                                                                                                                                                                                                                            SHA-512:D4219751DC4437B551A1E18FDBA59692C5113B335C720E5BFD2B4CCEBBFDE12DA639118B6151955E54AFD302357F27FA3CE01D2EF6599E6A625092F897816842
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "... ........ .. ........... . ............. ... online;",.. SEARCH_TOAST_SUB_HEADING: ".............. .. DuckDuckGo .. .. McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "........ ......... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: ".. {0} ..... .. ........ ... ........... ... .........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "....... ......... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: ".. {0} ......... .... ........... .......... ...... ... ............. ...........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: ".. DuckDuckGo .. ..... .. ............. ......... .......... ....",.. SEARCH_TO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.505361138842353
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyO8zqqNPR4t1jdHMLBjaPCuYh8jdHjdatBjPvkTzgjdA8xvsHActb4konXX6L:7HOv8moyALKFYhl5kTzqsH5ttgsq61n
                                                                                                                                                                                                                                                                                            MD5:6C30E1FC090621A871A0C5DD98326CFC
                                                                                                                                                                                                                                                                                            SHA1:B439284FB7FD74264386C7FBDE69341003765CE4
                                                                                                                                                                                                                                                                                            SHA-256:3C7EC9030FB45C9A6ABE8E46722AF93ADBEF57FF92D24CBD66644FC0AEF1DCBC
                                                                                                                                                                                                                                                                                            SHA-512:5B562A9C5244D7A1EEFD5DA90A141458A6B68C7E77B5ADB124ECEA2B69F80D1728C790A19EB5470A127D62AFB7843004F99D408DEA32F35DE0D6A969578C84EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Worried about being tracked online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo with McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} keeps your search history private.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocks malicious links within search results.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo will become your default search engine.",.. SEARCH_TOAST_YES: "Try Private & Secure Search",.. SEARCH_TOAST_NO:"No thanks"..}..//0579669A157CB193AA997D744467D04A267A99377EDC42B77DE70547A69D316A4DCD19ED1A1930CA64A12878447CBDB698B70259C0C49C1AA85A9C72A7BECD82++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):945
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.57326836935389
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyO9ocZRs11jdHCajW7SuTQQQjdHjd0Fmzjq0KdQjdEiSZSUjETASKsUm14hJK:7HOvy71A7JPmS0gR54TYXm1sPk
                                                                                                                                                                                                                                                                                            MD5:E654E9B01500A59552095197CC10F2CD
                                                                                                                                                                                                                                                                                            SHA1:AB40A2740135253E3DD3FB1FFCA54CD0090FF672
                                                                                                                                                                                                                                                                                            SHA-256:D18BEC9DDE86CB05A5A71CF04499AAD47A59130C27CEE6957A6DF9AF1C2E2538
                                                                                                                                                                                                                                                                                            SHA-512:33DEDA26681141A9A7C42F8B3833207BFAECFEBE1BD2597A9470A1290B8FF88A4D18305D5092D5791F7A06A1EBA777B6C0D46B172AF7E3C1829E7DA3EA34841D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que rastreen sus actividades en Internet?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} garantiza la privacidad de su historial de b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea los v.nculos maliciosos en los resultados de sus b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ser. su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe las b.squedas seguras y privadas",.. SEARCH_TOAST_NO:"No, gracias"..}..//38602E3924E0AC97FDD2F28BF92A68497D1246D984345D4ED3444C34A6922FB1F4946D3239C01D6D89A04A0043361505ACE0FBA51B51118DCB538FBDE8BD29FA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):925
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.571395957656369
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyO9ZHhHmdks11jdHCajZyFK2jdHjd0Fmzjqrpo3FK2jdEDE/ZSUwIesY9qkj6:7HOvdHmdN1nnzmSiA74HcBQ5
                                                                                                                                                                                                                                                                                            MD5:4328ECCDBBAE0C6C817C6BB970CDB53A
                                                                                                                                                                                                                                                                                            SHA1:3D196DB2ED066DE3B45C0322D9DDE13A34D23340
                                                                                                                                                                                                                                                                                            SHA-256:86A13707A2B762B94511B3C23F570C4CEC01A11E0EDD9153DB7FEFD3FC827CE9
                                                                                                                                                                                                                                                                                            SHA-512:35FE6D8DE1594A5D4C1768233D2634D78892EEBAB6268CF4D2347515E876F9195A60DE9F5E21EAE8E56C90B345626D59668F6B7D4FE5BE67F9EB44E0C405E7FF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que lo rastreen en l.nea?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene confidencial su historial de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea v.nculos maliciosos dentro de los resultados de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se convertir. en su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe B.squeda segura y privada",.. SEARCH_TOAST_NO:"No, gracias"..}..//B5EFE5AD53EF1A1AE099705CD17324B96AD7756C9FDE64B27A56DB1CA5AF61C4BAB96377237DE84984FD914E443D1574210D10DBEE3F8D3C1F4AD2F8E75B4678++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):870
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.536596307306761
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOmciWozjdHJmavj+rUEpjdHjdXpvjm0QCojd6U9hl5l0X+M/qid:7HOv7iWoCUEBJOhfGX+mDd
                                                                                                                                                                                                                                                                                            MD5:7CA06D89A766844EACA83E704178B943
                                                                                                                                                                                                                                                                                            SHA1:70FC92C3B58A8C3636081B7C558B2D104F535C2E
                                                                                                                                                                                                                                                                                            SHA-256:326215F6A40A9860725DAB621A351106BBDBFEC6D604F213E66C58455FA7D7C5
                                                                                                                                                                                                                                                                                            SHA-512:7C66C93343B1B23C8220D0B2EACBFB129EAF5D6A52EE0BFA3CCE5E2D52AAAF1178ABFBA5813729C8700B0988838904500C2271BA9574BF8F911A7BF11211ABE9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Huolestuttaako seuranta verkossa?",.. SEARCH_TOAST_SUB_HEADING: "K.yt. DuckDuckGota yhdess. McAfeen kanssa.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGon yksityinen haku", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} takaa hakuhistoriasi yksityisyyden.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfeen suojattu haku", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} est.. haitalliset linkit hakutuloksista.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo valitaan oletushakukoneeksesi.",.. SEARCH_TOAST_YES: "Kokeile yksityist. ja suojattua hakua",.. SEARCH_TOAST_NO:"Ei kiitos"..}..//3AC363F840D3476D6543B0B79FAB1CD74C1BDA408C607121AF95633ED6E8690261BEFCB0287B5067CF46500FC71EBBA65759B3BC5E47AB74ED16A60BC20210DE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.558741350359142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOZKM/Jvf1jdH+9kRjBjdHjd55wjq39M5vjdShWvw/jFe9TsY9Te0:7HOvBRMkbb7Wvw/jFe9TL9f
                                                                                                                                                                                                                                                                                            MD5:9886F9A46BC1F4916D838524F24B5C45
                                                                                                                                                                                                                                                                                            SHA1:6B6FD3580A54AE2D822031E3361E7AEEC2F8AA69
                                                                                                                                                                                                                                                                                            SHA-256:33C699200A170C9FE29446E264EA43CD8E3254625B57F9056A9871A886376FED
                                                                                                                                                                                                                                                                                            SHA-512:6853355DC691407CB525E52734FBF2F95D1E7FF88981260BE4F24D157F45C50ABF6CC55E1AAAAA1EF7F835DC4BAACBD0FB6218D0A759D5A7B2EEC465C7050F43
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Inquiet d'.tre surveill. en ligne?",.. SEARCH_TOAST_SUB_HEADING: "Utiliser DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche confidentielle DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} pr.serve la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloque les liens malveillants parmi les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo deviendra votre moteur de recherche . d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et confidentielle",.. SEARCH_TOAST_NO:"Non merci"..}..//42DD6867F547A1648337E56C79C407F66734905856A67BCE69572C0969C316A17602C13CF26273B3556A18DFCA04F24D3DE01DEBC058FA54EBC8B2522D51C8C9++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):949
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.562640385109174
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOR04/yohvf1jdHUzhCSjm+MjdHjd55wjDDJ3tp5vjdG4kWYXF9owhBbRMHSg:7HOvVyoRAzhNwKTkWYcwh5qHS42E
                                                                                                                                                                                                                                                                                            MD5:70D962B10D4A84A235F2D500670390B0
                                                                                                                                                                                                                                                                                            SHA1:25DBEFF551A8D8623EC1D94BA59A236726285B0E
                                                                                                                                                                                                                                                                                            SHA-256:10514442DA4B30C51808CB31E79CCDC024196C9B0000CE996C4C66EEEC8AFF8E
                                                                                                                                                                                                                                                                                            SHA-512:45F2FCDA68E45D0C19FAD7FD5D62C5A0CF018A90E20E8CEBD3E660C903B9E0D8644C34CEDFBBF15DC360B78C5B897116A48AE792410700DB1FF786F0CCEB8329
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Vous avez peur d'.tre suivi en ligne.?",.. SEARCH_TOAST_SUB_HEADING: "Utilisez DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche priv.e DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "La {0} assure la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "La {0} bloque les liens malveillants dans les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo va devenir votre moteur de recherche par d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et priv.e",.. SEARCH_TOAST_NO:"Non, merci"..}..//B9FE7A71488535CBBB895BDDF185642891100BDEA3B4A1B945C642258829A8B32AAB979183BF2AA22B4C18A2796C8C81C620F7DD9309F2086F88420866E90799++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):931
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6018404862091975
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOXmRUFqyW+1jdHOhjsgv2jdHjd6D39hjpfzJujdXoBcBw1S9IeFXslRb+4h:7HOv2iYT+0vBZflUZVWlRbnh
                                                                                                                                                                                                                                                                                            MD5:D79F8D4990C3305E11E939ED158D1980
                                                                                                                                                                                                                                                                                            SHA1:A3AA7B9C1EE956F0391E73EF0EC286773E3B7C19
                                                                                                                                                                                                                                                                                            SHA-256:201F79263DB403A02FA7DF5D91DED21337F3DD8592F385EFA0B38A0B8881814B
                                                                                                                                                                                                                                                                                            SHA-512:847B1BB5D21DB53BCCEF033EC1A0ABA89A4351AF6407C17217BD3D808C7B4D4B94AAF76FB7839AB6042FAA463609D0110A3AE4FB266D4CB32965439935A50561
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabrinuti ste oko pra.enja na internetu",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo s McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo privatno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} dr.i va.u povijest pretra.ivanja privatnom.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamjerne poveznice unutar rezultata pretra.ivanja.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. zadani alat za pretra.ivanje.",.. SEARCH_TOAST_YES: "Isprobajte privatno i sigurno pretra.ivanje",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//57BE5FDAE2873FFCB5F6A004F3086C4C9E41512E7DDC4112439F39F421D0B3FEF5EF98E7EF295F8FAE31E6957DDA5B3D6BF1D697EE38748C720636EEE3E738B1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):989
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.707564230510723
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOaC24TjrjdHGSHBjXllzFrYjdHjd8dHBjzEfCsbV0kjdUcjaSC65dGE76BU3:7HOvaH6ESZzFddFE8dTadv6BkZYu
                                                                                                                                                                                                                                                                                            MD5:0914F70709DD492EE40FA46BB37BE457
                                                                                                                                                                                                                                                                                            SHA1:0AAED8CBC367968F84991DD81864C2FDD3FA8AC3
                                                                                                                                                                                                                                                                                            SHA-256:B095A2041DE02199A7F14C02B28AD6E0CC13DF74BB9A6EFC5342C2823CD87087
                                                                                                                                                                                                                                                                                            SHA-512:49FD8A0FCB168497B9FC45DA096F2590F653BCD709FBDCF469EDD125F5F6BEF3722912FB74E1463346DCE25175E6A204190C7DDDE6EDC1E9FEA4D8E3469E1F58
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Agg.dik, hogy k.vetik online?",.. SEARCH_TOAST_SUB_HEADING: "Haszn.lja a DuckDuckGo szolg.ltat.st a McAfee-vel.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo priv.t keres.s", .. SEARCH_TOAST_BULLET_NORMAL_1: "A {0} gondoskodik arr.l, hogy keres.si el.zm.nyei szem.lyesek maradjanak.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_BULLET_NORMAL_2: "A {0} blokkolja a keres.si tal.latok k.zt a rosszindulat. hivatkoz.sokat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "A DuckDuckGo lesz az .n alap.rtelmezett keres.motorja.",.. SEARCH_TOAST_YES: "A priv.t .s biztons.gos keres.s kipr.b.l.sa",.. SEARCH_TOAST_NO:"K.sz.n.m, nem"..}..//78060E3879464A381C7F6C530D550BEE4C97FBC809B63CD656960A6554B8B71EC4DA93472877432C97ACCD251EA348055323E50797C0EA7FD5C4788B0A24FCC6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):886
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.475999829226977
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOfOMUUAR11jdHbFLjichFDojdHjd1TzjX+BbtAfpPjdEira8KF6wGn/G3WCd:7HOvfa1fhFwTv+MfQiraewAG3kS
                                                                                                                                                                                                                                                                                            MD5:D08EA0DD3E9EDCECA0507EFA9C3CD03A
                                                                                                                                                                                                                                                                                            SHA1:7D95351F6B5824E2D1290F2BB3B57E061FE1AA6E
                                                                                                                                                                                                                                                                                            SHA-256:61E224DDB068F86657E172E91AB079C7BB77BD4E9BF51431625685A461EAA03A
                                                                                                                                                                                                                                                                                            SHA-512:4ECC0F7A9A7978B124EB2D6189D6538CAAB09B7A96F83456B5DFFA815E03352E29093051B44B50611BF3A63EC3642CDDC4ACD254F5108038A6638EE2B06C39F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Temi che le tue ricerche online vengano tracciate?",.. SEARCH_TOAST_SUB_HEADING: "Usa DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Ricerca privata DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene private le tue ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Ricerca sicura McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocca i link pericolosi nei risultati delle ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo sar. il tuo motore di ricerca predefinito.",.. SEARCH_TOAST_YES: "Prova la ricerca privata e sicura",.. SEARCH_TOAST_NO:"No, grazie"..}..//6BBE04EEF70DAF7D6713141503461E8E92079C26C3183B95CBEB311D2E5168B03AC533A2444A891292D9EF34FB38DD40A89ACCF7818682153BFCF7106FA93A74++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1089
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.902465062464743
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HO+ok2PLDnWzuynP6aG3/jD9vEU0nWzAAH9rck28GRw:CZPQiaG3/v9v39caGRw
                                                                                                                                                                                                                                                                                            MD5:A0D4588D92434812021657CDB3357EDF
                                                                                                                                                                                                                                                                                            SHA1:26396B1906BED1E9F8140A916E4C1032D251925D
                                                                                                                                                                                                                                                                                            SHA-256:BFCC9E7BB44B402FDDBCD69412B74C3AF15F08B41FFE2D848FCC2E52846574C5
                                                                                                                                                                                                                                                                                            SHA-512:B3D4E5293CB381C407AAE02D6568E4941784BC0EA25B63097EB0D4AC0EB4DEB55D328C6F610A94451C42A3D694596BB3F6B756A7CFDFDCB0714EAAF5E3CB186C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".......................",.. SEARCH_TOAST_SUB_HEADING: "......... DuckDuckGo .........",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ...............", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "..... .... ...", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}............................", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...................",.. SEARCH_TOAST_YES: "....................",.. SEARCH_TOAST_NO:"..."..}..//889B3FEEDC666EEEC3137F195FCF91734EDBEB334

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):961
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.994042617417198
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOVlzFX8YwOhLRjdH2Zvj0qSwjzjdHjdipvjZF3jlESzjdQecDhLpjEl+f5XzQt:7HOVsYwO9mpSP3REz59pXfFQsEYHO
                                                                                                                                                                                                                                                                                            MD5:1A1CD2290937CE430F5BB4169498BD08
                                                                                                                                                                                                                                                                                            SHA1:203D1C5F774FE1EB72F1FF9EF2FD4F22029E5DE6
                                                                                                                                                                                                                                                                                            SHA-256:5CE0C076BA236E8200DD99ACD1AB309EB2E9923E7B9BE493FEC28875DDE2324B
                                                                                                                                                                                                                                                                                            SHA-512:92183827863A707C3A3981C70127AD2441629F1813D5EF68FA6462717DF6C687C3C834D66066CFD31559870F862F08F0DA1281576C6E1B339C8C9AC81A0CD871
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: "... ... ......?",.. SEARCH_TOAST_SUB_HEADING: "McAfee. .. DuckDuckGo. ... ....",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo .. .. .. ..", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}.(.) .. ... .... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee .. ..", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}.(.) .. .... .. ... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo. .. .. .... ......",.. SEARCH_TOAST_YES: ".... .... ... ...",.. SEARCH_TOAST_NO:"..."..}..//1D180F552A3CB36CE0E1DD91C722A7970EF5D2FD670FD3BD6508B8F1CC9D71E623DC329AD49B89A12DA5564A47838861158EC3E2F6E132E83BBB5610B6E35891++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):845
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.539728959456167
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyORW/G1jdHMLBj+WjdHjda+jns4jdHnfUMX4Msu5RUDWIhWtzn:7HOvmGAL4mnfoM3PUDWIAn
                                                                                                                                                                                                                                                                                            MD5:4F141A76096D7C422A817DCC7DF4DD66
                                                                                                                                                                                                                                                                                            SHA1:B9CA649B2E54D70B6A247E2734E6D41B17010360
                                                                                                                                                                                                                                                                                            SHA-256:A9929536B1FA16C62A8692BE6F6B5B0EC7C271E3B8C23C4D01FB8F6ECC43A321
                                                                                                                                                                                                                                                                                            SHA-512:7B62D99BE20D9C9D39AB21850377EBF4DB3EAFD77A39449E4248CAD9720E034926744A0B1928BF99CBF7EBD0AC11677C116FF1F9963B3A35D84D714AF944E49F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du redd for at du blir sporet p. nettet?",.. SEARCH_TOAST_SUB_HEADING: "Bruk DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} holder s.keloggen din privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikkert s.k", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkerer skadelige koblinger i s.keresultatene.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo blir standard s.kemotor.",.. SEARCH_TOAST_YES: "Pr.v Privat og sikkert s.k",.. SEARCH_TOAST_NO:"Nei takk"..}..//EA1EDAEDA1C4B69EAC976C4076E1E29EF6BA94203AAE9B8B53CC90ADB81D4F14C2296F8747475686B6B71A3F0945A3E831A9F87FD1E67034681FCCE1246F3E60++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):872
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.573280174787083
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOEKAQ1jdHcxRVjWw5KAjdHjdJMyVXjjvc6jdAYy0IYywQsH0CA3jUzDIt0Cj:7HOvEPQCRsFCZ6dwQgSTmDKj
                                                                                                                                                                                                                                                                                            MD5:3EA2BC4DBC838A4585D9EECDC91F2435
                                                                                                                                                                                                                                                                                            SHA1:9DCD0C8D814B7B6E9B524B002CE6015D5AB95A5C
                                                                                                                                                                                                                                                                                            SHA-256:B0DBF83366C539F11DCD00B21AE9F11698A451F2F6E0FAA43BEE5CE01BB903A0
                                                                                                                                                                                                                                                                                            SHA-512:66B6005D117BB83EBB403F7853ED636692C6FECEF81564F8C10EEF469AB78C573A4A59C041483DCC863E493E5522792946DD594C7F08C82AA30D3CCD29099587
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Wilt u niet online worden gevolgd?",.. SEARCH_TOAST_SUB_HEADING: "Gebruik DuckDuckGo met McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Priv. zoeken met DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} houdt uw zoekgeschiedenis priv..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkeert schadelijke links in zoekresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wordt uw standaard zoekmachine.",.. SEARCH_TOAST_YES: "Probeer Priv. zoeken en Beveiligd zoeken",.. SEARCH_TOAST_NO:"Nee, bedankt"..}..//2B2EA6D7599D5A4FF4D04E292153CC8466E9B5C13ECAC7360B4CE4AF8208FBDAF0BAC52F3A42F7B79CFA4AE1F84798C22E54EA28F90DDD64877448C7457510ED++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):954
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.739936707414578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyO7RR9AOx1jdHZ3LPjgnH8co3L/ujdHjdJ+ot3LwjNIg/Q3L/ujdEv3X2WJtE:7HOv7riOxBHc8doB0k/fX2eB1WvSp8Vd
                                                                                                                                                                                                                                                                                            MD5:A4CBF60DC98963EBD4CA75431F05749E
                                                                                                                                                                                                                                                                                            SHA1:17EF26930E4ED6A67033134665E70CD4D8E7F2D8
                                                                                                                                                                                                                                                                                            SHA-256:2CBDC9D9C0506D57627D6B1F044BF7AFC53D2F6E960DB86B96A1B38F9CD904FB
                                                                                                                                                                                                                                                                                            SHA-512:1F9F7CDA511FA2F199A2641BDB451F43D371A83ECC4A64CE7ABDE6DF99D8E71BD62882E2EAB6ACC224EC5090D902D6665F6D88AA3CB15569539C1FF399624F12
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Obawiasz si. .ledzenia online?",.. SEARCH_TOAST_SUB_HEADING: "U.yj przegl.darki DuckDuckGo z produktem McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Prywatne wyszukiwanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "Przegl.darka {0} zachowuje prywatno.. historii wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "Przegl.darka {0} blokuje z.o.liwe ..cza w wynikach wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo stanie si. domy.ln. wyszukiwark..",.. SEARCH_TOAST_YES: "Wypr.buj prywatne i bezpieczne wyszukiwanie",.. SEARCH_TOAST_NO:"Nie, dzi.kuj."..}..//66A0B24365A48742EBEE0A7B2DE36FCEB9D50C8F1E0F01C5A37767303C48E631A2466EF868396414A66BC8D54AA1E1949EBC125548C8A8DAD8304767E725CC8F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):905
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5489931188105155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOamduRsK1jdHMLBjSHajdHjd2OtFcjq/C9yd+WFujdEiXGunNwDFPGtjjXB:7HOvam9KALhB60FDYnNsPG9x
                                                                                                                                                                                                                                                                                            MD5:BCF5F30808A4EF0D14FB93884B7A07F0
                                                                                                                                                                                                                                                                                            SHA1:8D3E5AE887BFE8AC017D9CCF0DCEF91C0C00874A
                                                                                                                                                                                                                                                                                            SHA-256:18406A8FB31ED1CB19A19589AFDD4409D27A9CFD0E6F1CDA06B7A2E8504FC1A2
                                                                                                                                                                                                                                                                                            SHA-512:1F21EF015A0A80173F387F166F24DA9748E3E4283C23AE3E7A987BCFD44D03F0AA7EE592B5BA0E959C82F0B99DD612D62EEE3E68AA7BAA748A3FB9AA6FC02927
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Preocupado com ser rastreado online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m seu hist.rico de pesquisa em privacidade.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia links maliciosos nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se tornar. seu mecanismo de pesquisa padr.o.",.. SEARCH_TOAST_YES: "Experimente pesquisas privadas e seguras",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//CA1833EFEE1D10CB59402E19CB7BC3A7D6E4A0114EB10C49FB9BAC525F41BB39607A016867DDC3E54A12BEB2FF6265C2E7581512EFE0EB8E24BBF4A817359AFE++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):949
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.586279598571526
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOwON2GFfK1jdHcwOFoSjPH5jdHjd2OtFcjq/CGMoujdvIjmg57IIePGtj8GA:7HOvwONFFfKEG+B6Ur5wPGVdRSxgIv
                                                                                                                                                                                                                                                                                            MD5:D8148A68506AF771DA165C472323DE58
                                                                                                                                                                                                                                                                                            SHA1:1DEA3519F0B37CE1CB3E2973E6B6AD12112B1E02
                                                                                                                                                                                                                                                                                            SHA-256:98FDFB4C5747C941D6E5BB3B5CFE72F814E23321592ED9C8BE521BE4559749ED
                                                                                                                                                                                                                                                                                            SHA-512:BC726EA66C90A009B85FDBA3059F078A45CD47FB13E306F6AA576A744FD2B5ED9959892A9DFF05A2084F9D99D2463F86E1D2423B92A496CBD40EA54F7F8FF9A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Est. preocupado com a possibilidade de ser monitorizado online?",.. SEARCH_TOAST_SUB_HEADING: "Utilize o DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Pesquisa privada do DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m o seu hist.rico de pesquisa privado.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia liga..es maliciosas nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "O DuckDuckGo vai tornar-se o seu motor de pesquisa predefinido.",.. SEARCH_TOAST_YES: "Experimente a Pesquisa segura e privada",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//BA975A8009C6B44D296076F08705FAD5282B6485C72C95BE6727EA7308FB6D2F184EAEF4A66CD87C6C644666D45997E507E2C3DB97619846B2234FD7F569D2B7++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1248
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4513689789193185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HOvEzOMHAIonuRIovfPFt5rNlvytaiSAF+RQX/XJfzntcNiQ7nA9I:CvEK6AuLfPFPfvyciSAFffJjtWbjb
                                                                                                                                                                                                                                                                                            MD5:539E3E07CE1272FDA04385C5E106677B
                                                                                                                                                                                                                                                                                            SHA1:5445C7485D3F7148B7C60CD0358BF7C06100380F
                                                                                                                                                                                                                                                                                            SHA-256:DAEF609319F22CDF913A8E466AFAA5FDFD1DF7CEF6438A22DB101FD643898620
                                                                                                                                                                                                                                                                                            SHA-512:BDBD109FF023004B7F7F98BF624B6660C991C2D8D4DFBAAF3BFE916DD124663B3E83D7DBD5E561F4578EE0CCDB7566A4253BA00BF2F9EFF5B3E2747C48369FA2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "............ .. ...... ............ ...... . .........?",.. SEARCH_TOAST_SUB_HEADING: "........... DuckDuckGo ... ......... McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "................ ..... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ......... .................. ...... ..... ....... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......... ..... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} ......... ........... ...... . ........... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...... ..... ......... ........ .. ..........",.. SEARCH_TOAST_YES: ".......... .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):959
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.794635940060764
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOuKOG811jdHvXjy9RDujdHjdVlj6cKj/ujdDEmy9g72b48RpF3dAQ:7HOvuKp81rOOI7jRN9Y2b48RLNP
                                                                                                                                                                                                                                                                                            MD5:318C6A22B3D461A6867FA99882403140
                                                                                                                                                                                                                                                                                            SHA1:701E461FC12532BAF939D57CFC64DE14741695BD
                                                                                                                                                                                                                                                                                            SHA-256:B18133A60D83CB24DA4EF0CBBFE656D1EDC6BE38059B5BEC217073D31BAA896B
                                                                                                                                                                                                                                                                                            SHA-512:AF17165D7A185B77511DA7D93917F483CE1B5DCAD85D48681CBEE9DD14534601B2F47FCB296F263D27FA4252978852A47C4E1EE17AA9DA048B7C474045FC4579
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Ob.vate sa, .e v.s niekto sleduje?",.. SEARCH_TOAST_SUB_HEADING: "Prehliadajte pomocou DuckDuckGo s.ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonymn. prehliadanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zabezpe.uje va.u hist.riu vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy vo v.sledkoch vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude predvolen.m vyh.ad.vac.m n.strojom.",.. SEARCH_TOAST_YES: "Vysk..ajte s.kromn. a.zabezpe.en. vyh.ad.vanie",.. SEARCH_TOAST_NO:"Nie, .akujem"..}..//E6D4FB83ED7B4A79E585ED4FB98DCB78B149E417D4CA925D8CAF8D3995BE27D3C8FAD26A60498A5EDB5B6EE721FD7B6B6DC83F165FCAACE3039A293314FED8D8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):899
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.578822627011768
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyO5bp57xqyeE1jdHqj81jXjdHjdSjqQf7jdXoBSLgOYk/BftVNwkTfD:7HOv5rcsh1jlQfddLj/BPakTr
                                                                                                                                                                                                                                                                                            MD5:3CB0A8727BEB6AC93716A8237C4FC422
                                                                                                                                                                                                                                                                                            SHA1:54B3F851C35E7B11907D006100025E5AE34385ED
                                                                                                                                                                                                                                                                                            SHA-256:4ABE5BCF2FBA084F199207BB51C70DF8D50E8E38607856AFDABDCA02B949B6AA
                                                                                                                                                                                                                                                                                            SHA-512:10D564E9C144AA35B800A858492DCBC3ABC49D9D8522C4ED96D816C888C754DE3A34AFD2AD8AB203F3A55F65495C0E26219CA301740CEB65CAA5156E78D6ECB9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Brinete da ste pra.eni na mre.i?",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo uz McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo pretraga uz privatnost", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .uva privatnost va.e istorije pretrage", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamerne veze u rezultatima pretrage.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. podrazumevani pretra.iva..",.. SEARCH_TOAST_YES: "Isprobajte pretragu uz privatnost i bezbednost",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//77E75F42ADEED375A644E18B387E57D7814B5E6A41754AF9C258C4B1E5A8191BAD48FA8B95D66DEB12E20B9FE126F8C2AD07F1AEBCBB1AD11DC45CABA30B7A05++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):855
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6070687329669155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOP10P/1jdHgjNejdHjd6HjSEqNjdc+yJLzwdanxTSLdGcvm2AiQk:7HOvt0XKYEV+yJ/wMxeFmsQk
                                                                                                                                                                                                                                                                                            MD5:6CA3B31EC1520D88021716667D47E15C
                                                                                                                                                                                                                                                                                            SHA1:4D92E682A49A53EE80D4E893D8F84CC2B89FE510
                                                                                                                                                                                                                                                                                            SHA-256:6F9717BF852368E51C22B933DBEC72A4D46F9CD3A8F6E5B1AEF55F91D8EAAB75
                                                                                                                                                                                                                                                                                            SHA-512:6005C41A1B5827D9C4223DBECEBD266C4E22D15BDE99E6FB2EED6D3C9B7E18B4572B7F7B0E9564CE415C3F98142580247E59CD47DC45D42053626C84AA04E064
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".r du orolig .ver att bli sp.rad online?",.. SEARCH_TOAST_SUB_HEADING: "Anv.nd DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Privat s.kning", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} h.ller s.khistoriken privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee s.ker s.kning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blockerar skadliga l.nkar i s.kresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo kommer bli standards.kmotorn.",.. SEARCH_TOAST_YES: "Testa privat och s.ker s.kning",.. SEARCH_TOAST_NO:"Nej tack"..}..//BF3DE95DE781F826D36ED0B1A7FACF5D9E2F4199F42AE4390BB43180D83232A91F0DA18EC9BCA40C0AA054A32C58DC7CFF107459B7DEA50D49EE2B59873472BA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):907
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.673435471439294
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOb0kPX0jdHCZjHvLWjdHjdatBjQ8JI3chAjdKlaUAcYQHcPTmsFmHfjMnUIK:7HOvb023vLrubY/YQ+TmsFSfjMnUIwh
                                                                                                                                                                                                                                                                                            MD5:1A0184452CAB014B591371EE898988F7
                                                                                                                                                                                                                                                                                            SHA1:C7160818636988656CA13CBED5EB47B54BBED58C
                                                                                                                                                                                                                                                                                            SHA-256:BA8716317A24C874C42F21E349955CE917CB217C590DA92777A808EF0FDDAE97
                                                                                                                                                                                                                                                                                            SHA-512:22B3F607EB8150DE609A35F3DBD7B63E92C6C52BBFB1221BD9E6E78647558336D4251BEB8843B8F0DBADFB5C4608F0E84DA62744B3A3692ECBFECA30F015ADF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".evrimi.iyken izlendi.inizi mi d...n.yorsunuz?",.. SEARCH_TOAST_SUB_HEADING: "McAfee ile DuckDuckGo kullan.n.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Gizli Arama", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} arama ge.mi.inizi gizli tutar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} arama sonu.lar.ndaki k.t. niyetli ba.lant.lar. engeller.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo varsay.lan arama motorunuz olacakt.r.",.. SEARCH_TOAST_YES: "Gizli ve G.venli Arama'y. Deneyin",.. SEARCH_TOAST_NO:"Hay.r, te.ekk.rler"..}..//9232A4B87AAD8EED3ECC66C32007B3CEF6DC0AFEF995183493F53C57065DB5109717D5EFAFEDAA627C412849A58077D1AC24807402EF307B7A0FE571A35ABD95++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):848
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.095129870449148
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HO+9p0jdH4Ly0jJwCjdHjdOZLy0j2u1AjdKeNygHChAKINWLOfOAhT:7HO2Lyyw5LyHf8gHzKINWLOfDB
                                                                                                                                                                                                                                                                                            MD5:001B0BCFD89E2910D1E2C8B89B46FC5D
                                                                                                                                                                                                                                                                                            SHA1:8250FF2DE6FE6605B02AB4D7D57069A1DBC96EF4
                                                                                                                                                                                                                                                                                            SHA-256:6940551A5EAA31249477A8AB1D4127C1D443475084B5AB55FBC562CDC3F0E49C
                                                                                                                                                                                                                                                                                            SHA-512:F3D023C707E2B1454F53036FDC38B4A5D0B3818655482A75CCBB2456CEF94DA06384F7665910B8E62A62AB590966F780F217645638FD291918F5E7EA0D82B03C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "........",.. SEARCH_TOAST_SUB_HEADING: "....... DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ....", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//066C126F47EF439FA4D6B9A745F4D2A428B57E15FB9C3E9EDF30FD7D885A76DCD30578CC3ABAEA2D9FF8670A5EA463617B30A2F3669BC4E34F6EBBFEE62FE034++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):863
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.122936740230889
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HOyOOcMZGjdHMLBj8SC5jdHjdtjkYjd/eBAM+bCvk+aWR9Lp:7HOvupLyFeF0j+9Lp
                                                                                                                                                                                                                                                                                            MD5:73A12263B4162A648426D9353C912863
                                                                                                                                                                                                                                                                                            SHA1:4F5BFE5517106A0C43583DDE52D944CE3E66EADC
                                                                                                                                                                                                                                                                                            SHA-256:FBE2134B1B94B760EA12DFC1DB89CF84EF6A19993467455FF4335A7675B69E05
                                                                                                                                                                                                                                                                                            SHA-512:202B852E1C4838953D39A3AD6CDDDC64A6E919DA23496A993A2C991491BEB4F0168DA97B48F9C66DB5D3F69BC23DF7D30C910059A1A38553DDD29ACB6740D1DC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".........",.. SEARCH_TOAST_SUB_HEADING: ".... DuckDuckGo . McAfee ..",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee ....", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}..............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//A6414BA834CEB056D1F20F675ECCD13789B7F792B5AB4CE8768275998C4502FB956AD5D935C752225D2FC7C7B5E2E4747290C227B073497F043B12FD5EE9D6CB++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (307), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11879
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0054514669898325
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CBketuJEUrvtH9Ai5trhElBXXrhEN1QtfT6G8:CBksuJEUrvNyi5tKBnkQVOG8
                                                                                                                                                                                                                                                                                            MD5:F014E6A3EFE798D4EB47841DFA2307A0
                                                                                                                                                                                                                                                                                            SHA1:30A7389BE80B85E23951740EF8315EF7A0330351
                                                                                                                                                                                                                                                                                            SHA-256:D268E526C00DCC7D819DBD128569B2A1746FFE1527A402336CE333F2E6A5FB69
                                                                                                                                                                                                                                                                                            SHA-512:AE18F2D654823C3116EEC050F997572C541D4CA61560A0A9D6AF7BC71726EC0773A273DA34187857CAC70B067A72510DC74D27E7EF38AFE8E8496250739E0862
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ...........",.. SEARCH_TOAST_BODY_TEXT: "...... .. ......... ..... ... .... ....... ... .... ............. ........... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. SEARCH_TOAST_DONE: ".....",.. SEARCH_TOAST_HEADING_COMPLIANT: "... ......... ... ...... .........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6293
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.375969242474785
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Ckl7LklkKuaz45DJMtR4fAgK0vQ8jwsClwJcv+ztBDABrBN9FC1WgjsRBva54ApY:CkWF+Uturjjj42tBABrFoUgOBixY
                                                                                                                                                                                                                                                                                            MD5:C3DB8EFD81BED2AB98E32AF88AF1235D
                                                                                                                                                                                                                                                                                            SHA1:8E84A93C74FC84CD26B1E27ED6888FFFB69504B9
                                                                                                                                                                                                                                                                                            SHA-256:25CAC11A7D0C9DB43F4EDCE1986EC8B0A5D437E5952A72DDA1D68F4A9B25BEA9
                                                                                                                                                                                                                                                                                            SHA-512:3BA4B3E7CE67B77181E0FEF52356008BC45C66241C58F8A63BB86C931D94B5806F4596EB7E6AEA037CFD2A12F5369F7C870C7A0A6EBAA622E17C8524A9CF94DF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT: "Want to stay ahead of the bad guys with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn Secure Search on after I restart my browser.",.. SEARCH_TOAST_DONE: "Done",.. SEARCH_TOAST_HEADING_COMPLIANT: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Would you like to add Secure Search and stay ahead of the bad guys?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Yes, add Secure Search to my browser and change my default search to {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",.. SEARCH_ENGINE_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7166
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.358441925510331
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CikaW+DI24sA0etjy/gsjyw9FsBR52/MGSrZcUyxITK3mvQ0:CNL+DI23ktjy4sjyGeR5jKnOKWv9
                                                                                                                                                                                                                                                                                            MD5:BDBE27216014018CA7E49C5BDD02E35F
                                                                                                                                                                                                                                                                                            SHA1:53132EC75BF76F0DE4E918BB22220208501DAF9A
                                                                                                                                                                                                                                                                                            SHA-256:5BB5302B2377172B45D67FA9CA76150BBB79951916DD4CE49D8ECC2EA21DB7BB
                                                                                                                                                                                                                                                                                            SHA-512:CACB868C31FF0933CADEA9B23A86BB87358BF639F1575D1AF6C30623FD312FEE75746AEE6C638A60EBA416F17C24F5CBAA935F7C5BD9E8CC2E1B8ACB952C8143
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La b.squeda segura est. desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No dispones de la b.squeda segura, ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Quieres a.adir la b.squeda segura e ir un paso por delante de las amenazas?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., a.adir la b.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}.", // {

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6972
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.38156402946273
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:C7nHt6A2Av8eK1mD8OOtjvQxj4jJ5QXGfTB9W:C7nN6dABK4wOOtjvQxj4lomTB9W
                                                                                                                                                                                                                                                                                            MD5:1EC390B035D776856A9A321A1145178B
                                                                                                                                                                                                                                                                                            SHA1:A4F3F2FB708FD9F34E13C2816D279EC2DE88AE5E
                                                                                                                                                                                                                                                                                            SHA-256:0D9FB333B8B0F0E14571CB19EFAC5DA01893D283B8C699DE65C63C2BAB3F84BA
                                                                                                                                                                                                                                                                                            SHA-512:F3E04400A5DF8A8BC420992E97A5B921A08503822317AF84BA35C0F7D20762329825284FDFD1FDE8F9A0A17029E8DD70D1B7720BF797D98E7FC6D1A28FB5C482
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No tienes B.squeda segura: ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Te gustar.a agregar B.squeda segura y adelantarte a los malos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., agregar B.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6713
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3999395489388125
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Cf5VcSzQubYOrlY0XRMYSJd1VtHyYZN66mHyY4XubW:CfWJXecJtlf6vl8ubW
                                                                                                                                                                                                                                                                                            MD5:3E335D695F7DB82D87608C72A16A1327
                                                                                                                                                                                                                                                                                            SHA1:9E7B3368781D86DAF254E42B500E2589F276ACD3
                                                                                                                                                                                                                                                                                            SHA-256:62CCCE41461596BB9FF5DDDF9B197E5025D66FBCDC1D0672BF0D151D2D957A38
                                                                                                                                                                                                                                                                                            SHA-512:C4B4F71231182A914D4E9DBCADE2A5A457FE112EDEAA1304622560FA660CF7B81112C44816E52CCF2554C41390B6D4BFD026D34C52BE6FFDD2A21051801423C9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis",.. SEARCH_TOAST_HEADING_COMPLIANT: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Haluatko lis.t. suojatun haun, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Kyll., haluan lis.t. suojatun haun selaimeeni ja muuttaa oletushakukoneeksi {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7707
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3381416544994575
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CNztZLR3dPCgbg0LUaJbQA1A/6yb2qz2KAnt/rF43U/HqBosOCA2FSQ:CB/CqQaKA1i64z27t/rF43U/KBosOCAo
                                                                                                                                                                                                                                                                                            MD5:FA26B4A72E2782DEA4DE026BA74B3E13
                                                                                                                                                                                                                                                                                            SHA1:69FB4CF6B00C2C9FFBFE9911A83BE43BFE47EEB6
                                                                                                                                                                                                                                                                                            SHA-256:9C15FCEBEF8D2E48CB0073055A93920D1E7AA8E6AC7D6169ED616AAE9B1A66AF
                                                                                                                                                                                                                                                                                            SHA-512:44B6877C4E6463DFFD354C24C4929E3779444EED79B86E63E56A9ADE1832F2681BAA4DC53A46E98ECC40F8918BBE71A0ED9E97266425C49C3E7331185328E293
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attention! La recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous d.jouer les escrocs en vous dotant d'un moyen de protection suppl.mentaire?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e une fois que j'aurai red.marr. mon navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attention! La recherche s.curis.e n'est pas install.e.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Souhaitez-vous installer la recherche s.curis.e afin de garder une longueur d'avance sur les escrocs du Web?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la recherche s.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7690
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335738313754324
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CsERzSimDtBPs31a2/DMEopt+3eOpPZA2XYGAlfu:CXFABPq1x8t+3HZA2IGAlfu
                                                                                                                                                                                                                                                                                            MD5:58F730659AEA6BFB14DC505701FEB4EC
                                                                                                                                                                                                                                                                                            SHA1:63095BBB45DDB2514B613FDF38062D653311721A
                                                                                                                                                                                                                                                                                            SHA-256:D33338E420F6F40106E7230FFEEF1699C0714EA7AA9BD8ECF7037EB1FFE692D7
                                                                                                                                                                                                                                                                                            SHA-512:D968B7B7B370F518CF922EFB1344AFFAFDA54F8CDA0987819B81CDA546DB12F5CB298B4520E626C4E25BF5B1910EBBC6A2F4BB3F535C8B990A2673326C2AE706
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Vous souhaitez une protection de recherche .volu.e qui vous mette . l'abri des utilisateurs malveillants.?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Voulez-vous ajouter la recherche s.curis.e et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la rech

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7046
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.485914206328592
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:C1/oREn0Rscvuy66DERG9MCt9qU8FCjN9JPh9qU8F/9FYeP5en2uRpPpQAqE:CxnifBE6t9z8FAN9H9z8FFeQm5DPyAb
                                                                                                                                                                                                                                                                                            MD5:3C6BC626386F5512D76BEBEDF9F5EA37
                                                                                                                                                                                                                                                                                            SHA1:97BF25599A08D41EA6D2AE00624AD80FD751F802
                                                                                                                                                                                                                                                                                            SHA-256:060E22FB344AC6D43A27859E11ECADEA08627118DAF33640B76D241012C329EB
                                                                                                                                                                                                                                                                                            SHA-512:727F54137CFA1B588DC027653AAC2F2AE57F9AFD817E97129EDA57B65B0CFFF88104B924E7B31902B879D53279ADE4E9F42D0F2E84AA4ACCB5BBB2D5F877BCB2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite ostati nekoliko koraka ispred negativaca s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik.",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati sigurno pretra.ivanje i ostati ispred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodaj sigurno pretra.ivanje mojem pregledniku i promijeniti svoju zadanu pretragu na {0}.", // {0} SE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7496
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.552843123661257
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CyQ0mXVpV8YYxZXThD71WnkWYtezBPwe49Fnmsv31B94+CgBi:CxFXV8YabLtaB4jXH4gBi
                                                                                                                                                                                                                                                                                            MD5:D62A6EC876F6108DF03B0E09F6A58E9C
                                                                                                                                                                                                                                                                                            SHA1:3420F11A18E128435FB29D31D1773BFF60EE8EA2
                                                                                                                                                                                                                                                                                            SHA-256:A818BD059F76AC8F25753C23622070E0BBE8288C2410B770CD1A25FCBAD5D820
                                                                                                                                                                                                                                                                                            SHA-512:02214F454364DE41D10E073DAB862D44126AB960D03A3EA68EE0DFAF746B9E23132E273C582A45BD98FB1C846F09C5E65CF0B91AF34B7F74E2ECD1D087D41C90
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretne a rosszfi.k el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t.",.. SEARCH_TOAST_DONE: "K.sz",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Szeretn. hozz.adni a biztons.gos keres.st, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6908
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.242691937762663
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CNcefx5VArSHAmTy+rr0l2BJ07tpelslpeWy++WVHJd:CL5OpmOU0lCJ07tpiWp4sn
                                                                                                                                                                                                                                                                                            MD5:15D900D57EA07771CF9DC5AB85EC9519
                                                                                                                                                                                                                                                                                            SHA1:F17B5391CE29E890284CF6186BAAFD1876542217
                                                                                                                                                                                                                                                                                            SHA-256:7F9A0A342E2B4AE78EF379DAEF5F4B125E5853054DB8F0AFDE459BFB0AEBD027
                                                                                                                                                                                                                                                                                            SHA-512:0ADF0F1F94063DBA39F7972E93317EF6A5A34D1482B7A1151E70475EA0D822F3B003FC590AFCEB99706E522C4D3BDA4C986BCEECD0F59A4B62FC6D4F20C43EDA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi essere sempre un passo avanti rispetto ai malintenzionati, grazie a una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser.",.. SEARCH_TOAST_DONE: "Fine",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vuoi aggiungere la ricerca sicura e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., aggiungi la ricerca sicura al browser e imposta il motore di ricerca predefinito su {0}.", // {0} SEA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8147
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.851224763965864
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CPLfnSHyVfZ2H6EisoqNkij09yT4eKVX0fe66UqPJGNBcpIEdt4/L22XPJn4/799:CumbTi9Itk2s1EuSU8sJ7nob
                                                                                                                                                                                                                                                                                            MD5:B049467751BC3F90F948C586A1043DF8
                                                                                                                                                                                                                                                                                            SHA1:E77BEB8CF4EB4A9CBAAF65CB4139B86BEAD184FC
                                                                                                                                                                                                                                                                                            SHA-256:387A90185C9E469E0C85827CCCADA6BA4979F7C52CC2F86718518161BC2B3270
                                                                                                                                                                                                                                                                                            SHA-512:42A14C1114E7AC295F8F5BF817D39C0B98C064CBF397CAA859F374C664E3A192E97FCC69B7996781E90D0F834C134F51A04B23F2627AA26211934C56765F6BD0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................",.. SEARCH_TOAST_BODY_TEXT: ".........................",.. SEARCH_TOAST_OPTION: ".................. ...........",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".... ........................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".................. ...........",.. SEARCH_TOAST_OPTION_COMPLIANT: "........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7384
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.936442932502741
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CIfSwAbRpdRzltRSN79FIt4khpJAk/Nzf43:CIawKtRSNp1k+YD43
                                                                                                                                                                                                                                                                                            MD5:F3B4AE74BC33CA54A617195554DEC210
                                                                                                                                                                                                                                                                                            SHA1:B011346E116B1B2B4B5D7BC4037E76225551E272
                                                                                                                                                                                                                                                                                            SHA-256:1D2FC50DAB104F29F5F5ABBB52F9B9E0DD419D1E1E671CC86561BA94E8D03AF1
                                                                                                                                                                                                                                                                                            SHA-512:95BD454A2D805CDD9C7B36E3EE9E4A2DCC94D31783244B1D5DA838216F746F05CF16A40A1728EAA3FB1E73D35DFB85D4599E025714484B7316139CFD9B6CD6A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: ".. .. ..... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: ".. .. ... .. .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".. ... .... ... .. ........?",.. SEARCH_TOAST_OPTION_COMPLIANT: "., .. ... . ..... .... .. ... {0}(.). ......", // {0} SEARCH_TOAST_*.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6835
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.389248861619669
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CKrYAXY8c4VteYFB8K3ueYFYRbyLXKFK4MV:CNGY8VVt7FB8K3u7F6yLXKFK7V
                                                                                                                                                                                                                                                                                            MD5:948C535D59BA469B8EC9A7D68A48669D
                                                                                                                                                                                                                                                                                            SHA1:52F4E27C7D7C220524E3B9EA96CF06E7A7053221
                                                                                                                                                                                                                                                                                            SHA-256:DB88F91B5E991C77EE5F2EA846E4B9680E7B482A470A3ED5B789999B0B6A465E
                                                                                                                                                                                                                                                                                            SHA-512:F8EC307D6286D16F19620E3702AC60DAE1022EFCB7CD3CAE37437D1DAA55E553E1FA35AC3C02DF4FF8DEB07170BDCCDA37B68A1A1B2478A279E99634261F12D6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du ha et forsprang p. skurkene med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. SEARCH_TOAST_DONE: "Fullf.rt",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke Sikkert s.k . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du legge til Sikkert s.k for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, legg til Sikkert s.k i nettleseren min og endre standard s.kemotor til {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Y

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6746
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.353225815241767
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CHSyoqPxfaPVFJ1bshox+a3uz27w8iLt9ls3cLt3CPiMWbW3pDLrFH9:C2J4jtjbSLBF9
                                                                                                                                                                                                                                                                                            MD5:C8685838886DEFEEAB01DA50E180297C
                                                                                                                                                                                                                                                                                            SHA1:6D817DE3EDBEC43DD73B2D5BF3BBB299F427288E
                                                                                                                                                                                                                                                                                            SHA-256:334C7DE4E0208403B4CE486A61E1258717F52674F49B4EDBB00F294F381F9CFD
                                                                                                                                                                                                                                                                                            SHA-512:8D1C0C0FFCD9E5F29709CD196A95E5643C5A4C7355BB83AD7D6F288C5C299F2888B090F19A20B556C91F2CA44F5A6A82A8ABB2F2F1ED7A90A0A23D908D2F7F02
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u de criminelen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed",.. SEARCH_TOAST_HEADING_COMPLIANT: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Wilt u Beveiligd zoeken toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, voeg Beveiligd zoeken toe aan mijn browser en verander mijn standaardzoekmachine in {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7048
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.612408542710143
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Cp4EhuYbEvbH2jQWjlykLbLJLA1keuRgR1kv6z+tU9k8ir+IQB1y0g8CmYrvBjyt:Cp4EhuYbEvbH4QWjlykbpA1keuRk1kvK
                                                                                                                                                                                                                                                                                            MD5:54F0DA129891ED11F213C5518C5A1F59
                                                                                                                                                                                                                                                                                            SHA1:ADB1541290EB3E7ACA8378D39D34236E0207C154
                                                                                                                                                                                                                                                                                            SHA-256:CED288ADA1435875D7FAE1F373BAC9D74BAFF5A9FDC73DAC19C3136E9562DA8A
                                                                                                                                                                                                                                                                                            SHA-512:FF63F5824F31F4F601B546E1C48293D99E7E07C5D7CCFF09CB53E03296A88C5A6CBE7E29BBB0EB6328F77046E7FCC368A7CE0B48F6BB39DFC27C37F71A4E82F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki.",.. SEARCH_TOAST_DONE: "Gotowe",.. SEARCH_TOAST_HEADING_COMPLIANT: "Uwaga, nie masz funkcji Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcesz doda. funkcj. bezpieczne wyszukiwanie do przegl.darki i uprzedzi. zagro.enia?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Tak, dodaj funkcj. bezpieczne wyszukiwanie do przegl.dark

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):662
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.745417801821615
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7Ha6F06FXOAdhcUbz4wpHyHK6IPHCmK+AOlNFdEcRc4l:7HrLFOAdiIppSq6IPSOHRcc
                                                                                                                                                                                                                                                                                            MD5:6D000C24CCF85934933567AF4A9E5CE7
                                                                                                                                                                                                                                                                                            SHA1:6496E4CEDF280542B942BA8F447355303AD33ADB
                                                                                                                                                                                                                                                                                            SHA-256:F8AA71B0870A5AA43EAD5351DCEA4779CDD2AFE9DD8A309DCE6F0C647FC26373
                                                                                                                                                                                                                                                                                            SHA-512:05772638E5449C957740A6525A0C7CB218FE4D8508532D1BF62A1C696556AD58DF37BE16FCBF8A11F62A370F39C36D18AF11251B9406262D17B9AB93E74A7FCE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed hrozbami?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//B5F5057D79E491C4EE1F2BB029AD8A7CC1E3A8BC264EE3427FCA3B552DBAE331817303A2895C3A0C3CFDC9A9388722EA216D990AB59B836518541AACF5DFD4F6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):591
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5619761093306925
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H0Qs8HQMHQs8f2aw5VL0bdhPLjWR8ex9C8ZeKLHQXAey:7Hfs49wsC2aw5t0bdhWR5x9Pyy
                                                                                                                                                                                                                                                                                            MD5:268CA433F82EE424D3C48EBF0BBE9703
                                                                                                                                                                                                                                                                                            SHA1:BEAD02BCDCFF39160D295A5FB379F74326A0523A
                                                                                                                                                                                                                                                                                            SHA-256:EB9B8C3362956F67C2E8BCD0B7BD77DA16331991336EA9947B63111DAA8A4FBE
                                                                                                                                                                                                                                                                                            SHA-512:A7A0AA7A50591CC45F393A8CF112AEEAEB218911227E0158BB2821CF321998A13CB1779D90D2CCEAF79D00525F5E42611DBD22EF97F2FE3AD5279CC5DC54D203
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning markerer de potentielt farlige websteder i s.geresultaterne. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du have ekstra beskyttelse ved at g.re dine s.gninger mere sikre?",.. SEARCH_TOAST_OPTION: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren",.. SEARCH_TOAST_DONE: "F.rdig"..}..//0E82E4EAE50371488D4A7159340151D62D2D0FC126923C62E6D170B58CCFFE90CF370EF40316414C35ED2C100D560F7081FD8B51B51BA0A403D32C0F94F59561++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):626
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.462880121464915
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HV5hKfCvXCQtROXlU1dhIQvQA3yDYBGNJXJWWqEK4SVTah73:7HfhKf+X08dbCYgO9TaF3
                                                                                                                                                                                                                                                                                            MD5:66F32FC7570B8EA305AD1B6D121B8B95
                                                                                                                                                                                                                                                                                            SHA1:A2B5367EEB94A0AD97F9DC2D88A8F4E39A010EA8
                                                                                                                                                                                                                                                                                            SHA-256:04A5B8A4EC89CB1630C4581463431DE2EEE4AE84D8C0218A046B948DB97E3D05
                                                                                                                                                                                                                                                                                            SHA-512:2988DA3A77BAD5D420E6997F9C3D301693C7A91669D969B11236C09F8BE32131768C5D3FAA9B3481CCBE8B15E9EF60AE79A51584074BF573E87E0389CFD1CC5F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wollen Sie mit zus.tzlichem Suchschutz Bedrohungen immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig"..}..//1A944A7735F307EA4619927455A6ACEF8841756E38415A30D791694888CCFB39ACEF273B7A7341AF4D0802B37C395E27638D647F69114E173012D34ECC62EC20++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):966
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.127791253706183
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HzMnpI0MXLr28dNWGmr3/TaMTyNfVyUcOAn:SS268drbS4n
                                                                                                                                                                                                                                                                                            MD5:5CCF9B4842C422E0ACCE1B973D08462C
                                                                                                                                                                                                                                                                                            SHA1:832881D27AD78B4375B7DCA753251767C6C9F677
                                                                                                                                                                                                                                                                                            SHA-256:A55D30EF5B878C8F8D1935E80C756D65EAB61E01880950C14EABC151697DFAB1
                                                                                                                                                                                                                                                                                            SHA-512:A8271841D44A78E369E0CD623D1169F4F8A8C56DCFF24E4590D51CA45F9D9AAF2B307ECA38A89F65D5CFD8EB7B441C1519083A1B0FE7AC7AADD50B539BD8321F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ........... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .. ......... ..... ... .... ....... ... ... ....... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ..........",.. SEARCH_TOAST_DONE: "....."..}..//F15FCDAD716F5CCF0C43DC41CBC53F9B70F68E47EEE243EA892913F3DC537C77CD22E6B910F9403ABF223338E2593F26099317B9E18240D96FDDD2D0590C4CE4++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):546
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.438549975770166
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H4HIWFH3npSuVJTsdhIEfRXK9m/NaU/mruYOiFpdc3W5niLn:7H4NXpSuVJTsdjfRXKIVaIYOYc3Dn
                                                                                                                                                                                                                                                                                            MD5:169DB669C2E87CCD5A0EA7B9F80D9871
                                                                                                                                                                                                                                                                                            SHA1:E0287510D4A3E4B8FB0BEEA4EDBC47728A5ED9D2
                                                                                                                                                                                                                                                                                            SHA-256:0DB47E585633965817E3DD6ECFA8C21510A66035DA0897AC0C4FAAB962B6AF60
                                                                                                                                                                                                                                                                                            SHA-512:8F44F3122FCD225A10303108578717CCE2317260AE7669FE2A8CE856DE6EDD4883CEBD6ED510CA1047D3391272300BA450F1BE06A29120B765F8C543446C7F3E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Want to stay ahead of threats with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn on Secure Search after I restart my browser",.. SEARCH_TOAST_DONE: "Done"..}..//3B0F806960C0EBCEB6875FFA6C5AB218F0BC0197B7A461E9AF6B50449350E6C48E8F59570E7C8FFD78CB8FEE14D1E7FA6FD5B4F9FC633CB100ABA08F5B950733++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):621
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.537233953269622
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H1b6YjvHDkYdhDOnKjHZ/QC5MHYRUuUdTvyXZtgkSaO:7HRHDkYdQneZ/7kYRUpyJSkSaO
                                                                                                                                                                                                                                                                                            MD5:427551114EA5A011444628C70C7BB418
                                                                                                                                                                                                                                                                                            SHA1:3A3EFDBCE6BF14F01CB75F85E489EB1EF1300190
                                                                                                                                                                                                                                                                                            SHA-256:40B4465BCFCDEFCE61F1E4CE13D8F8D033C3B512863DB2534B200C83890CE607
                                                                                                                                                                                                                                                                                            SHA-512:DBD3E8B11B1EFD3871A150A7A5036B1FF8A3FBD98DF93F70BB5707BC5016949EA8A52953B752CF86E85B671722C61E262AED28555F3C07791400F4B43D85AF7E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura est. desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura filtra los sitios web peligrosos en los resultados de sus b.squedas. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quiere ir un paso por delante de las amenazas con una protecci.n extra en sus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//22113BF8133CA2B542C35409BEB44349FF7195F5280B80A5DA2FDE99530CC1AC1FDA0EE6BE1200980557EDC41763B2A6D8A584D9C5D924BF105FB59F1E268B50++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):590
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.549329076958939
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7Heaf6Yrsi5KD/DdhDybH62P5MHrS2RharnJJNR:7HdLsiUDLd0rXPkm2RharnJJb
                                                                                                                                                                                                                                                                                            MD5:5C0F8444768786231BCAE2BAB01DB143
                                                                                                                                                                                                                                                                                            SHA1:52F4CF3BDD62D1B01FA75182C19F33E0956ADA7C
                                                                                                                                                                                                                                                                                            SHA-256:B14DD7E06C4B84C637F79A20F254339763AA9C462B8CED7FE86A57EFA827343F
                                                                                                                                                                                                                                                                                            SHA-512:CA6EA26F0DAE0CB66EE1EC2C330A7AC8AC75CD73E50D0DC9B6F4085F294A3F9FDA3CFD059EBBAC0753163E110F4A74CF582ED77824341E2FD476F3625DF8EAE7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de sitios peligrosos en los resultados de b.squeda. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quieres adelantarte a las amenazas con protecci.n de b.squeda extra?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de que reinicie mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//FD039D2FF52D2066F725F3E939530D8C2233666687E07490F3C30EBB3AB47239E8B845875CE212B94A004E731C278B52AA5FEBF66022B264C3870064E0B98435++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):594
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.550128328447868
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HpBjkIHMjpJNnddhFyXLcE6P8ljSy3FJHzWv0R67:7HpBBHsNnddeXInP8lmSFcv1
                                                                                                                                                                                                                                                                                            MD5:F7B6A3976436D07842B0CE96DE0D96BF
                                                                                                                                                                                                                                                                                            SHA1:86F2D4C66B4B4838D300F449F1A9AD4E7E983A4F
                                                                                                                                                                                                                                                                                            SHA-256:C754516DC578EF2149DF10451A36ED4E492CC0DCB761EEA83A15BF5F6DB54CDF
                                                                                                                                                                                                                                                                                            SHA-512:5E7D1B934A8C790E8E6CD2A4F820A3D22E86A2892DAEC8DF51AC28455B99493BA272E4287EEBD98E760717989478540D74D60AC195DDEFC31A91C7B46689D40E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Haluatko pysy. askeleen edell. ja hankkia lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis"..}..//A797A51DF9C65656375FD23F91EE06DD44A003D12551E39080ED858A0008242F2715CFA6D6A8C2469BE3EA5386C7A9922CEB79135C7579BFA5B45D8580A0548E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):619
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.451330148560123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7He5LuGrtBdhLjwQ8SlK3woEEnmWYoIjiC6qfjkl:7He5LustBd5wwlK3/EaxQFjkl
                                                                                                                                                                                                                                                                                            MD5:F94A9F460C65BA0CF9752D9C0D71CEFE
                                                                                                                                                                                                                                                                                            SHA1:4FC47DD6B09927FBE73D8FBDC59C5114710A7E4F
                                                                                                                                                                                                                                                                                            SHA-256:F2F5849F54D85A9E5B0D59E6F20B6623255C241E062746623FDA269A4FEE12D2
                                                                                                                                                                                                                                                                                            SHA-512:D8718DEB938F7A3F1467C6B4CF4C5A162F11B78AB418BC172765CBC393909F89129F065C4B069B4E951196B964D42B40FBC329A61836D7826455F8E219A0CC9F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous aimeriez garder les menaces . distance avec une s.curit. de recherche accrue?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e quand je relancerai mon navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//294F23E4A2F981F3B4002EBC3CC16AF8963ABAE85252B0C67975547FF951375827F321F31D96447D863DA4B24E62EA7CB469C610E51503BD5BB63895A8FA101D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):654
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.493993879574286
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HQ7vJmt/5Tdh0tTdQzFOQ8S4NKXz4wlckGyg:7HQ7vJmtJdWtTOpKNKX1Va
                                                                                                                                                                                                                                                                                            MD5:E258627E446D70314D74F4A22DFD79ED
                                                                                                                                                                                                                                                                                            SHA1:33B0C9EE17A132A038863F387D82027AFE639F98
                                                                                                                                                                                                                                                                                            SHA-256:2CE78101F44D51D9F3B592C3D6EB552611CC6041DBC8286035605B55F4E9900E
                                                                                                                                                                                                                                                                                            SHA-512:9D15E91631F455C42923481AD253B1BB1DCD6CE299D9219952902BA3C16F4F49D43442BFFAD761EC9223B15BAC973256E765B2C0960246326CFCEB12ED7D8475
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous souhaitez garder une longueur d'avance sur les menaces avec une protection de recherche .volu.e.?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e apr.s le red.marage du navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//516BD4B5AC129E10250976C9A0F0102827F64E073FFBF75344EB0EBD6BF27CA8AE954F70D8FB99C1D2FD23809430D20D35A1DF0C7DBC8540F4A7638BDD69CFC6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):642
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.593914365942388
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HA+vZMuIg9s7sdhXNrY+Au1HQu8TPajrk4NQEJRhcLn:7Hb2g2sdrkiQuISrV9JRhyn
                                                                                                                                                                                                                                                                                            MD5:79EA5179B1BF206C9C28C688EB02EDF4
                                                                                                                                                                                                                                                                                            SHA1:7D329D1FFBD1E903DA92820F19F00E002334C17E
                                                                                                                                                                                                                                                                                            SHA-256:5722BCA89FA337FD23C7FAC1CBD0CA9D02218429C9DC5E6D073202B1EDD738CB
                                                                                                                                                                                                                                                                                            SHA-512:F2A6CF812BC77DD2BC93E99FC03AB175EE278C05FADA8C8D2FD786831481801E6FF6F7AC77DD19B229DA3C8BCC0F3702A296D3CE0A17656FEC5F159A11C6AEC9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite ostati nekoliko koraka ispred prijetnji s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik",.. SEARCH_TOAST_DONE: "Gotovo"..}..//D9D403219281843FC30A2DA16B9DFFBCE468AD168F7E1EC1DB8C06F745C962786956328F7A44832AD703466D0904BA3141BB2A241EE6713CCD9E8573AF52F552++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):703
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.68374178365314
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HeBdauIvxgWeBdiituB7XcdhM2Frd0XR0WMruMYNSIt5d9XUL12UNIxlRKY/0Vy:7HeBdauK0Bd5olXcdyiry1MSFNSEd6Ls
                                                                                                                                                                                                                                                                                            MD5:5057414FE921CA76EF4EB5E62CD9EBC9
                                                                                                                                                                                                                                                                                            SHA1:8E87958FCFC8A97008E24E7C2550707A12B294CA
                                                                                                                                                                                                                                                                                            SHA-256:5DA826F49AA1C5B202F9E932744FB5642980300AADE8D5E315214B66396438F6
                                                                                                                                                                                                                                                                                            SHA-512:FCC4F62DE543A240586FECC2C81337A111723D392CDDBDB6418F940D005E957CA69954FF70C2C0121B6C867C363B3E2F181F3E3BABC799B7E593A96530E83875
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Szeretne egy l.p.ssel a fenyeget.sek el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t",.. SEARCH_TOAST_DONE: "K.sz"..}..//29BCD2AFD84C1C4AF73613FFEC98A0EAA945960DF823E96D682063A657029F9063CADB3F1E0F8600F497EDC512E3F4B83AC642282679B9563E20859BE5720B26++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):591
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.434255161423558
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HtDdilrtAfzdhDK1+aYfHEDTXvrcN6LV:7Hx9fzdFWnY/EDbvrz
                                                                                                                                                                                                                                                                                            MD5:241ACD32EBCA5FB2C32C222D44262930
                                                                                                                                                                                                                                                                                            SHA1:6728BA15E9444727EA9C63E178D835BB310DFAB3
                                                                                                                                                                                                                                                                                            SHA-256:BA9BE655118F7E05631E64012656EB5314EFB61B475DCEEF618A77BD74045040
                                                                                                                                                                                                                                                                                            SHA-512:D3D90552B2D66CAF37B2C5AE45DC49E0C1ECCA2A6A80BBB6B85AF2BA7ED28E74EF83AB5C317870E6CE5D49AC20BA619C620C487C3F65DF959B3C155C630F7B4F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura ti indica i siti rischiosi nei risultati della ricerca. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vuoi tenere alla larga le minacce con una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser",.. SEARCH_TOAST_DONE: "Fine"..}..//DEE24319C0373221CDBD58133C70A9D341D604D3C2F51B75E309F544D274CE8992DDFBC446D0EB90A7FB7AF64CC9F115F6B0AF085B2823274E27A43E15412547++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):640
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.962211633536616
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HUWisRqhWYcXYDkNWdhx8HWER9QilSh5RWmxISFvJgMXS0kF0Pcszv:7HUTOqvngUdcHbLZIrDgqS0kF9sL
                                                                                                                                                                                                                                                                                            MD5:88E4C5F2AC4B81F9A1BA4972235B64A6
                                                                                                                                                                                                                                                                                            SHA1:A441514B824D34C0F6641313678735548FAC7796
                                                                                                                                                                                                                                                                                            SHA-256:244203EEC590679F14263D8542205459EB98BF2BE9596DBE69EBF7BD6834758A
                                                                                                                                                                                                                                                                                            SHA-512:781D64B045D054C06D36327BF69E53A60949E3A58C74835D6F6B264B4811D6B0BCCC39F09A4FFAE4B2708926793DF47F22765776429EF8E68EC445A83AE1E5B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................ {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".........................",.. SEARCH_TOAST_OPTION: ".................. ..........",.. SEARCH_TOAST_DONE: ".."..}..//37BF8D2C584F42A060A901163646A6210E77B5FCDF8CF714001FA711D508A9567A63B2BA34E1FC66915A122403791F078C9169EBBCCC2D072107FAF0AD8D31D4++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):610
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.965176695364184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HRgq8EDFj2FcdhkbQ2sIm8kATYld1nI6FhcD7:7HvhEcd2BsIm8kgYl3y7
                                                                                                                                                                                                                                                                                            MD5:D01CACFA69D8812BE6A84832E2349DDE
                                                                                                                                                                                                                                                                                            SHA1:E51D2C811F58AA8351A64437C11DCC59E235F4EF
                                                                                                                                                                                                                                                                                            SHA-256:DCF325CC9F893E9E5400AAB4339223053C21BCEE6B381E069F9BACD8FD29C579
                                                                                                                                                                                                                                                                                            SHA-512:2D625B33E4E14B61CD650236F6059E0E15EEC7EBC07420C211BE72D1791E4D846F46150EC869F181380C4F7A214B9EFCDD3F6550D9F6708C00FE70078AACE96C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ...... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".. .. .. ... .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: ".."..}..//91D0735DBE34B5D505CC113D94080AC909EBCA04EE956BE8658E9AE36CCB985F79F661A8790F35579EE88758844E5E33EB7BBB672347784F28F7ED081948B4B0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):571
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5870372686736784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H0QhMHQjBUW4J9wdhPtkwxWsNWFcuVk65IWhmYBh:7HfhMwjIwdhywQsIueWWP
                                                                                                                                                                                                                                                                                            MD5:67073A8EFECCD6213993B28320FFAAFD
                                                                                                                                                                                                                                                                                            SHA1:403F431949DB988C38194D5941FEA07B8567D142
                                                                                                                                                                                                                                                                                            SHA-256:DB04E2CC78803888C6AD0002B39907BA15D1C07D6092AEB938254578D2656E09
                                                                                                                                                                                                                                                                                            SHA-512:7B5D8C480DB8D7608BEAAAA1518CB83E5AE12A4165D650EF7D13DC015BC42F0AD1539D269B7206418409C6B0C80948FF63EE2AD9304763C54FDAD24824CC535A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna risikable omr.der i s.keresultatene. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du ha et forsprang p. trusler med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt",.. SEARCH_TOAST_DONE: "Fullf.rt"..}..//3E4EAF8FC11DFBA3641C0FA9CB584B9ABAF10149BBA42C8C8A60CA74627667949F8AB9B7E889E7DC707404643056D18FC392D5C2C03F8E212563EDF57301053F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):602
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.541846254739291
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H7AySxXeOzOqodhIMLfcPkQkfM7uYCdVHc+Zh:7HzSxOBqodrLfccQk3T97
                                                                                                                                                                                                                                                                                            MD5:3C9820421B82620071FB3CDFE30505E5
                                                                                                                                                                                                                                                                                            SHA1:765AF27568930D7F7F09DCA9076E3C54ACE75F4F
                                                                                                                                                                                                                                                                                            SHA-256:7F775E1CA617C707D46B1858E1BE17E99A14B709E1FDD3733670DE119E46FAAF
                                                                                                                                                                                                                                                                                            SHA-512:5BC0CEF5BBD619B30D077F9AE70FDF17C5E14497CC949DCAF8B5BAE3FD7F595BA33AD2B8DE6C44CEBF2F7283AB61E27A17E66470D1777F4CDB8B62D5A840E8A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wilt u bedreigingen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed"..}..//73B4CE963DCFE8813F8F8160D6C3C696B77FD353318A44C1FF361BA8F55ED191A421CDB7FD305235E5F7746457B591A99D790FB7785D1C5BE6FDB154494242FC++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):650
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.699709818428589
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HRmi53Lw8i53LE6PU3LOdhc1FKb3LCoPY3LcBKHlX7Q/sDUo:7HRZFuFIfSdi+jeoPMiKl7PDUo
                                                                                                                                                                                                                                                                                            MD5:F3B1323CEF751CC9AC1612F56CE5BAF4
                                                                                                                                                                                                                                                                                            SHA1:815CFCA234FBF0C9198222823C7E2D67233C0C98
                                                                                                                                                                                                                                                                                            SHA-256:44A091FEFECE68CE977A6517362023B9B766985A5C603A82EE1E59A09322F2B3
                                                                                                                                                                                                                                                                                            SHA-512:0CCD4297A06A20D3BF61B5EC8AB6D1F6EF5D838409157698A7543579FAE8A246BCB425A9EC078115C68AB8833EB0C6B06439B9350B47F5494B7F7C43A884D38C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki",.. SEARCH_TOAST_DONE: "Gotowe"..}..//FCE4872A0520D857A66EF284AD996C3335D4E3E3736FBE42FDE5A7CFEDF300791B8951DA0490AC44057F9D224591880BED38319CB87E72CD009B8F2886657650++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):572
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.505573473763304
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HcwalVTVGGWF/CdhEVMBoPcw7pVl9jeH8R1rwO/O7b7:7Hu6F/CdGVMBoPcwXlEHmO7
                                                                                                                                                                                                                                                                                            MD5:544B8EB0964C8CDE2311E3D40E686498
                                                                                                                                                                                                                                                                                            SHA1:AE2D5E0340EF2D20B46F01B3997561812187182B
                                                                                                                                                                                                                                                                                            SHA-256:71BEA31C9CBB7AD986985ABB6B4D6EFAA744AD3C22A5F8B8288D070DF6FC3899
                                                                                                                                                                                                                                                                                            SHA-512:64C908CBB452E0014E9959A206658E3AC8F86E07871295D03BFF6F1099244C245239AAA28A053A750033F15A87AAF7C465A17C79608D17911A32EF91EC2BBA39
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Quer ficar longe das amea.as com prote..o extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a Pesquisa segura depois que o navegador for reiniciado",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//F0A5CFE1FDCCBF42FC6EAF6766B0245CA981E66585F6B5212F734AAEF6B44D30FD46CD0F120CB6A6BD1DC0F194361D86B52D6F46BD624309E893917BAA8E5F98++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):597
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.524112025161231
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HcQyVTuEcc3WhZ2dhvGUO9N7tOsK7HYcBY95SdgO:7HNlhZ2dRGUcNgsem9c
                                                                                                                                                                                                                                                                                            MD5:70E66ED81B3A49579BB6524AF29DF388
                                                                                                                                                                                                                                                                                            SHA1:31BD2D117E3BAE612ED22660560B2554A9BFD483
                                                                                                                                                                                                                                                                                            SHA-256:2AB20DF77D88EDF8873F08B2AB8DC1C7862E7C6C973AEC95EFF387C37A5C87C9
                                                                                                                                                                                                                                                                                            SHA-512:E390BCC0674B04AB6B29F69B2C57FC71CD14BA14C14B5007464F43C2985B522EC28AFC3E9DC0EADACB72168FC395A16B7BEA2A928D415A81C73D1E03FBE9527E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa Segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura ajuda-o a evitar sites perigosos nos seus resultados de pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Pretende evitar as amea.as com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a Pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//4B79284214D96F0A0B700CD7B4365D9ACD439408C7981E72A914DF18766CDBB83247D34F45F6A671F3B87FA087DE6D3D021306390FB09D05DF0D2282EAAD605D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):837
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.256135455579391
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7HYytHN6yt20qJNs2OSo7dL2IlIX2tCFe8ldkbHQO:8yNN6yJqjbOS6LiX2Ao3
                                                                                                                                                                                                                                                                                            MD5:F640410EE13F752431B1664CB527267E
                                                                                                                                                                                                                                                                                            SHA1:A0207FDC496DE7F381224EB8A4BD4727AED79D06
                                                                                                                                                                                                                                                                                            SHA-256:97D7869662531059A0E2929C1B2E6E632768877EB1A8AC500E771A173C73F9B2
                                                                                                                                                                                                                                                                                            SHA-512:E86509488471E243CA0E237CDAD6A095A20F06C77246AEC0C146AFE6F1052F12EB7A6AAD7C34E197CFFC31A4752F7518A94F24086DC12082431A99BE0097CA2C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ....... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .......... .. ..... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......"..}..//83B3C5BC2262D64F46571BED5C8A4A5340F667E4C84A1CB497BD070126E2371E7AC463FF58B39A2D0D4BEB6DC45DD7AFFECE3656F53D08F33C42E5311A6D03BA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):649
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.788608929090397
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qsXHYKsW+xQpRqWCEj8FBh4QpRqn3XmX4L6dFEhKcUdExJwshb7MolxFhRqqo/Th:7HLxCHLIOdhcUdOVzpG4D4udtKAC
                                                                                                                                                                                                                                                                                            MD5:5599810773C468B748818425281F1035
                                                                                                                                                                                                                                                                                            SHA1:5A44F5D56368A23166DDB9EFE68102FF117A8A9B
                                                                                                                                                                                                                                                                                            SHA-256:FA2CF089A16C57C84B787B0040F85E6EE78BAEDC71D4CD6733852A2A4EE48B31
                                                                                                                                                                                                                                                                                            SHA-512:6ECD2A72C0D14C56B8AD81DFAF6A182D4432FA23CC919EDF78B0BCCECE955746B3FA2526F036D1F424FD056636F1F0B0D89C2467E2C11F0760B9FA166B567CB3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete ma. n.skok pred .to.n.kmi v.aka zv..enej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, zabezpe.en. vyh.ad.vanie zapn.. po re.tarte prehliada.a.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//11AA66BAF3061528B0AFAEBF9B24D1C501B1CCEBDFD3ECA6AFB5038649C688CFD12314E570443924C7C07E87232F47EC0666954BBDA25B47E4901864D60FD752++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):605
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.608873514799169
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H3ORkfi2TAdhX3UbQytlQuhUHFK+WcK39fetJJVJDn:7H38kfwdqvQuhUHFjzKletJJVpn
                                                                                                                                                                                                                                                                                            MD5:2CE5A3062767C77D2D348627C1D13AAA
                                                                                                                                                                                                                                                                                            SHA1:386CDC1C0CE6B2BDF1B061C47AA8459421235206
                                                                                                                                                                                                                                                                                            SHA-256:651CA7721D2EC7A60C4C5E06932D7E5F40A32FB1F323F5C4C1211BE1AA9719BB
                                                                                                                                                                                                                                                                                            SHA-512:790D63A7483C82A8B6CC87CCDCA38175F0CC25C974DA6B66B1521C3A1BFD4EDF556CBD9FA52504870F9F31531987181D6F816F16587FFBF4D87E3D390ABBF7FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite da budete u prednosti u odnosu na pretnje uz dodatnu za.titu pretrage?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda.",.. SEARCH_TOAST_DONE: "Gotovo"..}..//528CE8DF8FE585A78D872B63B14496966735EB3D27297DE5DF4E1814AF419CC8F27AC096B3E540FBD3BBEC68CAD09F94774574EA6C66B4A90B0EB351B9BBA24B++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):574
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6373291170642
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7Hmg2AbjgZyDzL0HD4WkdhPN4McUQ4N94ijuwh7psgBe:7H7DbEgLLdVWMHN94iSwH4
                                                                                                                                                                                                                                                                                            MD5:F6DE37A19AF51E7EBFEF0258331BA90B
                                                                                                                                                                                                                                                                                            SHA1:C03A4FE2EF02901502C58F19788D88EDD79853DF
                                                                                                                                                                                                                                                                                            SHA-256:883A3CE1FF1F8C2C83C7ED207BD5476B54B3294A7CF3BB120E337235CB694259
                                                                                                                                                                                                                                                                                            SHA-512:302B8E3B64E4BAF6CEB828E1B340D26F9CE4C318898125173E577B5145985772E1270E969C4919A831517D70CD6752666F84F2B867FAD9DDB5D963CB1C5C333F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vill du vara steget f.re hoten med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart"..}..//0EC68A40885D893BA8B9CAA16E6DEED9016A4CFF177C4A2F12608B38E39EA6A24815C016C8D0281F5A69B0D42395368E93AC8FA7988D72BCAE1B55102F87CC33++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):589
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.590810495279371
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7H0i4Hb00hCdh29T1pGQMlwrX96UO1Pbbyhn3XxAX:7Hl4phCdA6VlwL4KhnHy
                                                                                                                                                                                                                                                                                            MD5:C96531A46F3EFBF2DD70AE3168BCEEE2
                                                                                                                                                                                                                                                                                            SHA1:427B051309219DC3B8B6D130D47EE39EB81D8BC0
                                                                                                                                                                                                                                                                                            SHA-256:8FF9DABC46E25B7E84F5C2B07BA3C7D025FBC1C91A0D11ACDA07E1042B38086C
                                                                                                                                                                                                                                                                                            SHA-512:EC3D16C30B8145B82028DE64B7F62FDCC1BD21828605A073F3D1E5F692761C86AE4C343FE5AB65E68A7EC2DDB9DC09CDE2A40B0DF53875C6C8C130898475A521
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Ek arama korumas. ile tehditlerin bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti"..}..//710A45A69B53D5EA92BFC4095BDDAEFE55EF4FF07F12F9409429AA764B49677BB08C05A904F115CF4FC4FDCF7275A92ACBA2F9829AA7C7E79A29327E261A2D59++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):547
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.247258292633417
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:qsXHYKsW+xGROGh4GytHRf8TCqdFEhKlYFlDvXUjujBPxZf8E4A+OYyMeR461y/Z:7HshRETCqdh2fDviKYE4aCeek4Gbty
                                                                                                                                                                                                                                                                                            MD5:DBF1E9E8C9B115DF002042F7DADC68D0
                                                                                                                                                                                                                                                                                            SHA1:1E06EBEAD3C21C55AE994BFCC68FC7FDCE2D4937
                                                                                                                                                                                                                                                                                            SHA-256:8DC40749FE83D57AAC6070CC1F2C32FAD4598611AE7AE3EC16E5259A9426A51F
                                                                                                                                                                                                                                                                                            SHA-512:E0B67E07196CF4C74972F7ED9BEC7C39589BE2E53F7ED2B191649E59DB72DFD38DBC9FFE66F6A26A217054A6ABB05F56354531D28CFC180C69CA2CC2AF2AAD45
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: "...................... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".....................?",.. SEARCH_TOAST_OPTION: "...............",.. SEARCH_TOAST_DONE: ".."..}..//377491152D66FA2E8085C36E988BFF23000A92309A77E53B3237EAD3410949D2F85CBB4AF1B0D23870D4A6F4D49CED6DFDD9DD717FC738966A1BA0F99F212E51++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):555
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.202683084096371
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7HamgrADLhZINcBjdhVfDaCBasqeDIYegGJU37AOn:7Ha/cDtZINSdfrtarph9Jgfn
                                                                                                                                                                                                                                                                                            MD5:CD0DAF9C2BED02F198156BC7EDAFEA9B
                                                                                                                                                                                                                                                                                            SHA1:289CBB17043BE458B9B6F8AA056B2FC308C90C98
                                                                                                                                                                                                                                                                                            SHA-256:61F5768F0BFCA0A1BC259435887A72FC38785FDDACADA3FBD8967368A67D66F6
                                                                                                                                                                                                                                                                                            SHA-512:7EEBDA9B232FBDC1CE0A95DDD368C3B72CA34A1EF8F72F8423FB40982A7801023AF67F836EB375F4A10738A9C900F279A7C001B00C9C7BC82A070996AFEBA520
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... - ...",.. SEARCH_TOAST_SUB_HEADING: "........................{0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "......................",.. SEARCH_TOAST_OPTION: "..................",.. SEARCH_TOAST_DONE: ".."..}..//AFB2C9E696A01ABEAFDC8E47DC7E50A68F057FEE7FF81523E729D0E5E8DABFBA1067CD7F92BF9805BF8CF3B9B18162673071925C926854BE5DC3FF542F34F1AF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6977
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.355473539171613
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CGsKDNR4J7qXQBLHEtvJd89CuvJd29Fx7sXYld4+D8:CoDNR4x+tvJd89CuvJdMDwXcd4+o
                                                                                                                                                                                                                                                                                            MD5:2C8D8E0A2BD3DBF4F925EA88AB200A04
                                                                                                                                                                                                                                                                                            SHA1:81F2B33370B5FB7046C3938FE697DA7F83668892
                                                                                                                                                                                                                                                                                            SHA-256:72738F2579C5609FA9CE1E65F56F25BAD1A7B357C711B7AC6A93838909E013D5
                                                                                                                                                                                                                                                                                            SHA-512:E449A08EB0B5DB3A4FB63E62A84E53A35A4C39457D836A8A61B8CC9E5D6680E732B4F51D79D5B6934537280E0CFD798F4344EB827A393341453A0437476B9350
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Quer ficar longe de pessoas mal-intencionadas com prote..o de pesquisa extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "A pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Gostaria de adicionar a pesquisa segura e se antecipar aos criminosos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu navegador e alterar minha pesquisa padr.o para {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7070
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3546832312019825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Chka9ILBeycgfmtmud0l9zEYmud0lkVHed0g57a:ChknLBeycgmtm5PmqHypa
                                                                                                                                                                                                                                                                                            MD5:3799F87E6578237EDCDF45194F4D48F0
                                                                                                                                                                                                                                                                                            SHA1:B53F995469C2786B1C644A371892BC7C97E5DBCE
                                                                                                                                                                                                                                                                                            SHA-256:E505629055F5E629815D74D0EA83E14AC929729EC8C0DAB2C471BD683228F311
                                                                                                                                                                                                                                                                                            SHA-512:DC3C40552609333503322F7F6A1DC13AC6B83D796295A7EE25572EB61B2045F528FB3314EFF4AEB25CB10E1132196677DE1CB0C8DF8962677B9096251D7B4B5D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Pretende evitar os utilizadores mal intencionados com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "N.o tem a pesquisa segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Pretende adicionar a pesquisa segura e antecipar-se aos malfeitores?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu browser e alterar a minha pesquisa predefinida para {0}.", // {0} SEARCH_TOAST_*.. SEARC

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (309), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10279
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.115638334969623
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CDxFR6OsBNVZPV/y/Vm1R1ut52Gu5U0DLTDGgo1:CDxFR9I1yI1R1utQGuV5o1
                                                                                                                                                                                                                                                                                            MD5:C3A1D7364DB103286EAA667D64043321
                                                                                                                                                                                                                                                                                            SHA1:C71D794471FE9AE4ABCBB4677B02CF3618EAE827
                                                                                                                                                                                                                                                                                            SHA-256:6EA11AB0A7A1A113C95B8945F73BCF08A83CC9C5E9CBDFED667A65A47EE09B7B
                                                                                                                                                                                                                                                                                            SHA-512:E3BECABD49C9DD33F0E6B3FE15C4792389F1A2256AE29BEE3420A42B388281F2F97814FC1BE185DBE55455363763AF367BFE0C57840D00C12E4F4167EBDF50DD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... .......",.. SEARCH_TOAST_BODY_TEXT: "...... .......... .. ............... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......",.. SEARCH_TOAST_HEADING_COMPLIANT: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......... ..... .. ........ ... ..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7406
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.693566077605284
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CgGE6x3pVIczmqoU5t9gga9BC9ge4rShIAl:CgGE6vH6XU5t9gga9BC9grSOAl
                                                                                                                                                                                                                                                                                            MD5:ECFEDBBFC175AD6928A61BC6128D21A0
                                                                                                                                                                                                                                                                                            SHA1:D0FC6146F6362CB2089CDB53E67AC04AEEC13BF7
                                                                                                                                                                                                                                                                                            SHA-256:066A025379A56CDAF9F81641FFCE21744F71C869F6BDBF81C29A1F30A31AC4E0
                                                                                                                                                                                                                                                                                            SHA-512:800C3931FCDDDFDE3E1205B68EE3FA68978231C45085EDD7528294AABAA222709D3EFD55C79657D4A6684772C2D098226B8C9B76F54866952874AEDA85597544
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete ma. n.skok pred .to.n.kmi v.aka dodato.nej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, po re.tartovan. prehliada.a zapn.. slu.bu Zabezpe.en. vyh.ad.vanie.",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te zabezpe.en. vyh.ad.vanie . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete prida. zabezpe.en. vyh.ad.vanie a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".no, prida. zabezpe.en.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6881
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.502169090828175
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CDvPQbt+oOuDdY9XXHci4ERt9UFE+fa9f+i9UFED9FV77GewuWZv96dJ:Cj8at9UF89/9UF+TWZv96dJ
                                                                                                                                                                                                                                                                                            MD5:37C1F0B440FC11ED5EA071C3FBA34DC0
                                                                                                                                                                                                                                                                                            SHA1:980DA9DE7E869C2F551B74697D1434558A99F086
                                                                                                                                                                                                                                                                                            SHA-256:22FE14EF03BE0E5DCCCDF1E67DF49F7372714F851CE2282D8D47EA524A35CD0C
                                                                                                                                                                                                                                                                                            SHA-512:BE7AA46B16A4F80D26A56AA141656610B0352A8B422646DB36E4CB466A3D5C3F478E55D2587ABDE9F44945F6C44F5EEC79A4296AE249CE64988B05F778230011
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite da budete u prednosti u odnosu na .lo.e momke. uz dodatnu za.titu za pretragu?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda..",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati bezbedna pretraga i ostanite napred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodajte bezbedna pretraga u moj pregleda. i promenite podrazumevanu pretragu na {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENG

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6625
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.491069853271239
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CPWmMbkZdHSzoz9jp2rqntY25Sfs99FGlTuBLz704oH30wB5:CwbkOEtJ5SfsTzpEkwT
                                                                                                                                                                                                                                                                                            MD5:AC5D8D4C096CC2C55EB43729EC5EAF40
                                                                                                                                                                                                                                                                                            SHA1:46E13BA4EC2CE9F4DE54642ABB10ACB7E8EF52B6
                                                                                                                                                                                                                                                                                            SHA-256:A470660DC66B8CBDD79A9692CCA284F6AFD645D84D4C24092ABBBD48C2DD4436
                                                                                                                                                                                                                                                                                            SHA-512:AB41E103B1AFFF5707EE310993B5D73DD0D7066086EAD16CBCF80DBF4E858FE2E90661E00C8A4AD60CC4A3AB1BD9963E32B82E4CA71BEEEAC64ACB1601582412
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du vara steget f.re skurkarna med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vill du l.gga till s.ker s.kning f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, l.gg till s.ker s.kning till webbl.saren och .ndra standards.kningen till {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHO

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6975
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.54317325600138
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CcHgbQsEEkAWex0JFMRhtSgyLyowlSgB9FerI7ur22yp98O:Ci6hMJF6t1yLyt13wrnr9yp9T
                                                                                                                                                                                                                                                                                            MD5:8A2287D767C2C6AE29ECE303C9EE8F35
                                                                                                                                                                                                                                                                                            SHA1:CB91D9C13AD951DA57D8853F93D8F7D3A0E606C9
                                                                                                                                                                                                                                                                                            SHA-256:6547D54422C7DE48BEDAA9383CE4A7A44A9EAE7345915D3E6632B499707F2397
                                                                                                                                                                                                                                                                                            SHA-512:0DB372A4CA3B597611916AA0573CE94E5E0D60A37F9F313E46E2A2BEA62C5B434AD07242D0CBB84C3D33FF4ADB83D26879435AEDFB099BFFDDD1DF788AA7956D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "Ek arama korumas. ile k.t. adamlar.n bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti",.. SEARCH_TOAST_HEADING_COMPLIANT: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "G.venli Arama'y. ekleyerek k.t. niyetli ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Evet, G.venli Arama'y. taray.c.ma ekle ve varsay.lan aramam. {0} olarak de.i.tir.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6330
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.345212495729186
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CUk5RhhRDj8mxeX+lE8D9VkbXtK6XKS9FgXap7B0Cc:Ch/LxeXqEsGtBX/Dp9Lc
                                                                                                                                                                                                                                                                                            MD5:B1897A07FF9E2C4546026C49BD3C397A
                                                                                                                                                                                                                                                                                            SHA1:92D473F7887B623093F8BD9D5A7D9B92A66A1D44
                                                                                                                                                                                                                                                                                            SHA-256:60A735D27FBEE1CB73F9A9580E4BA24BB47B82DFD64970E716D2AA4FCB69CA52
                                                                                                                                                                                                                                                                                            SHA-512:BFF1A7B19C7643EAFB2CFDFC85DDF35551218EB6720E04CFFDF6066BC567C5EA536E41478C9A703053C88D5AE952DB1069EAB9BEB852EFCDA5258657A59D8FC3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: ".....................",.. SEARCH_TOAST_BODY_TEXT: ".......................?",.. SEARCH_TOAST_OPTION: "................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "......... . .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".......................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6347
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.339242004140421
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:CGhla0tPlgm6w6KdmnPZ1cSDGFtMDjNOWMDjB9FEKrYimnyn:Ci7dgtOfSStMPNOWMP3wimn4
                                                                                                                                                                                                                                                                                            MD5:639BDE2ACBF136013F017FC0C31375B2
                                                                                                                                                                                                                                                                                            SHA1:D28C5410333C3EAE25DE426041D3FC4B4149C2A6
                                                                                                                                                                                                                                                                                            SHA-256:93C0C80CBEED7F6B6D52F8F564E99C8DE65A5BFD0535AD11274589699C21D347
                                                                                                                                                                                                                                                                                            SHA-512:4E0C005C4CCAB83C542CAA04A09D308E494E527FEBDC2F9BC6EF03856F4DCB16B0FBF7A1D6B1146F2F5EE07615F522194FCC615B5DDB23B4E229563EFBC4CCC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "....... . ...",.. SEARCH_TOAST_SUB_HEADING: ".......................",.. SEARCH_TOAST_BODY_TEXT: "........................",.. SEARCH_TOAST_OPTION: "...................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "....... . ...",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................",.. SEARCH_TOAST_OPTION_COMPLIANT: "........................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2562
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.683532691532839
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UjbcgNu0dSJUGlJ6qfveziXpAlJ2bRQmC3ptQfMmIm42wudadOlOfm92NokzNNiq:UjbcgNurGGlJRemXalKRQmgpt4MmImi5
                                                                                                                                                                                                                                                                                            MD5:C811778F41BC1A6E5F3FC3626E330849
                                                                                                                                                                                                                                                                                            SHA1:610DAFDD9CF8B438F980F34E290EAE38BEADCCF8
                                                                                                                                                                                                                                                                                            SHA-256:96A5FBC4F33477A799CB6A2BBB2226A24D7CA7A5C6256678BD74A8A09AC26F2E
                                                                                                                                                                                                                                                                                            SHA-512:BE1C1D93CA7A9DD664D3EF495670F78D0466897DAFC1798A29378A5A341723D7362C2EB01111DDD685D77BC8D7DA4777E8D2B52C77345EB6529F797BE0CE2B76
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odinstalaci nelze pokra.ovat, dokud nebudou zav.ena v.echna okna prohl..e.e.<br/>Kliknut.m na tla..tko OK automaticky zav.ete v.echna okna prohl..e.e. Kliknut.m na tla..tko Zru.it tuto akci zru..te.",.. ADMIN_WARNING: "Aplikaci {0} nebylo mo.n. odinstalovat, proto.e jste k po..ta.i p.ihl..eni jako u.ivatel s omezen.mi opr.vn.n.mi. P.ihlaste se jako spr.vce syst.mu Windows a zkuste to znovu.",.. KEEP_FREE_PROTECTION: "Ponechat funkci Ochrana p.i proch.zen. internetu",.. NO_THANKS_UNINSTALL: "Ne, d.kuji. Chci ji odinstalovat",.. CANCEL: "Zru.it",.. NO_THANKS: "Ne, d.kuji",.. SURE: "Samoz.ejm.",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Odinstalace aplikace {0} prob.hla .sp..n..",.. SURVEY_OFFER: "R.di bychom znali v.. n.zor. Pora.te n.m, jak m..eme tento produkt je.t. vylep.it.",.. SORRY_TO_GO: "Je n.m l.to, .e jste si aplikaci nenechali.",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2321
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.409903751827867
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:U9XpCmXa0Roqce7Coh4C3zOur+BYHexiAWFY502OUhMYI5Lp6+ZaKJq4U3nrx:U9XpbXaUz3x+BYWivW0uinhEaq4U3nrx
                                                                                                                                                                                                                                                                                            MD5:8E93E6EC7428855529579E083BE94B01
                                                                                                                                                                                                                                                                                            SHA1:003C37EA5F7CF61D3A471ED4E34AFBB2E874DBA6
                                                                                                                                                                                                                                                                                            SHA-256:8A86B32A531BCB4C135BF803768BBB00E7107C366F80C717280210B6A68D1273
                                                                                                                                                                                                                                                                                            SHA-512:D0AAC48B582FA48E2D30AECA8BE332655697E79E6108902D223FCF18BB3A32D8DBC85EDE02707B8E899F9CE7D7AE137B4B82089D3BE7660C617ADD4B6E5F1ACA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Lukke alle browservinduer for at forts.tte med at afinstallere softwaren.<br/>Tryk p. OK for at lukke alle browservinduer automatisk eller p. Annuller for at afbryde.",.. ADMIN_WARNING: "Du kan ikke afinstallere {0}, da du er logget p. computeren som begr.nset bruger. Log p. som Windows-administrator, og pr.v igen.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelsen",.. NO_THANKS_UNINSTALL: "Nej tak, afinstaller den bare",.. CANCEL: "Annuller",.. NO_THANKS: "Nej tak",.. SURE: "Selvf.lgelig",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Afinstallationen af {0} er f.rdig.",.. SURVEY_OFFER: "Vi vil gerne h.re din mening. Hvordan kan vi efter din mening g.re dette produkt endnu bedre?",.. SORRY_TO_GO: "Vi er kede af, at du forlader os.",.. UNINSTALLING: "Softwaren afinstalleres ...",.. START_HEADER: "Vent! Vil vil savne dig, hvis du afinstallerer",.. START_SUB_HEADER: "Og du vil ogs. savne all

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2527
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.386167440115135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UYDdXJ6UXJbcC87UQT9zw/eCJlgf0IyYuYL16OhrHAoKKmJvDkojS4WL:UydXTXOs6fIYXLhgokkoTS
                                                                                                                                                                                                                                                                                            MD5:6266AE0BB8A2CB047E272875AA91F7F4
                                                                                                                                                                                                                                                                                            SHA1:44D8F50433351D43760CD9417F7FD5CDEDCBFCC2
                                                                                                                                                                                                                                                                                            SHA-256:9EB26BBDCA33BED77919B7E2F95BF775F8AC00B11240D2E65BA14A91D766B31A
                                                                                                                                                                                                                                                                                            SHA-512:3D7FB365424AC812E861C572728C4632DA450A2126D7BBA48390718722ACF10095B729B941903D22410F8A9892EF7E5C22B4C212A2D09F8BF03022F545E3A2A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Die Deinstallation kann erst fortgesetzt werden, nachdem alle Browser-Fenster geschlossen wurden.<br/>Klicken Sie auf 'OK', um alle Browser-Fenster automatisch zu schlie.en, oder klicken Sie zum Beenden auf 'Abbrechen'.",.. ADMIN_WARNING: "Sie k.nnen {0} nicht deinstallieren, da Sie bei Ihrem Computer als Benutzer mit eingeschr.nkten Rechten angemeldet sind. Melden Sie sich als Windows-Administrator an, und versuchen Sie es erneut.",.. KEEP_FREE_PROTECTION: "Web-Schutz behalten",.. NO_THANKS_UNINSTALL: "Nein danke, bitte deinstallieren",.. CANCEL: "Abbrechen",.. NO_THANKS: "Nein danke",.. SURE: "Sicher",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Die Deinstallation von {0} wurde erfolgreich beendet.",.. SURVEY_OFFER: "Wir freuen uns, von Ihnen zu h.ren. K.nnen Sie uns mitteilen, wie wir dieses Produkt noch verbessern k.nnen?",.. SORRY_TO_GO: "Schade, dass Sie unser Produkt nicht mehr verwenden m.cht

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4045
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.01615803440301
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:U4iYsFeBkg78VLgPHKM6V6WaLq/tit7lO7hm:U4iiam8hgPj6V6W0q/titcg
                                                                                                                                                                                                                                                                                            MD5:242DE46FCB1884AB7CA3F6AE086414CF
                                                                                                                                                                                                                                                                                            SHA1:1D3636596F1C1829F9892366730B84CAEA031E39
                                                                                                                                                                                                                                                                                            SHA-256:EF9477C1A5A078912F3EB0A1B631E455067A43B2EB3C5A28415785051B4D3898
                                                                                                                                                                                                                                                                                            SHA-512:97DEF60FB648A971915A1D3C7C18BD02490E47D7ADCBF3F846E6E0253AB975846BEB26F6AB23018062478EE5C6C4D13DDA84BF25E16110483493D2992E69BA10
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ". ......... ............ ... ...... .. .......... .. ... ........ ... .. ........ ... ............ ...........<br/>....... OK ... .. ........ ........ ... .. ........ ... ............ .......... . ....... ....... ... .........",.. ADMIN_WARNING: "... ........ .. ........... ... ........... ... {0} ..... ..... ........ .... .......... ... .. ....... .. ............ ........... .......... .. ............ ... Windows ... ......... .....",.. KEEP_FREE_PROTECTION: "......... ... .......... Web",.. NO_THANKS_UNINSTALL: "... ........., ..... ..........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.396287644162781
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UawX1F1LVSHccWK2aFe3ymc9oqTLvmLtwbvORLxe+l:UxXfhQpe3ymco0uLtRLxe+l
                                                                                                                                                                                                                                                                                            MD5:60CBE7972CA5FDE2269AB8A1D3320605
                                                                                                                                                                                                                                                                                            SHA1:D9783A27B61B54C4F05460BCCBE08C1D77122B58
                                                                                                                                                                                                                                                                                            SHA-256:0A32B60573BD5692E306D7ED834F6FB88B6D9307E94C6A51812F2B3E1173BFB7
                                                                                                                                                                                                                                                                                            SHA-512:7A10EB5062CA9A8F2CE9C07916F3F89F14EAC099E21F779603DD974270062AE4C4E221925153603C20D48361D2995F76A0F9594A405F131694B75F37832663DF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Uninstallation cannot continue unless all browser windows are closed.<br/>Press Ok to automatically close all browser windows, or Cancel to abort.",.. ADMIN_WARNING: "You can't uninstall {0} because you're logged in to your computer as a Limited User. Please log in as a Windows Administrator, and try again.",.. KEEP_FREE_PROTECTION: "Keep web protection",.. NO_THANKS_UNINSTALL: "No thanks, just uninstall it",.. CANCEL: "Cancel",.. NO_THANKS: "No thanks",.. SURE: "Sure",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "You've successfully uninstalled {0}.",.. SURVEY_OFFER: "We want to hear from you. Can you share your thoughts on how to make this product even better?",.. SORRY_TO_GO: "We're sorry to see you go.",.. UNINSTALLING: "Uninstalling your software now...",.. START_HEADER: "Wait! If you uninstall, we'll miss you",.. START_SUB_HEADER: "And you'll miss all the good we do, like:",.. WE_SCANNED: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2342
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.369323454919437
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Uop2w+XfxK626IEkLmHVR9zgD/1jBv2a82Vj6Aux9M8KBk/PU:UzwqfxnjVgjvv24KxSOPU
                                                                                                                                                                                                                                                                                            MD5:D2DDD271E3AC6C6691D8E15245E7E31E
                                                                                                                                                                                                                                                                                            SHA1:6F201CAF79350EA119B8FBC68BF5D7B9DACBDEFD
                                                                                                                                                                                                                                                                                            SHA-256:AD4BDFFCD7B03B8C8FF588D9CEC85A15545BB443D3E8786CABEECDCC63AE76B7
                                                                                                                                                                                                                                                                                            SHA-512:1BB54430D3641FF008E9EF3735BDE29C5D3D7799CFC3F7172FFB67D4B64864BB2B9D15C6BCE2B9235F15938D2BF0092CC2096F062AB5C3820B2F970E5FDB4AE3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Pulse Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para anular el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Mantener protecci.n web",.. NO_THANKS_UNINSTALL: "No, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de utilizar el producto.",.. UNINSTALLING: "Desinstalando el software...",.. START_HEADER: "Espere. Si desinstala, le echaremos de menos",.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2389
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3888716392690155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Uo72wwXfxjn6v6IEkLX/wrN9gZ0o/0BjBfjTz2VhSZ6c9VTC0Czlu6P:U/wUfxnIwancfjTpVTC0of
                                                                                                                                                                                                                                                                                            MD5:80E56CEE790ABDBBE180B84B049D042D
                                                                                                                                                                                                                                                                                            SHA1:1DFA2C7EDD6536F5003D38B6935792ECA60D7ECD
                                                                                                                                                                                                                                                                                            SHA-256:3D0A676CADB63C44D475AF349CE26197590DC5FBC6FC491DEF56C41B9FB9F404
                                                                                                                                                                                                                                                                                            SHA-512:94B9746ADB0B6FB5DCBDDC492BEE9FFA38EEC8E4E7850BA89E881523450573079EC423CB7DBEDA6490B7842EF66278D7450D4B4D24E72D0C3A3D2A54849405FF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Presione Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para interrumpir el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Conservar protecci.n web",.. NO_THANKS_UNINSTALL: "No, gracias, desinstalarlo",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de usar el producto.",.. UNINSTALLING: "Desinstalando el software.",.. START_HEADER: ".Espere! Si desinstala, lo ext

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2389
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.354515194771798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UrCot/9DbtMfbzwx1kF08hjltMEwTZVyY+vRVZY2f3gvaitItzNG:UrHmMx2BJt8TDmRVzIIBE
                                                                                                                                                                                                                                                                                            MD5:885163DA147E89B22963F15EC3A6E210
                                                                                                                                                                                                                                                                                            SHA1:2697EB9B398423AC78A22ADB2D57A5B4872AD75E
                                                                                                                                                                                                                                                                                            SHA-256:5867DB3FB372EDAE099100BBDA683429B39AF81E96836335B9CA4A526DA3793F
                                                                                                                                                                                                                                                                                            SHA-512:66340E2E62BA3C2CD7E42EF0C7114E3D9553AE3546BD7ABCD5E5051676BF7FE32A86829BABE1BE7D93EC9E0BA03DBE60137A4C728D85F85A3C43E2C7B42215DB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Asennuksen poistamista ei voi jatkaa, jos kaikkia selainikkunoita ei suljeta.<br/>Sulje kaikki selainikkunat automaattisesti valitsemalla OK tai keskeyt. valitsemalla Peruuta.",.. ADMIN_WARNING: "Et pysty poistamaan sovelluksen {0} asennusta, sill. olet kirjautunut tietokoneeseen k.ytt.j.n., jolla on rajoitetut oikeudet. Kirjaudu Windowsin j.rjestelm.nvalvojana ja yrit. uudelleen.",.. KEEP_FREE_PROTECTION: "Jatka verkkosuojauksen k.ytt...",.. NO_THANKS_UNINSTALL: "Ei, kiitos. Poista asennus.",.. CANCEL: "Peruuta",.. NO_THANKS: "Ei kiitos",.. SURE: "OK",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} on poistettu.",.. SURVEY_OFFER: "Kuulisimme mielell.mme sinulta palautetta. Haluatko kertoa meille, miten voisimme tehd. tuotteesta viel. paremman?",.. SORRY_TO_GO: "Ik.v.., ett. et halua jatkaa tuotteen k.ytt...",.. UNINSTALLING: "Poistetaan ohjelmiston asennusta.",.. START_HEADER

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2674
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.367838438204783
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UZbbplCgKbHGou9Uz0NHKVfNV7jUtmjV0fkJmTMOo8MXIHe5QXZhrgKHqeTyGIYO:URbpEhDvVF5jUqckJXBIHe5scqqeTY
                                                                                                                                                                                                                                                                                            MD5:1873034F54B055160694C81F98515CD2
                                                                                                                                                                                                                                                                                            SHA1:CEC8DA300B8CD281C1A1AECD8E3C569554EDAD76
                                                                                                                                                                                                                                                                                            SHA-256:E0F9125FEA9C6A064BE73AFDD7B007F41995EE8B546680AD77352759FA63F324
                                                                                                                                                                                                                                                                                            SHA-512:5BB988CCEFDD479BF105FD52312F5C2054751A8FBE8FB3960429EBF102ACBF5C8127CF26805681CDCD8F700EE41E181832BB2C72E809434228E4C21796DD2FF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La d.sinstallation ne peut pas se poursuivre sans avoir ferm. toutes les fen.tres du navigateur.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur, ou sur Annuler pour abandonner.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur disposant d'un acc.s restreint. Veuillez vous connecter en tant qu'administrateur Windows, puis essayez de nouveau.",.. KEEP_FREE_PROTECTION: "Garder la protection Web",.. NO_THANKS_UNINSTALL: "Non merci, d.sinstallez-la",.. CANCEL: "Annuler",.. NO_THANKS: "Non merci",.. SURE: "Bien s.r!",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez correctement d.sinstall. {0}.",.. SURVEY_OFFER: "Nous souhaitons conna.tre votre opinion. Seriez-vous dispos. . nous dire comment nous pourrions am.liorer ce produit?",.. SORRY_TO_GO: "Nous sommes d.sol.s que vous nous quittiez.",.. UNINSTA

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2626
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.397389659181272
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UT3FlNKBwOdm79zoIuKntX3OPwnIeruBTCtnSo8sprasnmNvigS2:UTVfsEtX+iIeq8XUsmNvia
                                                                                                                                                                                                                                                                                            MD5:41F6B2B2D89553D41D2261C522746B3F
                                                                                                                                                                                                                                                                                            SHA1:DCF587D0E1362DFBF7075BE614A9206ADA614024
                                                                                                                                                                                                                                                                                            SHA-256:F0F51CACFF3F7BE9DA222FC0AC8C34FA02692743EDC005AADFF22A7C3E83EA90
                                                                                                                                                                                                                                                                                            SHA-512:DC493E73623136C17C5C8D30FAD6DE9D9172B82727BE16E95DEEB2C5E59411B1CB61285495449DD4397A9CFC938B8C9F5B66202176B840291F3BDC07ACC8E06F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Impossible de poursuivre la d.sinstallation tant que toutes les fen.tres du navigateur ne sont pas ferm.es.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur ou sur Annuler pour interrompre l'op.ration.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur limit. sur votre ordinateur. Connectez-vous en tant qu'administrateur Windows et recommencez.",.. KEEP_FREE_PROTECTION: "Conserver la protection web",.. NO_THANKS_UNINSTALL: "Non merci, proc.der . la d.sinstallation",.. CANCEL: "Annuler",.. NO_THANKS: "Non, merci",.. SURE: "Bien s.r",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez d.sinstall. {0}.",.. SURVEY_OFFER: "Nous serions ravis de conna.tre votre opinion. Si vous avez des id.es pour am.liorer ce produit, n'h.sitez pas . nous en faire part.",.. SORRY_TO_GO: "Nous sommes d.sol.s de vous voir p

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2390
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.440162012656156
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:U4qRJGbmxWQuD28CEnxSP+vuR4S0OaysKXXFrQeOBCd:UxiRNC83kPEu30uRW6
                                                                                                                                                                                                                                                                                            MD5:955E421B4269274ABC1BB7F4D816E3C1
                                                                                                                                                                                                                                                                                            SHA1:EF4EF86840BF20D917170E3D746107626D37ACE5
                                                                                                                                                                                                                                                                                            SHA-256:F1D6D8C3C6DBBB41E27AF8240807D35DE2E512198A7D189B83C67DCCC0A23F4E
                                                                                                                                                                                                                                                                                            SHA-512:7C73529BE65071265F8BE1CA0F12AE16E88D36330AFD0C277AD656F5016209EEAE98FC222EF0C0DDA2803620D2D761D0CAAB1B6EEFF9C1A2AE2FF10809B1F638
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Deinstalaciju nije mogu.e nastaviti ako svi prozori preglednika nisu zatvoreni.<br/>Kliknite na U redu da biste automatski zatvorili sve prozore preglednika ili Odustani da biste prekinuli proces.",.. ADMIN_WARNING: "Ne mo.ete deinstalirati {0} jer ste na ra.unalo prijavljeni kao korisnik s ograni.enim ovlastima. Prijavite se kao administrator sustava Windows i poku.ajte ponovno.",.. KEEP_FREE_PROTECTION: "Zadr.i za.titu na webu",.. NO_THANKS_UNINSTALL: "Ne, hvala, samo je deinstaliraj",.. CANCEL: "Odustani",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspje.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo .uti va.e mi.ljenje. .elite li podijeliti s nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to vi.e ne.ete biti na. korisnik.",.. UNINSTALLING: "Deinstaliramo va. softver sada...",.. START_HEADER: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2561
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.593386141394456
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ud/4sBMK+ZvbkFzo5lQiw9Azz8eFRHJev0Dq4aVv2R:Ud/PBMKN6lu9aVFR4e2l2R
                                                                                                                                                                                                                                                                                            MD5:B3146E3BDCF6D7A51571D5D262F0D8BB
                                                                                                                                                                                                                                                                                            SHA1:66DB8C003F0A24A4C985F40BCFF91677173CF5E2
                                                                                                                                                                                                                                                                                            SHA-256:BC4351268E254360AF66434192407DBBD28C363DC615957DDD421FDF6FABD0D1
                                                                                                                                                                                                                                                                                            SHA-512:EA2021EA24A43371B59925E7E5DFC529CE468304B8BF47B27A43B1C944C424D5AA16869716C09A0EEFECFDBA1B273D2C1A86557972C4FB97DB883F1EB1049F81
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Az elt.vol.t.s csak az .sszes b.ng.sz.ablak bez.r.sa ut.n folytathat..<br/>Az OK gombot megnyomva automatikusan bez.rhatja az ablakokat, a M.gse gombbal pedig megszak.thatja a m.veletet.",.. ADMIN_WARNING: "A(z) {0} szoftver elt.vol.t.sa nem lehets.ges, mivel a sz.m.t.g.pre korl.tozott hozz.f.r.s. felhaszn.l.k.nt jelentkezett be. L.pjen be Windows-rendszergazdak.nt, majd pr.b.lja .jra.",.. KEEP_FREE_PROTECTION: "Webes v.delem meg.rz.se",.. NO_THANKS_UNINSTALL: "Nem, egyszer.en t.vol.tsa el",.. CANCEL: "M.gse",.. NO_THANKS: "K.sz.n.m, nem",.. SURE: "Rendben",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Megt.rt.nt a(z) {0} elt.vol.t.sa.",.. SURVEY_OFFER: "Sokra .rt.keln.nk a v.lem.ny.t. Megosztan. vel.nk, hogy v.lem.nye szerint hogyan tehetn.nk m.g jobb. ezt a term.ket?",.. SORRY_TO_GO: "Sajn.ljuk, hogy nem tart ig.nyt a szolg.ltat.sra.",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2426
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.319750062094408
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UUKu3r7X85X6/5Ouzl676xLqVDSdEfCXqYQ0d0ddfbOf0w:UDE/M5puk68VDcEK7vSdSL
                                                                                                                                                                                                                                                                                            MD5:4BA2D71555911225A75E87C0AF11FB67
                                                                                                                                                                                                                                                                                            SHA1:1E8C7B76AD6DCAC44AB7E7130C6D0DB36DC46D98
                                                                                                                                                                                                                                                                                            SHA-256:8DF6CC43AD98A1457901C23BD377F1B552A6ED18B298E9D9B4E855034B7451C5
                                                                                                                                                                                                                                                                                            SHA-512:D30C1E6A261220C8912D4D4D8F7B282D8283C8ED3C66452B505453F68FC12D0D1DE5CF3B8D634AED61DDD62D7C834DD9D3125DB08BA06495C9DF593BCB0B4B02
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Per procedere con la disinstallazione . necessario chiudere tutte le finestre del browser.<br/>Premi OK per chiudere automaticamente tutte le finestre del browser oppure Annulla per interrompere l'installazione.",.. ADMIN_WARNING: "Impossibile disinstallare {0} in quanto l'accesso al computer . stato effettuato come utente con restrizioni. Accedi come amministratore di Windows e riprova.",.. KEEP_FREE_PROTECTION: "Mantieni la protezione Web",.. NO_THANKS_UNINSTALL: "No grazie, disinstallala",.. CANCEL: "Annulla",.. NO_THANKS: "No, grazie",.. SURE: "Certo",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Disinstallazione di {0} riuscita.",.. SURVEY_OFFER: "Vogliamo sapere la tua opinione. Vuoi condividere la tua opinione per migliorare ancora di pi. questo prodotto?",.. SORRY_TO_GO: "Ci dispiace che tu abbia deciso di lasciarci.",.. UNINSTALLING: "Stiamo disinstallando il software...",.. START_HEADER: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2813
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.732554446731745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UmgtjeIgCS7v06vDxzezcu5dbwaIVvOaaI9nCiGSGfKi4Z0YX+NrVW:UmgtjP6r3dzevdUnkbf4ANrVW
                                                                                                                                                                                                                                                                                            MD5:7FA317B89904C25D094C036125707E2F
                                                                                                                                                                                                                                                                                            SHA1:4FB6148770CBA2BD804FA8CE63D866170D53554C
                                                                                                                                                                                                                                                                                            SHA-256:4C05356F2D2E836FB3644050B51B9CE411C4F3EABB1E1B3AE1A32998582343A6
                                                                                                                                                                                                                                                                                            SHA-512:5D9CD98642FC52BF80CF55E0813ADCBBE7BC87B94221F95BE53CBAEE234F945BABF7659C96F49F825ABC7579B5F3B8E4810F9655E77B02399D5941485E078F59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".......................................<br/>[OK] .............. ...............................[.....] .........",.. ADMIN_WARNING: "{0} .........................................Windows ............................",.. KEEP_FREE_PROTECTION: "..........",.. NO_THANKS_UNINSTALL: "....",.. CANCEL: ".....",.. NO_THANKS: "...",.. SURE: "..",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} ..................",.. SURVEY_OFFER: "...........................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2648
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.965627374338071
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UJfHnXcKfYWPiQrinx8fhU5aN0jFnSBra8ABYWajyqYOAl5us3aTuq:Upv2n0C5aejF4raNYdXAis+R
                                                                                                                                                                                                                                                                                            MD5:BB68555B5C8C49E32D7D93FA12972A08
                                                                                                                                                                                                                                                                                            SHA1:C2EED8F992AED7AA708174C9D3261707F1896751
                                                                                                                                                                                                                                                                                            SHA-256:7F35FA92008EBD1E7FC6C9B1DD482B51F257760613CF50ABC55F6E0520E03F20
                                                                                                                                                                                                                                                                                            SHA-512:E4780FB303ECE00D41D3E26621B941894664E1FB1D24FC67B60CF212D3D5DBE1105D93EDF3E1D9B09BDD62B96F35BE03C3F4C103455E3F70000546B645E11D66
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".. .... .. .. ... ... ... . .....<br/>... .. .... .. .... .. ... ... .. ... .......",.. ADMIN_WARNING: "... .... .... ..... .... {0}. ... . ..... Windows .... .... . .. .......",.. KEEP_FREE_PROTECTION: ". .. ..",.. NO_THANKS_UNINSTALL: "..., .....",.. CANCEL: "..",.. NO_THANKS: "...",.. SURE: ".",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "{0}. ..... ........",.. SURVEY_OFFER: "... .... .. ..... . ... .. ... .. ... .........?",.. SORRY_TO_GO: "... ..... .... . .. .... ......",.. UNINSTALLING: "...... .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2338
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.385545939734635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:U2AUYbOdeMb72i5iur+vrJBFJZG5biH7kFJqSCLUhS0TGpCaiSV52Gh:ULkX2G+vNBFSbiHIFCAc6Sn
                                                                                                                                                                                                                                                                                            MD5:919664FE19EED8484D03A19BEB76969D
                                                                                                                                                                                                                                                                                            SHA1:AAE36791864DB4C940C4B9BA3776CE6AAF92E7E5
                                                                                                                                                                                                                                                                                            SHA-256:CDB63088E885E9CF1C0D0BD83E293A27A2DEB3569CEB2FB41EEFA0EB4C23B6A8
                                                                                                                                                                                                                                                                                            SHA-512:43EC99DD55E0D71D479FD9118EA0FA8D440F115DB78F459FC87F0E347678338D4D160DC1A0DB89C481BAF1C9515DA058B97A50C7CF17BD2040A227AD72BAE494
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallasjonen kan ikke fortsette f.r du har lukket alle nettleservinduer.<br/>Trykk p. OK for . lukke alle vinduene automatisk eller p. Avbryt for . avbryte.",.. ADMIN_WARNING: "Du kan ikke avinstallere {0} fordi du er logget p. datamaskinen som en Begrenset bruker. Logg p. som Windows-administrator og pr.v p. nytt.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelse",.. NO_THANKS_UNINSTALL: "Nei takk, bare avinstaller det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nei takk",.. SURE: "Ja visst",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Du har avinstallert {0}.",.. SURVEY_OFFER: "Vi vil gjerne h.re fra deg. Kan du dele dine ideer om hvordan vi kan gj.re dette produktet enda bedre?",.. SORRY_TO_GO: "Det er synd at du ikke vil fortsette . bruke oss.",.. UNINSTALLING: "Vi avinstallerer programvaren n...",.. START_HEADER: "Vent! Vi vil savne deg hvis du velger . avinstallere",.. START_SUB_H

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2363
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.344335361384779
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:URHXIzXIV2xo3lID6XgocC7h7kBzyNkIK+2L0LgSPGxetBt/XktFOFVQoG:UhXOXgYGi6XgAgtIKtLeOw3Fmd
                                                                                                                                                                                                                                                                                            MD5:9EE3E04C2DAD341E0C0F3580CA92DF07
                                                                                                                                                                                                                                                                                            SHA1:655585282AF84165A715ABEC114266C0E483D56C
                                                                                                                                                                                                                                                                                            SHA-256:099A81794F76D8B85D3131A38E1A0FD40AC8C3D818BEB251EB51A8E7A61890E9
                                                                                                                                                                                                                                                                                            SHA-512:785050C760F86C7030B8154E8986133735E57907FFC5B5A5D48AB42CE199E48479476062D4053362D7AEFDCCD56CD32E5E435C76CE144E6B347864C1D7EA8AD2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Verwijdering kan pas worden voortgezet wanneer alle browservensters zijn gesloten.<br/>Klik op OK om alle browservensters automatisch te sluiten of op Annuleren om af te breken.",.. ADMIN_WARNING: "U kunt {0} niet verwijderen, omdat u bij de computer bent aangemeld als Gebruiker met beperkte rechten. Meld u aan als Windows-beheerder en probeer het opnieuw.",.. KEEP_FREE_PROTECTION: "Webbeveiliging houden",.. NO_THANKS_UNINSTALL: "Nee, installatie verwijderen",.. CANCEL: "Annuleren",.. NO_THANKS: "Nee, bedankt",.. SURE: "Goed",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "U hebt {0} verwijderd.",.. SURVEY_OFFER: "We horen graag van u. Kunt u ons laten weten hoe dit product nog verder kan worden verbeterd?",.. SORRY_TO_GO: "Wat jammer dat u ons gaat verlaten.",.. UNINSTALLING: "Uw software wordt nu verwijderd...",.. START_HEADER: "Wacht! We zullen u missen als u de software verwijdert",.. START_SUB_HE

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2456
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.637610951969184
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ux6l/L182ZR1tM7T4K95K19ehLvfZhKXdWjpLT4j0:U4lBXZjKWCfEeMI
                                                                                                                                                                                                                                                                                            MD5:F98CDCAE371F4F5B1E23C57E18454B6F
                                                                                                                                                                                                                                                                                            SHA1:CB023A6FA9CFB594EE5D106976786FDA91C79746
                                                                                                                                                                                                                                                                                            SHA-256:9E64468A6840C649FA3BE851F9FDCC83786B0D6DAA2D8FAF795EF63D8BDDC86A
                                                                                                                                                                                                                                                                                            SHA-512:C58035A6B720D8C0A3CFC382AB442801A67C35801B7E86425F5394BAF7ED9D801F4085BD9B7FFD6CB15CBA5B4C8E6BFBDB8FE928F15C35B68387A9D7B571746A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nie mo.na odinstalowa., dop.ki wszystkie okna przegl.darki nie zostan. zamkni.te.<br/>Kliknij przycisk OK, aby automatycznie zamkn.. wszystkie okna, lub przycisk Anuluj, aby przerwa. proces.",.. ADMIN_WARNING: "Nie mo.na zainstalowa. programu {0} z powodu zalogowania na komputer jako u.ytkownik z ograniczonymi uprawnieniami. Zaloguj si. jako administrator systemu Windows i spr.buj ponownie.",.. KEEP_FREE_PROTECTION: "Zachowaj ochron. w sieci Web",.. NO_THANKS_UNINSTALL: "Nie, dzi.kuj.. Odinstaluj.",.. CANCEL: "Anuluj",.. NO_THANKS: "Nie, dzi.kuj.",.. SURE: "Pewnie",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Program {0} zosta. pomy.lnie odinstalowany.",.. SURVEY_OFFER: "Chcemy pozna. Twoj. opini.. Jak mogliby.my ulepszy. nasz produkt?",.. SORRY_TO_GO: "Przykro nam, .e musimy si. rozsta..",.. UNINSTALLING: "Odinstalowujemy Twoje oprogramowanie...",.. START_HEADER: "Czekaj!

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2373
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.403578939378001
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UHC6Unw+8DeoRMzBDzXGZ077FG/BjS7kjd6AGBhofQNpiNQvQ:UfUdkM1zk8Bw47kjZchofQNAZ
                                                                                                                                                                                                                                                                                            MD5:363BCF3B44C8B2DBA1B7B83DE2797A42
                                                                                                                                                                                                                                                                                            SHA1:83FAD60EC4D2EDDC460F8E3D4FB21390A5B0F1F2
                                                                                                                                                                                                                                                                                            SHA-256:B5803B675E700F1939798095689929525355F7DF28823B684316E85B817DEAD1
                                                                                                                                                                                                                                                                                            SHA-512:A3CCB181A49D6C3CAF2C7FF0B673FEB03C187619A93C647ABF31C9BF7EC24176ECC59EFC859BF2436162B57D2FE38B27B44DEE8241A0DB4D54EF82EB98973678
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "A desinstala..o poder. continuar somente se todas as janelas do navegador forem fechadas.<br/>Clique em OK para fechar todas as janelas do navegador automaticamente ou clique em Cancelar para interromper a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque voc. est. conectado ao computador como um Usu.rio Limitado. Entre como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o na Web",.. NO_THANKS_UNINSTALL: "N.o, obrigado. Desinstale o programa",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} foi desinstalado com .xito.",.. SURVEY_OFFER: "Queremos saber a sua opini.o. Deseja compartilhar suas ideias para tornar esse produto ainda melhor?",.. SORRY_TO_GO: "Lamentamos pela sua sa.da.",.. UNINSTALLING: "O seu software est. sendo desinstalado...",.. START_HEADER

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2369
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.415409049601268
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UDlURTq+8ZxNHRSMMy7EVW14P9SZPkDPIjQ7AV2iEc5KQ9oD:UxUOitVQsDf7FQu
                                                                                                                                                                                                                                                                                            MD5:4A842A2E661C2CD0013A96748F97C75C
                                                                                                                                                                                                                                                                                            SHA1:CE1DEDAFEBBEBB910F4A7469F591DC952C1A56C2
                                                                                                                                                                                                                                                                                            SHA-256:E8CA149A51753618D3265D2AC52F4912960DDBB1417518669B9841529C9275A1
                                                                                                                                                                                                                                                                                            SHA-512:5BCA9BF006F7FAFB934660FBBB835629BCB7A0718C4FAA8FFAF831255FA533E893B3D75ACE43A3CC651ABBD52119EBB380356BAF75C2D69783E343F4C29FBEC5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "N.o . poss.vel continuar com a desinstala..o sem fechar todas as janelas do browser.<br/>Prima Ok para fechar automaticamente todas as janelas do browser ou Cancelar para cancelar a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque tem sess.o iniciada no seu computador como Utilizador Limitado. Inicie sess.o como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o Web gratuita",.. NO_THANKS_UNINSTALL: "N.o, obrigado, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Desinstalou o {0} com .xito.",.. SURVEY_OFFER: "Queremos ouvir a sua opini.o. Pode enviar os seus coment.rios para tornar este produto ainda melhor?",.. SORRY_TO_GO: "Temos pena que nos deixe.",.. UNINSTALLING: "Estamos a desinstalar o software...",.. START_HEADER: "Aguarde! Se desinstalar

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3465
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.100684456322263
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UxdXe3T+ZqUelORd3BZjNfGqhHmLgw0ZIsgUKacbkgmhVXAT1Wh9jh:Uxt3xPfGqhHmkwKIyK+hxv
                                                                                                                                                                                                                                                                                            MD5:C67F10F23136A95945461C483A341B45
                                                                                                                                                                                                                                                                                            SHA1:849E51AB8AE1916816F973B2E90BD3BAE55E9875
                                                                                                                                                                                                                                                                                            SHA-256:51921EC69C90ABA8C2844868C1410B21F539D6010CF14535A26F5146E49A4C16
                                                                                                                                                                                                                                                                                            SHA-512:F666A9695395830C790035A3EE3FB50F5EED63D1B18150E77EA6BD30CFB8A13254C3C4418BA33BC8638A0E4176E0656AF311D379B784CA8534D981C81D3217FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "..... .......... ........, .......... ....... ... .... .........<br/>....... ...... .., ..... ............. ....... ... .... ........, .... ...... ......, ..... .......... .. .......... .........",.. ADMIN_WARNING: ".......... ....... {0}, ... ... .. ..... . ....... ... ............ . ............. ........ ....... . ....... ... ............. Windows . ......... ........",.. KEEP_FREE_PROTECTION: "......... ...-......",.. NO_THANKS_UNINSTALL: "..., ........ ....... ...-......",.. CANCEL: "......",.. NO_THANKS: "..., .......",.. SURE: "......",.. OK: "..",.. SUCCESSF

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2602
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.66894085733485
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ujo34jWoRebkIk8Am7/fz8x9kJghJhuaO+PUi53yqUA29nsYvrOskJJp:UjP1Ik8AajJMaavUi5RVgsSisWp
                                                                                                                                                                                                                                                                                            MD5:2CDC2F8531318F7A262237E74B21BF9E
                                                                                                                                                                                                                                                                                            SHA1:4C0D047AD2725F3C73DD51FEBA02C5ECBB5189BC
                                                                                                                                                                                                                                                                                            SHA-256:FCF045B381B7188DED6606DCDCED5F07AF5879315766C701DFD76E078F0D746E
                                                                                                                                                                                                                                                                                            SHA-512:E40609EB7A6A78FBC7A71E9425DAE2FD1B16E0C983F8AFD8A12E43BA997D9F5BA80FF7B043F9EAC83E9EF8CF95E65AEC28D69F95419E6530E6A9A77FBCFD9089
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odin.talovan. bude mo.n. pokra.ova. a. po zavret. v.etk.ch okien prehliada.a.<br/>Ak chcete automaticky zavrie. v.etky okn. prehliada.a, kliknite na tla.idlo OK. Ak chcete odin.talovanie zru.i., kliknite na tla.idlo Zru.i..",.. ADMIN_WARNING: "Aplik.ciu {0} nem..ete odin.talova., preto.e ste sa do po..ta.a prihl.sili ako pou..vate. s obmedzen.m. Prihl.ste sa ako spr.vca syst.mu Windows a sk.ste to znova.",.. KEEP_FREE_PROTECTION: "Ponecha. ochranu pred webom",.. NO_THANKS_UNINSTALL: "Nie, .akujem, odin.talova. ju",.. CANCEL: "Zru.i.",.. NO_THANKS: "Nie, .akujem",.. SURE: "Iste",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Aplik.ciu {0} ste .spe.ne odin.talovali.",.. SURVEY_OFFER: "Radi by sme poznali v.. n.zor. M..ete sa s nami podeli. o svoje n.vrhy na zlep.enie tohto produktu?",.. SORRY_TO_GO: "Je n.m ..to, .e sa l..ime.",.. UNINSTALLIN

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2387
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4927371922355706
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Ub2RwcC6S2hGDlCEVFS/+uhRpTSQOa/YmAXXRTmBbRmru:UiKRE8ha/HhiQ70l8RMu
                                                                                                                                                                                                                                                                                            MD5:140D3935BA24766C9C25A751AD34C916
                                                                                                                                                                                                                                                                                            SHA1:3865DC1EEA43E01E071BE68B7023FF3037F2D8AF
                                                                                                                                                                                                                                                                                            SHA-256:8325808CB1A95154E39BEA2FE1B4ED82085959E3BA6C6B40A051528B3A9317CD
                                                                                                                                                                                                                                                                                            SHA-512:C1E64CDA6B586CC3D41F9BB958C6C2E266115B5F9D272A8EA792195BEC3FFFF5BBB87CF556E3F42CD650EF2BCF40903D66C24066E2DEF2CDCD879621C47C84FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nije mogu.e nastaviti deinstalaciju dok se ne zatvore svi prozori pregleda.a.<br/>Kliknite na dugme .U redu. da biste automatski zatvorili sve prozore pregleda.a ili kliknite na dugme .Otka.i. da biste odustali.",.. ADMIN_WARNING: "Ne mo.ete da deinstalirate {0} zato .to ste prijavljeni na ra.unar kao ograni.eni korisnik. Prijavite se kao Windows administrator i poku.ajte ponovo.",.. KEEP_FREE_PROTECTION: "Zadr.ite Veb za.titu",.. NO_THANKS_UNINSTALL: "Ne, hvala, deinstaliraj je",.. CANCEL: "Otka.i",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspe.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo da .ujemo va.e mi.ljenje. Mo.ete li da podelite sa nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to odlazite.",.. UNINSTALLING: "Sada deinstaliramo va. softver...",.. START_HEADER: "Sa.ekajte! Ak

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2300
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467419015434516
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:U2OwbAtfP5E+Ht3zni7IL8wPt2i6W7GvCZCjXAPPeMHi2iwsuwmwOR87Yy:ULwq7t38IfFN7JCaPeMCH4187Yy
                                                                                                                                                                                                                                                                                            MD5:0FC830DCA735838A75AD6F506EB6785C
                                                                                                                                                                                                                                                                                            SHA1:36398DAAAEB27A016A056DC93BB647F0B4D92931
                                                                                                                                                                                                                                                                                            SHA-256:A79DF8C6942DB06F50893C5607093E107187EB8AA0B365F61C433699C3A732F3
                                                                                                                                                                                                                                                                                            SHA-512:6B5E80559D7114D948BBFD289EC5A9276316C8D15152D5F2BC44DA7A7FEEE948278291589B729D77EBB680642AF12B1A3F9AD8C1F4D48DB58E9E74F57565EBE9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallationen kan inte forts.tta f.rr.n samtliga webbl.sarf.nster .r st.ngda.<br/>Tryck p. OK f.r att st.nga alla webbl.sarf.nster automatiskt, eller p. Avbryt f.r att avbryta.",.. ADMIN_WARNING: "Du kan inte avinstallera {0} eftersom du .r inloggad p. datorn som begr.nsad anv.ndare. Logga in som Windows-administrat.r och f.rs.k igen.",.. KEEP_FREE_PROTECTION: "Beh.ll ditt webbskydd",.. NO_THANKS_UNINSTALL: "Nej tack, avinstallera det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nej tack",.. SURE: "Ja tack",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} har avinstallerats.",.. SURVEY_OFFER: "Kontakta oss g.rna. Vill du dela dina id.er om hur vi kan g.ra produkten .nnu b.ttre?",.. SORRY_TO_GO: "Vi beklagar att du l.mnar oss.",.. UNINSTALLING: "Avinstallerar programvaran nu ...",.. START_HEADER: "V.nta! Om du avinstallerar kommer vi sakna dig",.. START_SUB_HEADER: "Och v.rre

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2590
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.539635705804502
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UrK+A3WqDVZRmSXdypNsXHp8QbTBtW+R+jNvSvp2DAw0kxnfcOKef3gtlTbx:UW3WQyQXHpHHBw+R+x680GfF3gtr
                                                                                                                                                                                                                                                                                            MD5:EAFD805E00D7B38F97A3291F7E651DA3
                                                                                                                                                                                                                                                                                            SHA1:83CA877108EE77B21A95FF367C0F22FBC5C6D874
                                                                                                                                                                                                                                                                                            SHA-256:06D495BA3C71A2CD1E3E0AF499F18CF594008FFE6A92AB173825564B57A883DD
                                                                                                                                                                                                                                                                                            SHA-512:B2F6BFAEB6FF8A513875E217A9ACE4E113CE7E7E4ABBD1CFDF40D91EA1DFE36E6E2ED0EC95098F4D1A4F36EE09B34ACE2942ABC8CE1AADDE4307551FD60D89FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "T.m taray.c. pencereleri kapat.lmadan kald.rma i.lemine devam edilemez.<br/>T.m taray.c. pencerelerini otomatik olarak kapatmak i.in Tamam'a, i.lemi iptal etmek i.in ise .ptal'e bas.n.",.. ADMIN_WARNING: "Bilgisayar.n.zda S.n.rl. Kullan.c. olarak oturum a.t...n.z i.in {0} uygulamas.n. kald.ramazs.n.z. L.tfen Windows Y.neticisi olarak oturum a..n ve yeniden deneyin.",.. KEEP_FREE_PROTECTION: "Web korumas.n. tut",.. NO_THANKS_UNINSTALL: "Hay.r, te.ekk.rler, kald.rmak istiyorum",.. CANCEL: ".ptal",.. NO_THANKS: "Hay.r, te.ekk.rler",.. SURE: "Tabii ki",.. OK: "Tamam",.. SUCCESSFULLY_UNINSTALLED: "{0} uygulamas.n. ba.ar.yla kald.rd.n.z.",.. SURVEY_OFFER: "D...ncelerinizi ..renmek isteriz. Bu .r.n. daha iyi hale getirmek i.in neler yap.labilece.ine ili.kin d...ncelerinizi bizimle payla.abilir misiniz?",.. SORRY_TO_GO: "Gitti.iniz i.in .zg.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2207
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.364734207000466
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UtM+PzEwQSBjFt9CNLX15qklwzATPXtrVe8Xu:UPftMtFzwzUtrbe
                                                                                                                                                                                                                                                                                            MD5:A576BB401523BD00F774C99E9F25F828
                                                                                                                                                                                                                                                                                            SHA1:6396FA91B46C5DAEFCDA067DCAEA74AD9E130390
                                                                                                                                                                                                                                                                                            SHA-256:DB6DB474BE7E23AAE7C1C824A839941A6BA47AB40CC56137B4D6CD58DCF5F9DF
                                                                                                                                                                                                                                                                                            SHA-512:58FB316AF581619CED5E6CD0C7A01E3444253E665276A404E3B5DDA87670A8A8D8C1822DA979E567876D87044E52D7BE70AEA7D56BDC379905711E82C64E4A1C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "........................<br/>...............................",.. ADMIN_WARNING: "..... {0}.................. .. Windows .............",.. KEEP_FREE_PROTECTION: "......",.. NO_THANKS_UNINSTALL: "........",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "...... {0}.",.. SURVEY_OFFER: "........... .....................?",.. SORRY_TO_GO: "............",.. UNINSTALLING: ".........",.. START_HEADER: "...! ................",.. START_SUB_HEADER: "............

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2271
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.350421611473208
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:UtQEPQWGitIGg3V4BxFrtYqbu1bRqAO5qgggF3pA5Ber9xIn:UCEjAqxHsG5eEpAri9yn
                                                                                                                                                                                                                                                                                            MD5:925CB35BE12826FE9550327BC44FE65B
                                                                                                                                                                                                                                                                                            SHA1:6261328E6BE0479CC2E760717C4D0BB9999388DE
                                                                                                                                                                                                                                                                                            SHA-256:6FEE7B65F8A63E9249EDE98A704B8007AFF82DE2DF09FE2549C9CE4F0D4E8632
                                                                                                                                                                                                                                                                                            SHA-512:2A213E6E768CC0ACE261CB94528B4EE1B310B651D7299C98F98EE230EFCF7D5312D4DE4DEEDCAAAA9A35C04D353DF1B3009986DD7B070289EFE99887C9F2929A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".........................<br/>. [..] ............... [..] ...",.. ADMIN_WARNING: "....... {0}..... [......] ....... .. Windows ..................",.. KEEP_FREE_PROTECTION: ".. Web ..",.. NO_THANKS_UNINSTALL: ".............",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "....... {0}.",.. SURVEY_OFFER: ".......... .......................",.. SORRY_TO_GO: ".................",.. UNINSTALLING: ".............",.. START_HEADER: "................",.. START_S

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417472932238081
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP1HK:Yo6KUtjVLk4t94iU3KNoT8u8a9
                                                                                                                                                                                                                                                                                            MD5:B3F64F2E32672EC064D98F1CD3DBB8CE
                                                                                                                                                                                                                                                                                            SHA1:74763F4057A741D0754B1B6144DB14C02B360A42
                                                                                                                                                                                                                                                                                            SHA-256:C886A1CCB76E7A5E1AE3961BC549130C2A69A96F4546EE8C00DA04DED1ECAA98
                                                                                                                                                                                                                                                                                            SHA-512:C7540C5CBFE985F902CADD911A30BB7E92B63A270A55196E25D034B0AD4D1DC942263B7E0914D47F1CA5FABBE23FBE1E069C662DFDFABE5A2E3D00BB3FE3EA8B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.402141567586013
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPjV:Yo6KUtjVLk4t94iU3KNoT8u8aM
                                                                                                                                                                                                                                                                                            MD5:B0BC094F6931E285917DF066E70AFDA6
                                                                                                                                                                                                                                                                                            SHA1:0899A055E2F4A08C75DD877BE98F4CE8DDF25FD3
                                                                                                                                                                                                                                                                                            SHA-256:C94D4CA2C5493388BAF3358FCBC253F404AE2CE2A8977CD0195B5182C3F1F2DA
                                                                                                                                                                                                                                                                                            SHA-512:7F209E975667F7E14826D4F3F74D1BFE480162D3F44EE262552F2EE45DE07F7920A6769D53C1D6446C862379661A9C05873D04347182814F10FC94F2A01F8517
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.423174202190107
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPGY:Yo6KUtjVLk4t94iU3KNoT8u8aXY
                                                                                                                                                                                                                                                                                            MD5:3531410A3389E58D6ADC1BA79B7E8AC3
                                                                                                                                                                                                                                                                                            SHA1:FDDF32A4F9E6E712A072FFDB8D9F1B4D3074E10B
                                                                                                                                                                                                                                                                                            SHA-256:049F311277AE1D043EE8721FBDD8D956E78A7017AD726E799CB31F56D8E4A8DF
                                                                                                                                                                                                                                                                                            SHA-512:81E30F56606F05977BAB6A4130C525A01B67644610C0473C55BC6A36665B0A3534AABAE7CDDE0D4EC65282D529C43BAA871ED4846495CCE131BD0901ED5E3A77
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.404312191106673
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPATq:Yo6KUtjVLk4t94iU3KNoT8u8aBTq
                                                                                                                                                                                                                                                                                            MD5:0961BF88D2A73C98821E1F529692B590
                                                                                                                                                                                                                                                                                            SHA1:E4FD28F4D015D68615711F7DED15EFCE08B51E55
                                                                                                                                                                                                                                                                                            SHA-256:D270160BE218212A9A8041546986BFB74B2CAD81951BD31A449B6DF363D1693D
                                                                                                                                                                                                                                                                                            SHA-512:36D2D3EDA88D8BEE088138681204D8B6C0563247A4EC6B2ACF4DDE43905CFE0C21F8D85F5A00EC6FA4F252BCA529D8D344FDF423D1E765F62798D00235A73E8D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417937793053212
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPzZ4F:Yo6KUtjVLk4t94iU3KNoT8u8aPF
                                                                                                                                                                                                                                                                                            MD5:3EE00699A1A86401E17A7997D25614B5
                                                                                                                                                                                                                                                                                            SHA1:3712A3A3766C2FA21B3C769715AB655C736D6CBC
                                                                                                                                                                                                                                                                                            SHA-256:676F3BBB8CC0B4D9C965F38BD0F810FCCB949ABD374FA4FFFC731547FDDCF8FF
                                                                                                                                                                                                                                                                                            SHA-512:7BA1EFA1C3BFA0E556EC104CC9ADAF95F77F97FA978ABA67450D304547E0681C74466405572BAF8460C362C22B51C14A1EA6C41F56B332D92E385D66BCE4A889
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4109786638673985
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPInx:Yo6KUtjVLk4t94iU3KNoT8u8annx
                                                                                                                                                                                                                                                                                            MD5:43B962273A47520F08388C1E1861AA33
                                                                                                                                                                                                                                                                                            SHA1:B493B54203F4DB64589036C438B8620AAD834881
                                                                                                                                                                                                                                                                                            SHA-256:8E66DD20FC293F593CE9D31F78CA4180784AFAE3678EDDAC41855DAE8C22B666
                                                                                                                                                                                                                                                                                            SHA-512:D39401C3751C9F4D0C3514979D58E739552744BE7D5504D59B3FD84BC0469D162F2745E46DB5D752647E30AD7C3ABA158DFE9C5B8141CC4A34680FCB9F3882A8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.414158920752557
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPHZ:Yo6KUtjVLk4t94iU3KNoT8u8a0Z
                                                                                                                                                                                                                                                                                            MD5:64B098675FD0343E57825C52736D7656
                                                                                                                                                                                                                                                                                            SHA1:0F0D5CB5195015F8A20E7C8BA275C015067FCC3E
                                                                                                                                                                                                                                                                                            SHA-256:AFD02FCDD8DD630D986D6E66366CD1BBAD2900D3766A82E8CF3A91CCA51D9E3E
                                                                                                                                                                                                                                                                                            SHA-512:0A8F7EF009F69CA3F4E7F00B6CF501DB79AA253CDFA59C46B0CFC0A6203FB838090A5CB069605BCEEAA95361A958867980068B26CF1B2927C77E29569903A816
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.413964376428777
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP6WU:Yo6KUtjVLk4t94iU3KNoT8u8adWU
                                                                                                                                                                                                                                                                                            MD5:4877D7CBF1AAA264ADDAE198FE1C13ED
                                                                                                                                                                                                                                                                                            SHA1:D0B3985F7DE5E4D228D25E124817300DA729AA49
                                                                                                                                                                                                                                                                                            SHA-256:8A9502D4F8784B4C722DD777F0E63C26ECC374FA61197A4D62D056BF406EE4F6
                                                                                                                                                                                                                                                                                            SHA-512:C3645F875B700EF8FC8379B73B25D331B1490E0E5B04B14CC60E5FDC7B911E794F0EF136F6A11AB7CD6B7E16406D2A10A89F7E00BF4648929D2B80537C13FF4B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.411391674933713
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPSM9:Yo6KUtjVLk4t94iU3KNoT8u8aa
                                                                                                                                                                                                                                                                                            MD5:30A9F1DE22C0E1EEBDFA186B9264514B
                                                                                                                                                                                                                                                                                            SHA1:8B670B8256EF57B1CC3FB1C7FC3756A66230ECBD
                                                                                                                                                                                                                                                                                            SHA-256:1A2C3D5D671D37D45374F9430A4A472E0FBB6C7C8AD35AC51F9F83EC39A3151E
                                                                                                                                                                                                                                                                                            SHA-512:3AB1AF56141EF689F2D36D195D9C65CF41131104A86732B8FEC326921248F1F854D299D8F342D96D61E8C326A57DAE146CEBF48177E13299956C4533D2D2993A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4176947331475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPu:Yo6KUtjVLk4t94iU3KNoT8u8ab
                                                                                                                                                                                                                                                                                            MD5:181773FF02940FC7128F925099FCFCB4
                                                                                                                                                                                                                                                                                            SHA1:46FE7A1441BDB893DE21A4FF50A7AFC2EDADD9B4
                                                                                                                                                                                                                                                                                            SHA-256:207CA3EF6FECB734A44CC1540EB4258143BBA81D3AAA1DAEFD3BF64DB6D67531
                                                                                                                                                                                                                                                                                            SHA-512:566AA89C9546F3E0C2684375295E1712493A3488074705FF77FFD3B34CDA3EC815B7DE663B3838F31542505D3BC633986D2D7B12E858C35FD527B31B470B6972
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4206279033517974
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPlDsIs:Yo6KUtjVLk4t94iU3KNoT8u8aas
                                                                                                                                                                                                                                                                                            MD5:4F4C74AC405E0543BFD7A5FDF7A797F9
                                                                                                                                                                                                                                                                                            SHA1:9C40ABE063F6594682169C2E40CE93B384FE68C7
                                                                                                                                                                                                                                                                                            SHA-256:9C5C972A3D2508B891ACE18FD1FE21C7E4926093785499FCE49057E8DD7B3177
                                                                                                                                                                                                                                                                                            SHA-512:1876587933C1016AD101CE4336463C4470A53D1026EE88DB620089025114B037904F1A1BFB7E3EB21ED5762D8DFF8628FED05BEE092F924DACDE67C1EDE086EF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.412469806284531
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPJ:Yo6KUtjVLk4t94iU3KNoT8u8aY
                                                                                                                                                                                                                                                                                            MD5:C7012F84097AA88FDA9C1568D5DDA900
                                                                                                                                                                                                                                                                                            SHA1:C6DA983DAEA5F7284CA8B6CB7D5CD1DD87805D6F
                                                                                                                                                                                                                                                                                            SHA-256:4C051A3C05072CF2C80F01FDDA5E3A140D046B18E3665CB1F56C9633F619F2A4
                                                                                                                                                                                                                                                                                            SHA-512:448053C703B7D214E6B51A0456FF0333E40B75C95CE35987446C2B203A14A33157002A4C92F5ED7909054C0A2770D790A6612F5217E0EAA713E7ADF38607F958
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.404348694202721
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPj6:Yo6KUtjVLk4t94iU3KNoT8u8ar
                                                                                                                                                                                                                                                                                            MD5:0DBF42B494C9FD60E1EBAD06C7CCDC73
                                                                                                                                                                                                                                                                                            SHA1:4205BA0C15D3247C7974D031CE1E845DA21CA0E9
                                                                                                                                                                                                                                                                                            SHA-256:38DD68A0A00453151BC9AFF1F2881831909448C888FA868703AE79551ABC99AF
                                                                                                                                                                                                                                                                                            SHA-512:BB87D58ED4F38452710ED6ED8A16EA2DDEC01D44893F221B74CE85465C5FCD4D3892B468B66B487E6576FC28F4427FBB214BB20927EC7F6ED6BC122AA203DB61
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417283333717598
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPSm2z:Yo6KUtjVLk4t94iU3KNoT8u8a3Tz
                                                                                                                                                                                                                                                                                            MD5:B15CE9ABB7714E4BA8A4F453615C051A
                                                                                                                                                                                                                                                                                            SHA1:DA04D4FC1135FCD383A09AFB5AC10E0FD24973C6
                                                                                                                                                                                                                                                                                            SHA-256:C05CE8B7BFAA4B23BE9DA977D9A38B6AA1ADD9B8F7B52B942AE771CA4662B98A
                                                                                                                                                                                                                                                                                            SHA-512:262F32A1439D3105A7C5918CBA24953DC8B9386F1740647D0B7EA80D73A9095EE9BC06CFE93D64C075C0C4649DE73D2E3F3C9F10287763252B2EC13125713E9A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2008
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.902499509490723
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7vzEJoY7j197RD0AQUSRrNyEimWAwHM3+i3PZOHsciY/oY7BL+XjjgoGgq:/ZYt9iAQhRwEimWQ+i3YBLztsI5H
                                                                                                                                                                                                                                                                                            MD5:37CE5B85A98F0E0E138B7A8DBB213F77
                                                                                                                                                                                                                                                                                            SHA1:68629B217BD9400542E84EDCE81B150812CF0E9B
                                                                                                                                                                                                                                                                                            SHA-256:587891210B33127BB67D92BD3E8215BD0818C0594B8B9E528654C464ED2F487E
                                                                                                                                                                                                                                                                                            SHA-512:18E6CC208F9A1F530867190FCBD4C126B3CA97529F04E190AD7DBFA5E426A404BAF17A837F58B04CB9E53D1E43580E74A032B27CF599694B915129E8124CB396
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: ".. ... ... ... .... ... .. .... ....",.. UT_WSS_TOAST_TITLE_COHORT_2: "McAfee. .. .... .. ",.. UT_WSS_TOAST_TITLE_2: "... .... ... {0}.(.) .. .. ..",.. UT_WSS_TOAST_TITLE_2_STRONG: "... ..",.. UT_WSS_TOAST_DESC_1_VAR_1: "McAfee. .. ..... .... VPN, .. .. .., Premium ...... ... .. . ... ......",.. UT_WSS_TOAST_DESC_1_VAR_2: ".. . ... ... ... .. ... . .. .... ......",.. UT_WSS_TOAST_DESC_2_VAR_2: ".. McAfee. .. ...... ......",.. UT_WSS_TOAST_DESC_COHORT_2: ".. .... ... ......, .. .. .., VPN, .. .. ... ... .... ......",.. UT_WSS_BUTTON_ACCEPT: ".. ....",.. UT_WSS_BU

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417717943832594
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPZ:Yo6KUtjVLk4t94iU3KNoT8u8aQ
                                                                                                                                                                                                                                                                                            MD5:991FB6C6F5A9E7F9DDDF59DF03CC7212
                                                                                                                                                                                                                                                                                            SHA1:EB004576F33CB1C91D15194A8408FD75CB361479
                                                                                                                                                                                                                                                                                            SHA-256:CF98931F079404410B6C8AA57709B64888E83CC53F597D806F6E884E89A7C66E
                                                                                                                                                                                                                                                                                            SHA-512:EC45875AA4F99FE260FB3ADDC9F2C14C924AEF38B0B36B8E34FD6889C23CA9E248E53296DEDD6E34ACE9C5C90CFF623F678D3B22E3A0A7B6BE0D3B2EA5D427C7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417978012850339
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP7x:Yo6KUtjVLk4t94iU3KNoT8u8ag
                                                                                                                                                                                                                                                                                            MD5:BBB1090C4D796660ADC97F4E4682B1A6
                                                                                                                                                                                                                                                                                            SHA1:A47DCB7B2FE4044B481229804F13B5E6976D57A4
                                                                                                                                                                                                                                                                                            SHA-256:D8A09C7F70A9280AC2493267298526FB196EFA386E1BF4D79889AFC6CB737C40
                                                                                                                                                                                                                                                                                            SHA-512:8C4E5A0CFCB38AA5099B9F7F91940C00BEA1272357C8CF390518834CCE6342A2FA2A3505509ABD002E822E2978920E21EE1B2254A854AA8715930BD971F338CC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417151663628038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPdt:Yo6KUtjVLk4t94iU3KNoT8u8aC
                                                                                                                                                                                                                                                                                            MD5:52ECE28662E0D21549522B9A107A7D5B
                                                                                                                                                                                                                                                                                            SHA1:EF5CBA1244C67AC8F48C70B9D34D6670C21CD34D
                                                                                                                                                                                                                                                                                            SHA-256:E04254B9F5852306E0539BFE0A969262BC65D622FE815AF306A598C54EFC932B
                                                                                                                                                                                                                                                                                            SHA-512:9CBF794CA94FFC89EB01A0171E822DF3738F4389A60B2761D3BA8193345D4955DFDEEC6997E66BE3A194B585AA03D21AFE927364800D5BCFBEBA959FF0617DCE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.426210007371951
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPkOK:Yo6KUtjVLk4t94iU3KNoT8u8aMK
                                                                                                                                                                                                                                                                                            MD5:760CB2FACEEBA384FC6681BA7BF19784
                                                                                                                                                                                                                                                                                            SHA1:492E5E711BD3D4184DDF5A711282A471F144603D
                                                                                                                                                                                                                                                                                            SHA-256:8311B8509F7594E00041D1F54B3E2A7B099B3AFC563AF862E190F854BC8E941D
                                                                                                                                                                                                                                                                                            SHA-512:9C7DCD138BD9E8E518FC1F2EE0D7E5C4F4725B06A4BA2D4B79F776AEC86D3C07CFE1F1D24C4E9D4BE8F0C96585B7657696998A8CC0592412B213A8F4E6E9BB1E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.412004287630576
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPG:Yo6KUtjVLk4t94iU3KNoT8u8aT
                                                                                                                                                                                                                                                                                            MD5:32CD295CA8E60B6B2AF3C7C62A786913
                                                                                                                                                                                                                                                                                            SHA1:86E81954FDF790091B9534B797AE7CC2D719E16D
                                                                                                                                                                                                                                                                                            SHA-256:1E2F66CCC5CB80267477CE16590A34A9B09D17CF78E63047EA504680ED151DDF
                                                                                                                                                                                                                                                                                            SHA-512:55B6B8ADC6FB7850DB1F8F70243463039B71167C2F153012DC7E42791AD0F6E6CB57E91F74011DB14525EC2225218D354F910973A10E6CEFFC6289411D8EF8BD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417697697622299
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPmzf3:Yo6KUtjVLk4t94iU3KNoT8u8apz3
                                                                                                                                                                                                                                                                                            MD5:CF3770DC2C921A00DF66F03916B87255
                                                                                                                                                                                                                                                                                            SHA1:A619D0E1875D8760FA9D3118B6D4F1E7C42EAA17
                                                                                                                                                                                                                                                                                            SHA-256:D54ACE54A23E0BCC543A8CF2571F5F24447F624719377830E2879057D9B0668B
                                                                                                                                                                                                                                                                                            SHA-512:590D4A289A70FB912C36B910F64786561D35D8D0B331F02606906D0AAAC2589D9F1C597B5B5F48D2CA2596DB4706D1B9BD765F87CED572B4BC5AF595C2DFFDE0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.421428939555405
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP3yU:Yo6KUtjVLk4t94iU3KNoT8u8am
                                                                                                                                                                                                                                                                                            MD5:F18DFA815C0BD8C0405B15B3AAC1B0F4
                                                                                                                                                                                                                                                                                            SHA1:9097E9DC26A9A1BDF8B16F27D242705028B70CFE
                                                                                                                                                                                                                                                                                            SHA-256:DC5C042F310D2A8485DAD80CD1F8462FC87FFF52CDAA13F169A5C2D502B9A13D
                                                                                                                                                                                                                                                                                            SHA-512:DB00A23737A0C192264DC6597F9713093627F466573B481D07BC6ABC3C0E7DD3A7EAD9A418E04F7979ADA6C2AD36871575EE885692597A58D802E10FD1785F37
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.417209049411578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPE6W:Yo6KUtjVLk4t94iU3KNoT8u8aIW
                                                                                                                                                                                                                                                                                            MD5:873FCC3FB59DE509C4EC7C2385C5D76E
                                                                                                                                                                                                                                                                                            SHA1:FA468187748BCB657E561FF8366A1B976EC947BD
                                                                                                                                                                                                                                                                                            SHA-256:593D7A75F586F3E7F699505247309AABF4AD477D7F9351B3A26FDFF700CF8119
                                                                                                                                                                                                                                                                                            SHA-512:E15E8B593BA1F21E1F80552FE6BD0EF20842682B85EFEB4AB2208FF191983ED34CC8FD2871A1FFC31325067D2F9D9B761B36431CCFB2A94A1D06F7E728A0F8A6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.420992852663342
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPPL:Yo6KUtjVLk4t94iU3KNoT8u8a6L
                                                                                                                                                                                                                                                                                            MD5:F0B2D08F119BC19FD22438BE6C9B22DE
                                                                                                                                                                                                                                                                                            SHA1:E0C27C0F9599432AE52F0CB090616A4D2DC796A1
                                                                                                                                                                                                                                                                                            SHA-256:61A312C26E59DF0F97F51AAEC47EC61625451997D0E62055710736259AC68A70
                                                                                                                                                                                                                                                                                            SHA-512:6D63B1CC23C3F2780678629706E67B5A0868F9FB889455CDC35195808BB3A7163A79DFC1B786B2D7442FC8BAA4C02FEB7028AEB1445AC289F1E3994232B67B65
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.411794900223913
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPOU:Yo6KUtjVLk4t94iU3KNoT8u8a8
                                                                                                                                                                                                                                                                                            MD5:7CC2FA0C7BA72F2837A823773B016A40
                                                                                                                                                                                                                                                                                            SHA1:ECBEADD0BA77E072DAFA2664FB56CDD1A8C895EF
                                                                                                                                                                                                                                                                                            SHA-256:85FA08E2A5666242663000EEEE1BB266424060176935751F4AD941FEA25C296D
                                                                                                                                                                                                                                                                                            SHA-512:32E69B2D17371DA4C30BB77BF8BD86BA0090310393BF7A9A88F93F2D0BF73EA8B15A5A369397C23767E806AE4BC3281E48835786D4047EBBA1413F35E5EED5EC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.41001311637777
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPKN:Yo6KUtjVLk4t94iU3KNoT8u8av
                                                                                                                                                                                                                                                                                            MD5:D55B1DF8066C898536B4A5FF64D6F96B
                                                                                                                                                                                                                                                                                            SHA1:B27C22E7E35E6C6867F3EC307BD39BFBC1467D8A
                                                                                                                                                                                                                                                                                            SHA-256:43FD99E98B766FFCE88A7A6D698BB0421DB03E2C74FF241C6C00B876A1CB2262
                                                                                                                                                                                                                                                                                            SHA-512:4309CFAFFC92C2DD61AA0E5D68470463D4C338B8C39B5EE51B674229BE585618323AB7513A0CF88DC29760980F53D75EE74CD38EF14FDCFE456372B59CF24E16
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3601
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.416851089301766
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPe7zO:Yo6KUtjVLk4t94iU3KNoT8u8aD7i
                                                                                                                                                                                                                                                                                            MD5:0C994779D881A0707943CBF2161D8F54
                                                                                                                                                                                                                                                                                            SHA1:6C9A77E8E3F0E73880A2BFB2B3EDF83A92A56A18
                                                                                                                                                                                                                                                                                            SHA-256:5379B228CE738B05BF972FE6BEAAF883FF7A101D17A9C556E0BB56DC1822E7E7
                                                                                                                                                                                                                                                                                            SHA-512:368F15F108FBF31F853AA1948862B953BA8977445A9285BB6955F80663102715D33C91DAD1FA243385720A0EC7D05D8C053DF2F6932321B5FF5E927BC11CA417
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1260
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.754597180508003
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPy7dadSybOjRlnkggpHlnEAKETUy6fQXKb6fMocWjq1TEXWzPD:PyRaSgCLyZgfQaCMocWje4Wzr
                                                                                                                                                                                                                                                                                            MD5:960E633BD8CA6959E90C3128A27709C2
                                                                                                                                                                                                                                                                                            SHA1:81C7EDE6A295EFDD4EDDF88078E55C1769C66758
                                                                                                                                                                                                                                                                                            SHA-256:9A6A1AB11EE8BE1079E61E81E69197D4C391C6BB52D13CAE88C6BA9BC7AB54C2
                                                                                                                                                                                                                                                                                            SHA-512:50CB993D73914E21F5EE0DDBAE326353BFB9D4CE69BA1713F69813E2510E4F0261E0FDDE6126B527BBE3F7C2A45EBE867052827F056F6F52B1B15F3B454AA57F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.skejte aplikaci {0}",.. BANNER_RIGHT_TEXT: "Zrychlete proch.zen. internetu",.. TITLE_FIRST: "Zdr.uje v.s nep..jemn. automatick. p.ehr.v.n. vide. p.i pr.ci?",.. CONTENT_FIRST: "Proch.zejte internet rychleji pomoc. aplikace {0}. Zastav.me automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek.",.. TITLE_SECOND: "Posledn. uji.t.n. . chcete zastavit automatick. p.ehr.v.n. vide.?",.. CONTENT_SECOND: "Aplikace {0} zastav. automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek. Pokud o aplikaci Web Boost nem.te z.jem, nebudeme se znovu pt.t.",.. NO_THANKS: "Ne, d.kuji",.. YES_GET_IT: "Z.skat aplikaci Web Boost",.. LICENSE: "Licen.n. smlouva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1184
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.482492244024684
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPVdSoggneOKTDy3DHZXQTDITDy3DHM1qrjgHMf8WpK8+k2fAqO:P/SojnMDkD5+DWDkD/CMf8W72fO
                                                                                                                                                                                                                                                                                            MD5:69D94FED4FBA99F1CF9B049DEAEF6FE8
                                                                                                                                                                                                                                                                                            SHA1:A347A4AEA5C50FC0E9FA9A4376855784EAEF8ABE
                                                                                                                                                                                                                                                                                            SHA-256:D48E169DBBD70091336DAA5D1CFF04B647C25A98134479D6859F3AD9D4852D93
                                                                                                                                                                                                                                                                                            SHA-512:46EE964A513F11AE77514DF99AF4F09C8FA4663A913CFBD545409531BA4586DFD9E82EAC252B1EF01B17C92B30C1665E138FD6809C09AF05E4AA2425910EF63D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hent {0}",.. BANNER_RIGHT_TEXT: "G.r browseren hurtigere",.. TITLE_FIRST: "Bliver du sinket af irriterende videoer, der afspilles automatisk?",.. CONTENT_FIRST: "Med {0} kan du surfe hurtigere p. nettet. Vi stopper automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet.",.. TITLE_SECOND: "Vi sp.rger lige for sidste gang: Vil du stoppe automatisk afspilning af videoer?",.. CONTENT_SECOND: "{0} forhindrer automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet. Hvis du ikke er interesseret i Web Boost, sp.rger vi dig ikke igen.",.. NO_THANKS: "Nej tak",.. YES_GET_IT: "Hent Web Boost",.. LICENSE: "Licensaftale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du kl

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1153
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.495095222232191
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPRPcuFic3c4kEZkxQ0jwkIWDBpfCdEIfkSWFHExBjd:PRkU3c4xZEjw1WLmhfBWFMBh
                                                                                                                                                                                                                                                                                            MD5:F5A6AC000575B4CC1C0EA077BF55A765
                                                                                                                                                                                                                                                                                            SHA1:0F5EA424EAA93000D639A1483B5C785381583770
                                                                                                                                                                                                                                                                                            SHA-256:32C28E6192C02A4C49AD0F6BEAE82C6E7FE6DFDEB54F67D63BFAA25D4F7906F4
                                                                                                                                                                                                                                                                                            SHA-512:AFDAF024ECF680BBF8BD69EDB3678356A24BED66BB0844272708DDAFC4609165B60066A86733145267FC0C375B242C402167BEE9684392850F18A2A0A96CE73C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} herunterladen",.. BANNER_RIGHT_TEXT: "Surfen beschleunigen",.. TITLE_FIRST: "Wird Ihr Browser durch st.rende automatisch wiedergegebene Videos verlangsamt?",.. CONTENT_FIRST: "Surfen Sie schneller mit {0}. Wir stoppen die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen.",.. TITLE_SECOND: "Letzte Nachfrage: M.chten Sie die automatische Wiedergabe von Videos stoppen?",.. CONTENT_SECOND: "{0} stoppt die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen. Falls Sie nicht an Web Boost interessiert sind, fragen wir nicht mehr nach.",.. NO_THANKS: "Nein danke",.. YES_GET_IT: "Web Boost herunterladen",.. LICENSE: "Lizenzvertrag",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Durch Klicken auf {0} stimmen Sie Folgendem z

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1666
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.282064616720289
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPcdh0GeuxX+8PFGIPg+c8NS0I5mmiKfQOQryfRXCWkHW3M3Ny:Pah0G1+8NHc8mv46fIWkHW3INy
                                                                                                                                                                                                                                                                                            MD5:6A5214598913E5E0C86836F9AA82E8B1
                                                                                                                                                                                                                                                                                            SHA1:3EE9DBBDA552BC3836AB8372B0E3366E65A7D6E8
                                                                                                                                                                                                                                                                                            SHA-256:559F33DEBB13E06BC300BE59482BEBD4CCCA3E363EB85C4BD2ADE7F28B897159
                                                                                                                                                                                                                                                                                            SHA-512:A049CC40C94378137FB661976587EF4D91B950A1FFC7DED0C81DB32E8DBB2E2B2B0C650863CEE56E534E68F798963E9D4E168AF13C3D449C938F8E9FEC55B891
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "......... .. {0}",.. BANNER_RIGHT_TEXT: ".......... ..........",.. TITLE_FIRST: "........... . .......... ........ ........... ...... ... .............. ...;",.. CONTENT_FIRST: "............ ........... .. .. {0}. .. ........... ... ........ ........... ...... ... ........... ... ......... ....",.. TITLE_SECOND: ".......... .......: ...... .. ......... ... ........ ........... ......;",.. CONTENT_SECOND: ".. {0} ......... ... ........ ........... ...... ... ........... ... ......... .... .. ... ... .......... .. .............

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1000
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.549813933826131
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPSdHKCjkAyNRtOzeWaAb5LOze8WRSonGfQX0CWP9AVCX07ViCmO:P0/nyNRtlWhb5Ll8W2fQJWPuVCXGqO
                                                                                                                                                                                                                                                                                            MD5:B02205916BA3CBFA8A0399E8AE79F1B8
                                                                                                                                                                                                                                                                                            SHA1:23025C1B065DE12EA5EDAD10FC4D440E5AED7F2D
                                                                                                                                                                                                                                                                                            SHA-256:3DD50D5CF4EFAA206C7DF541B7EE0F4FE6AF2A53ABC595F1510578C636F3EDA0
                                                                                                                                                                                                                                                                                            SHA-512:5ECD132AF3AEAE95BB5E701630982FBC2A89249B28A72A0059B636577587CCEC46B873F6E2D279C0560218A9609CFF9925C4220394544D67BF5B7E668A3107AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Get {0}",.. BANNER_RIGHT_TEXT: "Speed up browsing",.. TITLE_FIRST: "Annoying auto-playing videos slowing you down?",.. CONTENT_FIRST: "Browse faster with {0}. We'll stop videos from auto-playing and slowing down your browsing.",.. TITLE_SECOND: "Checking one last time--want to stop auto-playing videos?",.. CONTENT_SECOND: "{0} stops videos from auto-playing and slowing down your browsing. If you're not interested in Web Boost, we won't ask again.",.. NO_THANKS: "No, thanks",.. YES_GET_IT: "Get Web Boost",.. LICENSE: "License Agreement",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "By clicking {0}, you agree to our {1} and {2}."..}..//F8D65135D741973ECA184775138DED4EF56665C3D8C55402C1A8AC65F08EC011D9BA5B55C73D3CD4C6048FADAD86B8A171670E7DCACBB74BDC8083E1BA37BE9F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1169
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.520495098382236
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPDV7dKPMce+abJtZ5hZUsMNei5hZGSHGNf9gnW+l5w3fNtJ1swx:PJRCMceXbJrnAeingfGWWwvvJPx
                                                                                                                                                                                                                                                                                            MD5:46D026749CDEC683FBC0BFAD83E6BAB8
                                                                                                                                                                                                                                                                                            SHA1:E03D811A5C3A9CA005437A66D094E7EAD71CD145
                                                                                                                                                                                                                                                                                            SHA-256:A57C5946B78FFDD8A890D728536C0EF3C6D5350B9E45BFBDBF687D6BEA49938C
                                                                                                                                                                                                                                                                                            SHA-512:782380E4FCAEED0811B190C51E48EF5B753CDC60A2507AF189D31A4489B5B869DC6092AAB25935A70D03AB869A08681893C215494946E380860D5B6F6615F37D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtener {0}",.. BANNER_RIGHT_TEXT: "Acelerar navegaci.n",.. TITLE_FIRST: ".Los molestos v.deos de reproducci.n autom.tica entorpecen su trabajo?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Impediremos que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet.",.. TITLE_SECOND: "Se lo preguntamos por .ltima vez: .Desea detener la reproducci.n autom.tica de v.deos?",.. CONTENT_SECOND: "{0} impide que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, ac

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1126
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5210627970265405
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPydhtceEumJUqeJmyUe8EFXjeseZqSHGNf9gnW+l5wODpV/ra:PUhtceEumJUqePUeVtjes5fGWWw2Q
                                                                                                                                                                                                                                                                                            MD5:3EBFD4C8B5FDDC31BD8E0D2D67F0BC28
                                                                                                                                                                                                                                                                                            SHA1:1EE10171D1D1D4EE88FC2B959FDD48E05B4818FE
                                                                                                                                                                                                                                                                                            SHA-256:A68B794CEEF0E6B2D67C32E5A15BD8F759F1A5C14F608F0DA82AA8CA474B1D8E
                                                                                                                                                                                                                                                                                            SHA-512:BE12319B9C9B5CB1385A3BE737938E5B2E2D93447D7F7FAD17719BB9D05ED4990E28C403A3011B60175E5A347C2E2FA18E210121A3D5DEE46DD9FF0CF5AF8BF7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenga {0}",.. BANNER_RIGHT_TEXT: "Acelere la navegaci.n",.. TITLE_FIRST: ".Los molestos videos de reproducci.n autom.tica lo ralentizan?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Detenga la reproducci.n autom.tica de videos que hacen m.s lenta su navegaci.n por la web.",.. TITLE_SECOND: "Su .ltima oportunidad: .desea detener la reproducci.n autom.tica de videos?",.. CONTENT_SECOND: "{0}detiene la reproducci.n autom.tica de videos que ralentizan su navegaci.n por la web. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, acepta nuestro {1} y {2}."..}..//9BF8

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1104
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5255194375100105
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPNdI11Y5jxKjrdTcv+qjYbKjrdT7vVa6EafIWd+HXdhuXPXun:Pnc65jxKjJAfEbKjJPgafIWotIWn
                                                                                                                                                                                                                                                                                            MD5:93B8EBE1D3311E8F9374C5CC5390F5C2
                                                                                                                                                                                                                                                                                            SHA1:92F70415619BCBCE972B758B8C9822D5AF24EC66
                                                                                                                                                                                                                                                                                            SHA-256:C45CDE999AB26916B9D8B681D11C8FA3D93E9B987C7D158749C8AAFC1FA71C40
                                                                                                                                                                                                                                                                                            SHA-512:FA86952773E6D2900E20D7BA37DAB02CA3FBEF4663210A59B78F70F09717D9AF03F883206D2B7BE9487CD334ACE85A6C7C3B838567EA7C506DDFDF856698FAA1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hanki {0}",.. BANNER_RIGHT_TEXT: "Nopeuta selailua",.. TITLE_FIRST: "Hidastavatko .rsytt.v.t automaattisesti k.ynnistyv.t videot menoasi?",.. CONTENT_FIRST: "{0} nopeuttaa selailua. Est. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi.",.. TITLE_SECOND: "Tarkistetaan viel. kerran . haluatko est.. automaattisesti k.ynnistyv.t videot?",.. CONTENT_SECOND: "{0} est.. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi. Jollet ole kiinnostunut Web Boostista, emme kysy asiasta uudelleen.",.. NO_THANKS: "Ei kiitos",.. YES_GET_IT: "Hanki Web Boost",.. LICENSE: "K.ytt.oikeussopimus",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kun napsautat {0}, hyv.ksyt seuraavat: {1} ja {2}."..}..//59E51AE4036AFD5FA7D7C48774

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1197
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.484144531108415
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPFd4FWZ8+GS85J9gUPIk6J9gU1qqKGfvW//LYfbCV0h:Pv4gZ8+GSYJmFJmsfvWXV+
                                                                                                                                                                                                                                                                                            MD5:00786A0D1BD66303E6D70FD5F085F898
                                                                                                                                                                                                                                                                                            SHA1:7530E99C3F787B1A796D0212C79F66FF50162133
                                                                                                                                                                                                                                                                                            SHA-256:2D997EE3C5F6EEBCEB6E2B76EECC21C60598CDB866E5B82271A0B0D69A9D6368
                                                                                                                                                                                                                                                                                            SHA-512:3C11C0E4A0905BA8C4CA5E6F65B5CE17410BF1CB2262C3E27EA789ED4DB7E78AA1415EBB5F6D6BE67ABD848EFCEAD7700970DDC52AB388346CFCDFC66326CD74
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "Votre navigation est-elle ralentie par la lecture automatique de vid.os?",.. CONTENT_FIRST: "Navigation plus rapide avec {0}. Nous bloquerons la lecture automatique des vid.os pour .viter un ralentissement de la navigation.",.. TITLE_SECOND: "Nous vous le demandons un derni.re fois.: souhaitez-vous bloquer la lecture automatique des vid.os?",.. CONTENT_SECOND: "{0} bloque la lecture automatique des vid.os pour .viter un ralentissement de la navigation. Nous ne vous sugg.rerons plus Web Boost si vous n'est pas int.ress..",.. NO_THANKS: "Non merci",.. YES_GET_IT: "Obtenir Web.Boost",.. LICENSE: "Contrat de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Avis de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "En

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1198
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.521381109988615
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPFd4n2vFhChN8zp42hBWxH+3wjq4CfjdW/kUkj9O:Pv4n2vbCN8V5ohCfhWbko
                                                                                                                                                                                                                                                                                            MD5:697CCC279371EF46BBDDD851F8DA0AB6
                                                                                                                                                                                                                                                                                            SHA1:CE725EFF7AB8B1A01C2ABAB06B2C3F629AA4E78F
                                                                                                                                                                                                                                                                                            SHA-256:A3560162DA1663FD2CDBE8B115167F50074A9CC8EDAF2DFD4D69541B1D45162C
                                                                                                                                                                                                                                                                                            SHA-512:04F76203BE19CF30EAF6DD9B2EC0A8D640F981100A28528CBBD54791C7F16F36B586F4135244E48862601B29AFBC063EEB471741D786159A4E80A9BE6B0FEA99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "La lecture automatique des vid.os ralentit votre navigation.?",.. CONTENT_FIRST: "Naviguez plus rapidement gr.ce . {0}. Nous emp.cherons la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation.",.. TITLE_SECOND: "Derni.re v.rification.: vous souhaitez bloquer la lecture automatique des vid.os.?",.. CONTENT_SECOND: "{0} emp.che la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation. Si vous n'.tes pas int.ress. par Web Boost, nous ne vous demanderons plus.",.. NO_THANKS: "Non, merci",.. YES_GET_IT: "Obtenir Web Boost",.. LICENSE: "Accord de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1126
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.588837837657953
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPuddK6oPnF2h0fPnFvydoZSfgBoW7ZFEDdQWo8d:PAoJmyh6fgBoW7ZiOWo8d
                                                                                                                                                                                                                                                                                            MD5:C30ABF7D968F01443B54E235A0A3DDA5
                                                                                                                                                                                                                                                                                            SHA1:7C171AE3D596DFE0569FA45712FB55757D437873
                                                                                                                                                                                                                                                                                            SHA-256:F17DD7277C11EFB8B5B1C1443AFCBCE57D3492AFF5B1E5A7E2936C1B6163D69C
                                                                                                                                                                                                                                                                                            SHA-512:6FBCE2E1D89E97073BFA20BD338FCE4C6348E7C4770D47803A4806E87AE710119B03C137BD4E2F917DAFCFE0DE0FE83B269C6EAF03E972B549417598C282C335
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiruju.e auto-igranje videozapisa koji vas usporavaju?",.. CONTENT_FIRST: "Br.e pretra.ujte pomo.u {0}. Sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Najnovija provjera - .elite zaustaviti reprodukciju videozapisa?",.. CONTENT_SECOND: "{0} sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, ne.emo vi.e pitati.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Licencni ugovor",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na gumb {0} u nastavku prihva.ate sporazum {1} i {2}."..}..//FE5D

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1214
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.680300579158547
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPUXeUzUbI0mSCkFThSCfHPMDy7n7fn6ocWPwXvlx2:P6Ub06f6ocW4/a
                                                                                                                                                                                                                                                                                            MD5:6E3551506A8E76309A982EBF8D1A7C7B
                                                                                                                                                                                                                                                                                            SHA1:4691BD608713A916BFBDDD89FF5E08728CEF49C0
                                                                                                                                                                                                                                                                                            SHA-256:118B17344B9ACA6BFD359396923425FFD500C2DDC65DCDB1659340B3DDCF0C72
                                                                                                                                                                                                                                                                                            SHA-512:FF93D9377540942E1283C289831225416716FA76BCF17E3713FE04217FCAC46B3819752138CE5B7A1B6C68AE87020387C0F1C6F87F7E283A04DDED5C575404C1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "A {0} let.lt.se",.. BANNER_RIGHT_TEXT: "B.ng.sz.s felgyors.t.sa",.. TITLE_FIRST: "Bosszant., automatikusan elindul. vide.k lass.tj.k munk.j.t?",.. CONTENT_FIRST: "B.ng.sszen gyorsabban a {0} seg.ts.g.vel. Megakad.lyozzuk a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st.",.. TITLE_SECOND: "M.g egyszer megk.rdezz.k: meg szeretn. akad.lyozni a vide.k automatikus lej.tsz.s.t?",.. CONTENT_SECOND: "A {0} megakad.lyozza a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st. Ha nem .rdekli .nt a Web Boost, akkor nem k.rdezz.k meg .jra.",.. NO_THANKS: "K.sz.n.m, nem",.. YES_GET_IT: "A Web Boost let.lt.se",.. LICENSE: "Licencmeg.llapod.s",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1108
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.447172596588032
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPMd7T0JakK38gx/SS11ZuBWMfjkWFt8GVsVgNF3Uf:PKX0Jah37yWMfjkWFyGO0Uf
                                                                                                                                                                                                                                                                                            MD5:71390A77D61F33E4E94E16ADC644EFC0
                                                                                                                                                                                                                                                                                            SHA1:D7C326A214FE535923020B49366E038AE8DC262E
                                                                                                                                                                                                                                                                                            SHA-256:4303B16511C0AB477D96A10E066C4233725A9690B11A5A712D409A068A8537BD
                                                                                                                                                                                                                                                                                            SHA-512:1FE80D4993BFE8065C467C698513BB1990205F8B2004D14B3DF88599471B47F3225DDAF300BEA60772745F7EAB342DB5CDDD2BBBB0705ED3BBAEE792C14956D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Ottieni {0}",.. BANNER_RIGHT_TEXT: "Accelera la navigazione",.. TITLE_FIRST: "I fastidiosi video che si riproducono automaticamente ti rallentano?",.. CONTENT_FIRST: "Naviga pi. velocemente con {0}. Bloccheremo la riproduzione automatica dei video che ti rallentano la navigazione sul Web.",.. TITLE_SECOND: "Ultima verifica: vuoi bloccare la riproduzione automatica dei video?",.. CONTENT_SECOND: "{0} blocca la riproduzione automatica dei video che rallentano la navigazione sul Web. Se Web Boost non ti interessa, non te lo chiederemo pi..",.. NO_THANKS: "No, grazie",.. YES_GET_IT: "Ottieni Web Boost",.. LICENSE: "Contratto di licenza",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Facendo clic su {0}, accetti il {1} e la {2}."..}..//98A415DDEDCAD191B75617

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1276
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9964927407212985
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cl/yRv8dFdqOdsgWOep2Ht+LRvcsvifh2AWtuzU7/:VyRv4dqqspnDRvbifwAWt97/
                                                                                                                                                                                                                                                                                            MD5:2B3D0821877EFFE54C2E66B4E5691B33
                                                                                                                                                                                                                                                                                            SHA1:19BC212543A616F9F84E07A0ED48C92A98E2999C
                                                                                                                                                                                                                                                                                            SHA-256:AB74BD193EF6F3833C9B3609803D810C715D9FEC313B94CBFD6EE60FD0976963
                                                                                                                                                                                                                                                                                            SHA-512:8ADCD647C7C4DD3A7DB7564A21361C98C87AAA97EB7D9123FE72991F9C93DDD4753627B42F941778E69CEDC64E1F5B870635D26852BA1F1FE3A98979BC26EE05
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: ".....&reg; .......",.. BANNER_LEFT_TEXT: "{0} .....",.. BANNER_RIGHT_TEXT: ".........",.. TITLE_FIRST: ".......................",.. CONTENT_FIRST: "{0} ......... ...............................",.. TITLE_SECOND: "...........................",.. CONTENT_SECOND: "{0} ................................. ................................",.. NO_THANKS: "...",.. YES_GET_IT: "............",.. LICENSE: "......",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "........",.. PRIVACY_URL: "http

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1251
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.064037110640354
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cxJLqkS5WCtU2htU6iiZTjfbWIYlg8tzN:rlKi0fbWIYOON
                                                                                                                                                                                                                                                                                            MD5:5B33D57C105C4C4C8F92BD543DEAE18C
                                                                                                                                                                                                                                                                                            SHA1:CAB2BE8A82E58B2033FD66C38A17F087B2D6E0D2
                                                                                                                                                                                                                                                                                            SHA-256:74D3478A0E73C8DAD9D2712A43F9DFEE70252FB4BD8553C550D13B24CD8F328F
                                                                                                                                                                                                                                                                                            SHA-512:BA2FC567117D77EB1BEA3D6E5F79D12CA9FADCD59164AE6F8B609B26F5FA578332DA2DAE50C22FFCF20088FB524CB0A4CFDC8D8E9710BFEFA721E435091A3A3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; . .. ..",.. BANNER_LEFT_TEXT: "{0} ..",.. BANNER_RIGHT_TEXT: ".. .. ..",.. TITLE_FIRST: "... ... .. .... .. .. ... .....?",.. CONTENT_FIRST: "{0}.(.) ... .. ... ........ .... .. .... .. .. ... .... .....",.. TITLE_SECOND: "..... ........ ... .. ... .......?",.. CONTENT_SECOND: "{0}.(.) .... .... .. .... .. .. ... .... ..... . .. ... ... ..... .. .. ......",.. NO_THANKS: "...",.. YES_GET_IT: ". .. .. ..",.. LICENSE: ".... ..",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1112
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4862174867956455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPymdI+c1iPRRj+7+yR+2nr4rtR++Moj+wnMfQwsHWpTW:Pyoqg5QJ/etrMojMfQPW9W
                                                                                                                                                                                                                                                                                            MD5:BB3D19049612F94A65FA7738254DAF1E
                                                                                                                                                                                                                                                                                            SHA1:16FE419FE88D4645886A86671305B175EED2E1EA
                                                                                                                                                                                                                                                                                            SHA-256:1733A675C3AECF0839EC3B5C8B1C54D94A9316B363561C5A7D4730C086F681EA
                                                                                                                                                                                                                                                                                            SHA-512:A929A5AA04466A7B0D7BBAF2EFB03496AA353AE3A4AA4739CEAD1FAC7FFBC96B225017B05F1D1FF070A018F234460D31A52C5F772AD6BE38AB4C1D0481D67314
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "F. tak i {0}",.. BANNER_RIGHT_TEXT: "F. opp farten p. nettsurfingen",.. TITLE_FIRST: "Sinkes du av irriterende automatisk avspilling av videoer?",.. CONTENT_FIRST: "F. raskere nettsurfingen med {0}. Vi stopper videoer som spilles av automatisk, slik at de ikke sinker nettsurfingen din.",.. TITLE_SECOND: "Siste sjanse . vil du stoppe automatisk avspilling av videoer?",.. CONTENT_SECOND: "{0} stopper automatisk avspilling av videoer, slik at de ikke sinker nettsurfingen din. Hvis du ikke er interessert i Web Boost, vil vi ikke sp.rre deg igjen.",.. NO_THANKS: "Nei takk",.. YES_GET_IT: "F. tak i Web Boost",.. LICENSE: "Lisensavtale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du klikker p. {0}, godtar du v.r {1} og {2}."..}..//D29A65A8924882BE30

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1206
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.445023530697215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPMdeWjkB8UjFpXIMtRBviSqLwz4tRBviV3rEFihdEMtB2pQXbEnWtB221G+GbE:PKeWniFpYMtz1qDtzsr7djPuQQWPxGYH
                                                                                                                                                                                                                                                                                            MD5:4AAA6EE8A72C4FC846C8C7F298C62945
                                                                                                                                                                                                                                                                                            SHA1:3F6C9E7A183A81B7765995DE131E299B57B8E87A
                                                                                                                                                                                                                                                                                            SHA-256:6AA4057AC45D728827E0569A9F08D77E1C40D43711548B143AB8BD09996B9C77
                                                                                                                                                                                                                                                                                            SHA-512:78EBF8D3E0EA010B240DD44EAA0CE465E552BDFD2985336601C9D18C476EB655074DF1409FEE5FDE53D77AE20A049F3E707D019ACBF36B7D02A05D1001E22157
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Download {0}",.. BANNER_RIGHT_TEXT: "Internetactiviteiten versnellen",.. TITLE_FIRST: "Trage prestaties door irritante video's die automatisch worden afgespeeld?",.. CONTENT_FIRST: "Sneller internetten met {0}. Wij voorkomen dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen.",.. TITLE_SECOND: "Weet u zeker dat u automatisch afspelen van video's wilt stoppen?",.. CONTENT_SECOND: "{0} voorkomt dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen. Als u geen interesse hebt in Web Boost, vragen we het niet meer.",.. NO_THANKS: "Nee, geen interesse",.. YES_GET_IT: "Web Boost downloaden",.. LICENSE: "Licentieovereenkomst",.. LICENSE_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. PRIVACY: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. AGREEM

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1217
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6736079204969325
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPGdrelNj+8d2gQwYsklKGoTE3abMfXMGGnWjM/z9pidXE:PIrevjvd2gRcljfmWj+idXE
                                                                                                                                                                                                                                                                                            MD5:2BEC88F13935F568F2033B29FCA6E811
                                                                                                                                                                                                                                                                                            SHA1:7B5786D555BAC4629EA7BAFF3B9F723FFBE38C24
                                                                                                                                                                                                                                                                                            SHA-256:B4CA4F69FAEB8A40D3D9F5757D266BF74C3A0DCF8442AEFF9347AB77044AAD88
                                                                                                                                                                                                                                                                                            SHA-512:FAF866D4051BDE6D7592D4DCBB8D96FCEB56F5FD4FE5F548E4BF3E371AFF820B7C66813D69D64D13725DCBB73871A0843E94CC48291746B17D8ABF7CB377AA00
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Pobierz produkt {0}",.. BANNER_RIGHT_TEXT: "Przyspiesz przegl.danie Internetu",.. TITLE_FIRST: "Irytuj.ce automatycznie odtwarzane filmy spowalniaj. Ci prac.?",.. CONTENT_FIRST: "Szybciej przegl.daj Internet dzi.ki programowi {0}. Powstrzymamy automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci.",.. TITLE_SECOND: "Sprawdzamy po raz ostatni . chcesz powstrzyma. filmy przed automatycznym odtwarzaniem?",.. CONTENT_SECOND: "Program {0} powstrzymuje automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci. Je.li nie interesuje Ci. program Web Boost, nie spytamy ponownie.",.. NO_THANKS: "Nie, dzi.kuj..",.. YES_GET_IT: "Pobierz program Web Boost",.. LICENSE: "Umowa licencyjna",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1162
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.518728235021273
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cP4djLetDhf8CL369L3yM03Byf9HWfOBIYtAqmibhn:PmjLifLq9LCMhfBWGBIYMshn
                                                                                                                                                                                                                                                                                            MD5:5BDEFD8FF08F9D51315248BD96C7B40B
                                                                                                                                                                                                                                                                                            SHA1:BDA2BF55056A7E02240C84D26B3579F57F67557E
                                                                                                                                                                                                                                                                                            SHA-256:1CEC75469711CC4211272556770FECEC81659497B7CB4CEAC5911CC6DBBFF7B3
                                                                                                                                                                                                                                                                                            SHA-512:F95BC01E688ED598B9E8ADEC3F5E09BAD00E3F8297E45EC90091EF87D1AF9E653119AE3CFB96DD5E3BD1C2D9AB18BC85713F55C5DE765B803287A3E22D65DEFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenha o {0}",.. BANNER_RIGHT_TEXT: "Acelere a sua navega..o",.. TITLE_FIRST: "O v.deos irritantes de reprodu..o autom.tica est.o atrapalhando voc.?",.. CONTENT_FIRST: "Navegue mais rapidamente com {0}. Interromperemos v.deos de reprodu..o autom.tica que desaceleram sua navega..o.",.. TITLE_SECOND: "Conferindo uma .ltima vez. Deseja interromper a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "{0} interrompe v.deos de reprodu..o autom.tica que desaceleram sua navega..o. Se n.o estiver interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obtenha o Web Boost",.. LICENSE: "Contrato de Licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, voc. concorda com

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1147
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4990982589118955
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:6dJkfeI3duQBCXV9j8/TfYGCAVXAxuQ3oKtcnEheASulWZhHjDkE6pRY8gHwGbqk:6cP3dWF+fYGGxf5SQ03x6Sf9HW3XRot
                                                                                                                                                                                                                                                                                            MD5:3602E681589DD5DCEF557A99CC44E08B
                                                                                                                                                                                                                                                                                            SHA1:0BB1B6DB4134E6E6A9E7676903715C4F0C7DEB4A
                                                                                                                                                                                                                                                                                            SHA-256:4F0E91755CF4BAE8F8F20A8F85FE18C6A6978AFD460D57DBCEA5FCC56BA320CA
                                                                                                                                                                                                                                                                                            SHA-512:0C50093636F502701BB10C77027285F99E5CFEE7099E819F226ABC199167091BE6A5CE32BFDB47F5EC57032DD54B735197CBCCB268EE64F9DF0711443B7B3922
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obter o {0}",.. BANNER_RIGHT_TEXT: "Otimizar navega..o",.. TITLE_FIRST: "A reprodu..o autom.tica de v.deos . inc.moda e atrasa o seu trabalho?",.. CONTENT_FIRST: "Navegue mais rapidamente com o {0}. Impediremos a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o.",.. TITLE_SECOND: "Vamos confirmar mais uma vez, pretende impedir a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "O {0} impede a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o. Se n.o est. interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obter o Web Boost",.. LICENSE: "Contrato de licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, aceita o nosso {1}

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1673
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.252911903862384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPMd9+PJr6H30J3vlfL4qR30NZHxsVyY3DM30NZH6Xho4qs35sngONfQrWWe8QP:PKgN6a39f9+sVX0Rws35BONfQrWW6CAj
                                                                                                                                                                                                                                                                                            MD5:3116F284C93C3BA05D9A907C79F9633E
                                                                                                                                                                                                                                                                                            SHA1:D11D8592399947F636B2BCB9E5E9E0D88B10B12B
                                                                                                                                                                                                                                                                                            SHA-256:F9547B095649539BF3ADA4252B0F6F3B04AA790C127B07FFE940E41568525D57
                                                                                                                                                                                                                                                                                            SHA-512:2E683D434537537555DC1EC404780B20678A6A868B9EB0305341B9D29C28D9F0A1F5DF799F973C967CC252E99E92713B66BB80683775195698C745E982174F3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "........ {0}",.. BANNER_RIGHT_TEXT: "........ ........ ........ ...-......",.. TITLE_FIRST: ".......... .............. ............ ..... ...... ........?",.. CONTENT_FIRST: ".............. ...-........ ....... . ....... {0}. .. ........... .............. ............ ............, ..... ........ ........ ...-.......",.. TITLE_SECOND: "........ ....... .......... ............... ............ .....?",.. CONTENT_SECOND: "{0} ......... .............. ............ ............, ..... ........ ........ ...-....... .... ... .. .

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1171
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.763442890458303
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPGd2mcJsq8vMi8zJ0+46fQXwWjelfEo:PINesPtKFfQAWjw8o
                                                                                                                                                                                                                                                                                            MD5:B7A37F1BF80F61011A2775C6FFB37669
                                                                                                                                                                                                                                                                                            SHA1:BA0A56B09D9AF8CB900CFAF36EB7F532983DD690
                                                                                                                                                                                                                                                                                            SHA-256:EABFCFA5D1E834B5924F9C77D95E1F548A46C8254F2E35BA6BCFFBED5AC1CAD1
                                                                                                                                                                                                                                                                                            SHA-512:737863C7F0C0143BC9FFDB8ABE11B36432E7E74E53F1E764C70C1C308F9308A916FFDBA2426BE4CEA6E88F0B8431C2512C1A972B680C758EF0C9B734AEC6B044
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.ska. produkt {0}",.. BANNER_RIGHT_TEXT: "Ur.chli. prehliadanie",.. TITLE_FIRST: "Spoma.uje v.s otravn. automatick. prehr.vanie vide.?",.. CONTENT_FIRST: "Surfujte r.chlej.ie s {0}. Zastav.me automatick. prehr.vanie vide., ktor. v.s zbyto.ne spoma.uje.",.. TITLE_SECOND: "Naposledy sa p.tame: Chcete sa zbavi. otravn.ho automatick.ho prehr.vania vide.?",.. CONTENT_SECOND: "{0} zastav. otravn. automatick. prehr.vanie vide., ktor. v.s brzd.. Ak nem.te z.ujem o Web Boost, nebudeme sa op.ta. znova.",.. NO_THANKS: "Nie, .akujem",.. YES_GET_IT: "Z.ska. Web Boost",.. LICENSE: "Licen.n. zmluva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prehl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kliknut.m na tla.idlo {0} ni..ie vyjadrujete s.hlas s

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1112
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5776373584103105
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPud3hBmY2dFwHPhtDmY2dFWoZ1fjjWxnFI:PA3hBmY243mY2HfPWxnFI
                                                                                                                                                                                                                                                                                            MD5:86B1D7B32D84FA4565C28FC1CF52B08B
                                                                                                                                                                                                                                                                                            SHA1:EA006DD7FB5A359F5F7EF2CCAF78FDB7EA900B00
                                                                                                                                                                                                                                                                                            SHA-256:CF24F9B99E3B3D73E5A5A2422C709841F8B0299F2C88EC5428BD2866AFFB4BD4
                                                                                                                                                                                                                                                                                            SHA-512:04A4795C8FDE3214AF7E4397FB3E98E2FF945D8FBB03A0DAB2D5441C3B4BFBC6BBE6EB48DDEEF894F7787DB085A6EBD91440168F5CAA351E955578C3ABF5FDBF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiravajuc.e auto-video snimke koje vas usporavaju?",.. CONTENT_FIRST: "Brzo pretra.ite {0}. Spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Proveravate li poslednji put - .elite da zaustavite automatsko reprodukovanje video zapisa?",.. CONTENT_SECOND: "{0} spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, nec.emo ponovo da vas pitamo.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Ugovor o licenciranju",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na {0}, prihvatate {1} i {2}."..}..//68E5B7A5FE6CE23202

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1116
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.601123291842388
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPYodlhp2AtRW5Tm0XECCyK45Tam0XEEHh6qrTojI/HfMXGWNIMJ9fGaW:PYWXYAbWRmsEkTamsEEBbHYIffRWqMnQ
                                                                                                                                                                                                                                                                                            MD5:FC7B6C2917D070BC1F4B01A2D2920927
                                                                                                                                                                                                                                                                                            SHA1:C10A8A5546A785F4FDEA0E89D6E84357EBAED56C
                                                                                                                                                                                                                                                                                            SHA-256:A1281BBAA3ED4B4D341208278C57E0210CD9AF0CAA942304D63E0519E8FB3054
                                                                                                                                                                                                                                                                                            SHA-512:82DF5916D550C8FB93AA260F90B731B8A5365905A664AB53C2A61FFC5654A7B7ABAECF108A91C1F17D7DE4638E606FABC99A4D550A0D4CDFAD70BA10569F0E58
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "H.mta {0}",.. BANNER_RIGHT_TEXT: ".ka hastigheten p. surfandet",.. TITLE_FIRST: ".r datorn l.ngsam p. grund av st.rande automatiska videoklipp?",.. CONTENT_FIRST: "Bl.ddra snabbare med {0}. Vi stoppar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande.",.. TITLE_SECOND: "Vi fr.gar f.r sista g.ngen . vill du stoppa automatisk uppspelning av videoklipp?",.. CONTENT_SECOND: "{0} f.rhindrar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande. Vi fr.gar inte igen om du inte .r intresserad av Web Boost.",.. NO_THANKS: "Nej tack",.. YES_GET_IT: "H.mta Web Boost",.. LICENSE: "Licensavtal",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Genom att klicka p. {0} godk.nner du v.rt {1} och {2}."..}..//D45519A94E74D9

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1173
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.660515276527873
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cP/XRGHmeqM6+bBNLefXtexcJYOEvKxUew53ksNefXtexcJ6dp7hVE9tClfs2QI:P/XRGHmelbBFevBuv7ew53NevBS1nwOd
                                                                                                                                                                                                                                                                                            MD5:C9934020570EAEB85F6C15A27D7A2EC9
                                                                                                                                                                                                                                                                                            SHA1:EEC4A4CF0538B5F95E57C0DFB8484C96A2DB0B39
                                                                                                                                                                                                                                                                                            SHA-256:57003DA60BE93C88C2A86844B2CF7F0E3E0BF0162E0F4D4CA3A3A49EC5284297
                                                                                                                                                                                                                                                                                            SHA-512:CF888DE52D80132DB8CDA0D82B0013832695A340FD621C2B600A5E6F9D2A1A4C6171FFF816538622E3FF9E14BD1739838ED7BA609DEFE268F6C300F95AE9A85C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} Uygulamas.n. Edinin",.. BANNER_RIGHT_TEXT: "Web'de gezinmeyi h.zland.r.n",.. TITLE_FIRST: "Otomatik olarak oynayan can s.k.c. videolar sizi yava.lat.yor mu?",.. CONTENT_FIRST: "{0} ile daha h.zl. g.z at.n. Otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdururuz.",.. TITLE_SECOND: "Son kez soruyoruz, videolar.n otomatik olarak oynat.lmas.n. .nlemek ister misiniz?",.. CONTENT_SECOND: "{0} otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdurur. Web Boost'la ilgilenmiyorsan.z tekrar sormayaca..z.",.. NO_THANKS: "Hay.r, te.ekk.rler",.. YES_GET_IT: "Web Boost'u Edinin",.. LICENSE: "Lisans S.zle.mesi",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "{0} d..mesine t.klayarak {1} ve {2} ko.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1062
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4119167829165145
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cyPdC/0RFVLakZxaoK4K1nfmHWMm3YeWah+AJh+Wh:yVC/0VLvLVSf4WMPrnKhx
                                                                                                                                                                                                                                                                                            MD5:3CD06E88E15FF98D8391BD86F1FDA2EA
                                                                                                                                                                                                                                                                                            SHA1:E455E6C282719B118F2623613167B50CA49BABFD
                                                                                                                                                                                                                                                                                            SHA-256:2260024B17B0557DD2326B84844CDAAF2DE6A5D8D06948F7A76C57F82D88E108
                                                                                                                                                                                                                                                                                            SHA-512:E0505EAD0398917A72EB35A5CFE6BDB1976AA3CAB6F708D919E9A77F013689498D01BC93BDE07689E05D747827FF459ADAEA689BAD680D90A455F6BD5AB0772A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "...&reg; Web ..",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "......",.. TITLE_FIRST: "....................?",.. CONTENT_FIRST: ".. {0} ........ ........................",.. TITLE_SECOND: "....... - ...........?",.. CONTENT_SECOND: "{0} ...................... .... Web ...............",.. NO_THANKS: "....",.. YES_GET_IT: ".. Web ..",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0}.........{1}...{2}.."..}..//49C08407A461F0F4341EC1249DD70C00EE937DDF530A963B6AA37CB5CCEF3C000EA2

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1018
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.385013856686841
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6cPGdRXudZh7df/9cIDlcFesbfOKU6D8Gfg1WJ9ru15:PIBudv5H9cIDMy9opfg1WJ1m5
                                                                                                                                                                                                                                                                                            MD5:66F58354005953E975924C7476823DAF
                                                                                                                                                                                                                                                                                            SHA1:448C8F62F3FFD1AEACFF06F4DD7BF50547742C1F
                                                                                                                                                                                                                                                                                            SHA-256:390FC07E48BC101B34CB6A8D4D2DEAEA2F802309C5DB4811BB3EDDC2E16A5A24
                                                                                                                                                                                                                                                                                            SHA-512:3568E711CF9DEEA27FAE112A4EA969BB911A78E5BB08411017B2129FE2D456A50158832E0EC02D891BA32790D587B66AF9924D1BC99243454BF2041AAA7270C7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "....",.. TITLE_FIRST: "...............",.. CONTENT_FIRST: "..{0}....... .....................",.. TITLE_SECOND: ".....................",.. CONTENT_SECOND: "{0} .................. ... Web Boost ..............",.. NO_THANKS: "......",.. YES_GET_IT: ".. Web Boost",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0} ......... {1} . {2}."..}..//64A54E09939C5A9134A3AB3BB857DA7CD7A7CB5C5AB8CC3B06C4B387BE265CF343DAF17A7D5EAA226C2556488C566E470553061B48EAA4C1

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-cs-CZ.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.25444060957449
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Jb0j:+sv+K5+CtTFCqsUz0AUoey+uj
                                                                                                                                                                                                                                                                                            MD5:9FF0840E4C5374F9510CA299B4C9E391
                                                                                                                                                                                                                                                                                            SHA1:EC643008CF6EC8BBAD2E39646A689B8E80215523
                                                                                                                                                                                                                                                                                            SHA-256:AC58382527D31FFCBCBEF915EF8DD02ED91F4D8E756850FDCA37EDE67D50F77B
                                                                                                                                                                                                                                                                                            SHA-512:120D3BCEA3A9EDEB19E1BF85AC2776A716FB98474304F36F746F67E30E5A7FF8C5215CE6E464082EB94315D253B9FFC313930DCADCA69B47CF574FAF63014AB3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-da-DK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2532454752635465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+wxPe:+sv+K5+CtTFCqsUz0AUoey+42
                                                                                                                                                                                                                                                                                            MD5:1574B59CF396C9A2AD5FDEDC28DA633F
                                                                                                                                                                                                                                                                                            SHA1:8F38EFF1CDD271D055C26881E9AE8A61B3A45EBD
                                                                                                                                                                                                                                                                                            SHA-256:AC6638D65E6B7982719EA2445EC6597467CD4F2F952159FD01511C1EC038DC2E
                                                                                                                                                                                                                                                                                            SHA-512:4C13CEC66530B955BCA421FBDE6E99739841C7E90F05AC9F84691C8EB89215B68018A93F6D29B8B85107DDCC0940AC6C4525EEA0449C940A476F8CAE6EFCCC6D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-de-DE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.26563931741394
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+KS:+sv+K5+CtTFCqsUz0AUoey+/
                                                                                                                                                                                                                                                                                            MD5:C1E94F302E6591BC7CF8FC0B24C8CBFE
                                                                                                                                                                                                                                                                                            SHA1:A4786A41B62B9B0311355973EB08F9AE3EBCA43D
                                                                                                                                                                                                                                                                                            SHA-256:9AC462F71A6D9166546814A94997E7388ABEF2583DD90D2A43B354D6AF53B730
                                                                                                                                                                                                                                                                                            SHA-512:F69009182B780707CC0DB825620999F577FD9E7DDDBB4D45ADC5718A8B6843F6B1E622664E3C7F1AA6505C275E038D66932148F62302A0B25F667C4DCFF99AB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-el-GR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2499220937560205
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+CtTn:+sv+K5+CtTFCqsUz0AUoey+Cl
                                                                                                                                                                                                                                                                                            MD5:497E44075EC3C6964DB59457A8B1B223
                                                                                                                                                                                                                                                                                            SHA1:C2655435B421B6669297B05782CAE19D90782BB4
                                                                                                                                                                                                                                                                                            SHA-256:FA7F9024E1C48670969F3B23005E9091B8C480A640DFC4649629769D9B69A106
                                                                                                                                                                                                                                                                                            SHA-512:80FF65F0B503A6C34180961317A06EA26A65200A27F4FADE107676F3DD9921CD17119D843B94E235B6E941B9B9BB298664552C151E12CB5782882C3FBD892B2C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-en-US.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.243266602213208
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+cK:+sv+K5+CtTFCqsUz0AUoey+cK
                                                                                                                                                                                                                                                                                            MD5:D7312080A80B0500E15A85FEF7232A47
                                                                                                                                                                                                                                                                                            SHA1:0315B5CA4EB059396FDBEE7DFC2D34A699CAC84B
                                                                                                                                                                                                                                                                                            SHA-256:B937CE2BFB9473D3AB0393B99CA678206E1F2CBA86F949FCF33EB27CF4AE8075
                                                                                                                                                                                                                                                                                            SHA-512:0DBDBB00067B15849FC53489A302BA2E030E07F2C1D9C706E83D853572C480D4288A1CA067E4853812BB1B879F9E2A4937D271E7ED20A09896456716CE2978B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-ES.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.250696425957449
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+gJ:+sv+K5+CtTFCqsUz0AUoey+I
                                                                                                                                                                                                                                                                                            MD5:E59186A282F1CC2D32C402346EDE7C26
                                                                                                                                                                                                                                                                                            SHA1:EB6966A9C610198D2C89D4E2E076007CFBBC047D
                                                                                                                                                                                                                                                                                            SHA-256:41E557D485346F535E109A6EBE8B33C593349C3160DB937C915FB7860048A861
                                                                                                                                                                                                                                                                                            SHA-512:4A3A26E8B6E01A34D3A1A32B41EC65342D558CEA23C1193A01D50CF784CCF78E7B7C4C6C4693392FEE45B1EB2E435EB78509AFAC24A0705A73AC9E5FC61A20B0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-MX.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.265257639782756
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+QiWDH:+sv+K5+CtTFCqsUz0AUoey+/sH
                                                                                                                                                                                                                                                                                            MD5:4B8F8AACE43200520CC90A6F993F0678
                                                                                                                                                                                                                                                                                            SHA1:8043122F124589EC5F21B37CD411F6470E9695C7
                                                                                                                                                                                                                                                                                            SHA-256:04AA5C603EEA688303420EA12E4358EF28933AA41305E8D2C7C16741E14204F9
                                                                                                                                                                                                                                                                                            SHA-512:53FB65E8C2D6E4ED98062F5E1C943210A929B749CF048C2EC8963E25E889FDD26CB39AA302CB536E995272915B1AC2C3FF912EF6F1B9C85EB1EA1BC0EFCD26FC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fi-FI.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.258251898892065
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+S:+sv+K5+CtTFCqsUz0AUoey+S
                                                                                                                                                                                                                                                                                            MD5:53F0F412D0E225E4E463F516A1DBF9C9
                                                                                                                                                                                                                                                                                            SHA1:4A5ED14B479D5DC0EFC731D7093D8F14858E6A36
                                                                                                                                                                                                                                                                                            SHA-256:1FA0A1D588EE553E0E9A14DF90A2AEB0AB12D991F17C6487B27316E39B205CBB
                                                                                                                                                                                                                                                                                            SHA-512:0562BC1EE777306E1BE12D19CEC36096239BD455311B85FD117D92DC053795F4F75F8EAEC3194C192CFDE1027F98C276CEEBCD7EABA07B649E0447CC26FE8AF8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-CA.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.254812378549176
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm++Cut:+sv+K5+CtTFCqsUz0AUoey++Z
                                                                                                                                                                                                                                                                                            MD5:B20EFB148ADE478056081E7E156558BB
                                                                                                                                                                                                                                                                                            SHA1:4A0F047BA6E68BD9A7725B330413152963E2DA7B
                                                                                                                                                                                                                                                                                            SHA-256:A261BA0069F2311B1C2F2D5E5388DAB077741635621D4230ED50783BFBD79DF8
                                                                                                                                                                                                                                                                                            SHA-512:4035759314C945DE8DBBE60797283BE8F959501AA7FC9FC4504248234DA92F5DB7B4BE836912968A966B83ACDF9BE3797B4F8F809504305F2B0BB443DE55BED2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-FR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2583485711034355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+gO3:+sv+K5+CtTFCqsUz0AUoey+h3
                                                                                                                                                                                                                                                                                            MD5:A867503CD7ACD8C4368B6C8276724C11
                                                                                                                                                                                                                                                                                            SHA1:D31A8724B1576D72B608FEC71EC663371FD939C0
                                                                                                                                                                                                                                                                                            SHA-256:A7DBE18B8104B7278E0E30FEF8D6FF981EC52D7B7D22AE14BFB248E1233386A1
                                                                                                                                                                                                                                                                                            SHA-512:70FA6E06554B883A644AD176A4F58B992CAAB339E7DE2D53D2E2B9E1B5F34E1BF18D6D85B6F6D3BF16FB8901866E5DF6602558ECD7F6A27F6F54A7EF5AB4FD46
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hr-HR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.254337718481135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+bX6:+sv+K5+CtTFCqsUz0AUoey+G
                                                                                                                                                                                                                                                                                            MD5:6B36616CBAFCBED40D9EB33FFDC4341B
                                                                                                                                                                                                                                                                                            SHA1:458FC07A542E27A1D0345E16598F85AF6D84923D
                                                                                                                                                                                                                                                                                            SHA-256:20AB0077D8F1255021F065AD216C3FC63797DFAD6B4529E9652509D85E06645D
                                                                                                                                                                                                                                                                                            SHA-512:65517FA212F866BD3CBC1FE8026241D9395C060E5A7F8745DA59F0E60E7279E7E4BC4E5C7043A36ED735EA1551AFB5998644F0583AD50350C4143B24C4CB99BE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hu-HU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2625577539374495
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+urR:+sv+K5+CtTFCqsUz0AUoey+urR
                                                                                                                                                                                                                                                                                            MD5:F9624EABDF41A451BCDB751B7DEB11AD
                                                                                                                                                                                                                                                                                            SHA1:08F5FF926A40C7DFAAB832805CD66C12363AECF9
                                                                                                                                                                                                                                                                                            SHA-256:6CBB5CB3135887868BA7712D84E2479FBE8968A7A44195BC7F97674B602478DC
                                                                                                                                                                                                                                                                                            SHA-512:9B4CB1D76FCBB46B46D589703039D15B664759CF0F9E7B9A5353FD71FC555B7E0B0BE5596DAE4143A1607979E8A5B9EAB6AE6849A8A07AD835A49CF1B139EC13
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-it-IT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.25108209866081
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+VI8Yrx:+sv+K5+CtTFCqsUz0AUoey+grx
                                                                                                                                                                                                                                                                                            MD5:422781D3C61E3141B09A720EF8F0C65E
                                                                                                                                                                                                                                                                                            SHA1:13FD1DEC703F89528694BE9AB92C8DC332F6CB2C
                                                                                                                                                                                                                                                                                            SHA-256:C370A634BDD112AAB248A2511616F9740D9DE02403F86CE648A436270EEBC6C7
                                                                                                                                                                                                                                                                                            SHA-512:49D21321AE9234B45C45BA72B19E9EE74EC52E132A0DBA9481392FF0042BC0912D2FAABAD847C887DD5EFF2F1B0718EE6FD1D79DACC4AB1361D37CD3743051D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ja-JP.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.265981496655582
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+XaC:+sv+K5+CtTFCqsUz0AUoey+r
                                                                                                                                                                                                                                                                                            MD5:2E71BB3C06EF3A19DAD806128A7EB9BF
                                                                                                                                                                                                                                                                                            SHA1:809F4215A513770797CBD937952E76E30B14448A
                                                                                                                                                                                                                                                                                            SHA-256:36E88C29A71987A2843A9B4AA9797F1D42BDBBFAF64DD27322D8C43EB8AC97A2
                                                                                                                                                                                                                                                                                            SHA-512:AF7D59CCCB9338340FC57656C42BB08133F62ED2025267C8CE79A9DC640567CFA36C511980A07127B0BFCF7547E66E822EBDAE846CB10B2CC3AD57EAF9D334E3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ko-KR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.259416151331059
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ngV/:+sv+K5+CtTFCqsUz0AUoey+4
                                                                                                                                                                                                                                                                                            MD5:05E3FA9D152FDCC30AA589FE4AFBB027
                                                                                                                                                                                                                                                                                            SHA1:A3E854E4F60E6969797C9D50390CFB8C2BCC08A6
                                                                                                                                                                                                                                                                                            SHA-256:ABED2576057201A6EE6215BBD7DEC8F8725011349B7CCBC7B0112E12CC2543F3
                                                                                                                                                                                                                                                                                            SHA-512:BCA45F6BA662B812CAEF9C5B6EE70C7A786A7CDC6981BFED93C9DA154D956E6E78848716F1251990AC033C0D10C2F032174C5D8BFDA31E49612A014D50D78019
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nb-NO.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.252748587133753
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+j7mQ1AC0O:+sv+K5+CtTFCqsUz0AUoey+jS6
                                                                                                                                                                                                                                                                                            MD5:5015C8E02697436D076CF8D5AA5AB4B9
                                                                                                                                                                                                                                                                                            SHA1:462F510E72BDCC9B8B77B8D0FC211EB45005BDEF
                                                                                                                                                                                                                                                                                            SHA-256:A5EF6E08D20A48D3ED2C243DD2D750FB312CFB38EB631043A47E6D0FEFD6F58D
                                                                                                                                                                                                                                                                                            SHA-512:73E795189BE3D53DD39DC376D2DF966469DEB0AEBEC32D425EB3A748474A53E33909A09E5AB117C81C9A31B88FCFC2F2E09166421B1C08C414D133E4B1B436DF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.247024049910334
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ZApBd:+sv+K5+CtTFCqsUz0AUoey+kd
                                                                                                                                                                                                                                                                                            MD5:4C559B09402FC72CF0039F9449875F7B
                                                                                                                                                                                                                                                                                            SHA1:438D5D0009E0FDF3B690B1F7D11EDF405488085A
                                                                                                                                                                                                                                                                                            SHA-256:C3D11AED36D63D5CCEDC7B35C7CFEE98888E44B9FA6A3635604D8BFD40F5121E
                                                                                                                                                                                                                                                                                            SHA-512:0DB9BE361233024FEBD61AB7FB38423005074E5B48AE1C148ABD7B3492233367D8B804B9764C935787E80F4B581406DCD5096425BC14DAD509C400C60395AE8B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pl-PL.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.261588271944215
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+g2UJ:+sv+K5+CtTFCqsUz0AUoey+g2UJ
                                                                                                                                                                                                                                                                                            MD5:935332DD32ED7AC4EA801D8DC0618E39
                                                                                                                                                                                                                                                                                            SHA1:7C85828C6F246F4147248294B3C16B828EAA5C1F
                                                                                                                                                                                                                                                                                            SHA-256:871643D98D408C3F5FC48C9669694F6137820C43042E7168D7D06D9D7AE88AEC
                                                                                                                                                                                                                                                                                            SHA-512:44B31516E6A2B1B73818D943AB13978E51A2F74084CA28833F86FF8A234C353FB4EC85107513D57F1F386B4C779C8D2B96B40AFFF849B3FACF3ACE09E0784AD3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-BR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.261881224001805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+wxZi:+sv+K5+CtTFCqsUz0AUoey+wPi
                                                                                                                                                                                                                                                                                            MD5:33F4F0C1F2713CCD8F6A4C52F4C9E49C
                                                                                                                                                                                                                                                                                            SHA1:843C946D369FDA781A2327A01624E5A9F72E811B
                                                                                                                                                                                                                                                                                            SHA-256:FBC00CA81968C58F40ED0E8217390D81BDA0EEB0E0AC8775750C1E8B025A6860
                                                                                                                                                                                                                                                                                            SHA-512:4421271F273EAB389493AA61AD05A029C3FDCB46533C524C91EC9B6C5C25A149891683B826BE204E0192E0198FD226999E0E25A7E3ECC97C85C61CF553849F24
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-PT.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2655188555078665
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+wcI:+sv+K5+CtTFCqsUz0AUoey+wz
                                                                                                                                                                                                                                                                                            MD5:84F33CE44F54CA624E94DDD30FC47128
                                                                                                                                                                                                                                                                                            SHA1:D28AF13994841FFBB22CBD9FA18996F45C0915BE
                                                                                                                                                                                                                                                                                            SHA-256:91F08518A1C9FD5CDF0782840B46EA72E599BD26E80327C505BC1D9F283AAFD4
                                                                                                                                                                                                                                                                                            SHA-512:9E79595536021839A68385A8BF88F4829717475E43E23E2C882C1B56D28DAC39D99E9B529C5D137B488F4B024DBBC97BC120B0125D3079E47EC969130DEBA745
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ru-RU.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2542428100556355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+bnP5:+sv+K5+CtTFCqsUz0AUoey+jP5
                                                                                                                                                                                                                                                                                            MD5:06B4D0116712B169787D48E111692A2B
                                                                                                                                                                                                                                                                                            SHA1:1EA4E01C932501ECAABA1160AECDAABDD9FE55B2
                                                                                                                                                                                                                                                                                            SHA-256:3A83E52ACA9DBEB18E8CD11CC2C056FAD00F03DFFDB83462EF710007E0DD610D
                                                                                                                                                                                                                                                                                            SHA-512:7AB8D7CCFF9AC30A5917271CD0DC0DB608D55422CFB5ACC179A693D5152154CEF91A48C34D8E9535455B27B368E85A237026F8A3AAB881EDF6952D9665C56F32
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sk-SK.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.250190768707083
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+OzI:+sv+K5+CtTFCqsUz0AUoey+j
                                                                                                                                                                                                                                                                                            MD5:BD62E302B565104084BB2E8C9BBE5F47
                                                                                                                                                                                                                                                                                            SHA1:532D805EA4391A405B7F18982CBB30301D45A5BE
                                                                                                                                                                                                                                                                                            SHA-256:D0434948E2A7FCD0B4D07734DB528D7989892E7FEA1A2C1BFF4B3A0D47C16517
                                                                                                                                                                                                                                                                                            SHA-512:3AA9D3B0BC564BEC1B000BADE3331901A064C963BCA0EFB3A8E00CD6C9737BDFB96FEC7B79B5C45CCFD02FD773B2BFFF34D24150838AF75AC994507161A25F49
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.262592634159151
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+dPEM:+sv+K5+CtTFCqsUz0AUoey+FN
                                                                                                                                                                                                                                                                                            MD5:B99337AF6B861F2E45EB0EE26CEB937A
                                                                                                                                                                                                                                                                                            SHA1:C125913F059CF9A8EB8A091E7140318BBEA85591
                                                                                                                                                                                                                                                                                            SHA-256:3386411C7990A899DCDD075392D0212AF01FD35489ACF1E41C717895093B37E6
                                                                                                                                                                                                                                                                                            SHA-512:E733F350212206B0F29B5222D2B218FCD53D579CACB63AF36EA8A29F8B4B2F0989DD2E59DEFCF148BEA614D6940AA509505CEB1FD06812D58129AFDB03B09C36
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sv-SE.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2645985951773655
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+EM:+sv+K5+CtTFCqsUz0AUoey+EM
                                                                                                                                                                                                                                                                                            MD5:3A39DF7AC5CB324057E1EADE44C33A62
                                                                                                                                                                                                                                                                                            SHA1:041831C8F4A816E0AE554D841573B96EC8DDA23F
                                                                                                                                                                                                                                                                                            SHA-256:DDA4366D6F5D5B28DF1090839E22E1A09C51E1009782A01059864F59F6D1F73C
                                                                                                                                                                                                                                                                                            SHA-512:82570FDF8AFD3B88B05495AC0B98543F61597F5E37987108A74F8B34C552A8D1169EEA45D9DA864F135C788710B4DBB6F6355A5E885B3FC1CED82DE1C1B6EB29
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-tr-TR.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.264767868747017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+rDkEZY:+sv+K5+CtTFCqsUz0AUoey+3O
                                                                                                                                                                                                                                                                                            MD5:9721A8A972265178A904F6479558C78A
                                                                                                                                                                                                                                                                                            SHA1:3522F69A983130C2B2337792B5A1DBBD45AEAEC9
                                                                                                                                                                                                                                                                                            SHA-256:9F887388FDB7E8DF8942BD925438B150CEA841E198BBD72B663E11F6E404B0A2
                                                                                                                                                                                                                                                                                            SHA-512:C03BB5633CB390AF3823ED730D2C08855EE940875717F0D61CD3C3BC6D1D4D53836F8435D8A64B6337D06E5BC66B8A90578447D98A6078053B771FC41852315D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-CN.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.249175073480621
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+tFk:+sv+K5+CtTFCqsUz0AUoey+nk
                                                                                                                                                                                                                                                                                            MD5:D93BB99E0CA3E214460A1CAD9E6406F6
                                                                                                                                                                                                                                                                                            SHA1:CA8EECFDD9847BB1EA08A49B1DA5395CF4598A3A
                                                                                                                                                                                                                                                                                            SHA-256:3DFD01245A5D9E57B52027B62E5EC90E8A2E77544D46F0A5531BF15C296076C8
                                                                                                                                                                                                                                                                                            SHA-512:E878142D179451DD0822ED4CBE18B9DBFC16B081A28EBB7E81B414EC9881A4E3D8F4D026F5DF5F729E6657489D15C6F7FE0095C8D70A97C466A264575DB2DB47
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-TW.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2380
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.262866395958329
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+QXQ:+sv+K5+CtTFCqsUz0AUoey+WQ
                                                                                                                                                                                                                                                                                            MD5:EA03F290A6673E896A7DFFF93E74D8AF
                                                                                                                                                                                                                                                                                            SHA1:F948D593126680BAD542E2B99DA3E1B988D819D7
                                                                                                                                                                                                                                                                                            SHA-256:83A15F44D155D46D500DE69225F4B591D45CA750EE991FCEA96262CF9A752C42
                                                                                                                                                                                                                                                                                            SHA-512:C97D6D5441946A2EBBF6E49E781ED270B8171DA932CF1D09B2840E9D043CA67CC80115A91DBD9BA47A1F3BB1753C77DE732D0DF2776337E7A4A823A36A4B7309
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\aj_logic.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3309
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.582346600381333
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:dOOh0XuzdrxGs+HhNDBlXv9O52Jea6iS2OiXTkZ6yXbo068OACTkt2:dOVe+PN6IS2ObPR7I
                                                                                                                                                                                                                                                                                            MD5:7E8B8D478D2F89ACF837D5F699C01A41
                                                                                                                                                                                                                                                                                            SHA1:926CC676DD8724887C4ED9D2B5704A6FDB36CB97
                                                                                                                                                                                                                                                                                            SHA-256:4EA094C4A0FE12538375C820A817943FF2869745B965ABD59317F1FC35AC3933
                                                                                                                                                                                                                                                                                            SHA-512:54E49B42A32824D584CABB7AE96C55EF5ECDEDD9B8C96E53501AA2C77D420FF4C1715AFEFC1261223D11702A61A007CEEC3EF291F4A5DC2346E3D77F74334871
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ.......... 4...7.......7...%...>...4...>.......T...4...7.......7...%...>...)...H.......7...>...4...7.......7...%...4.......>...$...>...H....tostring)[BL]: is_aj_blocked: end, returning .is_active1[BL]: is_aj_blocked: standalone installation.get_oem_implementation.[BL]: is_aj_blocked: start.info.log.core........~4...7.......7...%...4.......>...%...4.......>...$...>...4...7...7.......7...)...%.......'...>...'.......T...'.......T...4...7.......7...%...4.......>...%...$...>...)...H...4...7...7.......7...)...+.......>.......T...4...7.......7...%...>...)...H...+...>.......T...4...7.......7...%...>...)...H...4...7...7.......7...)...+.......%...>.......T...4...7.......7...%...4.......>...$...>...)...H...3...:...'.......T...'.......T...4...7.......7...%...>...%.......F...T...4...7.......7...%...>...%.......F...G.........Ewacore:mfw\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html8[BL]: aj_logic.get_template: returning toggle toastGwacore:mfw\packages\webadvisor\aj_toasts\wa-aj-toast-che

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1736
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.802009878123512
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:svcBul+GI4gCGnPVj1fEX3Oh0KxAACEEzF:svplE7PvaS0KxApvzF
                                                                                                                                                                                                                                                                                            MD5:A8A7028F17CC52426902347F00E503F6
                                                                                                                                                                                                                                                                                            SHA1:A611AEA67561322EC9F6B92D9017BF29FEF4AFD4
                                                                                                                                                                                                                                                                                            SHA-256:DC93A94433CAD7302667C42C4B479896D2AD0F0AC058945E6BB5494A705B4D9D
                                                                                                                                                                                                                                                                                            SHA-512:F564502AF41892108E779B546C43866FBB45DECC645B1AE72325B2BC14B9E66A1935A0AD225D62268E6D14E4D5CA87E933E29771789EDBB72151A12871D262D8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..8.......:...:...:...G....providerName.providerId.priority........)...H...........)...H...........)...H...........)...H...........)...H...........G...........G...........)...H............4...7.......7...%...4.......>...$...>...%...2...%...F...Hfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-sstoast.html3wacore:mfw\packages\webadvisor\wa-sstoast.html.tostring0[BL]: calling get_toast_template_path with .info.log.core........%...H....default........%...H....DefaultSearch........)...H............4...7.......7...%...4.......>...%...4.......>...$...>...4...+...>...T...4...7...7.......7...)...............>...A...N...G......SetBrowserSetting.BrowserUtils.utils.ipairs., browser_type=.tostringM[BL] calling Base_provider:fill_url_settings_with_the_same_url with url=.info.log.core......%.?4...7.......T...4...2...:...4...7.......T...4...%...>...3...5...4...7...1...>...5...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\edge_onboarding.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4215
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.708566164315219
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:vS5r1iy0HVRJ+ak1BB/vknvkxvkg4+ZPxVVnM/pxewRQHcTG64:vSR1eqJ/vwvCvxZpVMpxdRQAGl
                                                                                                                                                                                                                                                                                            MD5:29F407240D0120852E87DE9CA27DB793
                                                                                                                                                                                                                                                                                            SHA1:3B55C113972912E3551AD48F303BAA1BF774202E
                                                                                                                                                                                                                                                                                            SHA-256:86FB69430E3B8C6F281A4D1A1AD4E4D8E7BFE63EE26BD04309649F0A906521E5
                                                                                                                                                                                                                                                                                            SHA-512:8409D788EF06F63B666F90ADF87622838F573B3FAAD9A3DD289B5794B513DE6EA99CC9B711D9B57058A613CAFBB987437B78EA51513F51E84B7A3E315288323D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........;4...7.......7...%...>...4.......7...4...7...7...7...7...+...>.......T...4...7.......7...%...>...)...H...4.......7...4...7...7...7...7...+...>.......T...4...7.......7...%...4.......>...%...$...>...)...H...4...7.......7...%...>...)...H......common_checks: end., won't proceed.'.tostring$common_checks: extension state .get_extension_state*common_checks: registry entry present.edge.BrowserType.BrowserUtils.utils!has_extension_registry_entry.browserSettings.common_checks: start.info.log.core.........'4...7.......7...%...>.......T...+...>.......T...4...7.......7...%...>...G...4.......7...)...%...+...>...4.......7...%.......>...4...7.......7...%...>...G.......!schedule_edge_ext_check: end.on_edge_check.SetEventTimer.timerFactory.edge_onboarding_check.GetOption.settings2schedule_edge_ext_check: common checks failed#schedule_edge_ext_check: start.info.log.core......B...4...7.......7...%...>...+...>.......T...4...7.......7...%...>...G.......T...+...)...>...4.......7...)...%...+...7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3412
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.573341748501057
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:2S5CTNSU5oEKBcys6pE+Zo1VsLjgUj0knS2EfXdYv:2SoSU5obxvnZo1VLknS2gXdYv
                                                                                                                                                                                                                                                                                            MD5:4BA4A91EEB45D5295DFBA9FF8624307C
                                                                                                                                                                                                                                                                                            SHA1:BE70262F3C0533E340470EC2018337D1E03A6480
                                                                                                                                                                                                                                                                                            SHA-256:29EADB3D3F32C2B8CCEECD213BC4A7DFCDEE442B48375270C8C77540E0295CB6
                                                                                                                                                                                                                                                                                            SHA-512:2E016CBFC642C525AA77905C86BCB3ABAA32D1C5FE67F595D7DAC710097B30B40A8A6E6028A884446DBC37D015FAF6265D7E09769501EE6EA8464DCB26DD3CFE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........T4...7.......7...%...>...4.......7...4...7...7...7...7...>.......T...4...7.......7...%...4.......>...$...>...)...H...4.......>...'.J.....T...4...7.......7...%...4.......>...%...$...>...)...H...4...7...7...7...7...4.......7...4...7...7...7...7...4...7...7...7...>.......T...4...7.......7...%...>...)...H...4...7.......7...%...>...)...H....common_ff_toast_checks endBcommon_ff_toast_checks: WA extension is installed and enabled.ff_wa_ext_id.get_extension_state.ext_enabled.ExtensionState$ supports registry installation%common_ff_toast_checks: version .tonumber.tostringIcommon_ff_toast_checks: failed to get Firefox major version . Error .err.ff.BrowserType.BrowserUtils.utils.get_browser_major_version.browserSettings!common_ff_toast_checks start.info.log.core......#.l4...7.......7...%...>...4...4.......7...)...%...'...>...=...4...7...>...4...4.......7...)...%...'...>...=...4...7...7...7...............>.......T...4...7.......7...%...>...G...3...4...7...7...7...:...4.......7...)...%

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2022
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7969664378376935
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:eurHi7o5purHi70dyMGhKz8urHi7u49UEtnhhvwJwkCLkTB+2QS5Vpx7WsE:eujiYujiQGoAujibNtnhNbkCoTAdS5dc
                                                                                                                                                                                                                                                                                            MD5:0E51B32A148FBAF0177C1EB7514F37F4
                                                                                                                                                                                                                                                                                            SHA1:94D39C14DB66C254003D0DA279CF71FEC99F5850
                                                                                                                                                                                                                                                                                            SHA-256:8D1207154C3EB90FD1834AE802FFB22C09FE4AA06CB7C97CA8DD0722B266520F
                                                                                                                                                                                                                                                                                            SHA-512:8AA7E98D62265AC498303B95B819CBCF31CE0BDE3D173DBDF75C62A8EE18E1BEEA116F3E88CE05B049B18C680775D2FE8A1F0D0909C167F5DFA5D83AED217BF0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...6.......T...6...H.......T...)...4.......7...............>.......T.......T...)...9...H...4.......'...>...G....error.include.external.loaded.package.........3...%...4.......>...T...4...........>...A...N...G....require.ipairs.MFW\core\.....logger.dkjson.json.utils\stringUtils.utils\browserUtils.class.win32helper.utils\common_utils.........3...4.......>...T...4...4...6...%.......$...>...A...N...G....Module does not exist: ._G.assert.ipairs.....external.settings.subdb.telemetry.utility.browserSettings.registry.timerFactory.........3...%...4.......>...T...4...........>...A...N...G....require.ipairs.logic\.....usage_calculation.MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.ff_monitor.type_tag_utils.tests_logic.aj_logic.edge_onboarding.oem_utils\oem_util.oem_utils\oem_utils_wss.oem_utils\oem_utils_wps oem_utils\oem_util_selector.oem_utils\affid_monitor.........3...%...4.......>...T...4...........>...A...N...G....require.ipairs.telemetry\serializer

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4260
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.702833100833656
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:+EmzFkWog99GVWuFqisQmu/JN4/+PzDlN7qmjFBHMSPSr460TSVUOgXw6Zr/Ikxx:GmzO9CWeqiZ7jNNuYjaxwSC1Ckxjd
                                                                                                                                                                                                                                                                                            MD5:AC4B0FAA52B6DFA4B765E8D94FBDFE80
                                                                                                                                                                                                                                                                                            SHA1:EF63A9847E3AB925EF4F39EE80C851F9543CD08E
                                                                                                                                                                                                                                                                                            SHA-256:6365FABF53722E6EE54C7C1F2B5022621216E7A76C12BC8E5D0BB7C0395806F6
                                                                                                                                                                                                                                                                                            SHA-512:D1E4A1E046CB9779B49F23D13EEBF8F1440C5C04DD115BA67F5EEEB016AEA88AED920620472F79EE508D8D5E7765CD2B0B93F5389BE3821A7F376BFA346B8D80
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........$4...7...7...7...4...7...7...7...>...'...+...7...%.......>...4...7...7...7.......4...7...7...7...........'...>.......T...)...H...+...7.......@......string.GEO_ISO2.SYSGEOTYPE.GetGeoInfoA.char[?].new.GEOCLASS_NATION.SYSGEOCLASS.GetUserGeoID.kernel32.Win32.core..........4.......7...)...%...%...>.......T...4...7.......7...%...>...4...7...7...7...>.......H....GetUserLevelGeo.MiscUtils.utilsH[BL] GetGeo: Got empty value of SystemGEO, falling back to user GEO.warn.log.core..SystemGEO.GetOption.settings.........4...7...7...+...7...7...'...'...%...>...=...7.......T...)...T...)...H......handle+{B3251298-6CD7-4C88-A541-A62A7500D233}.OpenMutexA.C.Win32Handle.Win32.core........8+... ...........T...)...T...)...4.......>.......T.*.....T...4.......7...).......4...4...7...7...7...........>...=...=...T...4.......7...).......%...>...4.......>.......T...4.......>.......T...4.......7...)...........>...H......(current<setting).days_elapsed.common_utils.utils.core.tostring.SetOption.settings.st

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10019
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.832205746569477
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:S9w9/Cam+UDm7fGivdL5Z3F4u6xiTbTIbcqa+aBaMTtmC0FKgv4d7dS27pnvWSJA:VKaVbfGULn15kSTIIqDI81KgQ7dSItv8
                                                                                                                                                                                                                                                                                            MD5:EC793972999E80F949D6BF21FB9EDF0E
                                                                                                                                                                                                                                                                                            SHA1:4440C44980518FEF4D24D96796B8FB2EDD31D9A4
                                                                                                                                                                                                                                                                                            SHA-256:A892622449790373831BEC9516E5033A13101A017826B19022828344F7DA1244
                                                                                                                                                                                                                                                                                            SHA-512:0CE78689E06BFB195D3D5260FC6D9642398A2789616CB054F66D174A100E30DA1DFE4644BA513019CAF739E7E28C1B010DF87BBD9933F1E37AE50E4CDDDA2B48
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........J4.......7...)...%...'...>...4.......>.......4...7.......7...%...4.......>...$...>.......T...4.......7...)...%...4...4...7...>...=...=...4.......7...)...%...%...>...)...H...4.......7...)...%...'...>.......T...4.......7...)...%...%...>...)...H...4...7...7...7...4...4...7...>...=...........%...@....MinimumDaysElapsed.MiscUtils.utils.(interval=0)3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL.(just set).OEM_WSSUninstallDateState.time.os.SetOption.tostring.[BL] *WSSUninstallDate = .info.log.core.tonumber.*WSSUninstallDate.GetOption.settings.........V4.......7...)...%...)...>...4.......7...)...%...'...>...4.......7...)...%...%...>...4.......7...)...%...%...>...4.......7...)...%...%...>...4.......7...)...%...%...>...4.......7...)...%...%...>...4.......7...)...%.......>...4...7...7.......7.......>.......T...4...7.......7...%...4.......>...$...>...G...4.......7...)...%.......$...%...>...G....NoError.RecoveryAttemptLastError_.tostringA[BL]: SetSearchOfferAllowed: nil browser string

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\affid_monitor.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1187
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.687082306313735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:pTS2+KnFwDzFcPfiwOaw2pFVIW17rF89lMLpFmJpFKljo8o0NRN:RS2psqPfiwO52pFVIW7589yDypFKljoc
                                                                                                                                                                                                                                                                                            MD5:E44B243D13AB21FAA2842E11862548EE
                                                                                                                                                                                                                                                                                            SHA1:E830DEFB0DD1A7131F41C88641B0D9098E74B05D
                                                                                                                                                                                                                                                                                            SHA-256:0F5F3DCF0EAAC59BAE9510A01A02581D034EB68545EC5D9FD4CBF983958D5454
                                                                                                                                                                                                                                                                                            SHA-512:3DB85A227FA63588766AE62626B1D74A5019D8F8B471B6EF37A1A259F0B8CFDFE347B03FE246008E6B4C950992CEC0846976579E86290DB08A375A1E8B4C6F3F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........{4...7.......7...%...>...4.......7...)...%...+...>...4.......7...%.......>...4...>.......T...4...7.......7...%...>...G.......7...>.......T...4...7.......7...%...>...G...4.......>...4...7.......7...%.......$...>...)...4.......7...)...+...>.......T...4...4.......7...)...+...%...>...=...4...7.......7...%.......$...>.......T...4.......7...)...+.......>...)...T...4...7.......7...%...>...4.......7...)...+.......>...).......T...4...7.......7...%...>...4.......7...>...4...7.......7...%...>...G........wps_affid_check end.apply_customization.wps_utils,wps_affid_check: applying customization.wps_affid_check: affid is not updated yet.SetOption1wps_affid_check: current WA saved aff_id is .0.does_setting_exists$wps_affid_check: wps aff_id is .tostring'wps_affid_check: wps aff_id is nil.get_aff_id/wps_affid_check: wps implimentation is nil.oem_utils_wps.wps_affid_check.SetEventTimer.timerFactory.wps_affid__check_period.GetOption.settings.wps_affid_check start.info.log.coreB.......(...%..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):560
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.1103919625520815
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:+ayl0lqwtLHlRX/qmLQafHtfLBGgiO6CaMAEKRjsj2zHc5xh:p+00Ez/qmPRLBx2ChAEK2Czmxh
                                                                                                                                                                                                                                                                                            MD5:E4A082A664D2F17638C9DAFE6F027D3B
                                                                                                                                                                                                                                                                                            SHA1:5D5FA68165FD1858D6CBEDD6A14DCF95CAE23EDD
                                                                                                                                                                                                                                                                                            SHA-256:EDFEC5EF4193B9E2C99E0CD21B4AD5B935E792CB0705D90D8187913A692A9727
                                                                                                                                                                                                                                                                                            SHA-512:E2FB91D6848096A5AAE6B4763AB6FD0FAAC6078F627CF331BD3948BBCFC2553C14D4EA2AE26D3327240BEB79246A10C0D8FF963238055C1C892C99301351A829
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........G...........)...H...........)...H...........)...H...........)...H...........)...H...........)...H...........)...H..........."4...7.......T...4...%...>...4...7...1...>...5...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...4...1...:...G.....is_active..get_expiry_date..get_activation_date..get_install_date..is_trial_active..is_trial..is_installed.oem_util..class.core.class.require.core._G...//2B28664ECBEB214C38C9DCFCDA5A56647A905E35CDB03ABE2EC5E0D5A68D6DB07F454B0377350402AFA7A2EAB22337FF76FDD3420D9ED57978BAE9F48FE2C350++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):672
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.385011388701981
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:uFVVJP2VOB4kML2lBOphYfR2MQyPiOhYfQIMBFxUNWbGdYZ279hH8bO:uD3P4OBf8wfR2MQsmfQIMBFC7H8q
                                                                                                                                                                                                                                                                                            MD5:CA920D159AD3737BAB806A3A5C9628D2
                                                                                                                                                                                                                                                                                            SHA1:5D9DE79A94FC88CB69442A4A7D6FA2610930AE21
                                                                                                                                                                                                                                                                                            SHA-256:6490715DE7C02E3343081040E6DF7D4E37965E4E588217D051C9436089E0DA30
                                                                                                                                                                                                                                                                                            SHA-512:A3E7A8899CA9402F7B01C44BA38DA7457D52EB0EC81C068AF075BE9FA010DC3D48698821432C9345C50ECE200ACBF0DE88999329F7EE1FA87BEE312B10DA18E8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........44...7.......7...%...>...4...>.......T...4...7.......7...%...>.......7...>.......T...4...7.......7...%...>...H...4...>.......T...4...7.......7...%...>.......7...>.......T...4...7.......7...%...>...H...)...H...0[BL]: get_oem_implementation: wps installed2[BL]: get_oem_implementation: wps_oem not nil.oem_utils_wps0[BL]: get_oem_implementation: wss installed.is_installed2[BL]: get_oem_implementation: wss_oem not nil.oem_utils_wss([BL]: get_oem_implementation: start.info.log.core+.......1...5...G....get_oem_implementation....//0629AC9444D8F7AED73120ACB3B93D2B7B491A64C2CB84DE9779506A9029A1275CA0D1D034DFC03029BAD96455E35286431B79724CE7EA0639D49DAFC980E973++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wps.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4951
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.580678162122476
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:7vFn/LxjkPu0UxfF7dJHTelC9sjXFXT/k2NJyPTvUE6+lRUD:hh7RG/koJYsD
                                                                                                                                                                                                                                                                                            MD5:F260CC25B487C009F699F6AE2B7533CE
                                                                                                                                                                                                                                                                                            SHA1:79EB03B199A105691F9FE1CB0ED6F7AA337BF738
                                                                                                                                                                                                                                                                                            SHA-256:A7E9B87C4DC419055FB573A9CDFB74E10885104D6BACEAF1BF47FAE81705CA85
                                                                                                                                                                                                                                                                                            SHA-512:D73219EB16C6FECF6B853C892CBC9577AE561B41CC8E31B9B4F7F23A1A7E0AD9FD90233549CC8F39A08923773DEA28D0C202230037FD44A358817B5A70883923
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........14...7.......7...%...4.......>...$...>...4.......7...+...>.......T...4...7.......7...%...>...G...4.......>...4...7.......7...%.......$...>...4...7.......7.......>...4...7.......7...%...>...:...G......wps_data5[BL]: oem_utils_wps:constructor: parse succeeded.decode.json1[BL]: oem_utils_wps:constructor: setting is 0[BL]: oem_utils_wps:constructor nil setting.get_setting.wps_utils.tostring.[BL]: oem_utils_wps:constructor. self is .info.log.core........;4.......>...4...7.......7...%.......$...>.......7...+...>...4...7.......7...%...4.......>...%...4.......>...%...4.......>...%...4.......>...%...4.......>...%...4.......>...%...4.......>...$...>...4...7...3...:...:...:...:...:...:...@......sec.min.hour.day.month.year....time.os...:. .-([BL]: wps_date_to_lua: parsed date .match)[BL]: wps_date_to_lua: input string .info.log.core.tostring.........4...7.......7...%...>...4...7...7...7...@....is_wps_installed.common_utils.utils%[BL]: oem_utils_wps:is_installed.info.log.core........#4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wss.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2385
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.582950659599468
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:zWlW7vpFo1Qv16uEzskWQ5FkRkA4VGsPClXZ8G+R:xjpFo1Qt6ckzFkRkXGsPClXZ8j
                                                                                                                                                                                                                                                                                            MD5:7E60A29FAA164F6EB7656D8CEFB0DE1C
                                                                                                                                                                                                                                                                                            SHA1:5DEFC40EE08CFC543FBCED5EDD90FF53419FCC0E
                                                                                                                                                                                                                                                                                            SHA-256:FF4DE5E72604187A2957AFE6F1E46ACAED8B2BC8108FD3D120D4E6A894247B57
                                                                                                                                                                                                                                                                                            SHA-512:E10BCEA323C8CE3F72F1C88175121379C4E9F972D64F2DD0DADC8174415FD9FF85B9925277288FFAFF9066C19F3A813031CFDB8B2DF2A1E8F9855A00B3C0DEF5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7.......7...%...>...4...7...7...7...@....IsSuiteInstalled.common_utils.utils%[BL]: oem_utils_wss:is_installed.info.log.core.........4...7.......7...%...>...4...7...7...7...@....check_wss_trial.common_utils.utils![BL]: oem_utils_wss:is_trial.info.log.core.........4...7.......7...%...>...4...7...7...7...@....is_active_wss_trial.common_utils.utils([BL]: oem_utils_wss:is_trial_active.info.log.core........44...7.......7...%...>...4.......7...%...%...>...4.......>.......T...4...7.......7...%...>...)...H.......T...4...7.......7...%...>...)...H...4...7...7...7.......>.......T...4...7.......7...%...>...)...H...H...:[BL]: oem_utils_wss:get_install_date null expiry time.SubDBTimeToOsDate.common_utils.utils>[BL]: oem_utils_wss:get_install_date data is empty string.;[BL]: oem_utils_wss:get_install_date data not a string.string.type.installed.vso.GetProperty.subdb)[BL]: oem_utils_wss:get_install_date.info.log.core........L4...7.......7...%...>...4.......7...%...%...>...4.......>...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3880
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.96183758603513
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:vsIcJdhv4MbMz7hSgahA1NPbQiSQVT/mnmrdTS/q8pYQqBtJwg6svBTJ0go66SH/:OdhlQhNPEiTTe+gq8qJvpN3HKTS
                                                                                                                                                                                                                                                                                            MD5:DAD7305B382270FF11A080D0540625E5
                                                                                                                                                                                                                                                                                            SHA1:A24EE20E8C7D37FEF4A0D94F793FE531D4874756
                                                                                                                                                                                                                                                                                            SHA-256:6EF9D885FF1C500E542E6824687FE8E326A65AE760C32D34FF9CB27B3ED2561E
                                                                                                                                                                                                                                                                                            SHA-512:4E3B0D77353B0E87DD55C4E2D4C32FD866DACC757C92040F627D8B5DCFD788444D04E0BE40962CA48F62F6DA4B1159E5B55A055B9ADB932E774FE29C9FBC2C71
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........E4...7.......7...%...4.......>...$...>...4...7...7...7.......>.......T...)...H...4.......7...)...%...4...7...>...4...7.......T...4.......7...)...%...%...>...4...7...7...7...%.......>...4...7...7...7...>...6.......T...)...H...4...7.......7...%...4.......>...%...$...>...)...H.... end.GetGeo.,.Tokenize.common_utils.AU,DE.BingCountrySet.Bing.Yahoo.SearchProviderCodes.ProviderForced.GetOption.settings.ShouldSelectBingOverYahoo.MiscUtils.utils.tostring$[BL] Bing:ShouldBeSelected for .info.log.core`.......4...7...7...7...>.......T...%...H...%...H....0.1.IsSuiteInstalled.common_utils.utils.core\.......4.......7...)...%...)...>.......T...%...H...%...H....0.1.*Orphaned.GetOption.settingsZ.......%...4...7...7...7...>...+...>...+...>...$...H........GetGeo.MiscUtils.utils.core.FC[.......4.......7...)...%...%...>.......T...%...H....MC01.BingPartnerCode.GetOption.settingsY.......%...+...>...%...+...>...%...$...H........&q=.&PC=%http://www.bing.com/search?FORM=........'4...7.......7...%..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14688
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.9242648114796745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:5pu5kFI/DHGaeQiemuPjngh0hyKc1BlqNBqBPFqngsIrpqu7Y:DOkF0HGaeQiemuP8kyKc1BKqBCqrpqJ
                                                                                                                                                                                                                                                                                            MD5:247FA451AA8AD78492C3ABC691C5A284
                                                                                                                                                                                                                                                                                            SHA1:27ADFD7796BD5BB7191AA81CF44A7708ED748E55
                                                                                                                                                                                                                                                                                            SHA-256:40B5334C15A206222614E707C16A22931A5A88B1124AAB94A9340A634AC1D462
                                                                                                                                                                                                                                                                                            SHA-512:36C1D832A651E5532F5CBF757B05F8BCE4BB83067B85B1FAEB9B34B22C5B7E970D9E3FF15F274B3DBD3FBA34A26CF65D4427A1C2245343F9EBAEEDF47040982B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ.........."4...7...7...7...>...+...6.......T...)...H...4.......7.......4.......7...)...%...%...>...=.......T...4.......7...)...%...)...@...)...H....."*EMEA_COUNTRY_SUPPORT_ENABLED.HU *EMEA_COUNTRY_SUPPORT_REGEX.GetOption.settings.RegexTest.utility.GetGeo.MiscUtils.utils.core........14.......7...)...%...+...>...4.......7...)...%...%...>.......T...4...7.......7...%.......$...>.......T.......%.......$...T.......4...7.......7...%.......$...>.......T...+...%.......%...$...;...G........).*..^http(s)?://(us\.|ar\.|at\.|au\.|br\.|ca\.|ch\.|fr\.|fi\.|de\.|dk\.|hk\.|in\.|it\.|kr\.|mx\.|no\.|es\.|se\.|tw\.|uk\.|cf\.|cl\.|co\.|id\.|nl\.|nz\.|pe\.|ph\.|sg\.|th\.|pl\.|tr\.|espanol\.|ve\.|vn\.|malaysia\.)?search\.yahoo\.(com|co\.jp)/search.*(\?|&)fr=(mcasa|mcsaoff|mcsaoffblock|slv8-mcafee|$AdjustRegex: regex addition is .|,AdjustRegex: got special chrome frcode .info.log.core..YAHOO_CH_FR_CODE_REGEX_ADD.*YAHOO_FF_FR_CODE.GetOption.settings........7....T...)...H...7.......T.......T...+...4...7...7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1771
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.866517586690726
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:y6EaYQrEfyAb/taw2mx/Yz9UlEQmiR5Ftk+gIZN0dw:xEWEfyAb/Yw2mx/+9UlVbFtk+gIZN0O
                                                                                                                                                                                                                                                                                            MD5:66CE8692324759DC6A478C60175EA603
                                                                                                                                                                                                                                                                                            SHA1:A4B1149C8894E88745DA62BDF232D3E968CE50E6
                                                                                                                                                                                                                                                                                            SHA-256:6ED52DAFF2AA1AA2B7A9990CC20EB97E87B324FE7CF5D46B6926D1B928542F62
                                                                                                                                                                                                                                                                                            SHA-512:7AB36B50C0A05EC305C2AC577B43F7397BE5B31B7DED6BB38D63132015D57B465DDBB7DCC54C441C3DE822CA2B354B93296C8DA91C90BEA6B1B3E2FB29B9F8B1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........`4...7.......7...%...4.......>...$...>...2...4...4...>...D...4...7...........>...B...N...4...7.......>...'.......'...I...4...6...6.......7.......>.......T...H...K...4...7...4...7...7.......7...%.......4...7...>.......T.'.4...7.......7...%...>...4.......7...)...%...%...>...4...7...7.......7...)...%.......%...>...4...7...7.......7...)...%.......'...>...4.......7...%.......>...)...H....(empty)(fill_url_settings_with_the_same_url.Base_provider.SetBrowserSettingInt.(Unknown).ProviderToastedName.SetBrowserSettingL^http(s)?:\/\/(www\.)?yandex\.(com|ru)\/search\/(\?|&)fake_param=fake.*.SECURE_SEARCH_REGEXES.SetOption.settingsI[BL] ssProviderSelector.GetSSProvider nullifying settings for Yandex.Yahoo.ProviderToasted*GetUserBrowserSettingWithSystemBackup.BrowserUtils.utils.Yandex.SearchProviderCodes.ShouldBeSelected.sort.insert.table.ss_providers.pairs.tostring/[BL] ssProviderSelector.GetSSProvider for .info.log.coreh.......4...4...>...D.......7...........>.......T...H...B...N...)..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):30783
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.89942808249202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:hvZUXY2aT8m+mpVGakHyf4cMrRcFFHazfdOmWOD:r52aT8/rAX4cTKf9
                                                                                                                                                                                                                                                                                            MD5:3700A6BED0756A2869A5A94CD5CF0F8C
                                                                                                                                                                                                                                                                                            SHA1:433C418C3BD195184503562BF08D753311F56C53
                                                                                                                                                                                                                                                                                            SHA-256:2F8A54758AD7F85F3224768A129581F3BC08CBFC50EFB48A12917481794EE638
                                                                                                                                                                                                                                                                                            SHA-512:26D5AF303495D6B9B2CC1ECB4BB9CD43449C4BB2986A83411CA6E062CB705BC2AB83D7F7AAB4C981EAD57FDE5A5416215DA8AB481F864C61CA6E74E7BB66422F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........74...7...7.......7.......>.......T...4...7.......7...%.......$...>...G...4...7...4...7...7.......7.......>...=...4.......7...)...%.......$...4.......7.......>...=...4.......7...)...%.......$...4.......7.......>...=...G....GetCurrentMinVersion.MinBrowserVersion_.GetCurrentMaxVersion.browserSettings.MaxBrowserVersion_.SetOptionInt.settings.GetBrowserStr.lower.stringLInvalid browser type passed to UpdateSupportedBrowserVersionDimensions.info.log.IsValidBrowser.BrowserUtils.utils.core........%4...4.......7...)...%...+...7...>...=...4...7.......7...%...4.......>...$...>...+...7.......T...+...7.......T...4...7.......7...%...>...+...7...H.....7[BL]: alt_triggers_get_cohort: setting cohort to 0.logon_unlock.tostring6[BL]: alt_triggers_get_cohort: settings value is .info.log.core.regular.alt_triggers_cohort.GetOption.settings.tonumber........14...7.......7...%...>...4...7...7.......7...)...%.......'...>.......T...4...7...7.......7...)...%.......'...>.......T...4...7...7.......7...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10053
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.628325035446554
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:J7ugghiOQu22Tww/N0pOFbGskXtOib/S2RS2Q9MS2DFqiAQVJMisKvDk5cFd9Q:dughP2ThN0pOFbGskXtOib/SF2Q9MSoc
                                                                                                                                                                                                                                                                                            MD5:E74888C165822541DCE51BD6C655889F
                                                                                                                                                                                                                                                                                            SHA1:26F0FC2204A3C0AEDE4B1CEE4E07109AEE10C2F6
                                                                                                                                                                                                                                                                                            SHA-256:8A5D4402460EE6DD7C0644E687F5E26203D4987BD694076BE45E7577E918F6AF
                                                                                                                                                                                                                                                                                            SHA-512:A9C892B33542259B42000DB5DEABB07EA995CB5D732235CAD8401513D4B332C296F69850DADE49AD8D584AE1DE2CD54A41FF488E1B8D69248E836473467924B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........)...4...7.......7...%...>...4...7...7...7...7.......T...4...7.......7...%...4.......>...$...>...4...7...7...'...F...4.......7...)...%...)...>.......T...4...7.......7...%...>...4...7...7...'...F...4.......7...)...%...'...>...4...7...>...'.......T...4...7.......7...%...>.......4.......7...)...%.......>...T.*.4...7...7...7...........>.......4.......7...)...%...'...>...4...7.......7...%...4.......>...%...4.......>...$...>.......T...4...7.......7...%...>...4...7...7.......F...4...7...%...>...7...4.......7...)...%. .'...>...4.......7...)...%.!.'...>...4...7.......7...%.".4.......>...%.#.4.......>...%.$.4.......>...$...>.......T.......T...4...7.......7...%.%.>...4...7...7.&.....F...4...7.......7...%.'.>...4...7...7.(.....F....ignore_within_timeframe.tests_logic.tt_check: end.no_toastAtests_logic.tt_check: time of date is out of limit. No toast., higher limit ., lower limit *tests_logic.tt_check: current hour - .tt_higher_hour.tt_lower_hour.hour.*t.date.ignore_threshold_passed?tests

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2316
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.935897009049318
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:lSoy0q4tCvGRWooQSiEdA/mlV8OsgRNmELm1M+G3hWpfus:lSnxGRWo/SiEiiDRNNyGx+fus
                                                                                                                                                                                                                                                                                            MD5:A0A5D3B0ACD07B78ACB78C8DB76C4915
                                                                                                                                                                                                                                                                                            SHA1:3CE1CF25D0A9AF212E6F08FCCCE25A525024773D
                                                                                                                                                                                                                                                                                            SHA-256:40179C4F721BDC90B0BCB8CAF4DE4E64A7F046296918A9DB058B43654EB34F4A
                                                                                                                                                                                                                                                                                            SHA-512:AAA79A6E7F81DE3B06A921E00075DEC9F8F4D2C4DC4B64EA432C9267656C41B70945978558C82D4677CEE39313C91B9B421AA22586662ADEFAE8B48DE9691186
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........(...4.......7...)...%...%...>...'...4...7...7...7...>.......T...4...7.......'...>.......4.......7...)...%...)...>.......T...4...7.......'...>.......4.......7...)...%...)...>.......T...4...7.......'...>.......4.......7...)...%...'...>...4...7.......%...>.......T...%...T...4...7...........>.......T...%...T.......4.......>...4...7...7...7...7.......T...%...4.......7...)...%...)...>.......T.C.4...7...7...%...%...'...(...>...%.......7...>.......T...4.......7...%...>...=.......%...%...4...7. .....>...4...7. .....>.......T.......T...4.!.....7.".................>.......T...4.!.....7.#.....>.......%.$.........4.......>...........%.%.4.......>...%.&.....$...H...%.'.........4.......>...........%.%.4.......>...$...H....type=E.M.G.type=F.EscapeA.HMACSha256.utility.len169+WMDgzyMpkvioeK5ZWOdq0SVmpw1jBePppGXgqisQ=.MachineGuid.QueryValue.IsValid.$Software\Microsoft\Cryptography.HKLM.Registry.Win32.typetag_includes_machineid.5.edge.BrowserType.BrowserUtils.tostring.find.%d+.match.string.*Exp

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logic\usage_calculation.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2030
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.624982895800952
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:8lO2MV+JJOlwc59u2HHw8DAyTh4Bdj5minH3lY3I+v3M:cO2rKwc5E2HHw8DAzQiHulM
                                                                                                                                                                                                                                                                                            MD5:589EDE004DDD1F138AF6135AAA60A48C
                                                                                                                                                                                                                                                                                            SHA1:75F5CA3C63BC5F1BFDACBFD0289F8C4F9A2C9EE0
                                                                                                                                                                                                                                                                                            SHA-256:83B952A0DACC3D60FFC89564B273B716C0C61DEBB882D11EC6A3300189C35728
                                                                                                                                                                                                                                                                                            SHA-512:5D6E432B78DE8908204D85C03EEF25508A46C04CAE82BFFFACCE88D213842A69014AE60A8DEAD599953A6C6B3AD8A804E038F959398F41125A15D47B88394707
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........P4.......>...4...7.......7...%.......$...>...4...4...7...7.......7...)...+.......'...>...=.......T...4...7.......7...%.......$...>...G...4...7...>...4...7...7.......7...)...+...........>...4...4...7...7.......7...)...+.......'...>...=.......T...4...7...7.......7...)...+...........>...4...7.......7...%.......$...>...G.......)calc_on_browser_start: end. Browser .SetBrowserSetting.time.os=calc_on_browser_start: session started already. Browser .GetBrowserSetting.BrowserUtils.utils.tonumber+calc_on_browser_start: start. Browser .info.log.core.tostring...........4.......>...4...7.......7...%.......$...>...4...4...7...7.......7...)...+.......'...>...=.......T...4...7.......7...%.......$...>...G...4...7...>.......4...7...7.......7...)...+.......'...>...4...4...7...7.......7...)...+.......'...>...=.......4...7...7.......7...)...+...........>...4...4...7...7.......7...)...+.......'...>...=...4...4.......7...)...%.......>...=...4...7.......4...7...7...7...!...>...4...7.......4...7..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\logicmodule.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4503104
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.484928376088644
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:DyAfbxqfL2fX5p9/aBO6BIClYsMhxOWCUCP:DrfbxqfL2fXZHg5P
                                                                                                                                                                                                                                                                                            MD5:60AD222689CB58D59BB8DFC8D820A47D
                                                                                                                                                                                                                                                                                            SHA1:9E8235B62132B505C64AA16A6B0F4FC3018DA5EC
                                                                                                                                                                                                                                                                                            SHA-256:1A9AEAACC9B974296F11B34DADD914E5AEE5AD465633D044EFB676E018B45E81
                                                                                                                                                                                                                                                                                            SHA-512:2D4831F2DACDF05A2384515AAF4ACB43DED940C4EC3488298A77F0397E41AC1E113720C8684F199371FD68B0A10C87E99232E2A181AD024A304847DA22D9CAB8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$..........$.}rw.}rw.}rw..qv.}rw..wv,}rw..vv.}rw..qv.}rw...w.}rw..wv.}rw..wv.}rw..vv.}rwt.vv.}rw.}rw.}rw.}sw.|rw..sv.}rw..tv.}rwS.vv.}rwS.wv.}rw..{v~}rw..rv.}rw...w.}rw..pv.}rwRich.}rw........................PE..d...rj1e.........." ......3..p........-......................................`D......|E...`A..........................................=.P...P.=.......C.X.... A.\....0C.@.....C..c....:.p.....................:.(.....6.8.............3.......=......................text....3.......3................. ..`.rdata...r....3..t....3.............@..@.data...T.... >..*....=.............@....pdata..\.... A......(@.............@..@.didat..8.....C.......B.............@..._RDATA........C.......B.............@..@.rsrc...X.....C.......B.............@..@.reloc...c....C..d....B.............@..B........................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\lookupmanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1567296
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3477184607648445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:jUIoyrMg2ANjVafu5Af0Z3Loh4dr6QMNE1JPsek/cMmH:/J2AFiu55Jkh+mEnPsekEMmH
                                                                                                                                                                                                                                                                                            MD5:6379364C82163E538D930F3995DC27AB
                                                                                                                                                                                                                                                                                            SHA1:FAA6C0163DC38D26EF4A93B7859A146671E52128
                                                                                                                                                                                                                                                                                            SHA-256:B35E805FC2BB794C801BF1E3EC6658B1ABBE938F9E3D3F985A5F2BAC9C8FB231
                                                                                                                                                                                                                                                                                            SHA-512:719DB7FBF3DEB6D2B05C3490E5221340D2F972D32D4714E5989885947B6A18438A25A0F6372325D8DAD4E01E4D5B2795910F4C2F85E6AFABD42FE2BAA7FC68E3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......!..qe."e."e.">..#o.">..#.."7..#u."7..#o."..j"g."7..#..">..#q.">..#d."...#c."...#o.">..#p."e."Q."...#Y."...#d."..h"d."...#d."Riche."........................PE..d...li1e.........." .....V..........0................................................b....`A........................................p...T...............`....`.......*..@........!......p.......................(....6..8............p...............................text....T.......V.................. ..`.rdata..0....p.......Z..............@..@.data...l....@......."..............@....pdata.......`......................@..@.didat.......p......................@..._RDATA..............................@..@.rsrc...`...........................@..@.reloc...!......."..................@..B................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1785632
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.942738490429967
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:NSI3oiG08swq0fhLy0fEg6IGJIlq+S6O8:NSCG08sw3YyEg6IiYq8
                                                                                                                                                                                                                                                                                            MD5:080FF9263F39F62DBDAE513C66B7B9D2
                                                                                                                                                                                                                                                                                            SHA1:32DF585659003B10E7ED769932727D53480B9C34
                                                                                                                                                                                                                                                                                            SHA-256:326CBB6CD7D6062B850337A50200C805CDCBF59A6E05818990E6352AC68B4935
                                                                                                                                                                                                                                                                                            SHA-512:7A7A21D05FA8D2562A0598B254A25A49099AFA5EBD072DE391D9EE8DC30F57CD2830816C8A2B5997AE74C0B9924185334B15EC5CC3587B74C2E7957296E6E02B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.c......................................................9..............................................[...........Rich............................PE..L....R/`.....................t.......t............@..........................P............@.................................l)..x....`..,............... +...0..p.......T...................<...........@...............H....(..`....................text.../........................... ..`.rdata.............................@..@.data...\....@.......(..............@....rsrc...,....`.......2..............@..@.reloc..p....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\resource.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):38888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.344666762097508
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:EBr3M65hS2HiPvYumAMxkEVLpq41tuAMxkEW:Et3xzS4iGxNp31tcxK
                                                                                                                                                                                                                                                                                            MD5:9FC3387AB7332BA77EC8EDAEAF67FFCB
                                                                                                                                                                                                                                                                                            SHA1:9DFB79913911F0810357021026F72088138F4A44
                                                                                                                                                                                                                                                                                            SHA-256:7E3BE8083094958386B39F4A2C2E0E7267065EF4D2D44495058B0E571D76A17D
                                                                                                                                                                                                                                                                                            SHA-512:D758A43AD9FF77CF976C5C72AAC120D5BD361353295510312A2501D0E6D45BFCCBBDBAC8CCF99718C673CCE723D84281E6A64489FB92DD8981FB52DE2049AE07
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yj=.=.S.=.S.=.S..~..<.S..~Q.<.S.Rich=.S.................PE..L....k1e...........!.........>...............................................`......c.....@.......................................... ..\:...........@...W..............p............................................................................rdata..............................@..@.rsrc...\:... ...<..................@..@.....k1e........z................k1e.........................k1e........l................k1e............................................RSDS.{xU%..H.|5.+.s'....c:\jenkins\remoting\workspace\ebAdvisor_WABinary_release_4.1.1@2\build\Win32\Release\Resource.pdb.......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\servicehost.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):882136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.370603887914517
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:8yK58M1kekJCPjbvBMiW1nCVCqlidLu9R1i9xccHLmyI9Mm9h5nftINWm9sTlfx2:JK58MyeUiVINd9s9x1DEeH+NtYcp
                                                                                                                                                                                                                                                                                            MD5:786DA7AE2B6CCFE4A6A15675EE687036
                                                                                                                                                                                                                                                                                            SHA1:B0759D0C5F117D852F67640B75A19E21EA69C0A1
                                                                                                                                                                                                                                                                                            SHA-256:76CEBA89586E496BFB006A30676C403ED6B0DF091693660434210CAE541D14A7
                                                                                                                                                                                                                                                                                            SHA-512:07D9F35B9E740662E906DEC665A92531C00DA64E5C07F2855F24B683F343ECCCD1835114B63DAFBB2907C2C6AD91D5589EEDD3E6F1A230394E91859B89174579
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........Z..S;.IS;.IS;.I.S.HX;.I.S.H.;.I.N.HA;.I.N.HY;.I5T.IQ;.I.N.H7;.I.S.H@;.I.S.HR;.I.S.H^;.I.N.HR;.IS;.IS:.I.U.HT;.I.N.HD;.I.N.IR;.I.N.HR;.IRichS;.I........................PE..d...-k1e.........."......p..........po.........@.............................`......4h....`................................................. ........0..p....p..D...........@..........p.......................(.......8...................h........................text...,n.......p.................. ..`.rdata..*6.......8...t..............@..@.data...............................@....pdata..D....p.......0..............@..@.didat..............................@..._RDATA....... ......................@..@.rsrc...p....0......................@..@.reloc.......@......................@..B........................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\settingmanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2218528
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.513803936106778
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:hG8in55RFKuRyFGkDmuEFkqAqVYni55ZUeURpcQEvRE1dJ:sPdAuRyFJCuEFkqALiZUTRWU
                                                                                                                                                                                                                                                                                            MD5:FCE1CF5801B5BBC4577EF226DFF7C793
                                                                                                                                                                                                                                                                                            SHA1:19BB3C4EC85BD7AE6EACED425260452FA22ED48B
                                                                                                                                                                                                                                                                                            SHA-256:0FBE3031F9323C94D70F35BD84E787C4635FD5114F08A46FEFFC817637873051
                                                                                                                                                                                                                                                                                            SHA-512:E387ACE1BDB0DD0E14CF69B0A6FFC2D7475B15F5D3AFD4C431F811D7A2D7B3638BAE912F2A6B2F98CBDB51EB23C25AAD62CADFF2B8D5B37927ED3A6E41ED3B13
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$............~..~..~.....~....e~.....~.....~...0..~.....~.....~.....~.....~.K...~.K...~..~........~.l...~.....~.....~...2..~.....~.Rich.~.................PE..d...9h1e.........." .........0...... .........................................!......="...`A........................................@...T............@!.h........E.... . ....P!.h$......p.......................(.......8...............h.......`....................text............................... ..`.rdata..............................@..@.data...d...........................@....pdata...E.......F...z..............@..@.didat..P.... !....... .............@..._RDATA.......0!....... .............@..@.rsrc...h....@!....... .............@..@.reloc..h$...P!..&.... .............@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\taskmanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4098816
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.448991671950014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:19Fe+gumupH64C7/1PQWZiBa2Ij7+2qpfS5n3lJiWZONDfFu53bTWXFzdId6ttLq:lxd6KfvId6HfDnQh+iPyAIBRGH4qEWG
                                                                                                                                                                                                                                                                                            MD5:71C85B5122F5804B17DD71048F20E6BA
                                                                                                                                                                                                                                                                                            SHA1:8090BC583DA341C8371A9256049460317F74640B
                                                                                                                                                                                                                                                                                            SHA-256:DAD3A45714614C62A4052E5653213332E42CF0EED7AFF3CDFB3E970CAAF93A3D
                                                                                                                                                                                                                                                                                            SHA-512:76BFA5E5B2E92798F62DEAB617D0AE7C4CE140B54018E746F6CC42FB03D0847F1A0B3BFE28F656880B316881728108C27CB170776D220E0418ACA4B9D8D9CF04
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......\.Q..v?..v?..v?.C.<..v?.C.:..v?.J.;..v?.J.<..v?.~...v?.J.:.iv?...:..v?.C.;..v?.C.9..v?...;..v?.C.>..v?...;..v?...>..v?..v>..w?...:.Yv?...6..v?...?..v?......v?...=..v?.Rich.v?.................PE..d....j1e.........." ......-.........._(......................................0>......z?...`A..........................................7.P.....7.......=.X.... ;..`... =..k....=..e..l84.p....................94.(.....0.8.....................7......................text.....-.......-................. ..`.rdata..L.............-.............@..@.data...L,....7..~....7.............@....pdata...`... ;..b...P:.............@..@.didat..x.....=.......<.............@..._RDATA........=.......<.............@..@.rsrc...X.....=.......<.............@..@.reloc...e....=..f....<.............@..B................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionconfig.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23764
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.620433567212455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:GAKYbQS98ai+io3JaiklfBXZkHf5c2slkiCJH:GAKJ+io3kRhFZkHfqJlkiI
                                                                                                                                                                                                                                                                                            MD5:CE57A7B6F19E9B918C69E59E99B42F08
                                                                                                                                                                                                                                                                                            SHA1:CAB304283D388A429EAA471CBCF51EF0B495DB13
                                                                                                                                                                                                                                                                                            SHA-256:CF78F2039AD1E2671E82B27B441A00C709BA6076A8914622917B3CDB509AEB0D
                                                                                                                                                                                                                                                                                            SHA-512:0192DA1DA69EC43DAEF1BF6F706FF917C13AA52038120ABF41FAF1433D87D99F81149BB41B17BC75B22D9F26998120F9B1A9ECB59D011FCE032390EDECEE913D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ.............3...3...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...3...:...3...:...:. .3.!.3.".:...3.#.:...:.$.3.%.:.&.3.'.:.(.3.).:.*.3.+.:.,.3.-.:...3./.:.0.3.1.:.2.3.3.:.4.3.5.:.6.3.7.3.8.:...3.9.:...:.:.3.;.3.<.:...3.=.:...:.>.3.?.3.@.:...3.A.:...:.B.3.C.3.D.:...3.E.:...:.F.3.G.3.H.:...3.I.:...:.J.3.K.3.L.:...3.M.:...:.N.3.O.3.P.:...3.Q.:...:.R.3.S.3.T.:...3.U.:...:.V.3.W.3.X.:...3.Y.:...:.Z.3.[.3.\.:...3.].:...:.^.3._.3.`.:...3.a.:...:.b.3.c.3.d.:...3.e.:...:.f.3.g.3.h.:...3.i.:...:.j.3.k.3.l.:...3.m.:...:.n.3.o.:.p.3.q.:.r.3.s.:.t.3.u.:.v.3.w.:.x.3.y.:.z.3.{.:.|.3.}.:.~.3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...3...:...3...:...:...3...:...3...:...3...:...3...:...3...:...3...:...3...3...:...3...:...:...3...:...3...:...3...:...3...:...3...:...3...:...3...:...3...3...:...3...:...:..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):511
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.260911221069017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:x9cLdRk5IdLkL3B/ApCOpCz8TkEJtDV09OS7jamKnALrIY9dxn:ULHk+o3Bwj1JDV0THzIkn
                                                                                                                                                                                                                                                                                            MD5:3D4D244FB94757E55F7B2563A0520611
                                                                                                                                                                                                                                                                                            SHA1:9607E0A60C1B15860228A6617047C456733C410D
                                                                                                                                                                                                                                                                                            SHA-256:643A96A89DF3BE3FC9588656B32ADB8EFE9C2268DDF0DC841E2C7A50899B1A43
                                                                                                                                                                                                                                                                                            SHA-512:FA311234FE6EB08674A71FC2D7BDA29F06793AA09A47334AD26EE73A3C69E31E0DAF06F48F67C270DAA52470B4081026B543FE46B3979C00031363C7A9EA0F05
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..B.......4...%...>...G...)get_dimension_string not implemented.error........+...H.............+...H.............,...G.............,...G..............2...........:...1...:...1...:...1...:...1...:...1...:...0...H.....set_event..set_dimension_config..get_event..get_dimension_config..get_dimension_string.m_logger=.......2...5...4...1...:...4...0...H.....new.DimensionHandler...//3FCCFAC5AED175758B03FDFE622777EE677B4D3301024611FFA7EEBA4F78BF1EFC9AC3E3C867A7C9BD30DE7162564F48C7322446AA4481B31B1F4C97708C0794++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionprocessor.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1746
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.603565323103171
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:o3+rfeZe5P8UNkD02hI30tZjKg5jP2OX20OlsuEXzFs9/:oOrfeZIn3iZjP26pgsuERs9/
                                                                                                                                                                                                                                                                                            MD5:99B212F454A75B87B54198288C50F2C2
                                                                                                                                                                                                                                                                                            SHA1:45BB257BE6AF3094A3AC123A2757AAC54C467540
                                                                                                                                                                                                                                                                                            SHA-256:17C20B773E6D30F0E69804E1CFCC75E67F043E31D28784EF84C8F8263FFA6947
                                                                                                                                                                                                                                                                                            SHA-512:D84C34FA859D047FDB349C7DDD1565C9C640AC2D1A28648BEF94233DE9C84BF3004128E092C18EA5BEFB0541537CF9E29F8B1F3B3A4F6EBFE4B152FBD57F96EE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...............T...7.......T...+...7.......7...%...>...G...4...7...>...D...+...7...9...B...N...G........pairs>Invalid dimension configuration supplied on construction..err.m_logger.dimensions........+...H.............+.......>...G.............+...H.............,...G............./2...4...+...7...>...D.&.....T...7.......T...4...%...7...$...>.......T...7...+...7.......+...>...7...>...3...:...:...9...T...+...7.......7...%...>...T...+...7.......7...%...>...B...N...H.........5Nil dimension handler configuration encountered.'Nil dimension handler encountered..err.value.config....get_dimension_string.m_logger.new#telemetry.dimensions.handlers..require.handler.dimensions.pairs........<....T...7.......T...+...7.......7...%...>...G...4...7...>...D.).....T.......T...7.......T...+...7.......7...%...>...T...+...7...6.......T...+...7.......7...%.......%...$...>...+...7...9...T...+...7.......7...%.......%...$...>...B...N...G........).qAn non existing handler configuration was present in the overrid

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\baseaffidlookup.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):476
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4136788360204715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1Q6U6p/WKbI8xRGlbL22soWLIDvKZP9T9rNigX:ZT/WKBrQj2IWZB9pDX
                                                                                                                                                                                                                                                                                            MD5:F95B98EF537E26458134EB5FB3BEF30E
                                                                                                                                                                                                                                                                                            SHA1:29AD79B8811B69508E6EA04EAE75AD997BD728F0
                                                                                                                                                                                                                                                                                            SHA-256:59E0EABD8CE66503543F3B8FCAC73B77DF2344285F0ADBDCDD691947577B4876
                                                                                                                                                                                                                                                                                            SHA-512:660DC1D39F20CF63A3EB8EACCABD5747A32B3DEBD2A4457F443AC922041524CE4BA4E626F8E740BC697A49B57323882B69E146B4BD976E8FBDA892ACD1E05B5B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..t.......+...>...4...7.......%...>...5...5...4.......T...4...7.......'...4.......>.......H......sub.i.j.-.find.string.Z.......4...7...........>...7...1...:...0...H.....get_dimension_string.new.SettingsDBLookup........4...%...>...2...5...4...1...:...4...0...H.....new.BaseAffidLookup3telemetry.dimensions.handlers.SettingsDBLookup.require...//A466B53D82BBB0975B64778B14D01E5F1B53297FB66AFCE5511BB47A555157C7DEB700EF942EC74C13FE9A69C5E0061F3765AB4E95AB737E04E2D109908DE8FB++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\bingpartnercode.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):477
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.533719804431993
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Vuuim/fnFF87fuPbI8xRGlbLgusoWLIDvKIVZXYP62Q8:VuuRF42PBrQgu2IWIBI
                                                                                                                                                                                                                                                                                            MD5:D42D60D65C6EAAAB29BC2A2FAB3B2C83
                                                                                                                                                                                                                                                                                            SHA1:1E2B193CD64D9F2DA8A8710F08595A395703A817
                                                                                                                                                                                                                                                                                            SHA-256:6ABCBC75D5CA313B6E8DBC148D31A69A7394B3AE65D4C5EC2F9ACCF48C47F320
                                                                                                                                                                                                                                                                                            SHA-512:E43ECEB7FA7B65B4D4ECD7C59799CB2159AF71C2815A512FB72C22FE53308E4FD93457C19B7C5BAF160B6367BC73AE8223D3A6341C94C49B0CCB1BE28E16D96B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..u.......+...>.......T...4.......7...)...%...%...>...H...%...H......DISABLED.MC01.BingPartnerCode.GetOption.settings.23Z.......4...7...........>...7...1...:...0...H.....get_dimension_string.new.SettingsDBLookup........4...%...>...2...5...4...1...:...4...0...H.....new.BingPartnerCode3telemetry.dimensions.handlers.SettingsDBLookup.require...//1F339FE28D89322EE90A62F559D2FC070167987A57611AB6D54C70E67257D11D93961D437D012689EC5CFCB3BDF210E5CD3A0E9A284BA525D91C802913E8AF22++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\chromebasedbrowserversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1227
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.749537089926924
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:DawizRHhOyyNMvcUv8LvIWFlh5NsBiyvF7o7dOF/yfGIE/oSZf:epvwNmc+UTlh5NsBBN85OZEzSd
                                                                                                                                                                                                                                                                                            MD5:59E3660DF6B2362196C6B8E8CA1F54AE
                                                                                                                                                                                                                                                                                            SHA1:F7ADDDD67022A003647EF6B7DFBE772ED8BDFBA7
                                                                                                                                                                                                                                                                                            SHA-256:8651AE4E29AD18CA32D4BE52F9F3F298C95E36D83698A84CB67BDF6314DE644D
                                                                                                                                                                                                                                                                                            SHA-512:D3C6806383675BB78A126E10D3F17CE78499774C09807931FEB731C6F218F4BD04C956BF28273AAC36B0A30372CC7AF8D0E9D4D668F582A6F98612D0E82E66EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........!%...'...+.......'...I...+...6...4...7...7...7.......'...7...>.......7...>.......T.......7.......>...........T.......T...H...K...H......QueryValue.IsValid.options.root.Registry.Win32.core.........8%...%...+...7...>.......T...7.......T...+...7.......T...+...7.......7...%...>...H...7.......T...7...+...7.......>.......T...4.......T...4...7.......%...>.......T.......T...+...7.......T...+...7.......7...%...>...4.......@........tostringPCould not determine chrome based browser version. Returning default value..warn.%d%.%d.match.string..verion.value_nameRInvalid configuration specified for the chrome based browser version handler..err.m_logger.reg_value.get_dimension_config.pv.0.0.........4...7...............>...2...3...;...3...;...3...;...3...;...1...1...:...0...H.....get_dimension_string.....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM....options.....root.HKCU.new.DimensionHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\currentbrowserversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):664
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.438934203268319
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pn2YuWXhHI7vNiLm5+WRR2JZJAx8hvDIFELGlbLx+b/Iusoa8EeJKk4FVZk5gUmA:5FB2JckwPQxIjE/DFM5gUmRhU
                                                                                                                                                                                                                                                                                            MD5:D6887D9272A72FE94030767AD6DA8741
                                                                                                                                                                                                                                                                                            SHA1:7502CB926BB3F604476B5FB8E6A496101A3FB383
                                                                                                                                                                                                                                                                                            SHA-256:C99CBEC6A54B99F2891A870A534CABBD80E6EC80BD8E9EEF2AD7A344F9227066
                                                                                                                                                                                                                                                                                            SHA-512:F3E6AA5A19EE259A8BD702D0BE93DAFB18B6029859A9DD5B770C10582A1322718C815EC53C1B172B0FEBB344141CD6C7F2D9075176DCC8A1B4045AF611A011D4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........'%...)...+.......T...+...7.......T...+...7.......7...%...>...H...+...7.......T...+...7.......T...)...4.......7...+...7.......>.......T...4.......>.......H........tostring.GetCurrentBrowserVersion.utility.minKInvalid configuration for the CurrentBrowserVersion dimension handler..err.m_logger.browser.Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandler|.......4...%...>...2...5...4...1...:...4...0...H.....new.CurrentBrowserVersion*telemetry.dimensions.DimensionHandler.require...//318D5E4946AC07064727E087C738C68E0D0892169495B76D381A08014929DA0BAA886E0F4641BCE5A53EEAFA70C690BB903C250453C8747C9115F95A4DE70C90++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\dayssincesettingsdblookup.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1082
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6369477565027735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:5Ng/EWZO2o/uAsbD6P1NWcaJDYVysxl6LBPX/KQ382IWkvpSOnh:5NvWZ7o/V1+JeTl6UU82YvpSIh
                                                                                                                                                                                                                                                                                            MD5:978DB8D0F75F299B303FCA069623AD15
                                                                                                                                                                                                                                                                                            SHA1:98BAC6455AD467C4B3F55C2D41DBCE376A62B234
                                                                                                                                                                                                                                                                                            SHA-256:50F24700DCACA141AEBCD9609331C700FDBAB7A5C7CFE054B74553981BA3C80A
                                                                                                                                                                                                                                                                                            SHA-512:AFAC58AE845CA39B07A6159306EC6B7BB064115C40DEE0027F45DE95B594D372D93B2D52EA911EDB2B273380661589C39C06EC6CA360D4EC7AFDABA24FC03F49
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........D4...7...4...7...%...>...=...+...7...>.......T...7.......T...+...7.......7...%...>...%...H...+.......T...+.......T...4...+...>...'.......T...+...7.......7...%...>...%...H...+...4...7...>.......T...+...7.......7...%...>...%...H...+.......4...7...+...!...>.......4.......@..........floor.math.NeverDeclined]seconds_since is default_no_value, toast likely never declined, possibly toast accepted..info.tostringcNo or empty seconds_since or less than 0 database lookup dimension handler (dimension string)..warn.tonumber..UnknowncNo settings configuration specified for days since settings database lookup dimension handler..err.m_logger.default_no_value.get_dimension_config.!*t.date.time.os.i.......(...4...7...........)...>...7...>...1...:...0...H.....get_dimension_string.new.SettingsDBLookup............4...%...>...2...5...4...1...:...4...0...H.....new.DaysSinceSettingsDBLookup3telemetry.dimensions.handlers.SettingsDBLookup.require...//DA9CF16A1D4F2211DD035AC2A514927A9B861CB8E60D7531

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\defaultbrowser.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):960
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.742066795667539
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:qvyNTiZmpV6YlUrZMldjrC+4w3wW4PeQRE/MrF9oOBAPh:nT5pzn7jroM4WUlJBAPh
                                                                                                                                                                                                                                                                                            MD5:16A757D4353469CA57A8FD8B798089AB
                                                                                                                                                                                                                                                                                            SHA1:4D7253ADE67DD89D43956844C7723EF59A314284
                                                                                                                                                                                                                                                                                            SHA-256:53F2A5608EE9148A51A5EAE1FEDEA2E1581FC060B65CD6F8DFA2DDC1C2B6535D
                                                                                                                                                                                                                                                                                            SHA-512:CA1193069E4416EE48EA358FCF00991ED5FB9A7EC24B61B5DFEE58B03D79324225C2DC576B56E7F8F0769F307E7AB3BBFE1B7889E1063FBE4CEF33DE5A6E957F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........!%...'...+.......'...I...+...6...4...7...7...7...%...'...7...>.......7...>.......T.......7...%...>...........T.......T...H...K...H......ProgId.QueryValue.IsValid.optionsRSOFTWARE\Microsoft\Windows\Shell\Associations\URLAssociations\http\UserChoice.root.Registry.Win32.core.........)%...+...>...4...7.......%...>.......T...%...T...4...7.......%...>.......T...%...T...4...7.......%...>.......T...%...T...4...7.......%...>.......T...%...4.......@......tostring.ED.^MSEdge.*.CH.^Chrome.*.FF.^Firefox.*.IE.^IE.*.match.string.UNKNOWN.........4...7...........)...>...2...3...;...3...;...1...1...:...0...H.....get_dimension_string.....options.....root.HKLM....options.....root.HKCU.new.DimensionHandleru.......4...%...>...2...5...4...1...:...4...0...H.....new.DefaultBrowser*telemetry.dimensions.DimensionHandler.require...//F0D953EE9EFD9E49B91FD09048ED16FECC4AE5FA99A99EB7D83C30AB742FF5634F25BBEDDEE6ACDFCD447F7DC3E3AD6636135B819383D3A765128A795E40DDD9++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\eventsupplied.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):710
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.574151663922507
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:jaQk3/t9f1sBivMGpRXJAapC0Bid/9IFEzGlbL1soa8EeJK9FvdFTQRMhkd3h:GRlVT75PRBidxQ1E/99zhk9h
                                                                                                                                                                                                                                                                                            MD5:F103A0CB3D64D9A13ED059B5510AAD56
                                                                                                                                                                                                                                                                                            SHA1:CEDE40B26B28EBAC6AD7E896FC3398A4D814E6BC
                                                                                                                                                                                                                                                                                            SHA-256:C1E372001BE3F4F627BB2A16C4FD38A2317D879573134FA5337AD34562542C64
                                                                                                                                                                                                                                                                                            SHA-512:D48752EBFB84A0774D598C8CE46A1BB56FA672C35D87D07ECEFE42D856627B307E5073CB6AC8540E5D8525CD75DDB26B9BAD1F5D58A4EE10D54DF17984206C33
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........%%...+...7...>...+...7...>.......T.......T...7.......T...+...7.......7...%...>...H...7...6.......T...+...7.......7...%...>...H...T.......4.......@......tostringLNo data found for event_mapping in the EventSupplied dimension handler.CInvalid configuration for the EventSupplied dimension handler..err.m_logger.event_mapping.get_event.get_dimension_config.Z.......4...7...............>...1...:...0...H.....get_dimension_string.new.DimensionHandlert.......4...%...>...2...5...4...1...:...4...0...H.....new.EventSupplied*telemetry.dimensions.DimensionHandler.require...//63B46B40570148D617372C3A84C9AD52F0E8515F04F0ECD147AFDCD5A2B6B5826A74E5F32D6B826E97DA4C65CE8AE45E789C79501F8E14F92AF31F248807BDB3++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\externalutilityfunction.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):920
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.586798976747188
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:VxuQ23xqRopU5aedVf507iUXU0Ol4lRqwJQgJE/dNE+Qd0:OF3xyVf5Ci4lR/dJ5+I0
                                                                                                                                                                                                                                                                                            MD5:BF496804EE8F1648634531ECFAB05CC9
                                                                                                                                                                                                                                                                                            SHA1:C1E96EA1650B5D0D033EF60385B780F99C6C48B5
                                                                                                                                                                                                                                                                                            SHA-256:00AD60FD1ABC465098CDDB5DC5C10540F8DE2FFD3C20C05FAD08490B20874301
                                                                                                                                                                                                                                                                                            SHA-512:26D238B9ED93358A5FEC4CE3AC08BA85AAAE291FC3028FF4585663CB80E429D4085B7A97D5B30929C58291A1E97C727A847B493B7338A4C20ED4CE5E83A3B08B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........B+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...%...H...4...7...).......T...7...6.......T...+...7.......7...%...7...%...$...>...4...7...@...........>.......T.......T...+...7.......7...%...7...%...$...>...4...7...@...4.......@.....7) return invalid result. Returning default value...tostring0) does not exist. Returning default value. External utility function (.utility._G.defaultSInvalid configuration supplied to external utility function dimension handler..err.m_logger.func.default_no_value.get_dimension_configZ.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandler~.......4...%...>...2...5...4...1...:...4...0...H.....new.ExternalUtilityFunction*telemetry.dimensions.DimensionHandler.require...//3C179FEF97B64028ADF59B457194394F521EB355283D579B45DECD3F1E03A83BF711F2658E375FE332B81020DE03F78C48C62E6B3972C284C7BA6C0BCAA28F42++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\featuretrackingfeature.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10367
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.515936680866457
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:s/NSy1sOMTnv9O5xwTlStiBDbEfFwE+0aH1zatOH+Cndm:iNSWMTvgxwTNmFz+FTm
                                                                                                                                                                                                                                                                                            MD5:6223FBF275EACAF67EC3BC8D5EBC7D91
                                                                                                                                                                                                                                                                                            SHA1:8884BB8C79D159E5C0AED920ED6866632958CD1D
                                                                                                                                                                                                                                                                                            SHA-256:92A453D67DE1A2035302EFF4746E31D629CDEE881C038F6D113B527C74532AC2
                                                                                                                                                                                                                                                                                            SHA-512:CBAE276DBAF7064088E3A08B868211AAF1A9678B00C7D6BA9599A3709F83BCDC7BDE53C248431D659CDD54C5F3890B7D38A03D190055FD449818508B9D4C734C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..V.......+.......,...+...+...6.......T...+...+...6...+...+...+...6...6...F...G..........d.......2...4...+...>...D...........9...B...N...4...7.......>...'...1...0...H.......sort.table.pairs.........P%...+...>...T.I.%...'.......'...I.>.6...7...6...7...6...7.......T.......T.......T...4.......7...4...4.......7...........%...>...=...4.......>...=.......T.......%...$...T.......%...$...T...6...7.......T...+...7.......7...%.......%...$...>...T...+...7.......7...%.......%...$...>...K...........%.......%...$...A...N...H........=2) was detected when processing FTF dimension..Invalid information for (.err%) when processing FTF dimension.'Skipping version information for (.info.m_logger.version.0.1.GetOption.settings.tostring.IsMatch.regex_helper.enablementCriterion.enablementSetting.scope..,.........4...7...............>...4...7...1...1...:...0...H.....get_dimension_string..FTF_Registry.FeatureTrackingFeature.new.DimensionHandlerj.......+...7...6.......T...'.......'...I...6...7.......T...6...7

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\firefoxversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):944
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7311123343592
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6uEizpoK7Pl5ABlvQceBBiTA/3UJPyfZIE/4ERRGhyeC:6Tep/zl5ALQceBBz/EJPfIRRuC
                                                                                                                                                                                                                                                                                            MD5:0AD2BBA2034104BAA6AA1F16F1C57C58
                                                                                                                                                                                                                                                                                            SHA1:8054F1B5476B1DF5230ABFC54CBF57E1FB70FA22
                                                                                                                                                                                                                                                                                            SHA-256:2F8D887C0A49853B0F2513D388C009C4CEFB1543CC348AA3B8C00EC8655B6C91
                                                                                                                                                                                                                                                                                            SHA-512:082794C77E146E228F769F3687C04E27EDEBB01AB04F457BD3DC653F59BBF5E49D2D315D724E488FFDF48FF640F9604548A13A2EB8B2582F12ADF749F145C895
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........!%...'...+.......'...I...+...6...4...7...7...%...%...'...7...>.......7...>.......T.......7...%...>...........T.......T...H...K...H......CurrentVersion.QueryValue.IsValid.options%Software\Mozilla\Mozilla Firefox.HKLM.Registry.Win32.core..........%...+...>.......T...4.......T...4...7.......%...>.......T.......T...+...7.......T...+...7.......7...%...>...4.......@........tostringKCould not determine Firefox browser version. Returning default value..warn.m_logger.%d%.%d.*.match.string..verion.0.0.........4...7...............>...2...3...;...3...;...1...1...:...0...H.....get_dimension_string.....options........options.....new.DimensionHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.FirefoxVersion.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//1A1A3E479663120B55DBAA4CD7FDA571FC6B9D644F1F549C59FDD58DB8F244B24BCFA8B75323489F3553692066177F9D1E850742E6EFF326F2DDE24D3D176485++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\freesysdrivespace.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):877
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.648593845506757
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:NArqbNXua3My0VqQJsFDTwVZQIrE/Dok60ZcjtG:6rqb5ueMy0VqQJsFDsZZrW606G
                                                                                                                                                                                                                                                                                            MD5:98271AB7D7831BDD20DDA244B59C6217
                                                                                                                                                                                                                                                                                            SHA1:AFB04701AC93F8BCB011302868159901DCF11324
                                                                                                                                                                                                                                                                                            SHA-256:3304431B9BCF2ADC4D6B8690F91114BF308260BD35F90AD058938CAEBE8C73F5
                                                                                                                                                                                                                                                                                            SHA-512:7EEE6C1452D5A04C0156A1FDD31FA515E5385F458E420179AF0881717565CA6B8CEA781B59AC90FB2EDC9F07A691C4E4C18A4C4B1FC505DDD6F14CF014B9A7B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........4+...7.......7...%...>...4...4.......7...%...%...%...%...>...=.......T...%...H...+...7.......7...%.......$...>...4.......7...%...%.......%...$...%...%...>.......T...%...H...+...7.......7...%...>...4.......@.....#FreeSysDriveSpace handler: end.FreeSpace."?select FreeSpace from Win32_LogicalDisk where DeviceId = ",FreeSysDriveSpace handler: sys_drive - .(error).top.SystemDrive2select SystemDrive from Win32_OperatingSystem.Root\CIMV2.get_wmi_properties.utility.tostring%FreeSysDriveSpace handler: start.info.m_loggerZ.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandlerx.......4...%...>...2...5...4...1...:...4...0...H.....new.FreeSysDriveSpace*telemetry.dimensions.DimensionHandler.require...//0B10908333B1C12FA7A6DA366AEEA49A5D0BB8E1CA901DEBD81FFADF4085738FBB7FC3A84B0CA034909006C0343C552BAF6A2DED45C033F301CB8F3788330F53++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\installdate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1201
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.702915106510578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:btQqS50t5bpZwMyS/Qns3e+vkB3dMuaBUiXJkhyfGV72IWP9+CNGb:h5S5cZPwY/Ks3GByuaBUi58F72pfNW
                                                                                                                                                                                                                                                                                            MD5:CE421C13B30127C0A13ADDC6951F41E6
                                                                                                                                                                                                                                                                                            SHA1:45C491452BC88F35705E474E69E2E72667944236
                                                                                                                                                                                                                                                                                            SHA-256:8A4D7387E61905D5AB7E182C34EB462FFAC515B590A52384D55B82E2B31C027C
                                                                                                                                                                                                                                                                                            SHA-512:6F89315B163A47F68BADB7083EFCC9992525D231AF0618EF441C96AE1E4B766BFC19089079BFD83BB50A005D334C230BA5B1C0CFB2900488C1D131A014E5546A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........-)...4...7...7...%...%...'...(...>.......7...>.......T...+...7.......7...%...>...T.......7...%...>...........T.......T...+...7.......7...%...>...T...4...7.......%...%...>.......H......-.gsub.stringVCould not find registry value (HKLM\Software\McAfee\WebAdvisor\EulaAcceptedDate)...EulaAcceptedDate.QueryValueDCould not find registry hive (HKLM\Software\McAfee\WebAdvisor)..warn.m_logger.IsValid.Software\McAfee\WebAdvisor.HKLM.Registry.Win32.core...........6+...>.......T.......T...+...>.......T...4...7...%...4.......>...=...4...7...%...4.......>...=...4...7...%...4.......>...=...4.......>...4.......>...4.......>...$.......T.......T...+...7.......7...%...>...%...H...H..........00000000=Invalid date returned. Returning default of '00000000'..warn.m_logger.tostring.!%d.!%m.tonumber.!%Y.date.os._.......4...7...........>...7...1...1...:...0...H......get_dimension_string.new.SettingsDBLookup.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.InstallDate.mfw.core.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\isbissecuresearch.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.607703051109243
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:SX+7QkyCnxljwuG/FBid/9IFEJnZGlbLJ2jsoa8EeJKAZ5fLDsUVv5maCGw:SX+mCxljoFBidLZQJ2jE/W5PVpCGw
                                                                                                                                                                                                                                                                                            MD5:337313A443011638657399399F352370
                                                                                                                                                                                                                                                                                            SHA1:41091C791859122EA78316FFED681A76AA91627B
                                                                                                                                                                                                                                                                                            SHA-256:CE4CA20AA963F91CF62FD695AE5002AB07BC3C5FEC0240BDDBE49E6A10C58C08
                                                                                                                                                                                                                                                                                            SHA-512:3F59C5C1C4F5EF4DA76241B1F095661D4BA03D4C7ACF8B562A3622CD01A054536DDD95A720F72401410C68244788262A947B245D653A904D06D140F03B20DFC9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7...'...>.......T...+...7.......7...%...>...'...H...4...7.......%...>.......T...'...H...'...H......search.yahoo.com.find.string3Received nil value for ISB default search url..info.m_logger.GetDefaultSearchURL.browserSettingsZ.......4...7...............>...1...:...0...H.....get_dimension_string.new.DimensionHandlerx.......4...%...>...2...5...4...1...:...4...0...H.....new.ISBIsSecureSearch*telemetry.dimensions.DimensionHandler.require...//45F2E5345915E5A6A6787A720D83D9FB23E309D878F18AD219E787E1C9B823E0E3ABAE65CD4CA87408A1E14A70234B207EB894A90D27984AF8D7D228F3B763BB++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\lastbrowserused.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):614
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.660852486267045
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:5UQ3FgiWlB+fVMHkp/n09fqbI8xRGlbL3gUsoWLIDvKmViawhpU2XfJ96sD:5UQ3eF4QA89fqBrQ3V2IWmViJpUubD
                                                                                                                                                                                                                                                                                            MD5:ECC87EDA6FD32AAA2689AF907A28656D
                                                                                                                                                                                                                                                                                            SHA1:84ECB84093D36747BF82A2ADD21CDDD62D816C37
                                                                                                                                                                                                                                                                                            SHA-256:66DC68566487E547D82563F276B39F6C968443B585E4333C455A8947B3D788B7
                                                                                                                                                                                                                                                                                            SHA-512:7F5C3E4263D35513285814088139AAABEF46EF2F4641B73B0E2C977B736D9B4BF413CEEF0AB7467F502125E80D2C0CA470C8E250DB521D71DFBFE58ED89E219F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........!+...>.......T.......T...+...7.......7...%...>...%...4.......>...%.......T...%...T.......T...%...T.......T...%...T.......T...%...H........UNINITIALIZED.CH.2.FF.1.IE.0.OTHER.tostring.-15Invalid date returned. Setting default of '-1'..err.m_logger.Z.......4...7...........>...7...1...:...0...H.....get_dimension_string.new.SettingsDBLookup........4...%...>...2...5...4...1...:...4...0...H.....new.LastBrowserUsed3telemetry.dimensions.handlers.SettingsDBLookup.require...//91C8E78C3654B8BFBFE76D384E9C6539A9C82FD8ACA8384673892C1FF8EFF386BD4EEB21EC13BDE7AB8BB5D89C47CEAFA8AD16DDAEEDFB701146DFABAC33E824++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\lastoemcheck.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):671
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.528820547453615
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:dI/fkUv7/UgSeYgi/qfu8cUEWWI8xmGlbLxg3soWLIDvKFAwcTU/5NKp6:dtUT/UmSq2GJkUQm32IWwgLE6
                                                                                                                                                                                                                                                                                            MD5:135E16B9EF79E219D898AB5156726B27
                                                                                                                                                                                                                                                                                            SHA1:BD33051138E0CB209B657D50A9CD19E01F9660E0
                                                                                                                                                                                                                                                                                            SHA-256:C5254E87B9BFE0B3F0E23865334D84158B5B7098D2756098DCF985D1F21B3CD8
                                                                                                                                                                                                                                                                                            SHA-512:DF6BB0B7A4F527A0FFB66CEA78E56CC8E3A61DA4BEEC00267E69B24F304F70F861AD1273D5517EC00F69A364F166A822F77125D8372FAE1CEEC3A487AC13C3EA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..4.......4...7...4...7...%...>...?....!*t.date.time.os........(+...>.......T.......T.......T.......T.......T...%...H...+...>...4.......>...4.......>.......T...%...H...4...4...7...4.......>...4.......>...........>...=...H........floor.math.tostring.(LastOEMCheck>current).tonumber.(LastOEMCheck=0).0.default....._.......4...7...........>...7...1...1...:...0...H......get_dimension_string.new.SettingsDBLookup|.......4...%...>...2...5...4...1...:...4...0...H.....new.LastOEMCheck3telemetry.dimensions.handlers.SettingsDBLookup.require...//554F50A25DA476623BDA04D3A3CA4A791DF61BD039BAF97197D9C4A5B381E4FA441DE680707DF867ADE92C583736CFC9356B2DB35D35BB2A398980516375F2E0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\locale.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):624
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.581493778568022
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ojgqedo93EwgjZ7rcf/FBid/9IFEKGlbL73Usoa8EeJKzOWqGj:23hercXFBid4Q7EE/3j
                                                                                                                                                                                                                                                                                            MD5:8316788EAEE6FB806CB893F88632913C
                                                                                                                                                                                                                                                                                            SHA1:6F5E0049C6B2DA6083DA116037C5F58ED50566B5
                                                                                                                                                                                                                                                                                            SHA-256:DA06F323536810ED8CC8EAA3B743BAC9A0D328EECD1A86A06D1AB1BE4301A944
                                                                                                                                                                                                                                                                                            SHA-512:A40BAE9C9C805F133058A8D01E87EA4F8B5F6940C26E80937A3C1E5F211253F435B48029FEF0E3A14F16614F5991F44362CC8919699A33E6CF3A974F7E11D50F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ.........."4.......7...)...%...%...>.......T...4.......7...>.......T...4.......7...)...%.......>.......T...+...7.......7...%...>.......4.......@......tostring1Failed to update locale in settings database.err.m_logger.SetOption.en_us.GetLocale.utility.UNKNOWN.*Locale.GetOption.settingsZ.......4...7...............>...1...:...0...H.....get_dimension_string.new.DimensionHandlerm.......4...%...>...2...5...4...1...:...4...0...H.....new.Locale*telemetry.dimensions.DimensionHandler.require...//6E9B51B55FA8BE769D4151577A621951C0B17DF68D72AAAEAF911E4006BB0242BF889FF7DC4E549BC93D4DD456752A6AB7851D496DFBD0DF55FFA4E5D673C214++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\msspstatus.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1535
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.649690417942136
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:4tBgAtMXhaXNkgKeVdV90+r3uShqVJCaZRetVGalRikZyCmBiuIwyfaAIE/il3Wg:4tmAi09K8V9ppqfCasHlRikZyCmBrtbH
                                                                                                                                                                                                                                                                                            MD5:318E250B73F7345FBA36D2D8F10A71E8
                                                                                                                                                                                                                                                                                            SHA1:4A3E877AD4CA294C840EDF10AF93815BAE2005D4
                                                                                                                                                                                                                                                                                            SHA-256:DAAE907E933B1C69AE4D4DFFF6F3F14A33829834E2CAD2F599FF9A4ED740278E
                                                                                                                                                                                                                                                                                            SHA-512:8D259D6EFA70731DC1B0D414FFC77A2D824BB3E83C6B3AA961969EFBBF6327736F44C6F9957038304FC080BAB947C15E416CDFDBA35D2AB05D1A164AE2340652
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..k...........7...%...>.......T.......7...%...>.......T.......7...%...>.......T...)...T...)...H....|.&.%%.find........1+.......>.......T...+...7.......7...%.......$...>...)...H.......7...%...%...>.......4...7...%.......%...$...>.......7...%...>.......7...>.......7...%.......$...'...)...>.......T...)...T...)...H........Directory of .find.close.*a.read." 2>nul.dir ".popen.io..\$.gsub%Unsafe directory path provided: .warn.m_logger........*%...4...7...7...%.......'...(...>.......7...>.......T.......7...%...>.......T.......T...4.......@...T...+...7.......7...%...>...%...H...+...7.......7...%...>...)...H..... MSSp not found in registry..version_not_found1MSSp 'DisplayVersion' not found in registry..warn.m_logger.tostring..DisplayVersion.QueryValue.IsValid.HKLM.Registry.Win32.coreYSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan............%...+.......>.......T...%...H...+...7.......7...%...>...)...H.......3MSSp default installation directory not found..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\osflavour.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):796
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.734009988260523
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:42zss2kgRt5EIjq0MexRV2DiXwr7yf0IE/tP51chn:4zs29Rt6dozA7KG1chn
                                                                                                                                                                                                                                                                                            MD5:ADF9E9B1B576B3F6CF82A999061099DA
                                                                                                                                                                                                                                                                                            SHA1:C33401687C31BBF06B0C9E36C037C3EC85742CCD
                                                                                                                                                                                                                                                                                            SHA-256:87DFD7610A853A2D94706DC9E2340824609469A7BCCB9E5B4674DA9CF05FBEA4
                                                                                                                                                                                                                                                                                            SHA-512:95D53FCFADCAE71C4F3E07AEB975AF9C1A5CAE19470C242F9FAC9EAD816BBC673D2C4DF95F3605A2332B4B30289AD8115C9545D2E525385BDEDD301685C69CE9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........../%...4...7...7...%...%...'...(...>.......T.......7...>.......T...+...7.......7...%...>...H.......7...%...>.......T.......T...H...........7...%...>.......T.......T...H.......%.......$...H...... .CSDVersion..ProductName.QueryValueTInvalid registry configuration specified for registry lookup dimension handler..err.m_logger.IsValid1Software\Microsoft\Windows NT\CurrentVersion.HKLM.Registry.Win32.core.UNKNOWN...Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.OSFlavour.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//85E1D2A00A01796D0C31F1E6B50FA843A39394323D2668A0CB8ABAE0EF71F44F4E4476DF578DD026ACC48E12330D1E7D6C77EF0C393F863A612DE1AB299CE14D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\percentagehandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1139
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.617910814753135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:oJTFkYWS+9WJA7R2l18u4xCogvpYe0HBJ2sF8xDoSUU1dqE/7wh+1kHi:IBWJWHV4xCoHHB5MxUPASokC
                                                                                                                                                                                                                                                                                            MD5:57677ABC319C470A0BC98EA829B1D819
                                                                                                                                                                                                                                                                                            SHA1:F8C42BDEAE999DCA885AF61DFF75B090EED2E641
                                                                                                                                                                                                                                                                                            SHA-256:9DFBFD03E5B052442A4C596BA3DF3E73AAF03720888EF1EA2018E304E22FDF84
                                                                                                                                                                                                                                                                                            SHA-512:AC33236E074260BEEEBCE94A51B7CA1A480F39E99E5184823E171C2DFC3FA4A76E0F531889F19D36B150728C808DA5271D82C59E2AF3CEAEE21A6243CAB6D7E1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........C4...7.......7...%...>...%...+...7...>.......T...+...7.......7...%...>...%...H...7.......T...7.......T...+...7.......7...%...>...%...H...4...4.......7...)...7...'...>...=...4...4.......7...)...7...'...>...=...'.......T.......!...4...4...7.......>...=.......T...%...H......(Division by 0).floor.math.tostring.GetOption.settings.tonumber.(invalid config)]Invalid settings configuration specified for settings database lookup dimension handler..Denominator.Numerator.(no config)XNo settings configuration specified for settings database lookup dimension handler..err.m_logger.get_dimension_config.+PercentageHandler get_dimension_string.info.log.core...........4...7.......7...%...>...4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandler.PercentageHandler new.info.log.core.........4...%...>...4...7.......7...%...>...2...5...4...1...:...4...0...H.....new.PercentageHandler"PercentageHandler file loaded.info.log.core*telemetry.dimensions.DimensionHandler.req

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\postupdatereboottimelookup.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1077
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.61305864934836
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:3/xh0BpUZbdJDsPA3VCoSej7eG7wnQMaE/aUeRWdN:3/yybzgPmCsi37a5WX
                                                                                                                                                                                                                                                                                            MD5:1E077DC5770C978C805EF2AF627A4515
                                                                                                                                                                                                                                                                                            SHA1:02ACF886C4519E1C11147F7C2783103401C2B91E
                                                                                                                                                                                                                                                                                            SHA-256:26B49287BEC95B0A904F84B28A9C14D6256E167C74C4CED9B691CE9CFFAE8F75
                                                                                                                                                                                                                                                                                            SHA-512:6B72FA92CD3BDE85B8EC772CE4D4444970279A070FE2D7B78841C1C2E495EFAB28C1318B18AF06009C644755B47D9B8D972B610B43696E6E073C6559B02E1234
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..i.......4.......>...5...4...7...4...>.......T...Q...%...4...$...5...T...4...H....0.len.string.str.tostring........n4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...%...>.......T.......T...%...H.......T...%...H...4.......7...)...%...'...>.......4.......>.......T...4.......7...)...%...%...>.......T...H...4.......7...)...%.......>...4...7.......>.......................................'..'....T...'..'+.......'...>...+.......'...>...+.......'...>...+.......'...>.......%.......%.......%.......$...4.......7...)...%.......>...H......:.floor.math.SetOption.UpdateDelay.tostring.UpdateDelayDelta.pending.fresh.!VersionChangingRebootPending.*InstallDate.*LastUpdate.GetOption.settings..x0_.......4...7...........)...>...1...1...:...0...H.....get_dimension_string..new.DimensionHandler.........4...%...>...2...5...4...1...:...4...0...H.....new.PostUpdateRebootTimeLookup*telemetry.dimensions.DimensionHandler.require...//BE73AD670CE8B09363882C12396CBA992F134E88D5AC37760D7F2

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\profilescounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):574
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.63619246865634
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:akDwdyqX6hmC+zivcxC7yBid/9IFEemGlbLrsoa8EeJKoW3hKVstScx:akDwdyqX4D+GkjBid3QrE/L3hAstSS
                                                                                                                                                                                                                                                                                            MD5:ACB46C42AFF4FBABF60498703950DCA7
                                                                                                                                                                                                                                                                                            SHA1:76E28263AD2D1EF994BF8980D1D2ED6E18A7CBB5
                                                                                                                                                                                                                                                                                            SHA-256:A334539053034345E14AF6FD2006FA860BD16C81068C4435A21E741B6378BB65
                                                                                                                                                                                                                                                                                            SHA-512:56BA3B65894D95587AB59925328D1A2D94D1D27EE0C5A96FA884A7D1D0FE6F93C519CDA6E14A10461AB8EF244E10C01DE42838D7C47E0AD34C3BE043571A23FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7...>.......T...+...7.......7...%...>...%...H...'...4...7.......%...>...T.......T.......A...N...4.......@......tostring.SYSTEM.[^,]+.gmatch.string.0.Failed to get scopes.err.m_logger.GetUsersScopes.settings.Z.......4...7...............>...1...:...0...H.....get_dimension_string.new.DimensionHandlerv.......4...%...>...2...5...4...1...:...4...0...H.....new.ProfilesCounter*telemetry.dimensions.DimensionHandler.require...//675EB2632D1930A1976E5FF6B84AFCF0FF6E02C979EC4898FF31B1F27CC2BE987E73B219A44882649C1B0D66E3CE9511242A81C1084E7DA76B3AF427BBF1703D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxysubtypehandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):788
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.711728334221568
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:HX4kaJmDRtgHnaDf4cQjENpE/3VWupTpER0t:H+3nFcp0BER0t
                                                                                                                                                                                                                                                                                            MD5:50A921F933295E9A77C2E2EECD16FF5A
                                                                                                                                                                                                                                                                                            SHA1:031898160EA59924ED1D4E8A362EE5F4A8B26381
                                                                                                                                                                                                                                                                                            SHA-256:ED96A719FDA62ABAD169D53AB29A2A14D5BDEAA3757B1CD316E8B1AA53F7F027
                                                                                                                                                                                                                                                                                            SHA-512:5C0189AAC109D9426625D8767AAC9B1AC7E1CC3FC882DB0F0088F0D663F544FCEB620919F396C9E9D95A0D481777600CFEDDB354AD4CA061E73EEDB7FFDB65F6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........<%...4.......7...)...%...)...>.......T...%...T...%.......%...$...4.......7...).......'...>.......T...%...H...4.......>.......'...+...7.......T...4.......7...)...%...'...>.......T...+...7.......T...4.......7...)...%...'...>.......4.......@......tostring.ProxySubTypeFirefox.FIREFOX.ProxySubTypeSystem.SYSTEM.tonumber.-1._PROXY_PREF.StreamingHost.*GTI_REST_URL.GTI_Streaming_Disabled.GetOption.settings.X.......4...7.......)...>...1...:...0...H.......get_dimension_string.new.DimensionHandler.........4...%...>...2...5...3...4...1...:...4...0...H.....new....FIREFOX...SYSTEM...ProxySubTypeHandler*telemetry.dimensions.DimensionHandler.require...//93503AE5773A9C3FA8483A5A8628EDBDC5B354CF795466C83C097ECA3CC64FE563E58445B87F497003366B900212D03EAA11BDE6956A5CE4B75A1C1CDED936D2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxytypehandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):745
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.653400225958077
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:J1Z6GeBYv/BwkSIQCD3czFAE5fzyrofsx/+WIFEthoU1wZDZtsoa8EeJKMIpY102:2Sv6koDfLwokIBU16E/u84x3
                                                                                                                                                                                                                                                                                            MD5:6052055C887D45B0FC4921A4686C056C
                                                                                                                                                                                                                                                                                            SHA1:60C8EAAD9C57195E3ADC503269EC4B8B0F3CF576
                                                                                                                                                                                                                                                                                            SHA-256:30A6A0E8E0E5D1ED67D20DE05A3487AE0A24A6A9AA515E98BB1D27E92B3CD282
                                                                                                                                                                                                                                                                                            SHA-512:F90597C58376F5A61A3FFC2262CD8109338DD908CD19536F7839230D3444D91DC96FAF5597F0ECB124BC8AC184C4B66854332C168CD70432EC72F9684D53A2BE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ.........."+.......7...%...>...%...4.......7...)...%...)...>.......T...%...T...%.......%...$...4.......7...).......'...>.......T...%...4.......@......tostring._PROXY_PREF.StreamingHost.*GTI_REST_URL.GTI_Streaming_Disabled.GetOption.settings./ProxyTypeHandler self.get_dimension_string.info.............7...%...>...4...7.......)...>...1...:...0...H.....get_dimension_string.new.DimensionHandler.ProxyTypeHandler.new.info.........4...%...>...4...7.......7...%...>...2...5...4...1...:...4...0...H.....new.ProxyTypeHandler!ProxyTypeHandler file loaded.info.log.core*telemetry.dimensions.DimensionHandler.require...//7968E13D37266FDA58C03F3105A31D33B4C9359114CFC7E62BB97ADC7B7065991E0B0F4A6CF6223B27B87A4E76D5BF343C1E5E543DD57BD94418E873F5C69A19++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\registrylookup.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1256
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.680360827283436
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:2BUmzVlTMnj8PiiRyWDt2LpdfFUpFe7xFnwmyfqGIE/tzLL:2BV9MnjoiiRJDULpkARFQ
                                                                                                                                                                                                                                                                                            MD5:48CD1C03EABB49BFF8E9FA49A9ED8AD8
                                                                                                                                                                                                                                                                                            SHA1:446A761DB2BE89C7D0F16DEB55A644DB8287D983
                                                                                                                                                                                                                                                                                            SHA-256:1B9312CE2E101697C99327441406F842FC537139114439C724AF260A6C3B2FC8
                                                                                                                                                                                                                                                                                            SHA-512:4E2A7108C4CB3958F8EBFF960A8446F7E4C5CD91230AC5EFF03895E257892BE4DEB9621C43E8493283B37209A6FF26867B8B7A14F789920BC43583648AB0E63C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........m%...+...7...>.......T...+...7.......7...%...>...H...7.......T...4...7...>.......7.......T...7.......T...7.......T...7.......T...7.......T...+...7.......7...%...>...T.@.4...7...7...7...7...7...7...>.......7...>.......T...+...7.......7...%...7...%...7...%...$...>...T.'.....7...7...>...........T.......T...+...7.......7...%...7...%...7...%...7...%...$...>...7.......T...4...7...>.......T...7.......T...4...7...>.......T...%...4.......@......default_no_value;Invalid result returned for registry lookup on value (.QueryValue.)..) (#Could not find registry hive (.warn.IsValid.Registry.Win32.coreTInvalid registry configuration specified for registry lookup dimension handler..sam_desired.value_name.options.sub_key_name.root_key_name.tostring.default_no_keyONo registry configuration specified for registry lookup dimension handler..err.m_logger.get_dimension_config.Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandler.........4...%...>...4...%...>.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\samrecoverable.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):851
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.75245667676142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:pUiFYQQOdiwWe9f6wMHjDVaaVoavoa7h4aVdZIfOq8hvDIFECGlbLnCybsoa8EeU:pUEYQTxkwMDwaLvpV53SJw2QfE/DAmNh
                                                                                                                                                                                                                                                                                            MD5:0B7E38C5D82915C65DF025CC35F3FD34
                                                                                                                                                                                                                                                                                            SHA1:E25865E7DECF9BB352C67EBD46DFB9FFB09E5040
                                                                                                                                                                                                                                                                                            SHA-256:F04184539F0B6018F0CBE1C3E3FC216A585C4790B326DB19B3A410A601FA6358
                                                                                                                                                                                                                                                                                            SHA-512:09AA09B9C6D650CED888F8181906DA461CEB0C046665EB8A629447BAA48515C178222D849B404871EE7AAEF789DCDDC3F406909C4B23C9F451F362EA51F4F89E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........;'...4.......7...)...%...)...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...)...%...)...>.......T.......T.......T.......T.......T.......T...'...4.......@....tostring.oem_recovery_v2_disabled0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WA_INSTALL3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL4*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_ACTIVATION0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_EXPIRY.*ShowSearchSettings.GetOption.settings.Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandleru.......4...%...>...2...5...4...1...:...4...0...H.....new.SAMRecoverable*telemetry.dimensions.DimensionHandler.require...//6A816EE479C15CC53D89B083D9927869BBBC034409DE50B77404B4916F869E20A214EAFD1B8D7054774B29DB17C641692C3FD07FA8D63C2968870B285C9F7E36++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\searchannotations.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):597
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.623510286623993
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Tg6Yp3Rc9rGSxfzJWW7WIFEJnZGlbLx3fsoa8EeJKQThdW/Z5IdDOrwph:TWVO9rGkNJUZQx3fE/whMR5Trwph
                                                                                                                                                                                                                                                                                            MD5:9E054FD0148467838980D195AA1ED6EB
                                                                                                                                                                                                                                                                                            SHA1:BA9D55DF49FD1DD01305746D329075F46AF229D9
                                                                                                                                                                                                                                                                                            SHA-256:5BE3C042207CAACE9533070229B4B1552897813C1DF06CF77462D2E8E854892C
                                                                                                                                                                                                                                                                                            SHA-512:F7570E12F9A7BDAEA7A6E06BBAC629BBDB2C8C03286CE9F6AF39DD9F4F12A6B6D209B98180CD1E5EB8FFCF8396E7B550B6C6AC106E4D3A44A6F6F65D9D553ABA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7...)...%...%...>.......T...%...H...T.......T...%...H...T.......T...%...H...T...%...H...G....InvalidOption.AllSearchAnnotations.ALL.NoAnnotations.NONE.SecureSearchOnly.ONLY_SECURE_SEARCH..*CurrentSAOInExtension_ch.GetOption.settingsV.......4...7.......*...>...1...:...0...H.....get_dimension_string.new.DimensionHandlerx.......4...%...>...2...5...4...1...:...4...0...H.....new.SearchAnnotations*telemetry.dimensions.DimensionHandler.require...//B4B64BB1391FEF389BB39AE23E77C3A386CCEAAB34ACAC5D48A71FC573BF4E564F2A9AC32DBEC55B7214E348C20033A02E37793DB3E0CF96F76D24B2504FE7B2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\sequencenumber.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):834
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.629087733674158
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:138//rPMsptXkvTkZSrs0kI07iMNRtfYNiVWW7WIFECGlbLnrWbsoa8EeJK3eQzL:m/zkszSaFiWnQ+J/QrWbE/r+kqaT
                                                                                                                                                                                                                                                                                            MD5:29007B45FA7BCA00DCFFAA7F4583B516
                                                                                                                                                                                                                                                                                            SHA1:E8C6E4416F1AADB33FB10C4FE95BA3A450032327
                                                                                                                                                                                                                                                                                            SHA-256:EFF0BC9336531CE9D9F7355C838DDA79DB3AC28EE41033A8F0B1F1EF76C6DA05
                                                                                                                                                                                                                                                                                            SHA-512:6D6E54271756A63FED5B14177DD1F9BB0A51B41E64C769948B9B20EEF95EA0509EC8506C12DA29CBE6A50EED73B4CC713F73CA5D81E5193A4D3AA3B7390815AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........G%...4.......7...)...%...)...>.......T...H...4.......7...)...%...'...>.......T.......4.......7...)...%...'...>.......T.&.+...7.......7...%...>...T...4.......7...)...%.......>.......T...+...7.......7...%...>...4.......>.......4...7.......>...'.......T...Q...%.......$...T...4.......@......0.len.string.tostring&Failed to update sequence number.;Failed to update sequence number after rollover event..warn.m_logger.SetOption.*SequenceNumber.*SequencingOn.GetOption.settings.OFF.....V.......4...7.......*...>...1...:...0...H.....get_dimension_string.new.DimensionHandleru.......4...%...>...2...5...4...1...:...4...0...H.....new.SequenceNumber*telemetry.dimensions.DimensionHandler.require...//05B097150632CDA41E050A36A6B34028F8FDA9E300EFAD23C1CE4403DA17A58CBF2EA374834EFFB32A7F305BAF0A753066099CF1E2575F38408A2C5929EF6908++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\settingsdblookup.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):811
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.552253677614322
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:gd8kIXhHUnPKItqP8+/4lqWvfsb97ZsCodUjb97ZsJArspCe8hvDIFEcGlbLvxzQ:5BUHE/4lqoKqdUvsFnwQQvpE/rcoOTvO
                                                                                                                                                                                                                                                                                            MD5:EC0E4731BD267CA4C7109F33C5D9381F
                                                                                                                                                                                                                                                                                            SHA1:538DD93C4313623A95DC59DB0720F592E422138A
                                                                                                                                                                                                                                                                                            SHA-256:C1F2C578B7B5F7B6210EF72DCCBFCBDA96236ECC5033A6571FE160BC547DA0FB
                                                                                                                                                                                                                                                                                            SHA-512:8F1E57292BCC3B3C46529CE52C5D1E1BF252D4D446D18B108809FBDA9F0608EFFDA8F293C06F0999916FAF0A769CEF07019EFBE49CEC15BACCE62CFA5094790E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........+%...+...7...>.......T...+...7.......7...%...>...H...7.......T...7.......T...7.......T...+...7.......7...%...>...T...4.......7...7...7...7...>...........T...%...4.......@......tostring.GetOption.settings]Invalid settings configuration specified for settings database lookup dimension handler..default_no_value.setting_name.in_contextXNo settings configuration specified for settings database lookup dimension handler..err.m_logger.get_dimension_config.Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandlerw.......4...%...>...2...5...4...1...:...4...0...H.....new.SettingsDBLookup*telemetry.dimensions.DimensionHandler.require...//73F464983B043C393CEADF615BF8A143C26CA717E4823552B1875963890CDFFC95B3661362D64705B3135680C9F20CE95ADD037343D403C3FF418B71038140C1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\simplewmiquery.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1058
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.66779650722283
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:7XPWUNk6W0pzsxOLs0tl17FDTw2QFPjE/JK:7u6kN0pqOLJPtFDHCrV
                                                                                                                                                                                                                                                                                            MD5:B52BE7685A3F5E6FDF38B54DAC075FC0
                                                                                                                                                                                                                                                                                            SHA1:6743394C4EB37F71D3A52D84186AF8A285055308
                                                                                                                                                                                                                                                                                            SHA-256:BC9C72AF40AE7573541F13099C47D3A40809F0EAEED9C3EB794196840550B907
                                                                                                                                                                                                                                                                                            SHA-512:51727DBDD0ECF5945EE49E27C5F870BEC5C583AED49B498A4CE99F8BED13D574947FE651285CCE025029A44A6D72A11D5DCF88CE5189421B7F3F36E602818355
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........U+...7.......7...%...>...+...7...>...%...%...*...%.......T...+...7.......7...%...>...H...7.......T...4...7...>.......7.......T...7.......T...+...7.......7...%...>...H...T...4...7...>.......4...7...>.......7.......T...4...7...>.......7.......T...4...7...>.......4.......7...................>.......T.......+...7.......7...%...>...4.......@..... SimpleWMIQuery handler: end.get_wmi_properties.utility.aggregation_type.namespaceUInvalid settings configuration specified for simple WMI query dimension handler..field.query.tostring.errorPNo settings configuration specified for simple WMI query dimension handler..err.top.Root\CIMV2.(error).get_dimension_config"SimpleWMIQuery handler: start.info.m_loggerZ.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandleru.......4...%...>...2...5...4...1...:...4...0...H.....new.SimpleWMIQuery*telemetry.dimensions.DimensionHandler.require...//66F1EC412E736F1C0CCC9A12BF1055FACE5F525B7E3141612F03D6BE9D1B2A6749373FCD

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\staticvalue.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):555
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.509844220882659
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:KkFS8ryNrRryJAnDpCe8hvDIFEXZGlbLKsoa8EeJKUNh8wn5HpYFO:djyNFaolnwFQKE/WX2O
                                                                                                                                                                                                                                                                                            MD5:4637B8199333805438D75ED45E7799A9
                                                                                                                                                                                                                                                                                            SHA1:BCC6E82AAAFE155E4549724FF0033DE3AF68F85C
                                                                                                                                                                                                                                                                                            SHA-256:53EB57810A2925E94C9EB9F4D9C3A826AFA3FC69517DB300B190DBF7C5FD07EC
                                                                                                                                                                                                                                                                                            SHA-512:04F13CF4F7874D946D089C343D85921615661595C74C396315F476B089636686D0B06DCC22E5B829C3B62EF23DC86637565DBC6EC98B131DFB8298115A1BE52E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........%...+...7...>.......T...7.......T...+...7.......7...%...>...H...7...4.......@......tostringAInvalid configuration for the StaticValue dimension handler..err.m_logger.static_value.get_dimension_config.Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandlerr.......4...%...>...2...5...4...1...:...4...0...H.....new.StaticValue*telemetry.dimensions.DimensionHandler.require...//400D4C88170CD6778859769389FA9085AC18A94EEDF91086F9FF10D7E73DCEECBEC7067F0168F7FF1ADD87106DAF2B181D7ACBD7BBB82FC1AC65CEA6E456F06C++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\suitestatus.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):861
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.606874764161418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:myyWXSPyfuugXc/dBiGgPRyfuxAIE/KUGRthn:6WiVugM1BSRbvTUGthn
                                                                                                                                                                                                                                                                                            MD5:7264A96B387197AFCD17B576692283EB
                                                                                                                                                                                                                                                                                            SHA1:6ED65CB6F5E5A1B3F0A36C7F5430D2A66A3870A4
                                                                                                                                                                                                                                                                                            SHA-256:106F7913ED5CA35DD52DBEE824C6B85A0777A47998B4C577ACAA6E595F06D0E0
                                                                                                                                                                                                                                                                                            SHA-512:96F414CF18697DFE24B14BCFA03F83D139593519F1EAC4DE756CE29A0D620C184278CC532AC375F09DDC21517029DB56933963DC49CD6BF35967454BC74ABD16
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........&'...4...7...7...%...%...'...(...>.......7...>.......T.......4.......7...)...%...)...>.......T.......4.......7...)...%...)...>.......T.......4.......@....tostring.*Freemium.*Orphaned.GetOption.settings.IsValid5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core......Y.......+...7...>...4.......>...........T...)...H...)...H......tonumber.get_suite_status..&.......+...7...@......get_suite_status.........4...7...............>...1...:...1...:...1...:...0...H.....get_dimension_string..is_suite_installed..get_suite_status.new.DimensionHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.SuiteStatus.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//C1EEF333C82066E7D7FC4781A5E75E241897FB68754FEC7718DE74FD5A43CB9B412BF5435AEBE74A8EBEB23A8C583659B8BE07A4DC0A7115F4EB4B1EA3F9A5BB++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\telemetryversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):732
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.541102705302123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:T5Qkw4I44/Y+C/nVAOwitZm9j4a8pCwUitZJAooDpCe8hvDIFEcGlbL9UiH/Iuss:4FY+SVAOwiKE7uiZqlnwQQ9UiHjE/Xj2
                                                                                                                                                                                                                                                                                            MD5:DC35C5F2BE7C487E10DBECA8378FAC4E
                                                                                                                                                                                                                                                                                            SHA1:C5D92FA1686208506F6902933628C5CD6BD42948
                                                                                                                                                                                                                                                                                            SHA-256:F6B4417634E6FC3FB1EDF279BE9DA61124DA1C3D9C3FDC83DBEB73CFE0584B33
                                                                                                                                                                                                                                                                                            SHA-512:2E00ADC09D73AD48A58B31CAD061334DF5D711F597EDA90CC88A13027649FF5582C134FE9E842000E50A921BE0DD4ACDDBF03BA368360ED62C8B4D1CE785DF85
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........%%...+...7...>.......T...7.......T...7.......T...+...7.......7...%...>...%...H...4...7...>...........T.......T...+...7.......7...%...>...7...H...H.....GUnable to read version data in TelemetryVersion dimension handler..warn.require.UNKNOWNIInvalid dimension_config for the TelemetryVersion dimension handler..err.m_logger.version_path.default_no_value.get_dimension_config.Z.......4...7...........)...>...1...:...0...H.....get_dimension_string.new.DimensionHandlerw.......4...%...>...2...5...4...1...:...4...0...H.....new.TelemetryVersion*telemetry.dimensions.DimensionHandler.require...//403C7158D8AA03A43B1CAF5F57337E220E36E9F22907DCC9B0741C0FDA53CAAA3F8B89D09DB1F4EAFC9EBE429D72B3D9E1833846EAFBFB422344BDD119F17331++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatepending.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):551
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.627028799484036
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:3YKhS6zgmXydWW7WIFEP39R5gfl/80Isoa8EeJKBmYEzGhkGiGn:jrzg6ydJkyf1NIE/BmYEzakxG
                                                                                                                                                                                                                                                                                            MD5:3A3097E1A151007EB24D7D46EA7AE028
                                                                                                                                                                                                                                                                                            SHA1:D76482ED200EE11086265869ECB68D7824EC7456
                                                                                                                                                                                                                                                                                            SHA-256:49A762D9275776B541A7C0D5EE73148A590623D0319C1CE4B14113731ADCD5FD
                                                                                                                                                                                                                                                                                            SHA-512:700A1EEF54A49AE5108E77D95E89F4A49E9C7BE10B68598822D3F2731455BAF1B53577422CC9B0A6CC192DAEE95023E01C48439C41213F520DE3C7DF7ACE79E3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...7...%...%...'...(...>.......T.......7...>.......T...%...H...%...H....true.false.IsValid-SOFTWARE\McAfee\WebAdvisor\PendingReboot.HKLM.Registry.Win32.core...V.......4...7.......*...>...1...:...0...H.....get_dimension_string.new.DimensionHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.UpdatePending.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//83C3E253360B527854F297BC93C15A90AFCD67C6E867CD86BF57B724DB6A1CAB6ED85C64C8639B74F70C5566043FBD52E0114D3A8481C9961F6F3575DA734658++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatependingversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):731
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6192343197477586
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ZeKhSDLnHSpPsXQ8tzT46iuatmXydWW7WIFEQ39R5gfls+0Isoa8EeJK2+gCJeO:PYQsQ8BUhH6ydJDyf2jIE/CCJR
                                                                                                                                                                                                                                                                                            MD5:9ECA22B44DA40B7EF8E680BEEFF8D6D6
                                                                                                                                                                                                                                                                                            SHA1:AFCA19F167DD91EEEA33395327C7D9361E1D44AB
                                                                                                                                                                                                                                                                                            SHA-256:15046C04362166DD2ADB20B60B7F8BC4A9FC52CBBE8C8B4A5F81FE550D0DA66F
                                                                                                                                                                                                                                                                                            SHA-512:A0104B4664F7D2B7B6DB706FD6B870AE46BAFF22EDBCD8BA4468F9EE5C142CACE8907969CB1496043511F621F8028751C1736F38075515ECA0E9A56AAECC4141
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...7...%...%...'...(...>.......T.......7...>.......T...%...H...4...7...7...%...%...'...(...>...........T.......7...>.......T...%...H.......7...%...>.......T.......T...%...H...H.....FullVersion.QueryValue.UNKNOWN.SOFTWARE\McAfee\WebAdvisor.RebootNotPending.IsValid-SOFTWARE\McAfee\WebAdvisor\PendingReboot.HKLM.Registry.Win32.core...V.......4...7.......*...>...1...:...0...H.....get_dimension_string.new.DimensionHandler.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.UpdatePendingVersion.mfw.core.Win32Helper*telemetry.dimensions.DimensionHandler.require...//14B216E97CFF8E7AD9AAF86DAE8A4C51DC0FC9DF5899F73D39196735EBFC26764AF7BC5393D62325073255F9B51FFB50A77A44FD94C28374B3EF378C548DAF1D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpsdatesetting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):486
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.538318694426931
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:f+ns1vm32QsxjXkkuBid/9smRgGlbLj0usoWLIY3pKfEgLkOdbCly6:Ysl6sNkHBidamgQj0u2IY3k/YOdbV6
                                                                                                                                                                                                                                                                                            MD5:B2D512C47E3AC1A928073445375A98E0
                                                                                                                                                                                                                                                                                            SHA1:90FCEB2317AA72303C53A2343800A055F2EAEC89
                                                                                                                                                                                                                                                                                            SHA-256:FC367379D33D55C8DFB94BD2C12741A67BA568DE7F64C5EAD7B41D71FCFB8417
                                                                                                                                                                                                                                                                                            SHA-512:48C60CD7FFC6950A5D68D05CCFA1D677FD10FFFCB22D268B2CECA76F807AC7028804B2551CF37FFDC9BE5B4A6F1B6C87A7A5E2516D68D14DBB901B04DB9940B2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7.......%...>.......T...4...7.......'...'...>.......4...7.......%...%...>.......H.....-.gsub.sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.stringM.......4...7...............>...1...:...0...H.....format_output.new.WPSSettingx.......4...%...>...2...5...4...1...:...4...0...H.....new.WPSDateSetting-telemetry.dimensions.handlers.WPSSetting.require...//05C96186F08538C6E7E1E9B7FE9FCA517B488B8D33791E211DC41F65D7E73798391CDE2544F437154E39BA51F807E94E1B159A72F9C6A8898F64B809A351574C++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpsdayssinceexpiry.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1208
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.642009565436857
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:bwEX9j1RXQmU3PZ4Kdm6MOKNh+CVUkM0dabVtgBiDS2kQUhk2IY3kd6UuClx5:3JQZdIhP/M0ssBfFi2woCl
                                                                                                                                                                                                                                                                                            MD5:BEFF4C1FCB74EF90E136088F835FC04B
                                                                                                                                                                                                                                                                                            SHA1:CC1078B4247077E861F716397F8148CD209B34C2
                                                                                                                                                                                                                                                                                            SHA-256:21DDF6B469777692E97E5915E76201B7B043E85D4D13C64C8DFC0D2E5326A1ED
                                                                                                                                                                                                                                                                                            SHA-512:6A0F6B2A2D895A35DC70C0E7107D39FE10B802352F7FB3C425CCC8A6B6D750977A8935E7171FBE3FCD6B161B955FD0769226B8E3E371594790917A7DC4BBDC53
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........J'.......T.......T...4...7.......>.......T...4...7.......%...>.......T...'...H...4...4...7.......'...'...>...=...'.......T...'...H...4...4...7.......'...'...>...=...'.......T...'.......T...'...H...4...4...7.......'...'...>...=...'.......T...'.......T...'...H...4...7...3...:...:...:...>.......H....day.month.year....hour...time.os.sub.tonumber.%d+.match.len.string..4.......4...7...4...7...%...>...?....!*t.date.time.os........:4...7.......7...%.......$...>.......T.......T.......T...H...4...7.......%...>.......T...4...7.......'...'...>.......4...7.......%...%...>.......+.......>...'.......T...%...H...4...7.......>...4...7...+...>.......>.......4.......@........tostring.floor.math.INVALID_DATE_FORMAT..-.gsub.sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.string.NO_WPS_KEY.NO_WPS_SETTING.NO_INPUT_SETTING%WPSDaysSinceExpiry: input date =.info.log.core...W.......4...7...............>...1...1...1...:...0...H.....format_output...new.WPSSetting|.......4...%...>...2...5...4...1...:...4...0...H...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpssetting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1424
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.694461302632784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:+cRvGiHyRDmClnA5RzKx39Ptcc/dRucV8AXV4UjseE/DSs9:+YPHyM5Uv1x/dR/vjse29
                                                                                                                                                                                                                                                                                            MD5:295DE66F5A6C4F8F53523FEC1DFD3D43
                                                                                                                                                                                                                                                                                            SHA1:A58E12901396C3DDF3A2843D8C7F8672612C8F5C
                                                                                                                                                                                                                                                                                            SHA-256:0680AF99418C27958D779A3095A13D5B030A75E5D00AE1C50E07502669A7DB7C
                                                                                                                                                                                                                                                                                            SHA-512:20BC63AAEEEE25DDB7B8F5C48E53EAE29662D9710CFFCBDC4339971762915EDCB378B6A3B5283389F16F729CF6997FA193FFF2B62764F0F457423A23D5AA132D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........g....T...4...7.......7...%...>...%...H...T...4...7.......7...%.......$...>...4.......7.......>.......T...4...7.......7...%...>...%...H...........T.5.4...7.......7...%.......$...>...4.......>...4...7.......7...%.......$...>...4...7.......'...)...>...4...7.......7...%...>...4.......>...D...4...7.......7.......%...4.......>...$...>...B...N...%...6.......T...6...4...7.......7...%...4.......>...$...>...4.......@....WPSSetting: returning .NO_WPS_KEY. = .pairs,WPSSetting: parse succeeded. Json keys:.decode.json_parser%WPSSetting: wps json setting is .tostring.WPSSetting: key = .NO_WPS_SETTING)WPSSetting: returning NO_WPS_SETTING.get_setting.wps_utils.WPSSetting: setting = .NO_INPUT_SETTING+WPSSetting: returning NO_INPUT_SETTING.info.log.core........H............+...7...)...+...7.......T...+...7...+...........>...+...7.......T...4...7.......>.......+...7.......>.......H..........format_output.lower.string.lower_case.key.setting_namev.......4...7...........)...>...1...1...:...1...:

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpssuitestatus.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):586
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.504816023485099
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:DFNql6nGUm8dcfzOdNuI/9/ECGlbLjEsoa8EeJKquNzOiOn:DFNeIGUm+coNh3QjEE/TzOtn
                                                                                                                                                                                                                                                                                            MD5:E50025927B3EE89895724005BD1843B4
                                                                                                                                                                                                                                                                                            SHA1:8A423EC272DF863273BA3CD1F51951155018DA8F
                                                                                                                                                                                                                                                                                            SHA-256:FF76BAE738C35C860130CB68E1D04225BFD270A684F07E7A29ADA7D275A01072
                                                                                                                                                                                                                                                                                            SHA-512:CAC18EFE7213D7E4D823167F31072C41376D8021D075017C7F746B58FEE8F5E5A51D6E41E61B36A04E3C24E0BBCC562E7A36C361F82C270C60FDBC62CDF28041
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........'...4.......7...>.......T.......T...4.......7...)...%...)...>.......T.......4.......@....tostring.*WPSEverInstalled.GetOption.settings.is_wps_installed.wps_utils..&.......+...7...@......get_suite_statust.......4...7...........)...>...1...:...1...:...0...H.....get_dimension_string..get_suite_status.new.DimensionHandleru.......4...%...>...2...5...4...1...:...4...0...H.....new.WPSSuiteStatus*telemetry.dimensions.DimensionHandler.require...//8F9B9968DEA36A649AC4B6C92CB646B54133DE7540F695612905E76BF9B5E696B24BE2D15CD6EF394D3174CA886D01A4EC9F1D86C5D3342F81CEFB6457538714++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wpstrial.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):461
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.558376283871401
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Ilc9I7tdi9Gu/9smROGlbLTsoWLIY3pKxdSL0bfyFBRNnHKQ:Ie9GLikuamOQT2IY3k7U8yFVV
                                                                                                                                                                                                                                                                                            MD5:CB619158239771D17A04F178EACCFFA8
                                                                                                                                                                                                                                                                                            SHA1:894BD62A03FADCED1E1287B363D77F7EC8FC56E3
                                                                                                                                                                                                                                                                                            SHA-256:67058411030E77CDF50A98DC59FFFC2FEF1C3432AD62A3E1ACEB47D4E05D6270
                                                                                                                                                                                                                                                                                            SHA-512:9A0289A663BACAF63901765C40FD3703402C5D0E239B3C8C26B25701944E3BBC354FE3642D8A278870A40EF57AFB8953F571E15FE14487286065DB444F122176
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..............T.......T...%...H...T.......T.......T...%...H...T...H...G....0.Paid-Expired.Paid-Active.1.Trial-Expired.Trial-ActiveM.......4...7...........)...>...1...:...0...H.....format_output.new.WPSSettingr.......4...%...>...2...5...4...1...:...4...0...H.....new.WPSTrial-telemetry.dimensions.handlers.WPSSetting.require...//A3FEFD777182AE6500D5FABD34FB3434A2EBC001CAB5C3F505A3E53A8A906216C2E2FB4E6C4C2B80AA80B8E3046E1B8AE9E9EB6D769A4D3D45CEB859AC24A8DB++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wssaffid.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):651
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.738357741434148
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:5KMuuPgonhXPZq3kf5x64MxSmulXR1OkBid/9ZQ2GlbLuQdsoWLIEKvc4uX:LuuPgohRq3kGJJwRVBidg2QuQd2IjErX
                                                                                                                                                                                                                                                                                            MD5:8773021C777D91CA6E4C80FDC96E05A4
                                                                                                                                                                                                                                                                                            SHA1:74F718AA84145BB879A6181C70FA6790F96DAFAE
                                                                                                                                                                                                                                                                                            SHA-256:0A8CAF5199483DE8FC975B96276DBC61A966111A27B236496E0A3EAF795DD307
                                                                                                                                                                                                                                                                                            SHA-512:EC0800CE90D8E60120EC990A11FBA8DA434333D357F5E00E691C8FA48F7043F1AE18C7ED8AD8A002D9448B2E96798618719926E640B71E080BDBC2F6EA427BE4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........#+...7...>.......T...%...H...4...7...7...%...%...'...(...>.......7...>.......T...%...H.......7...%...>.......T.......T...%...H...4.......@......tostring.NULL_AFFID_ERROR..affid.QueryValue.READ_ERROR.IsValid+SOFTWARE\McAfee\MSC\AppInfo\Substitute.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed...U.......4...7...............>...1...:...0...H.....get_dimension_string.new.SuiteStatuss.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSAffid.telemetry.dimensions.handlers.SuiteStatus.require...//CF71D3C1A74FFCFD2086465753842A9AF628C1BCF37454A133703A7C00C6D7AD8F872CA8DF8E17B136FE75D2C3FFC97B9312D77FA180D203637F7FD10B73F901++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsscspid.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):577
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.636866033713191
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:quOsakaQybr0j/FoQ2vfrY1OvpCFUBid/9ZQ2GlbLPnusoWLIEK1iMnlThWKtW0M:quOVP4jNcvTYkhBidg2QW2Ij1dZRyh
                                                                                                                                                                                                                                                                                            MD5:489F8ED2F2CB7AA952B632051662D757
                                                                                                                                                                                                                                                                                            SHA1:ED5D48A2C2F331E43DB255BBA28FCEC6C47D1FE0
                                                                                                                                                                                                                                                                                            SHA-256:924EB320527ED3D7BAD173871355572B1E9581B877CD19AA195BAB6713BD9D8E
                                                                                                                                                                                                                                                                                            SHA-512:132CBC4DAFDF86082B991D7B7323A718B9C5A8487AF1508A45CF7DF691F071461CA7E9D1330399D420C9C3D66C97838AA7A6BB113C6C5AE06F6081A922BB0469
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........+...7...>...+...7...>.......T...%...H...4.......7...)...%...%...>.......T.......T.......T...%...4.......@......tostring..__not_available__.NO_CSPID.CSPIdValue.GetOption.settings.NO_SUITE.is_suite_installed.get_dimension_configU.......4...7...............>...1...:...0...H.....get_dimension_string.new.SuiteStatuss.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSCSPID.telemetry.dimensions.handlers.SuiteStatus.require...//D65B49B11E691DC2FC104113350CEADC2821735A8A733834BE36E06B9CD43629A006F01AAB4C3BBADE34F0C07CAC378FC94E24496A23BC70E8CF955F7C1A8C5E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsseuladate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):682
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.556491254388825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:IAZyMnaVYEz71ObWLixqArstUCfQ/9Ep39R5gflG6hsoWLI/soWLI/3KsbmbgoiL:3MMnaVYGSWLPJU2Q0yfbh2I/2I/6sqiL
                                                                                                                                                                                                                                                                                            MD5:B5CF9C3FB9876B2D91C3D42F2CE256B8
                                                                                                                                                                                                                                                                                            SHA1:4A608B750FC0D5999486EF0EACC43ADE54D0F2E6
                                                                                                                                                                                                                                                                                            SHA-256:DED9FAA6DC4A32745362134EAF2BA4CB3FAF10FAF850BB9EC0BB1A5056574626
                                                                                                                                                                                                                                                                                            SHA-512:8D4AC82C0A2E750EA5EE2CA63C9191760B34B17CA90E7A26955747706E9CFE7FA5DA755A69E2BE225F8C2B12512AA19F2FA90D0A73A29915DD575FAD28FB06A8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........+.......T...+...7.......T...+.......T...+...7.......7...%...>...%...H...+...7...>.......T...%...H...+...@..........NO_SUITE.is_suite_installed.UNKNOWN3Failed to construct the WSS eula date handler..err.m_logger.get_dimension_string|.......4...7...........>...4...7...............>...7...1...:...0...H.....get_dimension_string.SuiteStatus.new.RegistryLookup.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.WSSEulaDate.telemetry.dimensions.handlers.SuiteStatus1telemetry.dimensions.handlers.RegistryLookup.require...//FF758F5ED7E6C93643C4CE800AC043764C8804F451F1FC67D35C16EB813C3B1302B13C538B543DDF830DA1636823C2786568D45EB535330C9F00732DC2530616++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsspackagetype.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):495
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.585748375264353
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:2IHvOkcriB2mvzXBid/9sYGlbLj2hAusoWLIPKct8DEZvR:2IH1KgrXBidaYQj2hJ2IyctfZ
                                                                                                                                                                                                                                                                                            MD5:23233F394395A83B1A2093C1CCA20E20
                                                                                                                                                                                                                                                                                            SHA1:DF03ACF9E5E0C28A5DEC6878AA1E9917E150F7C2
                                                                                                                                                                                                                                                                                            SHA-256:74E02EFD9DE7579AD017BE1308CBF7EC3123F0E0210DDA120B2B06497270C1F4
                                                                                                                                                                                                                                                                                            SHA-512:E00FD13C9AC4F3BA9FA2C766EB92354D671CE891E9F951DAEACD73845B15A3DAC1EB06A9DF6FC478B1A5E41B2D63ACC866F410F56BC5B6D687BCF509EF0695D5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ.......... ....T.......T...%...H...%...'.......'...I.......7...........>...4...7.......>...'.......T.......%...$...T...........$...K...H....*.byte.string.sub.M.......4...7...............>...1...:...0...H.....format_output.new.WSSSettingx.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSPackageType-telemetry.dimensions.handlers.WSSSetting.require...//24B1382054EEB399F14981CE61828A79BAB4CB589E932F291BCFB41BE9F45EC0969078863ECDA2AD19A81674DFFBDBE09A7DBE8A2A711607E0C01EC74847029E++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsssetting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1442
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.789325129237691
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:axlOHbhNYSOaQemAENhRNWF1ltn2oXJ3qfswRfqNRV+mSWl8q4eBi1cAUQT2Ij90:sY7sSyAElNWF1lkoXJ3qUCyT8Al8leBl
                                                                                                                                                                                                                                                                                            MD5:0285608A9DA28FEE53181912723444BA
                                                                                                                                                                                                                                                                                            SHA1:556F82A74D520F6DA37D490A00E9670D81BB284C
                                                                                                                                                                                                                                                                                            SHA-256:A219BF0A394D4059254332A285036F6B423E9DE49EAB02E199FB49E55EA8B1B9
                                                                                                                                                                                                                                                                                            SHA-512:3C116BDC77AAC82FB56E5484AC78E0C9BD71F592A677186EAE1DEEC46496CAB9BE3CEDACBB130C35DCE7FDCFE2D4C1ADB0386D9547598B2F3BEADC8082D09133
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........(%...+...7...>.......T...%...H...4...7...7...%...%...'...(...>.......7...>.......T...%...H...4.......7...........>.......T.......T...%...T...4.......>.......H......tostring.UNSPECIFIED.GetProperty.subdb.NO_APP.IsValid#SOFTWARE\McAfee\MSC\SubManager.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed....t.......+...7.......7...%...>...H.....FBase WSS Setting handler format called. Returning original value..err.m_logger........K%...+...7...>.......T...7.......T...7.......T...7.......T...+...7.......7...%...>...H...+...7...7...>.......T.,.7.......T...7.......T...+...7.......>...........T...+...7.......7...%...>.......7.......T.......T.......T.......T...4.......7.......>...........T...+...7.......7...%...>.......4.......@........tostring?MD5 function incorrectly hashed data. Using default value..MD5Hash.utility.UNSPECIFIED.NO_APP.MD5EFormat function incorrectly formatted data. Using default value..format_output.NO_SUITE@Invalid configuration for the WSSSetting dimension handl

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsssettingexpiry.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):922
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.472102399283966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:bwEX9j1RXQmU3PZ4zMOhjUCVrtgBiDSuQB2Iygy:3JQZOhhGBUc2L
                                                                                                                                                                                                                                                                                            MD5:61B2E8DC375AF2358D0D6811BCA56F43
                                                                                                                                                                                                                                                                                            SHA1:6B56E981EA027C70AB3AC2496A91D2BEA242D241
                                                                                                                                                                                                                                                                                            SHA-256:3F86AFB60076387722A0227DDD14A75B9F4EB76578AD370D2F55203E8F40F005
                                                                                                                                                                                                                                                                                            SHA-512:691A4082443D2767852EEC62D5335627F71DE7268DDA1ED4D7E9C21A619E5561A757387B9C2145D0C6B96F3F91343ECC7ACD4A6E52DE18831206F4AEBD108287
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........J'.......T.......T...4...7.......>.......T...4...7.......%...>.......T...'...H...4...4...7.......'...'...>...=...'.......T...'...H...4...4...7.......'...'...>...=...'.......T...'.......T...'...H...4...4...7.......'...'...>...=...'.......T...'.......T...'...H...4...7...3...:...:...:...>.......H....day.month.year....hour...time.os.sub.tonumber.%d+.match.len.string..4.......4...7...4...7...%...>...?....!*t.date.time.os.........+.......>...'.......T...%...H...4...7.......>...4...7...+...>.......>.......4.......@........tostring.floor.math.INVALID_DATE_FORMAT...W.......4...7...............>...1...1...1...:...0...H.....format_output...new.WSSSettingz.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSSettingExpiry-telemetry.dimensions.handlers.WSSSetting.require...//97D1E003AC975DBDDCE346A9E823DB7C83BB7C3DBD13D5B517CB49E102B5899AC1767BBA68E133302A2E87903BCAF904035C3928E98D45302FB2492E3A669B6F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wssversion.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):653
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6962767368247675
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:euuPgonhXPZqFbmP4XR1OkBid/9ZQUR39R5gflfA0csoWLIEKkb6mIsvqg0:euuPgohRqcPwRVBidgwyffc2Ij1lg0
                                                                                                                                                                                                                                                                                            MD5:FD6D62F44753AB165A30E2328B4587A7
                                                                                                                                                                                                                                                                                            SHA1:0888CF29985FDED3621ED63210B1A3B793AA634D
                                                                                                                                                                                                                                                                                            SHA-256:A52D653983591D10689A3194999B72B5ACECA4E0ABFD393689F44B281889A0C9
                                                                                                                                                                                                                                                                                            SHA-512:4AA4F992CF1FD6CBB573284CA1FEAD90AF704B075D35123737C2629717248DD83CC52A79EFD32A1A3FF4AE08A4104B72D16ACC59BCB609EB88C730FA8494C053
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........#+...7...>.......T...%...H...4...7...7...%...%...'...(...>.......7...>.......T...%...H.......7...%...>.......T.......T...%...H...4.......@......tostring..ReleaseName.QueryValue.NO_VER.IsValid.SOFTWARE\McAfee\MSC.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed...U.......4...7...............>...1...:...0...H.....get_dimension_string.new.SuiteStatus.........4...%...>...4...%...>...2...5...4...1...:...4...0...H.....new.WSSVersion.mfw.core.Win32Helper.telemetry.dimensions.handlers.SuiteStatus.require...//807EA437ADD7CD79FE45CF720A50165488A0B93040A2EFDDEEE92AFE70B56450EC99B9C7BEFC363A7F7440320C1396A37C9404CCF1155548A9AB4DC7177D1B05++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsswps.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1471
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.613185103328971
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:JQmnLxIesqSRxsESaytdoCnqyXgzysccVzoFnqy7g2ISNvt0Q+cOQv4Q7WJuE/WO:STesn3sdamo4qCmJ1opqX2hNF0Q+cAyO
                                                                                                                                                                                                                                                                                            MD5:240D489DAC107AF03A78B6EB894D2AB3
                                                                                                                                                                                                                                                                                            SHA1:D12E334F90C5AE748BA50C9410E52CB2753654F0
                                                                                                                                                                                                                                                                                            SHA-256:D3CBBE00805415CA1CA17E25AFFA96B4234A352B253FCB1F0A99B05A7A64830A
                                                                                                                                                                                                                                                                                            SHA-512:9CBC04B3A7B17F96F512A883EF357F204678A7456DFA54537102EBF4207A407B5B1209E182ECA5EF7C00543DD1D012F4B3B97E69C578A877E9FAEA64C0E996FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........~+...7.......7...%...>...%...4.......7...)...%...)...>...4.......7...>.......T.......T.8.+...7.......T.4.+...7.......T.0.+...7.......7...%...>...+...7.......T...+...7...7.......T...4...%...+...7...7...$...>.......T...7...+...+...7...)...>...7...>.......T.=.+...7.......7...%...>...T.6.+...7.......7...%...>...T./.+...7.......7...%...>...+...7.......T...+...7...7.......T...4...%...+...7...7...$...>.......T...7...+...+...7...)...>...7...>.......T...+...7.......7...%...>...T...+...7.......7...%...>...H.........VWssWps: Expecting wss subconfig and wss handler in dimension config, but got nil.3WssWps: Nil wss dimension handler encountered..wss!WssWps: WPS is not installedVWssWps: Expecting wps subconfig and wps handler in dimension config, but got nil.3WssWps: Nil wps dimension handler encountered..err.get_dimension_string.new#telemetry.dimensions.handlers..require.handler.wpsjWssWps: WPS is installed, or WPS was once installed and dimension is SuiteStatus or SuiteEverTurnedOn.ch

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\version.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):235
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.179285362994611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:8k4kikwIWmLQJX8n+OgUvoScmhUcbu9thjRQ2IIB+Zuuk2h:90kRLQJXcbvoSHhK9tZIIB+ZuuLh
                                                                                                                                                                                                                                                                                            MD5:30E00470D0CC8435F2EDB28A5994EC01
                                                                                                                                                                                                                                                                                            SHA1:5F728DB48A3A82F6499510A3BBC39FAEDDB9EAF6
                                                                                                                                                                                                                                                                                            SHA-256:E20413C475DAF9DA3041B8AD9A6B0FA2E352D55E8F06751AF4F763C625590350
                                                                                                                                                                                                                                                                                            SHA-512:4B6D8756403758F6EFE537B714E237ADB4577BA677F302C29395D00AC0228427ADE5C187281C898D03DF5566A0274119124343F29EA70EF873C5BF3F9B70D7E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:--$FileVersion=[VERSION_MAJOR].[VERSION_MINOR].[SUBMINORVERSION].[BUILD_NUMBER]..return "4.1.1.846"....//E3F4A489BB3DD7B03A3A175D5107ABFFC640F5E914D60572DF4697FF45BEA73757BD6795347E02BA8D518977EA7D87BAE9548933CE5F6CFBE55A01A8325E81F8++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventformatter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1412
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.529793179016961
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:NiQLb2i/BKZ2r3EKPNGwR0okfGRZcuKj55FXijk:N31pKCH9SIZeXSjk
                                                                                                                                                                                                                                                                                            MD5:CE82840480225639C68A43AE53CAE343
                                                                                                                                                                                                                                                                                            SHA1:68DECC623750846F3380E5655A62A7A05BE3B4FC
                                                                                                                                                                                                                                                                                            SHA-256:3F77946427575326CD965D2CC9B5302F6FE62E59ADEE951B31545A21091D80DF
                                                                                                                                                                                                                                                                                            SHA-512:99169BDB73EFACD81598118F7687B91E4358F728756D20DF280F50E7620076D1DC55E750F7C6246EF1E112292C768445A81F9A79B61CA60094BE3366A588CCE0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..$.......+...7...H......m_event_config$.......+...:...G......m_event_config........+...7...H......m_event........+...:...G......m_event".......+...7...H......m_dimensions".......+...:...G......m_dimensions........+...7...H......m_metrics........+...:...G......m_metrics".......+...7...H......m_extra_data".......+...:...G......m_extra_data........)....T.&.4.......>.......T...4.......>.......4...+...>...T...%...4...7...%...4...7...4...7...............>...=...=...$...5...4...7...........4...>.......A...N...H......gsub.replace.sub.byte.%%%02X.format.%.ipairs.tostring.string.type?.......4...%...>...G...&format_event_data not implemented.errorL.......4...%...>...G...3get_formatted_event_identifier not implemented.error......!.$2...3...:...:...:...:...:...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1...:...1. .:...0...H....#get_formatted_event_identifier..format_event_data..encode_uri..set_extra_data..get_extra_data..set_metrics..get_metrics.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2836
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.48340516067821
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:dqi8lAvo9fbszACcL3wlwY7AM1289qFwX3SUp4D9K74JL7SMHhoBbBR7/yXXWKzJ:/o9fIAhLLM12pFwJg/hFhIR7uJ
                                                                                                                                                                                                                                                                                            MD5:C368DECA1F8107C51DE6CCF82D8DBA36
                                                                                                                                                                                                                                                                                            SHA1:28CB88CA82AA95717B13409C97D3940A7E8516FF
                                                                                                                                                                                                                                                                                            SHA-256:B8D3615AF142C4AE125B32103024C039AC3C8EF00A67B754D81EB49878F1112E
                                                                                                                                                                                                                                                                                            SHA-512:86FCEB8EFF2932A50EA14C2D86E9017AB60B3BE834D379AB5B1D01FB3246096747E92DC37DA5AD9F2322FF705A5A20AE3A68B31E312896A22528D7694DA83EB7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........%...4.......7...)...%...%...>...........7...%...%...>.......4...7.......%...>...T.......T...)...H...A...N...)...H....([^,]+).gmatch.string.%s+.gsub.telemetry_deny_list.GetOption.settings.........,...G.............+...H.............+...H.............,...G.............+...H.............,...G.............,...G.............+...H.....D.......4...%...>...G...+handle_telemetry_event not implemented.error........+...9...G.............I+...7.......T.......T...+.......T...+.......T...7.......T...+...7.......T...+...7.......7...%...>...%...H...T...+...7.......T...+...7.......7...%...>...%...H...7...+...>...7...+...>...7...+...>...7...+...>...7.......>...7...>.......T.......T...+...7.......7...%...+...7...$...>...%...H...H.............5Invalid formatter supplied for telemetry event: .set_dimensions.set_extra_data.set_metrics.set_event.set_configCAn event name was not supplied in the telemetry event payload.._event_name.6Invalid event data suppied for telemetry handler..err.format_eve

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventtransmitter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):514
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.297065441549035
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:jk3RM5oshcOBU6niGnkxiRM5mTmC6ET/n:poshc0UqjkxxmX6ET/
                                                                                                                                                                                                                                                                                            MD5:F925EDB4F383F5D326D5F067D7EF17A8
                                                                                                                                                                                                                                                                                            SHA1:376E765D326A685FB9B45A142CDC55830F3E198F
                                                                                                                                                                                                                                                                                            SHA-256:BA588BD53C703F7F80699654AE1050D99759C81B8CC36CBC49F440CDA031B2E6
                                                                                                                                                                                                                                                                                            SHA-512:0FC56A9EF61118DE6BB9D99A552AE26E9D867AB7E585F8A0BDD0324E9B3240AB7918D6BD4E47075D58C8AC37D7C2DD43BE2EEE31537E89D6371BD73D88C629B8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..B.......4...%...>...G...)transmit_to_endpoint not implemented.error@.......4...%...>...G...'get_endpoint_value not implemented.error>.......4...%...>...G...%get_header_value not implemented.errort.......2...:...1...:...1...:...1...:...0...H.....get_header_value..get_endpoint_value..transmit_to_endpoint.m_logger=.......2...5...4...1...:...4...0...H.....new.EventTransmitter...//48A0DDCE7E87F761A6659772461ECFB1DC52F2999FE7F0E84B383457747B72BBC0C404EF592538A86FDEAE4A35E00BDBC8CF4185BBCAF390A32C1DEF7BB12EEA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_aws.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4327
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.723624133425632
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:D6SSZjXlltQREGprKTmYYE9pbsxKMfuvvkIHjsBnKYl33:enx1lmprKTqyO5fMvkIDsBKa33
                                                                                                                                                                                                                                                                                            MD5:6F2B25FF2EEEE1375E6EF02B0019EE41
                                                                                                                                                                                                                                                                                            SHA1:9F5A17955B07E3FA652B75719B68B12070A80DF1
                                                                                                                                                                                                                                                                                            SHA-256:F7F6CD0F0889C1EE5800F00848682DAA3F5B29E4AB7974F458D15028E40C56A0
                                                                                                                                                                                                                                                                                            SHA-512:3E68F57077DEDD9A0DC0D72755B118DE58E13FD1A22BF554A17FB5BCE894F7A71055DD08A98CD100AAB152893E1A771C3B3C74945D2C4F14270D5AD09161056A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..?.......4...+...>...D.......T...)...H...B...N...)...H......pairs........-....T...+...7.......7...%...>...)...H...+...7.......T...4...+...7...>...D.......T...7.......T...7.......T...4...7...>...9...T...+...7.......7...%...>...B...N...T...)...H...)...H.....5Nil dimension handler configuration encountered..tostring.value.config.pairs.m_dimensions=Empty event data supplied for formatting dimension data..err.m_logger.............T...+...7.......7...%...>...)...H...+...7.......T...4...+...7...>...D...%.......$...4.......>...9...B...N...)...H......tostring.Metric_.pairs.m_metrics:Empty event data supplied for formatting metric data..err.m_logger......!.......T...+...7.......7...%...>...)...H...4...7...7...%...%...'...(...>...%.......7...>.......T...+...7.......7...%...>...)...H...T.......7...%...>...........T.......T...+...7.......7...%...>...)...H...%...+...7.......T...+...7...7.......T...+...7.......T...+...7.......7...%...>...)...H...4...+...7...7...>...D.M.+...7.......7...%...4......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_ga.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3124
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.623885295860992
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cf3fZPQzBS03YSNXvNLVvNIE75Ervs1s0JRxiVbBcuvy+xQhIH75u/Mgx4BO:cXZIzw0xxvvV5qs1s2RFuvvkIHwFX
                                                                                                                                                                                                                                                                                            MD5:4282C17E1F603261C362AE3C4644B71B
                                                                                                                                                                                                                                                                                            SHA1:ED37BF0C626C59A8D98DF1E544AC49FCD5E13456
                                                                                                                                                                                                                                                                                            SHA-256:AF7E27BAEF3B740DF1B0729BAC4C1E486981BB72FEA582A8C2930FF42EC1C045
                                                                                                                                                                                                                                                                                            SHA-512:2AFE9AA51A3387F2D57CD236B31AE195BAD638B4C96E379998167F12BB9481FD8A2A09C96560019925576C8C4A6553B6D85DC2C6B5EF91D38EFF2212D811A3AB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..L...........%...+...7.......>...%...+...7.......>...$...H......=.encode_uri.&?.......4...+...>...D.......T...)...H...B...N...)...H......pairs~.......%.......T...'.......T...%.......T...+...7...4.......>...=.......%.......%.......$...H......=.&cm.tostring.encode_uri.1.h.......%...+...7.......T...4...+...7...>...D.......+...........>...$...B...N...H........pairs.m_metrics........._%...%...+...7.......T...+...7...7.......T...+...7.......T...+...7.......7...%...>...%...H...4...+...7...7...>...D.,.+...7...6.......T...+.......>.......T...+...........+...7...6...>.......T.......T...+...7...6...T...+...7...6.......T...+...7.......7...%.......%...+...7...7...$...>...%...H...B...N...+...7...7.......T...+...7...7...'.......T.......+...+...7...7.......>...$...H............metric_id._event_name.) when processng event: -A mapping value could not be found for (.metric_value.pairs?Invalid configuration for GA formatter 'get_event_string'..err.m_logger.m_event.mapping.m_event_config.1.........v%..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_json.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3427
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.636906406793161
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qM6SHyVrZ9UptjYP+a/JlXjLiQ3Ns/rJVvBSIQ0xOx7Y2cnq5VMfuvy+xQhIHsMr:D6SSZNXv3qBK1Y2ckMfuvvkIHj2hRjG
                                                                                                                                                                                                                                                                                            MD5:70960E0CDA687CA4B4F4187E9CC23A44
                                                                                                                                                                                                                                                                                            SHA1:C5C2080012AB3A3CEB28BDF709BD1485EA330B91
                                                                                                                                                                                                                                                                                            SHA-256:2E9D9A7A24797E577BD1EB3754D34F11311405D7CA4AE2FA42CB7ABCD055EC4F
                                                                                                                                                                                                                                                                                            SHA-512:9DB3506ABF8F1CF7B61D9E9B95DAD09F41228CA074968895AF172F9C4E6056A573BFE27918E665CE33EBF031B144432FFBD12DB8A95B3C4B0B96726505270BC5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..?.......4...+...>...D.......T...)...H...B...N...)...H......pairs........-....T...+...7.......7...%...>...)...H...+...7.......T...4...+...7...>...D.......T...7.......T...7.......T...4...7...>...9...T...+...7.......7...%...>...B...N...T...)...H...)...H.....5Nil dimension handler configuration encountered..tostring.value.config.pairs.m_dimensions=Empty event data supplied for formatting dimension data..err.m_logger.............T...+...7.......7...%...>...)...H...+...7.......T...4...+...7...>...D...%.......$...4.......>...9...B...N...)...H......tostring.Metric_.pairs.m_metrics:Empty event data supplied for formatting metric data..err.m_logger..............T...+...7.......7...%...>...)...H...4...7...7...%...%...'...(...>...%.......7...>.......T...+...7.......7...%...>...)...H...T.......7...%...>...........T.......T...+...7.......7...%...>...)...H...%...+...7.......T...+...7...7.......T...+...7.......T...+...7.......7...%...>...)...H...4...+...7...7...>...D.-.+...7...6.......T...+......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handleonnavigate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):406
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.460121553558894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:5B9GWUg5AopU3vLFANEz3+XZGlbLHIqfC4imug8JAbyKwsdUTiPMNRFVYWWWZhpq:17jf/N0upGlbLvCEu5JJKw1oMN6O8g0d
                                                                                                                                                                                                                                                                                            MD5:61463F34A299E266F18656BE844BBEFC
                                                                                                                                                                                                                                                                                            SHA1:C3463BF938CBF79CE0CAA12224191DA78634D787
                                                                                                                                                                                                                                                                                            SHA-256:045F111C2562D762D8A381B0658C0C8D4E4782238DEBD64476AE9A2957EA7548
                                                                                                                                                                                                                                                                                            SHA-512:2F4BF7C26B8FB9973D6AB5EB77E38AD52B3C91CFACA1E53D2D98E64495B39BA739F592396B42B2C9312B33DD06D64E3C80867D972ADFF623DBB7D69A6591EF95
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..>.......4...%...@...)handle_on_navigation not implemented.errorZ.......4...7...................>...1...:...0...H.....handle_on_navigation.new.EventHandlero.......4...%...>...2...5...4...1...:...4...0...H.....new.HandleOnNavigate"telemetry.events.EventHandler.require...//750992C92CE883F8662CA80954D5D7616FF836161C4473DD567E736D3DA94D637DEC1EF540D6E433B06C1BBDE92C79FF6BB2A53F43B23573FA78641DB74CB9C1++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\adblockcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3048
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.826944404850673
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:8k60gBNsO134g1yL1abB71E1SAEDhAJdo4MmriRsJi2B5yGzp0pKF:GBNT135b1eio2vYjyu
                                                                                                                                                                                                                                                                                            MD5:4723216679A0344E3538DEA60CCBAA50
                                                                                                                                                                                                                                                                                            SHA1:047CB30340BF1014F17D4E56C7549AEBBC785D31
                                                                                                                                                                                                                                                                                            SHA-256:347D646BEBC10E0F27CC4ADCB9C10113061D9B8E0B9BD98E19787CD281C32F89
                                                                                                                                                                                                                                                                                            SHA-512:C25D400B920A45C226E3FDD0F4B411E926694998455A1FBC1D6871FB4574988BEA91062F34B713776079516CB8668C548476B01BE703EF696F2C22112C6ADEDE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ............+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...7.......T...)...7.......T...4...7...>...........%...7...%...7...$...4...7.......%...$...>...4...7.......%...$...>...4...7.......%...$...>...4.......7...............>...4...7...>.......4.......7...............>...4.......7...............>.......4...7...>.......4.......7...............>...4.......7...............>...........4.......7...............>...)...H......SetOption.GetOption.settings._Occurence._TrackerBlocked._AdBlocked.lower.string._.tonumber.default_no_value.in_context.prefixFOEM Adblock counter handler called with an invalid configuration..AdblockCounter.get_telemetry_configVOEM Adblock Counter handler telemetry event called with an invalid configuration..err.tracker_count.ads_count.interaction_type.browser

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\blockpage.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1154
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.512940706826833
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:jBJ7LRbTMKqCvnujltHEa3saisfEWE5XLZ+nATLjQxvUMoh:LSyGZhEa3saisfEWE5bZ+ATLjq3oh
                                                                                                                                                                                                                                                                                            MD5:6E66153A90A73683C675A263A4EA6390
                                                                                                                                                                                                                                                                                            SHA1:2151CC580913E7B0F5CF4F31C2E8D72C4A6E9D35
                                                                                                                                                                                                                                                                                            SHA-256:A1D28AE8B955C2928EF9D0691B19F7AD8A5909B63248E6BFD557A21C09F9CB96
                                                                                                                                                                                                                                                                                            SHA-512:DA2F63E3BFACE30CB1474757F7982DBA00BBCA454FEE8671D384706A572D8D4FE80AC93DF48DB96B12FE5A6F4CBF67CBD267AC6DF61125FF1F7059E8C105E710
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..y.......4.......7...)...%...'...>.......4.......7...)...%.......@....SetOptionInt.*CounterPagesBlocked.GetOption.settings..........7.......T...7.......T...4.......7...%...@...T...7.......T...4.......7...%...@...T...)...H...G....msad.ads.blocked.Frame.msad.sites.blocked.PublishMessage.wssEventSender.Top.level.Typosquatting._event_name........2+...7...>...,...+.......T...+...7.......7...%...>...)...H...+...7.......T...+...>.......T...+...7.......7...%...>...+...+...>.......T...+...7.......7...%...>...+...7.......T...+...%...:...+...7...@............transmit_telemetry_event.default.metadata-Failed to report block page event to WSS2Failed to modify *CounterPagesBlocked setting.Impression.interaction_typeDEmpty telemetry information returned when processing block page.err.m_logger.get_telemetry_eventf.......4...7...................>...1...1...1...:...0...H.....handle_telemetry_event...new.EventHandlerh.......4...%...>...2...5...4...1...:...4...0...H.....new.BlockPage"telemetry.events.E

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browser_host_launchers_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2577
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.737477998805083
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:JUlW/H3tnEowp8Gl5nt4uLxmnuCqI/Q5HneRmrROSExM9LgO5g+piVaK:LH3tnZwbrtvQITVeRme6K8g+QP
                                                                                                                                                                                                                                                                                            MD5:7DEEED17E417E565AABACBB48C725DD1
                                                                                                                                                                                                                                                                                            SHA1:EA3F158A6458D6CF8CB99CC08718CFF5D5BE6276
                                                                                                                                                                                                                                                                                            SHA-256:0B905247C46581B25E1682C7475D5CCB53A11522BA6683303D2DD087F004533B
                                                                                                                                                                                                                                                                                            SHA-512:91BFF101E974B62A3EB15AEFE178345363C0EB283420E200F5BC2CBE837CFFC4B9053622FC0B96231C8F3605BA60871D47CB2D97A4FC9133EE1283D724AEBF52
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ............+.......7...%...>...)...+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...H...4.......7...)...+...'...>...4.......7...)...+...%...>...4...7.......7.......>...4...7.......>.......T...+...7.......T...+...7.......7...%...>...H...)...4.......>...D...7...7.......T.......+...7.......7...%...7...%...$...>...T...B...N.......T...+...7.......T...+...7.......7...%...7...$...>...2...7...:...2...:...4...7.......>.......9...)...4...7...>...D...7.......T.......+...7.......T...+...7.......7...%...7...%...7...%...$...>...T...B...N.......T...7...4...7...7...>.......7...9...4...7.......7.......>...5...4.......7...)...+...4...>...)...+.......7...%...>...H...........6browser_host_launchers.handle_telemetry_event end.SetOption.signers_json.encode. and signer "signer object for executable .signers.new object for executable . found.object for executable .pairs.Number of entries exceeds telemetry limit.warn.maxn.table.decode.json.core.{}.GetOption.settingsCbrows

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browsernavigate.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1915
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.590531964701768
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ll5bQHlV06e4yeGB23kfjHru5XtozKT/LTEuXwV/g:ll5bSV06edEeK+GEnV/g
                                                                                                                                                                                                                                                                                            MD5:FC30D6C776D877F92C545D29033C79EB
                                                                                                                                                                                                                                                                                            SHA1:F9C128A41752CC526CEBC93ED3961EE291FEC9C3
                                                                                                                                                                                                                                                                                            SHA-256:7117236A653E27F636795D55D0D89B3189E28A7FCCC7F8942FBE4D36C81922F1
                                                                                                                                                                                                                                                                                            SHA-512:3F61A7003E92867688BEF634C27159ECB56EBAA8F385EE58DF83034522A58111F31E7DD6CD22C5D0E67A734DA93F0946D3898EF1A146EA402CF06BD1261448E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........@+...7...>...+...7...>.......T...+...7.......7...%.......%...7...$...>...)...H...4.......T...+...7.......7...%...>...)...H...7...4...>...7.......T...7...7.......T...7...7...>...7...+...7...............>...7...>.......T...+...7.......7...%.......$...>...H......Failed to handle event: .handle_on_navigation.new.update_dimension_configs.dimensions.dimension_overrides.set_dimension_config;A global dimension configuration has not been defined..g_dimension_config.handler. Handler: 8Browser Navigate handler does not exist for event: .err.m_logger.get_telemetry_event.get_dimension_processor.........4.......T...4...7.......T...+...7.......T...+...7.......7...%...>...G...4...4...7...>...D...)...7.......T...4...%...7...$...>...........T...7.......T...+...3...:...:...9...B...N...G........config....handle_on_navigation.telemetry.events.handlers..require.handler.pairs;A global telemetry configuration has not been defined..err.m_logger.events.g_telemetry_configy.......4.......7...)...%...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\commonlogicloader.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1199
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.829302902903248
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:BJkCKQBwRdS53hIL71zgDjkwAcrwP/3d+kFtiuWeTxIPFBFG+:+awRdS9wRmkwZ4fd+sBIPF2+
                                                                                                                                                                                                                                                                                            MD5:88CCC6435CDC09A2145F0DD0A8FA232F
                                                                                                                                                                                                                                                                                            SHA1:DCD71B672B82F22E957B5D930AB68CC37175C365
                                                                                                                                                                                                                                                                                            SHA-256:8F9ACE05E225A0048FD55E63819421C25E24B28755DE8A0136F7DF0070392085
                                                                                                                                                                                                                                                                                            SHA-512:0531E308BC7B7DD945F6DC9D405149ECCF897E10831ED9E7F15FA3BB4ACB2E44867E810A14E1FA917395C6F414A3903D2AE0B8ECD3275CC0922063BAFAA68DC8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...6.......T...6...H.......T...)...4.......7...............>.......T.......T...)...9...H...4.......'...>...G....error.include.external.loaded.package.........3...%...4.......>...T...4...4...........>...A...N...G....requireFromLogic.pcall.ipairs.\logic\.....MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.type_tag_utils........W%...4.......7...>.......$...4...7...%...'...>...4...7...%...>...4...7...7.......%...$.......>...7.......T.5.4...7...8...7...>...'.......T.-.Q.+.....7...%...%...>...4...7.......7...%...........$...>...4...4...........>.......T...4...7.......7.......>...4...7...7...........>...........T...4...7...8...7...>.......T...T...4...7.......7...%...>...G....loadSSProvidersCode end.FindNextFile.err.requireFromLogic.pcall.Loading script: .info.log...luc.gsub.cFileName.string.handle.*.luc.FindFirstFile.Win32.core.WIN32_FIND_DATA[1].new.void*.cast.ffi.GetInstallPath.utility.\logic\providers\.m.......1...5...1...5...1...5...4...>...4...>.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\contentsecuritypolicywasm.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1827
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.50882085826588
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:yJNPFxT8++kjzUK7cqPcgzWeE46+sEF66DZaJt9:yJNPbThjMIpH+6o
                                                                                                                                                                                                                                                                                            MD5:7837E7BE31FBA4EE891D8BBDF1FA0878
                                                                                                                                                                                                                                                                                            SHA1:61A3F8DE591524961A7EF6C187EA0EDFD3C1350C
                                                                                                                                                                                                                                                                                            SHA-256:DAC4CB9A7A07EFF7E5C2A84D814C4EE3AEC5E453182A480ED8D1612813A923D8
                                                                                                                                                                                                                                                                                            SHA-512:57B35FC9E24ECD0C9DFA85357BB61B527D30AEE4E18F01BB0ABE57419F28D0DB0FC6D6503EF5AD12C5CC2C6FFA4E787E4C8A6C360893515E98907330942585A2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........+...7.......7...%.......$...>...+...4.......>...6...H........tonumber2Inside get_counter_setting and the colour is .info.m_loggerd.......4.......7...).......'...>.......4.......7...)...........@....SetOptionInt.GetOption.settings.........@+...7.......7...%...>...+...7...>...,...+.......T...+...7.......T...+...7.......T...+...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7.......T...+...+...7...>.......T...+.......>.......T...+...7.......7...%.......$...>...)...H...)...H...........zThe counter did not increment successfully when processing Content_Security_Policy_Wasm. The counter setting name is .PREVENT_WASM^Event does not carry all required components when processing Content_Security_Policy_Wasm.err!Content_Security_Policy_Wasm._event_name.colour.policy.browser.get_telemetry_eventBInside handle_telemetry_event of Content_Security_Policy_Wasm.info.m_logger.........+...7.......7...%...>...+...+...>.......T...+...7.......7...%...>...)...H...G.........uBro

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\dailycounters.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2904
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.869971234636319
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:6TSowCerlmoeRHcOMRKikeF1NBMz+Y46bCtN0Zp/0wK2cyOh26QMyfd9a3WA8vzU:6TSowCe5JQ8bK2y+ACteXtP8rifdnV2
                                                                                                                                                                                                                                                                                            MD5:ED4990BF201E840461874DC7F9AAA5DF
                                                                                                                                                                                                                                                                                            SHA1:0D59E725289A757BBA461AFFD7530D07D7ADEF9B
                                                                                                                                                                                                                                                                                            SHA-256:13FC577F71053A6D4A61A903631F91007478EDF12DF1C8B0701D480723BE515A
                                                                                                                                                                                                                                                                                            SHA-512:2A7336E4E96165A4451523B22726C10C8BA79154D5A2D16DD7A1B77C915CE80E7FC4338F5F17883FDB62834C7997699ECAAB6C5EA699267DFB23678697D7618B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7.......7...%...>...4.......7...)...+...'...>.......4.......7...)...+.......@......SetOption.GetOption.settings-Inside increment_toast_check_event_count.info.log.core.........^)...+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...7.......T...)...7.......T...4...7...>.......4.......7...........%...7...%...4...7...7...>...$.......>.......4.......7...........%...7...%...4...7...7...>...$.......>...)...H......SetOption.lower.string._.GetOption.settings.tonumber.default_no_value.in_context.prefixEOEM Daily counters handler called with an invalid configuration..DailyCounters.get_telemetry_configUOEM Daily Counters handler telemetry event called with an invalid configuration..err.m_logger.triggerType.browser.get_telemetry_event..... .)...+.......7...%...>...+...7...>...)...)...'...)...%...2...%...;...%...;.......T...7.......T...7..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\dailyping.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3688
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.616011666245989
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:L5eZm6AV06e0wduOGhmEXunBaZH8oQNnAjmzi9:L6kVreLuDXaBayoQNnAjmzm
                                                                                                                                                                                                                                                                                            MD5:87062F22452B1E0155997E41236B420B
                                                                                                                                                                                                                                                                                            SHA1:8F9A8A9DBE16C21B4C5C60A56EB1CE23FA5B29F4
                                                                                                                                                                                                                                                                                            SHA-256:E3144674221DA92CC51E3A789D49F3D950E2D3FCD8C5F34FEEB22CB3FAB08B2D
                                                                                                                                                                                                                                                                                            SHA-512:4660B071969EF5E1E71C240A9BA7BF2C446E7072E55B41EAD2BB003A8AE8E14CF89FAA0E19C8C0ACFE6FC48633B9AE8D1F0EDE7BE708A8CC0294D4227CE89E13
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........M+...7...>...+...7...>.......T...+...7.......7...%.......%...7...$...>...)...H...4.......T...+...7.......7...%...>...)...H...7...4...>...7.......T...7...7.......T...7...7...>...3...7...+...7...............>...7.......>...+...9.......T...+...7.......7...%.......$...>...T...+...7.......7...%.......$...>...H....... succeeded to handle event: .info.Failed to handle event: .send_on_ping.new....update_dimension_configs.dimensions.dimension_overrides.set_dimension_config;A global dimension configuration has not been defined..g_dimension_config.handler. Handler: 4Send on ping handler does not exist for event: .err.m_logger.get_telemetry_event.get_dimension_processor.........%...4...+...>...D. .....T...7.......T...+...7...7...7...>...7.......T...7.......T...+...7.......7...%.......%...4...7...>...$...>...4...7...>.......B...N.......T...+...7.......>...G........set_extra_data.tostringG) has requested to have the following added to the event payload: .Event handler (.warn.m_logger.ex

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\domainnavigatedcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3246
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.864178484830781
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:+Wip64s69KADsgLgYjnL6k5ZaO7a4sxPi2iFiz/MPh/cNcZCDW7Fe3:++69RngsnraOaihW/7+ZCQe3
                                                                                                                                                                                                                                                                                            MD5:D6BACC9242CF5267115C728BD87D814B
                                                                                                                                                                                                                                                                                            SHA1:10EE92C3E8F5B116278BEDBF09BFE3D6C1CAE303
                                                                                                                                                                                                                                                                                            SHA-256:2697DDAD0DE91B6E593F605B0BA3B8271EA0CF520438F6BBF18A6E910D8F7EE7
                                                                                                                                                                                                                                                                                            SHA-512:AE03E81FD842644BA800093C69F4816E6A16B042544D635B3D711005FEEE2C55E4E816AEF0720AD3FFA9B9FD1E1B17B23F196E23BFE548E856D3E7CA7AE371DE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..n.......4.......>...D...4...7.......7...>.......T...7...H...B...N...)...H....domain.urlMatch.match.string.pairs`.......2...'...4.......>...D.......7...9...B...N...4...7.......>...H....sort.table.domain.pairs.........)...H...........|+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...4.......7...)...%...)...>.......T...)...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...4...7...>.......7.......T...4...7...>.......7.......T...7...,...+...7...+...>.......T...)...H...4...7.......%.......%...+...7...$...>...+...7.......7.......>...4.......7...............>.......4.......7...............>...)...H............SetOption._.lower.string.domains.tonumber.default_no_value.toboolean.in_context.prefixGOEM Domain Navigated handler called with an invalid configuration..DomainNavigated.get_telemetry_config.domain_navigated_disabled.GetOption.settingsGSearch Term handler w

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\downloadscan.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1781
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.711889242195641
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:nDu+dLOuEfj7Jm7EINGleqj6fZ+zAIuKbpo:DdevleK6URG
                                                                                                                                                                                                                                                                                            MD5:B178B1782A75078CE4E5C8E740A408E6
                                                                                                                                                                                                                                                                                            SHA1:0DA06BC82E3BA285C0D7F36D9F26324F89CDED71
                                                                                                                                                                                                                                                                                            SHA-256:8FAB909CE6BBD2A07416E105B323C914ED398D1C50DAEBC167FDDDE9FC384C60
                                                                                                                                                                                                                                                                                            SHA-512:C28EA20E4632A2D285604F0AF58D04961B147FB9C3F0C9EC1E9E35684C3F42A502CF163B83361A12F1ABFE7D49B3210316F84171AFABE3F8D85ED7D9CBEFC91B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..X.......4.......7...)...%...)...@...&*DownloadScanSendProcessTelemetry.GetOption.settingsU.......4.......7...)...%...)...@...#*DownloadScanSendFileTelemetry.GetOption.settings........;%...)...7.......T...%...T.!.7.......T...7.......T...%...4.......7...%...>.......T...T...7.......T...7.......T...4.......7...%...>.......T.......H...T...)...H...4.......7...).......'...>.......4.......7...)...........>.......T.......H....SetOptionInt.GetOption.settings.msad.files.safe.AcceptRisk.msad.files.blocked.PublishMessage.wssEventSender.*CounterDownloadsBlocked.Blocked.interaction_type.DownloadBlock.*CounterDownloadsScanned.DownloadScan.name..........V+...7...>.......T...+...7.......7...%...>...)...H...+.......>.......T...+...7.......7...%...>...4...7...7...%...%...'...4...7...7...7...>.......T.......7...>.......T...+...7.......7...%...>...)...H.......7...%...>...7.......T.......T...)...H...7.......T...+...>.......T...%...:...7.......T...+...>.......T...%...:...+...7.......>...+...7...@........

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\formlogindetect.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2822
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.664300724525617
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:u5xsqnN264AneiuRRRFNyv9IcduhjfvKgdtt3yB84RwKnAJjKnI/gLCD3YjZdq:1nCei8Rdv9HGWBvqdq
                                                                                                                                                                                                                                                                                            MD5:4E01B775E77B17C199565087B7994874
                                                                                                                                                                                                                                                                                            SHA1:BBF65A6C54CAC5727AEB520142A9B563AA0038EB
                                                                                                                                                                                                                                                                                            SHA-256:386C7152CC77435BEC96F1BB0C17164405A00FBBCFBE6AA9B20ABEB628FACE85
                                                                                                                                                                                                                                                                                            SHA-512:DF0E1CB7E51151A3324747EE0AE07EE0DA45EE6493AB0064BC23F4BD80879D245A9B97DE90463222ACF27F8307C1FA0338DBDF3AD79FF9476CA42ECCD1A812FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..q.......%.......7.......>.......T.......7...%...%...>.......T...%...H.....^www%..gsub.match.%w+://([%w.-]+)%.(%w+)........f+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...4.......7...)...%...)...>.......4.......7...)...%...)...>...........T...7.......T.......T...7.......T...+...7...>...3...:...7...:...7...:...+...7.......>...+...7...>...7.......>...+...7...>...)...H...T.......T...7.......T.......T...7.......T...)...H...T...+...7.......7...%...>...)...H...G.......8Login Detect handler type is neigher form or login..transmit_telemetry_event.set_event.get_dimension_processor.set_telemetry_event....name.FormLoginDetect._event_name.FormLoginDetect.count.1.login.form.login_count_disabled.form_detect_disabled.GetOption.settingsOForm (login) Detect handler was supplied a malformed event for processing..err.m_logger.type.browser.url.name.get_telemetry_event........G+...7.......7...%...>...+...7...>.......T...7.......T...7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\heronerrorslog.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2664
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.695928721290874
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:styJNMl6IH3vjFIVAGPHX7yb1AgjDRQVdXPWHFOjQryuqgA3pDJ8ZGpw:pNiL6VOBAaedua0kLW
                                                                                                                                                                                                                                                                                            MD5:2BCD2D2F9FA910E881506AFC5469160E
                                                                                                                                                                                                                                                                                            SHA1:69560585DB074FC8CA18DEBF7FEC33464E7E591C
                                                                                                                                                                                                                                                                                            SHA-256:1229EBE3E0B0AE1745EFE45B9BC607B8A1F28495AD076082E14DFCB42F0D0437
                                                                                                                                                                                                                                                                                            SHA-512:B3ABE72D0989E5EBA2E64551D4D29F2ED587C9246F19891D8B29AA0147910A789DF195E98078040B9524B8FB286CE552E9E9205FE26998960D6B5E382C87CD20
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........#...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...,...)...7.......T...7.......T...)...%...7.......T...7...4.......7...)...+...)...>.......T...+...7.......7...%...>...)...H...4.......7.......+.......>.......T.......T...%...T.......%...$...%...7.......T...7.......T...%...7...%...$...%...7.......T...7.......T...%...7...%...$...%...7.......T...7.......T...%...7...%...$...%...7.......T...7.......T...7...%...7.......T...7.......T...7...%...7.......T...7.......T...%...7...%...$...%.......%.......%.......%.......%.......%.......$.......%. .....%.!.$...4.......7.".....+.......>...)...H..........SetOption.}.{.,"metadata":.,"line_number":.,"error_code":.,"error_type":.,"function_name":."file_name":.".default.null.,.[-HeronErrorsLog heron telemetry disabled..info.GetOption.settings.default_no_value..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\installedapplications.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1261
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.585387162844009
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:lbSBcSmSHYSjd05LqJ2Z9uKwKciAj/yuBMlFelDzfs5yrm:lmB1mtSj+5ewLuKwKHAj/yu2KDw+m
                                                                                                                                                                                                                                                                                            MD5:1ECD21031C9FF626CAE42210EF745F3E
                                                                                                                                                                                                                                                                                            SHA1:ABA45AC52D871C5A3C33E80D149D690CE999CCD0
                                                                                                                                                                                                                                                                                            SHA-256:32852DDD29780C51F1C250457B3EDEE562124B646742E762421E2292036A3692
                                                                                                                                                                                                                                                                                            SHA-512:A4B1719FD15AE03F152868AD2FC3DFC3A753AC33822DF43EDFA36F2F120FDED57C6D605464864D98C60DCB1F21E548D2CC82EC838F0CEF05C01C0E23930C8BF5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........)...H...........U+...7.......7...%...>...4.......7...)...+...'...>...4.......7...)...+...'...>.......T...+...7.......7...%...>...)...H.......T...+...7.......7...%...>...)...H...4.......7...>.......T...+...7.......7...%...>...)...H...+...7.......7...%.......$...>...3...:...:...+...7.......>...+...7...>...7.......>...4.......7...)...+.......>...+...7...@..........transmit_telemetry_event.SetOptionInt.set_event.get_dimension_processor.set_telemetry_event.applications.version....name.InstalledApplications._event_name.InstalledApplications applications json payload: .Nil payload so not sending.GetInstalledApplications.telemetry*Ver_to_send < ver_sent so not sending*Ver_to_send = ver_sent so not sending.GetOption.settings@Entering InstalledApplications event handler's send_on_ping.info.m_logger.........4...7...................>...%...%...1...:...1...:...0...H.....send_on_ping..handle_telemetry_event Installed_Apps_Version_Sent#Installed_Apps_Version_To_Send.new.SendOnPing.......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\installedextensions.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1351
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.687840852441756
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:6gCFaWr5tUHeBMssgRoo6xQ6FF9K6FXovjhsxNa3VEGlEBADzfWg5zc:6ZJ5tUHeBMFgRooRqKhvjexNa3DWODVm
                                                                                                                                                                                                                                                                                            MD5:D459CC9F2A71DC62A606F2C61B29F71A
                                                                                                                                                                                                                                                                                            SHA1:20D3E8BA1B56A17089D03E2D86176DFE3DBBB81F
                                                                                                                                                                                                                                                                                            SHA-256:90CC2519AC2CF9551A354CCEAD4C1620F9A8D2C3026422FE786E9C747A1E5CFF
                                                                                                                                                                                                                                                                                            SHA-512:8A28BB05BEE75A079B4376404733D48EE0A93EBC9A33C509BD74D7B847E30407B3E218A57744F8D4D0097CBCBD95EB7F221032C51453270C0B90B58D5CB80D44
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........)...H...........\+...7.......7...%...>...4.......7...)...+...'...>...4...+...>...D.H.4.......7...)...+.......$...'...>.......T...+...7.......7...%.......>...T.5.4.......7.......>.......T...+...7.......7...%.......>...T.&.+...7.......7...%.......%.......$...>...3...:...:...:...+...7.......>...+...7...>...7.......>...+...7...>.......T...4.......7...)...+.......$.......>...B...N...G............SetOptionInt.transmit_telemetry_event.set_event.get_dimension_processor.set_telemetry_event.extensions.version.browser....name.InstalledExtensions._event_name.InstalledExtensions. is *extensions json payload for browser: ANil installed extensions payload so not sending for browser .get_extensions_info.browserSettings8Ver_to_send <= ver_sent so not sending for browser .pairs.GetOption.settings>Entering InstalledExtensions event handler's send_on_ping.info.m_logger.........4...7...................>...%...%...3...1...:...1...:...0...H.....send_on_ping..handle_telemetry_event....ED...CH..'I

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1519
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6326825408411745
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Ecz9BaKBaoOCYQaQbNU35vI8liwKw1pkivrq8sokVzLbDjI5rbi:E+9fc05N+/IwKwbRjq5xnDkVu
                                                                                                                                                                                                                                                                                            MD5:CCACAE190A927D3F44056D2B18342E63
                                                                                                                                                                                                                                                                                            SHA1:CE627E604DE33E7C49A5D2BEC765CD9477B3C8C2
                                                                                                                                                                                                                                                                                            SHA-256:700804BA5B218D2BBBAB06450ACEE9E2A44B5EE60C5424F37BB0DA5812F67040
                                                                                                                                                                                                                                                                                            SHA-512:5E63F0B94021536CB288AE54C89C388E0292C27744F19F9E40259D5952B3AC43DCDF9FD1992CC8E492B95C05E641935CD3FCB7BFB9D38F4247F7E2257D1080C7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..q.......4.......>...2...'...4...7.......%.......%...$...>...T...9.......A...N...H....]+.[^.gmatch.string.tostring.S.......+.......7...%...>...)...H.....-ipc_stats_handler.handle_telemetry_event.info........]+...7.......7...%...>...4...4.......7...>...=...+...7.......7...%.......$...>...+...%.......>...4.......>...D.7.+...%...4.......>...=...8.......T...8.......T.+.4...8...>...'.......T.%.3...8...:...:...+...7.......>...+...7...>...7.......>...+...7.......7...%...7...%...4...7...>...$...>...+...7...>.......T...+...7.......7...%...>...B...N...+...7.......7...%...>...)...H.......'ipc_stats_handler.send_on_ping end5ipc_stats_handler.send_on_ping event sent failed.transmit_telemetry_event. = 4ipc_stats_handler.send_on_ping sending counter .set_event.get_dimension_processor.set_telemetry_event.count.stats_type....name.IPCStat._event_name.ipc_stat.tonumber.:.pairs.;.counter string: .get_ipc_stats.utility.tostring)ipc_stats_handler.send_on_ping begin.info.m_logger.............7...%...>...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\logicscripterror.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1426
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4875054960112735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:DgLpKv7uvs1ADRQVYlPMFcSF8n3QnvIRRsInTWEpqaEsJ1RLHnr3okZML9KiDZ/z:qgDuvWADRlP+8AvYR3SEEaEsvRDr3NMf
                                                                                                                                                                                                                                                                                            MD5:62ABEAB8883A7B2A5F0C090DE534A944
                                                                                                                                                                                                                                                                                            SHA1:0C088FEB82FE893636790B9B6B5A953AFA513BF4
                                                                                                                                                                                                                                                                                            SHA-256:63D2C0056251ECD7BBD325B422423B84E06D95F8A7B7F5CEF34949ADAF4370BE
                                                                                                                                                                                                                                                                                            SHA-512:6BF800510D3BA256C3FEE7388132C819D505C1E79183529AA981A61C84A6358DC004490219A00069CD79BDACF22D4C9F07C24763FE6F999B5CB967B6E913A43C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..R.......+.......7...%...>...)...H.....,LogicScriptError.handle_telemetry_event.info........]+...7.......7...%...>...3...4...4.......7...)...%...'...>...=...:...4.......7...)...%...%...>...:...4.......7...)...%...%...>...:...7.......T...7.......T...+...7.......7...%...>...)...H...+...7.......>...+...7...>...7.......>...+...7...>.......T...+...7.......7...%...>...4.......7...)...%...%...>.......T...4.......7...)...%...%...>...H...+...7.......7...%...>...)...H.....&LogicScriptError.send_on_ping end.SetOption-LogicScriptError.send_on_ping event sent.transmit_telemetry_event.set_event.get_dimension_processor.set_telemetry_event+LogicScriptError.send_on_ping no error.endPoint.LogicErrorEndpoint.errorMessage..LogicErrorMessage.errorCode.LogicErrorCode.GetOption.settings.tostring....name.LogicScriptError._event_name.Logic_script_error(LogicScriptError.send_on_ping begin.info.m_logger.............7...%...>...4...7...................>...1...:...1...:.......7...%...>...0...H....LogicScriptEr

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\lowsearchusertargeting.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3226
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.62953265004622
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:DMi+oQZwff8/02fDme6drrOlqln7hiiHDksa4V+jmPV06B7L9s370703aFD2bXsg:DFBUghhTgs7+21LGw70e6Tsg
                                                                                                                                                                                                                                                                                            MD5:4E60D5D78A073E711097D64F97A1C42D
                                                                                                                                                                                                                                                                                            SHA1:0F58862E7B15F3D36F20ED8940E32CD159AD2F4F
                                                                                                                                                                                                                                                                                            SHA-256:135576AE651B38DA9E08AE97485F29D513C60F6A95C6EE04F0DF95FD569A26BB
                                                                                                                                                                                                                                                                                            SHA-512:0F40982A049B8385A76E558F77C61B0D89E3860570BB06A636AA511E3DE530506729ED0EDC5FE660AFDF49B9ED0DC374BDA2ADAAF2BCA71B9B027EF74FDF3A94
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........2...4...7.......7...%...>...%...4...4.......7...)...%...'...>...=...4...4.......7...)...%...'...>...=...4...7.......7...%.......%.......%.......$...>.......T...4...7.......7...%...>...G...4.......7...)...%...)...>...4.......7...)...%...)...>.......T...%...T.......T...%...4...7.......7...%...4.......>...%...4.......>...%.......$...>.......T...4.......7...)...%...'...>...4...7.......7...%...4.......>...$...>.......T...4.......7...)...%...'...>...4...7.......7...%...4.......>...$...>...4...4.......7...)...%...'...>...=...4...7.......7...%.......$...>...4...4.......7...)...%...)...>...=.......T...G...4.......>...4...7.......7...%...4.......>...$...>...4...4...7...%. .....>...=...4...7.......7...%.!.....$...>...3.".:.#.:.$.:.%.:.&.:.'.4...7.......7...%.(.>...+...7.).....>...4...7.......7...%.*.>...+...7.+.>...7.,.....>...+...7.-.>...4...7.......7...%...>.......4...7.......7...%./.....$...>...4.......7.0.)...%.......>...4...7.......7...%.1.>...G.....9send_low_search_user_targettin

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\metriccounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1431
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.576082704207265
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:XAu49LcHIDasShcfGtK6Z+zFvYMshhr2Nmkctm2MtKBVLjzfz5MhFw:XR0coDal4jzFwnhAN1n2xbnXi6
                                                                                                                                                                                                                                                                                            MD5:1803D963CCE89137968EEDA5C65A58FA
                                                                                                                                                                                                                                                                                            SHA1:6B75B7396F0E1C7718BFA08E7ADC15ED037986E1
                                                                                                                                                                                                                                                                                            SHA-256:9A0096A2315CDE3C1ABDCBC230D8EA359364DE0ECC2C61A9189D0D51C5F89FBB
                                                                                                                                                                                                                                                                                            SHA-512:4FDFEFC7574514432B06B93D2F89AE051E4CA80907170BD198F2BE1D89994D244EBC56E3F88D961D28EA9F93D4A4367E9DEDD67A4427AC8419CC3B4BABAED93C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........=+...7...>...)...'.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7.......T...)...7.......T...4...7...>.......4.......7.......7.......>.......7.......T...7.......T...7...4.......7.......7.......@......SetOption.max_value.GetOption.settings.tonumber.default_no_value.in_context>OEM counter handler called with an invalid configuration..err.m_logger.setting_name.metric_id.get_telemetry_config.........\+...7...>...)...)...'...).......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7.......T...)...7.......T...7.......T...)...7.......T...4...7...>.......7.......T...7.......T...)...4.......7.......7.......>...'.......T.......T...7.......T...7.......T...7...7...:...:.......T.......T...4.......7.......7.......@...T...)...H...G......SetOption.metric_value.max_value.GetOption.settings.reset_count.tonumber.default_no_value.append_zero.in_context>OEM counter handler called with an invalid configuratio

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\navigatedtoday.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3916
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.560009855000876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:V7Fzh4zrzeEVeWsoMaWHh4pMNV8g6ra+oQcHvh9CWNM:V7Ft4Tp5soMaWH4W/6++oZCW6
                                                                                                                                                                                                                                                                                            MD5:41BFFA6A3F2BC3FB05AA569797779870
                                                                                                                                                                                                                                                                                            SHA1:C3A4B9ECF0100D1AF016A5F003CD82FC64EB1DF5
                                                                                                                                                                                                                                                                                            SHA-256:C2CA9E0C3CE1662A3F6B441910889E1982969DA8BF47C3B6D45BD3D35BD123FF
                                                                                                                                                                                                                                                                                            SHA-512:30EC4B72F02EC171A65D7D7018F3B9D7907BE63FAE0962410055BAB3D9A71ED3AD3AD933FE7291CE9060E98A4BBE1DEFEEAB7111A459312409FCEA2D99A75A82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..c.......4.......7...)...+...'...>.......4.......7...)...+.......@......SetOption.GetOption.settings.>.......4...7...4...7...%...>...=.......H....!*t.date.time.os..Y...........T.......T...4.......7...)...+.......$...'...@...'...H......GetOption.settings.a...........T.......T.......T...4.......7...)...+.......$.......@...)...H......SetOption.settings.Y...........T.......T...4.......7...)...+.......$...'...@...'...H......GetOption.settings.a...........T.......T.......T...4.......7...)...+.......$.......@...)...H......SetOption.settings...........4...7.......7...%...>.......T.......T...+...7.......7...%...>...)...H...4.......7...'...>...+.......>.......T.&.+.......+...>...=...3...+...:...+...:...:...:...+...7.......>...+...7...>...7.......>...+...>...4.......7...)...+...)...>.......T...+...7...@...)...H...+...>...+...........T...+.......>...+.......'...>...+...........>...3...+...:...+...:...:...:.......:...+...7.......>...+...7...>...7.......>...+...>...4.......7...)...+...)...>.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\newtabcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2751
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.825883292025569
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:bIZdNL8zr0HDmRta30IaWa0ZaNVk5zm0V4m9XjH2pxVwAjzpnbW3Mi:wNL8/s+/W1aI1nDczsMi
                                                                                                                                                                                                                                                                                            MD5:91D9BF9B76E3E1446C6139A4F7914670
                                                                                                                                                                                                                                                                                            SHA1:420A63140B7CAD991F3396CB6A96C5D0653F022A
                                                                                                                                                                                                                                                                                            SHA-256:0D5E1A4C009AE7E5E85B26EF27B6207CEDB016BB25B86C6FE2DB0E4D242FE73C
                                                                                                                                                                                                                                                                                            SHA-512:CB14F1ED4F6279548B2653BD94D47C1268A1D967D4EEE768C822E9455B5F7254442ACE197226F41E6202A60ED92E10213A089EE04FC68F7135E54D0D4BAC5D00
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ............+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...4...7...>.......7.......T...4...7...>.......4...7.......%...7...%...7...%...%...$...>...4...7.......>...4.......7...............>...4...7...>.......T...4.......7...........4...7...>...=...4...7.......%...7...%...7...%...%...$...>.......4...7.......>.......4.......7...............>...........4.......7...............>...)...H......Impressions.SetOption.GetOption.settings.MaximumNumberOfShortcuts._.lower.string.tonumber.default_no_value.toboolean.in_context.prefixEOEM NewTab counter handler called with an invalid configuration..NewTabCounter.get_telemetry_configUOEM NewTab Counter handler telemetry event called with an invalid configuration..err.shortcutCount.action_type.browser.name.get_telemetry_event3Entering NewTab Counter Han

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\pushnotification.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2899
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.646080120584331
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:jve3AKqKVwvdUJEZ6KVgRLhb/BSif4PyVZTeSvCPGMGuah7uJnUtXSzjIsPOusuA:jvVKqKVwvdUA6SCtppflZTeICPGMdnyL
                                                                                                                                                                                                                                                                                            MD5:573D64FBB7F270F4B5A1E1277516AA2F
                                                                                                                                                                                                                                                                                            SHA1:DD798F9AFFF2363CE565149CAE32258243B85DF7
                                                                                                                                                                                                                                                                                            SHA-256:316473E968B9FF26B0BFE86B3CF503DBEE39833409C8FDDB354CF5BE1B33067B
                                                                                                                                                                                                                                                                                            SHA-512:6A267A2DC8DB2A29196C5E591617079D91AEC1D52DE92760D86D141590947989B5686234C1D6273079FF146D534B2ACAD26398917752A84A92AD70C2656A9961
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........$4.......7...)...+...'...>...4.......7...)...+...'...>.......T...+...7.......7...%...>...)...H.......T...+...7.......7...%...>...)...H...)...H.........;PushNotification ver_to_send < ver_sent so not sending;PushNotification ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......4.......7...)...+...'...>...4.......7...)...+.......>...G........SetOptionInt.GetOption.settings.........%...4.......>...T.......%...4.......>...%...$...A...N.......T.......7...'...'...>...........%...$...H....].sub.",.tostring.".ipairs.[........('...2...4.......>...T.......7...%...>.......7.......>.......7...%...>.......7...'.......>...........T...4...7...........>.......A...N...+.......>...........F......insert.table..:.sub.//.find.ipairs.t.......3...:...:...:...H....count.data.event_action....browser.ch.name.PushNotification._event_name.PushNotification.........+...................>...7.......>...7...>...7.......>...7...@......transmit_telemetry_event.set_event.get_dimensio

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchreset.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3205
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.495930379332892
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:idvdKkKVwvd724pHIkjKlDtx0nImPP6VNPNLxF43fD:idvdKkK+vte7x0mHS3fD
                                                                                                                                                                                                                                                                                            MD5:4E3E5E606D48706AAB31B07661BE8BDE
                                                                                                                                                                                                                                                                                            SHA1:7DEA8DDBB9052E7B82FC2EF83E83832431AFD503
                                                                                                                                                                                                                                                                                            SHA-256:821CBF064AAB1FF9A54584AD0F2321262DD682523CDFCDC35D5E3A646D06AABE
                                                                                                                                                                                                                                                                                            SHA-512:734B447508D07EBEADEB2A22477C8722C93F29196401044CA2526E8BA321C30555D1C09AE49EAD3BE9C752A467674D63ADD44D18F4DB8F3A33B731229D09BEA0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...7...4...7...%...>...=...4.......7...)...+...'...>...'.......T...'...H.......H......GetOption.settings.!*t.date.time.os........$4.......7...)...+...'...>...4.......7...)...+...'...>.......T...+...7.......7...%...>...)...H.......T...+...7.......7...%...>...)...H...)...H.........<Running processes ver_to_send < ver_sent so not sending<Running procceses ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......4.......7...)...+...'...>...4.......7...)...+.......>...G........SetOptionInt.GetOption.settings..........+...7.......7...%...>...4.......7...)...+...)...>.......T...)...H...+...7...>...,...+...7.......T...4...7...4...7...%...>...=...4.......7...)...+.......>...4.......7...)...+...'...>...)...H...4.......7...)...+...'...>.......T.L.+...7.......T...+...7.......T...+...7.......T.@.+...>...'.......T...+...7.......7...%...>...)...H...+...:...+...>.......T...4.......7...>.......T...+...7.......7...%.......$...>...+...:...+...>...+...7...+...>...+...7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchsuggestcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2562
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.81255614935544
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:0QIZdNV7ED4Ku9TaHg+0+g1Lk+1UgU62M4thC8P4i2LeY0zptDUz:yNxE+8UAfVw8PfCMX4
                                                                                                                                                                                                                                                                                            MD5:D133700B73756BE041A54FC551E99852
                                                                                                                                                                                                                                                                                            SHA1:091061D05C1F5760E351F6B7169A0F616C3A919F
                                                                                                                                                                                                                                                                                            SHA-256:F4C6641AEFFCA3E55828CD1DBC02589ABD8822861499D69BB3E1D72B9040011B
                                                                                                                                                                                                                                                                                            SHA-512:D9EB63643E767266860178F22657EB73E3C23F2867EDF4B97B2F5A09FCABEC4011C80C3C3B221799AE8090EE27539F40F5A363D78A64469294F8D7DAAFC7BBF9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........e+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...4...7...>.......7.......T...4...7...>.......4...7.......%...7...%...7...%...7...$...>...4.......7...............>.......4.......7...............>...)...H......SetOption.GetOption.settings._.lower.string.tonumber.default_no_value.toboolean.in_context.prefixLOEM SearchSuggest counter handler called with an invalid configuration..SearchSuggestCounter.get_telemetry_config\OEM SearchSuggest Counter handler telemetry event called with an invalid configuration..err.search_type.interaction_type.browser.name.get_telemetry_event:Entering SearchSuggest Counter Handle Telemetry Event.info.m_logger.......$...+...7.......7...%...>...+...7...>...)...)...'...)...%...3...3...3.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchterm.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4683
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.687149466760127
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ufqXdybwOxIZ86gN0rwhPC9p+Oo5abb8i+d5/i3WBdOLmKYiFxbhua+jGPU:uf6yqZ8vWrwhPwp+Oo5abb5+dVi3WBdd
                                                                                                                                                                                                                                                                                            MD5:22ADDB5E5205AE3BE2A622D59C9AA9D2
                                                                                                                                                                                                                                                                                            SHA1:F795537BD8D1FD6AF0C0E78A7743C9D6ADA47044
                                                                                                                                                                                                                                                                                            SHA-256:824FDD146E0E4603D8CEADCB41626ED4717EB388ADE3230665AF8B3287B51762
                                                                                                                                                                                                                                                                                            SHA-512:C9739DC0EA6D26551934CDD0173E7E75C7B4C41D046414438838399B9C001B3BBB68C8FFFD5AF13306BB12B07FCCE30FFAF32BC0554908490AD87747EBC7450B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..8.......4...7...4.......'...>...?....tonumber.char.string+...........7...%...+...@......%%(%x%x).gsubc.......4.......>...D...4...7.......7...>.......T...H...B...N...)...H....urlMatch.match.string.pairs........04...7...........>...5...5...4...7.......4.......>...4...7.......%...>...5...5...4.......T...4...7.......'...4.......>.......+.......>.......4...7.......%...%...>.......4...7.......>.......H......lower. .+.gsub.first2.last2.&.sub.first.last.find.string.2.......+.......+...6...7...@........firstIndicator........F%...4.......>...T.>.)...4...7...>...T...)...4.......>...T...4...7.......%.......%...$...>.......T...)...T...)...T...A...N.......T...)...T...A...N.......T...4...7...>...T...4...7.......%.......%...$...>.......T...)...T...A...N.......T.......T...7...T...7...%.......$...A...N...H.... .category.exclusion.%f[^%w_].%f[%w_].match.string.inclusion.ipairs.........)...H.............+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...+...7.......T...+...7.......7.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchhit.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7378
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.664152353356324
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:GUKS4WUs2PH2oQIZEi6e7P51JLpkAWq63i7QGRx19PHqQqhWPhr3DLhGujdKU1K9:G/c0V4DIj9PHqQqhurDGldQNv0ht
                                                                                                                                                                                                                                                                                            MD5:774856AED23D19ECF2701623C985030F
                                                                                                                                                                                                                                                                                            SHA1:466A64208332040F199BCA40B58E6C412F27D1A1
                                                                                                                                                                                                                                                                                            SHA-256:086AA5E8765DFB83546013F9CD7D1CDA9BD06A5CB76E93A5BCA637E3CE6F6813
                                                                                                                                                                                                                                                                                            SHA-512:73AB0A13A91B4E1E7FF2A270DC2E5228FF98B0B3234816446C909A515A2CAC37570574181F09745F3F02E13DEE10BADC59C2D4FBCDFB1DE557F0ABE58F1BC8DE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4...4.......7...).......'...>...=...4...7.......7.......%...4.......>...$...>.......4.......7...)...........>...G....SetOption.tostring. - count: .info.log.core.GetOption.settings.tonumber.........$4...7.......7...%.......$...>...7...7.......'.......T...Q...........T...4...7.......7...%.......%.......%...7...$...>...3...:...:...7...:...H.......day., day: ., month: /Secure search hit add_month result, year: .month.year-Secure search hit add_month, num_month: .info.log.core..........!4...7.......7...%...>...4...7.......>...4...7.......>...4...7...........>...4...7.......7...%.......%.......%.......$...>.......H...., difference:., target_time: /Secure search hit days_until, start_time: .difftime.time.os!Secure search hit days_until.info.log.core...........~4...4.......7...)...%...'...>...=...4...7.......7...%...>.......T.f.4...7...%.......>...+.......'...>...+.......'...>...4...7...+...........>...=...4...7...+...........>...=...4...7.......7...%...>...4...7...>...4...7.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchtoast.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2805
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.683492139368564
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:o2zasKNnl1C71ZKCT3RHDPS0+7RhPzM2qUXfR2WkKDcvL/54mT/:VsnC/5JDbsM8JUScvLKmz
                                                                                                                                                                                                                                                                                            MD5:F1E0947079914BB979FAF076F6E194A5
                                                                                                                                                                                                                                                                                            SHA1:F652C986D24424A8BFC3688659B19BEE20DF1275
                                                                                                                                                                                                                                                                                            SHA-256:F27CB060398801A7AED1C51F4A292F9E475C5A850968850717ECF5CC307DFA87
                                                                                                                                                                                                                                                                                            SHA-512:3057B36E93F24C19B55E3D2CB0B84AF5A7986B1FE1EF763C08B7F2A58EE82AC3886537DA5A7AC4505CDCFD051699822CB4A6D641AF8B2155D340C10428367891
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ........<...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7.......T...7...5...T...%...5...7.......T...7.......T...7...5...T...%...5...7.......T...4.......7...)...+...7...$...7...>...T...7.......T...7.......T...7.......T...4.......7...)...+...7...$...%...>...:...4...7...>...+...7.......7...%...4.......>...$...>...4.......7...)...%...)...>.......T.D.4.......7...)...%...'...>...'...%.......T.#.4...7...........>...4.......7...)...%. .'...>...+...7.......7...%.!.4.......>...%.".4.......>...$...>.......T...+...7.......7...%.#.>...%.$.4.......T...%.%.....$...5...T...4...%.&.%.%.....$...5...+...7.......7...%.'.4...$...>...%...7.......T...4.......7...)...%.(.'...>.......T.!.4...7.......>...'.......T...4.......>.......4.......7...)...%.(.'...>...T...4.......7...)...%.(.....>...4.......7...)...%...'...>...3.).7...:...7...:...7...:...7...:...4...:...:.*.4...:...+...7.+.....>...+...7.,.>...7.-.....>...+

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\sendimmediately.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):391
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.357971409953405
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:5RG2ARJIU3vLFChK54wjGlbL5sug8JAbyKegnPSMZVwbubzAxERSMMVmhn:UJIu54YGlbL535JJKevMrZcCS1Mhn
                                                                                                                                                                                                                                                                                            MD5:EC29F05BEC55FC8F0109015E8F33B1B9
                                                                                                                                                                                                                                                                                            SHA1:67B1BF4AC1ACA98E5B8335BCAE9E262A7FF41E58
                                                                                                                                                                                                                                                                                            SHA-256:5A5C0AE1993CDB169BE2B903EA365FF2A81D56394FF830563D27AADD4F9F0A1E
                                                                                                                                                                                                                                                                                            SHA-512:77D4DDF8A72FFCF191A8E8974E0C6AAFBB661053252B4B3DF8BCEE11AF16D4BEBA92E62719C74B6430F8384622DD451D23B48457848CFF510418CD2A7BF56A17
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........+...7...@......transmit_telemetry_event\.......4...7...................>...1...:...0...H.....handle_telemetry_event.new.EventHandlern.......4...%...>...2...5...4...1...:...4...0...H.....new.SendImmediately"telemetry.events.EventHandler.require...//33E5668C5893EB623D97103CB0001D189EF9ED399EED739EA7CA92FBB9D26A0535B73D123D5A5FBFBA725BA35A8CF2BD92B954680DF147FD9C997BEA04EEEB0C++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\smareputationcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2718
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.824799027727529
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:469kkIlqX6Am/cnZ93tDTHKNabXmUr4kgn5bwACFrrUzlu7vkr061kdii2Bcaiuj:vIwxTZDmUr4BbIrQUbI0G7Xj
                                                                                                                                                                                                                                                                                            MD5:16D635BF7C50C58F64829A49249B324A
                                                                                                                                                                                                                                                                                            SHA1:8EF7738AFDC50B9A899A8B8889B1368D4F0F2893
                                                                                                                                                                                                                                                                                            SHA-256:0A7356A3571F7FB62CB11ECF95586DE5B64DB6E61B898E9349A2D7CFD8CAAC03
                                                                                                                                                                                                                                                                                            SHA-512:05747E2C8AB7E5E67091F170E8D36657971D7F8CEB3082285FC3CB7E4A9E482A1DB9B4DEC0E1F1DBD6099E252876C20C4D58EE82437D1CA47A768CA36E90379D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........g+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>...)...'...%...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...7.......T...)...7.......T...4...7...>.......4...7.......%.......%...7...%...7...$...>...4.......7...............>...7.......4.......7...............>...)...H......SetOption.GetOption.settings._.lower.string.tonumber.default_no_value.in_context.prefixMOEM SMA Reputation counter handler called with an invalid configuration..default.SMAReputationCounter.get_telemetry_config]OEM SMA Reputation Counter handler telemetry event called with an invalid configuration..err.count.color.site.browser.get_telemetry_event;Entering SMA Reputation Counter Handle Telemetry Event.info.m_logger.... .*...+...7.......7...%...>...+...7...>...)...)...'...)...%...2...%...;...%...;...%...;...2...%...;...2...3...;...3...;...3...;...3...;...3...;.......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wabadgenotificationcounter.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2453
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.789207937522634
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:S64SQpie56rnaOx2UIpF4RwKWqloi2dNqkzpLDwE:YSS+aOx2UIp9ePa5r
                                                                                                                                                                                                                                                                                            MD5:36244CA66AE568D6D1C3C4956234D791
                                                                                                                                                                                                                                                                                            SHA1:CC7EEB744FF8A34253E4E263A00033BB8103F5EB
                                                                                                                                                                                                                                                                                            SHA-256:CB0CCA7CE09A469E7753464E1AF7D278C0000C98AF7DC1D2DC0F085E50E95F78
                                                                                                                                                                                                                                                                                            SHA-512:FB3D59A6C535F3AA79219AB75E1307FF76CAD5B39167EFDA060E4DF3CD364FF3F6E53985C8AE71D81AAB0BABCFC5AD6CC0D111C9A74534D8EC5027B40D388CDD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........j+...7.......7...%...>...+...7...>.......T...7.......T...7.......T...7.......T...7.......T...+...7.......T...+...7.......7...%...>...)...H...+...7...>...)...'...%.......T...+...7.......T...+...7.......7...%...>...)...H...7.......T...7...7.......T...7.......T...)...7.......T...4...7...>.......4...7.......%...7...%...7...$...>...4.......7...............>...4...7.......4...7...>...=.......4.......7...............>...)...H......SetOption.max.math.GetOption.settings._.lower.string.tonumber.default_no_value.in_context.prefixROEM WABadgeNotification counter handler called with an invalid configuration..WABadgeNotificationCounter.get_telemetry_configbOEM WABadgeNotification Counter handler telemetry event called with an invalid configuration..err.count.feature.browser.name.get_telemetry_event@Entering WABadgeNotification Counter Handle Telemetry Event.info.m_logger...... ...+...7.......7...%...>...+...7...>...)...)...'...)...%...3...3.......T...+...7.......T...+...7.......7...%...

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wssanalytics.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):734
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.5165794082773285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:cujOctSOElnx6OUTbW0oHQp3AnupBlyzRu+nGpIjHUVEbf0qqtGlbLB35JJKguPn:cujltHE5tFQFAnup/Z+nPU2bfGQB3Ug8
                                                                                                                                                                                                                                                                                            MD5:6C767C5ED56782F3D2223F31D129B135
                                                                                                                                                                                                                                                                                            SHA1:341952214A5FC4F01B1DB8D0B3ADE041569750E7
                                                                                                                                                                                                                                                                                            SHA-256:28989709E122D4DF09E0527A5947D4A58BF59E55E59B4AB78CF637CA901C5D0D
                                                                                                                                                                                                                                                                                            SHA-512:75B347B3E6CFBA8BEAD3678E0FDFC93BDF8F3E372AE5799279A83D2D85E23BFF6B4B7B18268AEA96BDACD40B9FFE7373C1213A0EDBB2AB645154BF2F6DF555CE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........#+...7...>...,...+.......T...+...7.......7...%...>...)...H...+...+...7...6.......T...+...7.......7...%...>...)...H...4.......7...+...7...@..........PublishMessage.wssEventSender>Invalid message passed to WSS Analytics telemetry handler.messageGEmpty telemetry information returned when processing WSS Analytics.err.m_logger.get_telemetry_event.........4...7...................>...3...1...:...0...H.....handle_telemetry_event....msad.files.safe..msad.sites.safe..new.EventHandlerk.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSAnalytics"telemetry.events.EventHandler.require...//D011A54B8B4F5B398B76F7DDEF9203DAF3C3938069B4B57EAE7C38CA682ED9878956CB20C7512C977900D4CD338C83C7B508F48CC3D28C5E4EB751A92BFD55BA++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wssanalyticsraw.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):582
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.547275635912966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:SujOctSOcFH6WfEFzMclyzRu+nGpIjHIu54YGlbLOL5JJK5Il/pFYq3:SujltHcJczMAZ+nP55XQOLU5ItJ
                                                                                                                                                                                                                                                                                            MD5:13002EB6632400808ED857748AFFDE65
                                                                                                                                                                                                                                                                                            SHA1:BEBD41B4FE64FA859C96B9225E3CF921975884E8
                                                                                                                                                                                                                                                                                            SHA-256:99EF85F2CC04C6FEC29BA8E0B655AF8E3658B7FBA5C3744603E3B6DE7E0A9BFA
                                                                                                                                                                                                                                                                                            SHA-512:4D0CCDDBBA7E8BF9BAA9BA179CB29BE8DFE9AA11DB41AB9A81854142A85E1CF0D5D5AB9056F7D03C8838AFB41D981C05258BA53EF2117D3C34AB77906C9F2ACF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........+...7...>...,...+.......T...+...7.......7...%...>...)...H...4.......7...+...7...@........message.PublishMessageRaw.wssEventSenderGEmpty telemetry information returned when processing WSS Analytics.err.m_logger.get_telemetry_event\.......4...7...................>...1...:...0...H.....handle_telemetry_event.new.EventHandlern.......4...%...>...2...5...4...1...:...4...0...H.....new.WSSAnalyticsRaw"telemetry.events.EventHandler.require...//42A692BDDEB4DF023E30C7145CA43A9BDEC29C309C8A447457D46863669FB4B09C742AD5CE7668C674008E2308B0D4CA1F06F6CFDA37BB223E3C82851B361012++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\sendonping.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):384
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.430404609474277
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:5pgW3AoBU3vLFIfK0HL1ZGlbLzucjg8JAbyKDLq3oB1Gmvizg:5x3igLzGlbLzFj5JJKDqoVvizg
                                                                                                                                                                                                                                                                                            MD5:72CFEF01361293D72B0721CE00967EC5
                                                                                                                                                                                                                                                                                            SHA1:C2A020EC71E31A3C1CC08A2139EEBFDA0C08DD3B
                                                                                                                                                                                                                                                                                            SHA-256:330A2FEF38C723F0A165E1B5A99A65CCC299E9503D0CEDE2D0D442BEE2F39315
                                                                                                                                                                                                                                                                                            SHA-512:43E87CC5E4BF4E4CCF6EEAFD8F55FC3939475BE022D2CE4343A0AC44E19B6DABA622EFEBD3932424D89465E80CE3566665E221F5054633E0C33E14F319956FE4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..6.......4...%...@...!send_on_ping not implemented.errorR.......4...7...................>...1...:...0...H.....send_on_ping.new.EventHandleri.......4...%...>...2...5...4...1...:...4...0...H.....new.SendOnPing"telemetry.events.EventHandler.require...//368D17490374E2AA49AA361B33804A6933614417D941C519A31763D2C27382736142648E98BC5C08CC5DCEDB8E24B78A4F2FF7A6CE9DD22808AAA571A65EB95F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryconfig.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26571
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.543313327670376
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:n8WI2W2taBMZSpPKPjBRPRNSV2ioUYgiXxQqt:nnIwa6ZWcPR1iofXvt
                                                                                                                                                                                                                                                                                            MD5:164A5D2E3AA0E30E763FB4BDB3DA33C6
                                                                                                                                                                                                                                                                                            SHA1:07FCD38BB87E77DD1F95897163724DF4406372D4
                                                                                                                                                                                                                                                                                            SHA-256:435465B9E74C3B2E4A9DA1449B9E88C445785CD882D9A11AFD009FF57FFBFABE
                                                                                                                                                                                                                                                                                            SHA-512:452800D089F81A8B774CA55B6E66B720046172691A357A4530620E09E32B3D22F58CEE840BC456E25C3AA95C2264CCD70922F5F0535E08CCFAFBFFF28893C095
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..............3.(.3...3...3...:...3...3...3...:...3...:...3...:...3...:...3...:...:...:...2...3...;...:...:...3...3...:...3...3...3...:...3...:...3...:...3...:...3...:...:...:...2...3...;...:...:...3.!.3. .:...3.%.3.#.3.".:...3.$.:...:...:...2...3.&.;...:...:.'.3.).3.(.:...:.*.3.,.3.+.:...3.0.3...3.-.:...3./.:...:...:...2...3.1.;...:...:.2.3.4.3.3.:...2...3.5.;...:...:.6.3.8.3.7.:...3.>.3.:.3.9.:...3.;.:...3.<.:...3.=.:...:...:...2...3.?.;...:...:.@.3.B.3.A.:...2...3.C.;...:...:.D.3.F.3.E.:...3.L.3.H.3.G.:...3.I.:...3.J.:...3.K.:...:...:...2...3.M.;...:...:.N.3.P.3.O.:...2...3.Q.;...:...:.R.3.T.3.S.:...2...3.U.;...:...:.V.3.X.3.W.:...3._.3.Z.3.Y.:...3.[.:...3.\.:...3.].:...3.^.:...:...:...2...3.`.;...:...:.a.3.c.3.b.:...3.h.3.e.3.d.:...3.f.:...3.g.:...:...:...2...3.i.;...:...:.j.3.l.3.k.:...2...3.m.;...:...:.n.3.p.3.o.:...2...3.q.;...:...:.r.3.t.3.s.:...2...3.u.;...:...:.v.3.x.3.w.:...3.y.:.z.2...3.{.2...:.|.;...:.}.2...3.~.;...:...:...3...3...:...3...:.z.2...3...2...:.|.;...3...2..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryhandler.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2298
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6492997529822375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:bGqjTnzJcvdtXQt1J2LYIlteIXwBf++wlFGAxBgKfMvjmRrSurJDrfih:XjBeTaT2LJRQcNxI45tmh
                                                                                                                                                                                                                                                                                            MD5:72A5327B6FC2C0B367F68F681443F788
                                                                                                                                                                                                                                                                                            SHA1:92C4FFD8E9480DE9372756D7676C27B0DCC2257F
                                                                                                                                                                                                                                                                                            SHA-256:E952F0ABCA2B3098D176AE04FBF8DE1524A80B0B4DAA854E0AE4004E3E943906
                                                                                                                                                                                                                                                                                            SHA-512:5A8D76AA8F137E185DD375EF653DC713D48600ABC9B757F978AA9DCB017644913E90802465B13113E683B57C18695C80ED7D7B0E49616CD0F18824154DE404E7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........64...7...6.......T...6...H.......7...%...>.......T.......7...%...>.......T...%.......$...4.......7.......%...>.......T.......T...)...9...H...4...7...'...>...%...4.......>...$...4.......7...'...7...7.......>...)...H....currentline.short_src.Log.utility.tostring%Failed to load package. Error: .getinfo.debug..include.external.mfw..^core%..^mfw%..find.loaded.package......%...4...7.......T...4.......T...4.......T...4.......T...4.......T...4...7...'...>...%...4.......7...'...7...7.......>...'...H.......T.......T...4...7.......7...%...>...'...H...4...7.......7...%.......$...>...4...7.......'...)...>.......T...4...7.......7...%.......%.......$...>...'...H.......T...7.......T...4...7.......7...%...>...'...H...4...7...7...6.......T...4...7.......7...%...7...$...>...'...H...7.......T...4...7.......7...%...7...$...>...'...H...4...%...7...$...>.......T...4...7.......7...%...7...%...7...$...>...'...H...4...7...4...7...4.......>...7. .....T...7. .7.!.....T...7.".7. .>...7...4...7.......

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_aws.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1852
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.737462174969363
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:6hYF6aMl6+UeyPnUgCSOpLhB8uhSZoIPxqiqq6x3rAxQcNa1kJanu4f:62FJMlZEfMFNhucSZ7xqvqUAQcN49j
                                                                                                                                                                                                                                                                                            MD5:14D1CDEE08CC446176C243CB8576F81C
                                                                                                                                                                                                                                                                                            SHA1:2419BD53EDCA003D1F47F07A4901511C287EEAC7
                                                                                                                                                                                                                                                                                            SHA-256:669C0ACADF3EF6935F982DB7AD75A5F345A04F6A3450F1ECCFD617BA4BCAA240
                                                                                                                                                                                                                                                                                            SHA-512:A2D568CDC76C4548E8D2FD82032C7B1810D081D73F61CC9D6C262D803A4BFFDC121470DCBE195FA0708FDC5828D628E2EE313E8B4160827FAEEE2B2C8A73F1A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..O.......)...4.......7...)...%...)...>.......H....*AWS_QA_Mode.GetOption.settings.........+...7...>.......T...+...7.......7...%...+...$...>...+...H...+...7.......7...%...+...$...>...+...H.........9Entered Transmit_AWS get_header_value and headers = <Entered Transmit_AWS get_header_value and QA headers = .info.m_logger.is_qa_mode......../+...7.......7...%...>...+...7...>.......T...+...7...>...+...7...>...+...7.......7...........+...%...%.......$...>...4.......7...........+...%...%.......>...T...+...7.......7...%...>...G.......=Transmission to AWS disabled by setting *TransmitAWSNew..TransmitTelemetryEvent.sender.web.PUT.get_endpoint_value.get_header_value should_transmit_to_endpoint.Entered Transmit_AWS transmit_to_endpoint.info.m_logger<.......+...7...>.......T...+...H...+...H..........is_qa_mode........+...H.....[.......4.......7...)...%...)...>.......T...)...H....transmit_aws_enabled.GetOption.settings........&4...7.......>...4...7.......>...7.......7...%...>...%...%...%...%...%.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_azure.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2110
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.786678555677259
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:G6BZRv6zYByYuRzfZvdSRgC2LhQgd6zJxGo6xFbSSFNanuq0HO:G6BXKY6tLhZdKJsoU5SSF+50HO
                                                                                                                                                                                                                                                                                            MD5:50FF30739FA626C8A11D32D6AD88B6C9
                                                                                                                                                                                                                                                                                            SHA1:7D08378873D1A4FC316AFB9579680F2B9FA910EE
                                                                                                                                                                                                                                                                                            SHA-256:94890AA7C8D47DD29069A1D650B541A41BA4AB8923A5C785B9343662BF639680
                                                                                                                                                                                                                                                                                            SHA-512:7EA95E919A4B6B4DE76E209568B6ABF89356354AED8CFCA7BB88B6264800A5D5C4E65C82E2538939E11AB7EBA6E607E74CA35BDDDD6CF4D38725FF758571A07E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........N+...7.......7...%...>...+...7...+...>...4...7...4...7...%...>...=...(.......+...7.......7...%.......$...>.......%.......$.......4...7...+...>...4...7.......>...4.......7...+...............>.......T...+...7.......7...%...>...%...+...7.......7...%.......$...>...%.......%...+...7.......>...%.......%...+...$...H..............&skn=.&se=.&sig=.SharedAccessSignature sr=.hash: .default_hash_will_not_work7HMAC Sha256 function did not return the right hash.err.HMACSha256.utility.len.string...ttl: .!*t.date.time.os.encode_uri4Entered create shared access token in lua azure.info.m_logger..I.........+...7.......7...%...>...+...7...>...%.......%...+...%...$...+...7.......7...%.......$...>...H........headers: ..servicebus.windows.net...Host: QContent-Type: application/atom+xml;type=entry;charset=utf-8..Authorization: .createSharedAccessToken*Entered get header value in lua azure.info.m_logger........,+...7.......7...%...>...+...7...>.......T...+...7...>...+...7.......7.......+...+...%..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_ga.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):582
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.553638324669049
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:POvlVSpiCiu7lXyws+ksvk0//GnkxiRM5DKCYGlbLJCqu67jKl1mq2IGZrrX2zTl:2v/SpiCiulxGkxxbYQJCf6KlQtI+PXk5
                                                                                                                                                                                                                                                                                            MD5:85EF745C934578F960B79327D4468916
                                                                                                                                                                                                                                                                                            SHA1:89562A7B12AFE593DCD2A2661B0BBB7BDBC1C7E3
                                                                                                                                                                                                                                                                                            SHA-256:31E9394615C4C169D887FBD6A1E478B2033B733DF93F4718ED1134BD865D37CF
                                                                                                                                                                                                                                                                                            SHA-512:C3C45B7F2B98FDC0ED42F1EC35725BDD7CB0E8D5A2D3835E02F219F7C0630A1639FD22D3CB3C0F7DCB9D939AC37084DC53DE6F3B5ECD8F4E6BBF302443FFD15A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7.......%...%...%...%...%...>...G.....web.POST./collect!https://google-analytics.com.TransmitTelemetryEvent.sender,.......%...H...!https://google-analytics.com........%...H.............4...7.......>...1...:...1...:...1...:...0...H.....get_header_value..get_endpoint_value..transmit_to_endpoint.new.EventTransmittern.......4...%...>...2...5...4...1...:...4...0...H.....new.Transmit_GA&telemetry.events.EventTransmitter.require...//536519D8CE0668D05BE48FFB230757F8B3FDDF0A09BE2D9BB27B9D0F9422A90EC6ACCC3EB90FDA61B8924741D75769915AEF520463126F435B25A6631378112D++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_aws.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):883
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.69181026562203
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:dsZmZidvHOpLh2uea1qRmhuh1rAZnz8QtLYW2b7Xy9X:dy7BHOpLhzHUUhuh1cZz8KL0XyN
                                                                                                                                                                                                                                                                                            MD5:9C17EBD84CC411C20DC1951D7C57DC00
                                                                                                                                                                                                                                                                                            SHA1:4AD0E616EB8F7A53550B176DE6E36DB60BF1572C
                                                                                                                                                                                                                                                                                            SHA-256:22EB8A7D957E783644F134A868F185AAA7CD90F5792C02DA707498793181E3E6
                                                                                                                                                                                                                                                                                            SHA-512:EAD3AD97D842CC2206469EF06822D740608EC2B0F59ED07E1D1DCA6C5D3B25A97B6531553AF7E67D4529496614140433798BA1F234EBB3CB8B51D8E934CBA714
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........6+...7.......7...%...>...+...7...>.......T.$.+...7...>...+...7...>...+...7...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7...............%...%...............>...T...+...7.......7...%...>...G.....=Transmission to AWS disabled by setting *TransmitAWSNew..web.PUT"TransmitTelemetryEventTimeout.sender.AWS_Telemetry_Flags.AWS_Telemetry_Timeout.GetOption.settings.get_resource_value.get_endpoint_value.get_header_value should_transmit_to_endpoint5Entered TransmitTimeout_AWS transmit_to_endpoint.info.m_loggerN.......4...7.......>...1...:...0...H.....transmit_to_endpoint.new.Transmit_AWS........4...%...>...2...5...4...1...:...4...0...H.....new.TransmitTimeout_AWS/telemetry.events.transmitters.Transmit_AWS.require...//FAED516BE8214F92D49704F4F93BA1B108FCD0471F8D6B3C8F6582FFB10F1D9BBF74DF896B5611F45728B520C4731C1DDBCF174CB3FCA9E6755BDCA6DEF7FBC4++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_azure.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):855
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.742342101058968
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:vpz8nblYe2LhXVLhueOgR87FGziuZ3/QjLYF7wR6iwHDSd:vpzwZ/2LhXVLsLgoFyjPwLOER6iwH2
                                                                                                                                                                                                                                                                                            MD5:4C97DA14A1B40F757DA6EC4A83EF27E3
                                                                                                                                                                                                                                                                                            SHA1:15D64CF59982CE6C4161A23AE0922E3D58CBDBAE
                                                                                                                                                                                                                                                                                            SHA-256:F7D70035275AB8DF19FA6EDF03C6B897A3106DD323E9A672CC97C7F1A446D723
                                                                                                                                                                                                                                                                                            SHA-512:0A00FD88BE9F1228069289A7397F6D6B10356925194B479D985A5246C2C5158D99EBE553F3584E7020DAB082A941317B371B3A3507DC8308580111B543BAD0C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........*+...7...>.......T...+...7...>...4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7.......+...+...%...%...............>...T...+...7.......7...%...>...G........./Transmission to Azure disabled by setting..info.m_logger.web.POST"TransmitTelemetryEventTimeout.sender.Azure_Telemetry_Flags.Azure_Telemetry_Timeout.GetOption.settings.get_header_value should_transmit_to_endpoint.........4...7.......>...%...%...1...:...0...H.....transmit_to_endpoint7/wadp32h01/messages?timeout=60&api-version=2014-011https://cu1pehnswad01.servicebus.windows.net.new.Transmit_Azure.........4...%...>...2...5...4...1...:...4...0...H.....new.TransmitTimeout_Azure1telemetry.events.transmitters.Transmit_Azure.require...//057DF80EE2CEB7489D00D53451288C85AAE17228FF5EFE53CCA49ED44381485F3A8CFEC0F3A420275972D6BDF25C7A859DFA6EA8F1610C5B3B7B5FF3F3C32D7F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_ga.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):605
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.664722359546257
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:HUboCyiCsydSpiCDuQLqk3Rf3svkw7WM5xXC3GlbLNOPLYjKJN7nRu3AdBPF/aDP:HUbdxCvdSpiCDueqk3RGzxXC3QmLY2f8
                                                                                                                                                                                                                                                                                            MD5:63CFEA198EAC94E7025AA60D9E91A22F
                                                                                                                                                                                                                                                                                            SHA1:D81109AF78866349EA9AD27A328FBF0609F60020
                                                                                                                                                                                                                                                                                            SHA-256:FE1A2933C425A227B1F5557C532B958372CDC77B3ECBE438EE067A6CDB891053
                                                                                                                                                                                                                                                                                            SHA-512:B50F329014DC542D4A1BA12443482AD2623D2E4136DA1675E7F17814BE684185901A4B84707DB78E2C6CF34AF9DF94409029239E64908591F015FC773D1A3C12
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ...........4.......7...)...%...'...>...4.......7...)...%...'...>...4.......7.......%...%...%...%...%...........>...G.....web.POST./collect!https://google-analytics.com"TransmitTelemetryEventTimeout.sender.GA_Telemetry_Flags.GA_Telemetry_Timeout.GetOption.settingsM.......4...7.......>...1...:...0...H.....transmit_to_endpoint.new.Transmit_GA}.......4...%...>...2...5...4...1...:...4...0...H.....new.TransmitTimeout_GA.telemetry.events.transmitters.Transmit_GA.require...//349C760E0BD570F93FFEEA516283F12599B8A20A351BAED97F8C89F9BBD30BAF2ED0934FC884B05DAC2A41460BBB16F8A960324716ECEED0CF63857F8019051F++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\events\version.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):235
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.173671816469483
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:8k4kikwIWmLQJX8n+OgUvoSTFQjujVHQ7Qjbbl/4:90kRLQJXcbvoSijuhqQ5w
                                                                                                                                                                                                                                                                                            MD5:67BBE71D7C1B0CDAA22E689758ADA64B
                                                                                                                                                                                                                                                                                            SHA1:B5EFC32DB7398A05EBE2D9E062454EB00FC8ACF5
                                                                                                                                                                                                                                                                                            SHA-256:926FE5D79BC498B623C87E3D5F4989CE726698EFF8A706E65351EA5442640FE9
                                                                                                                                                                                                                                                                                            SHA-512:3ECCA1E220252CB1CA1CF0337A9BD541206BE151C0B7E10205E87ED5BD1474655D59B893331E9F635E748430DC6B650D002F2ECFD216002AB706C32FC5F772B3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:--$FileVersion=[VERSION_MAJOR].[VERSION_MINOR].[SUBMINORVERSION].[BUILD_NUMBER]..return "4.1.1.846"....//E16BC5938C2160FE162C55C774B33337F1D9F10E3CD6B1AEA2BE03D0A361E63081CE526280574E22DAD6446B41C24CF92D3D6DB62BCAD2439E623BDFF289E2E6++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\download_scan_ui.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1024
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.050584509752817
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:4cZZCLtlDbUM6OUdREsAAZZSmQcMIc+PcM6icd7FZ/vwVGok7emp:pCtlDbUiUPEsA4Fg+UfFn/vuGok7Zp
                                                                                                                                                                                                                                                                                            MD5:A719B421E6E9B381E963315E9425CE7D
                                                                                                                                                                                                                                                                                            SHA1:C5CACA8BB8AD464420374A840A8A5530FEAFD121
                                                                                                                                                                                                                                                                                            SHA-256:A6C547D05930CE36161297C6D65791942A827EC88B4F606C3D133670F64B123D
                                                                                                                                                                                                                                                                                            SHA-512:7BFBAC20B97EC2C910C0E482C155A28268C796105DABB759CFDE5D1C9677C41CAFD3F19A7BF982A1C1976163E7C1BCCD7CE26E6CD2ECA8693CFB299F4E7088DA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var Download_Scan_UI = function(){.. this.elements = {};.. this.elements["name"] = "DownloadScanUI";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["count"] = "0";.. this.elements["_event_name"] = "Download_Scan_UI";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.count = function(val).. {.. this.elements["count"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//60E0E5895DF2802F436E49868938ED067BF6EDC43A093723FD02D75E6C61779371403E057ED26BE90FAE559803C0E43265CB3CCAB4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgeonboarding.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1003
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.026543638333003
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:hwaLteVUM6QcTQMs/mQc9cwPcM6oaccJFZROl3UVHjxRP:3teVUk4sKuwUsDgnsOjxRP
                                                                                                                                                                                                                                                                                            MD5:97306CAC82A9CC580D3154376D7BB438
                                                                                                                                                                                                                                                                                            SHA1:F175A1920B0C570C25FF45BA1DD827E91B1BE8E2
                                                                                                                                                                                                                                                                                            SHA-256:8357A4D6203FF8E15994914C1954814BDCB1BB71280C13B6DFA3899C54BAD403
                                                                                                                                                                                                                                                                                            SHA-512:8356B9AEC30E764B933983352579CABC290FA446CF84204930AC6DBA20780C57D7A6E1B742315D74025BF01C3F6AEF5591FEB257EE06330AA0502A3E6D52EA95
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var EdgeOnboarding = function(){.. this.elements = {};.. this.elements["name"] = "EdgeOnboarding";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "ed";.. this.elements["type"] = "default";.. this.elements["_event_name"] = "EdgeOnboarding";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.type = function(val).. {.. this.elements["type"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//1A1265D942AFFF00704DDA23CCD46D476D4B6B628D1CD7407ADDBF10D16FB8D941B29A5233F9E97144E07D64122380BA7E08C79FD543D682860F6F34CA1D5BB

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgeonboarding.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):686
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.374973400706401
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1I9F4kIrfzuwbkENLqau02e+vo5foIQub8o+2r4kGlbL/7tKFPUQAtlzWWE0Kydb:k4kujtNLqvJvEfoND2LQclMtl6WMydb
                                                                                                                                                                                                                                                                                            MD5:BED192B6B087449AFC9ECCA843A22BB2
                                                                                                                                                                                                                                                                                            SHA1:90DDC300B5CEC8FFD0C4033CD9527B2B64E36DBF
                                                                                                                                                                                                                                                                                            SHA-256:C67859D9CA4283538E406C521D619AB3B6F953CACB8F3600476BD9B58F667045
                                                                                                                                                                                                                                                                                            SHA-512:9720A66D7E496E3B20DE6A4A87A0422FB5ABF398FE61979B9A6A9AB8CE7BED7FC92E9ACEE8B03833774D610123D16770C5E43307CA209410D20C6700624FC361
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........,...+...H...............,...+...H...............,...+...H...............,...+...H................2...4...+...>...:...4...+...>...:...4...+...>...:...4...+...>...:...%...:...4...7.......7.......>...H............encode.json.core.EdgeOnboarding._event_name.type.browser.action_type.tostring.name.........2...%...%...%...%...1...:...1...:...1...:...1...:...1...:...0...H.....Serialize..type..browser..action_type..name.default.ed.UNKNOWN.EdgeOnboardingY.......4...%...>...2...5...4...1...:...4...0...H.....new.EdgeOnboarding.core.json.require...//871610505B9AA87B9F375018FB8DA4C024E9189AFC113AC217950D2665934875344709D214A3EF6C0F2C2A71DEBCBFA3009A045899E7DBD765ABAC71B7061664++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgesecuresearchonboarding.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1084
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0614193441625455
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:hKLtQXQMM6QMUsZcucwPcM6XcaFZMI3FnBYa:GtQZkMUs6XwU4anMIH
                                                                                                                                                                                                                                                                                            MD5:C6CEE776DD146BE4C545D70B7A2798C8
                                                                                                                                                                                                                                                                                            SHA1:1E39C41EA0FD8CF69B4478984E91F72D1AFD5F8C
                                                                                                                                                                                                                                                                                            SHA-256:81A6BD045F9B97EF5E3B9836C5ECB1DBCDE69F655239D8952029904664732C32
                                                                                                                                                                                                                                                                                            SHA-512:28ACDF79A94CE25D15438E61A0ADF8B6ED584CB3C26EF4EA48083300995D5331A6291C683197216820A154BC678B2416C89BB783F62F345C7E2C1CAE92285C33
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var EdgeSecureSearchOnboarding = function(){.. this.elements = {};.. this.elements["category"] = "EdgeSecureSearchOnboarding";.. this.elements["action_type"] = "default";.. this.elements["browser"] = "ED";.. this.elements["impression_type"] = "UNKNOWN";.. this.elements["_event_name"] = "EdgeSecureSearchOnboarding";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.impression_type = function(val).. {.. this.elements["impression_type"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//77C9D7BE55B7C68AE774E379DE35131A0CCAB075FD19D4

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\edgesecuresearchonboarding.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):752
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.454673440979267
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1I9F4kIrfzYbkENLqau842e+/OovtfoIQubGWoG5iF3fGlbLXa7tKKgJi5uylWCZ:k4kuEtNLq3IGMtfogB5WPQnK3uylXd
                                                                                                                                                                                                                                                                                            MD5:5FD6F13643F89F7C3FAC58A1AF6BABB4
                                                                                                                                                                                                                                                                                            SHA1:7D1CDC883C4031A57BCEDA700AFEE31EE9E05B96
                                                                                                                                                                                                                                                                                            SHA-256:4FC8655C435DCB1779179AD10291721AAA5E029C16C1AFE2D017754271C25F4D
                                                                                                                                                                                                                                                                                            SHA-512:8D411F87FB8316A87E8405D3F306B56C8591661307A324C49638E7CAA30BC03167A1EDFA38B054A3097EED39A52D779B510159758F2D1442C8515306E8636040
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........,...+...H...............,...+...H...............,...+...H...............,...+...H................2...4...+...>...:...4...+...>...:...4...+...>...:...4...+...>...:...%...:...4...7.......7.......>...H............encode.json.core.EdgeSecureSearchOnboarding._event_name.impression_type.browser.action_type.tostring.category.........2...%...%...%...%...1...:...1...:...1...:...1...:...1...:...0...H.....Serialize..impression_type..browser..action_type..category.UNKNOWN.ED.default.EdgeSecureSearchOnboardinge.......4...%...>...2...5...4...1...:...4...0...H.....new.EdgeSecureSearchOnboarding.core.json.require...//E52767A508E594AD98F30343FC901523DA959D9FD3A844A180CE2DD5A6325A06077D8247747825927722BB432CE7110ED892E6FF6CC4CBA2F7B04A5169DEC0BF++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\extensioninstallationtoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1068
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.052808573172875
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:L5hLt9DVUM6OUzvUsdwcucwPcM6iczfFZ9T5gA:L5Ft9DVUiU7UsdlXwUPLn9T+A
                                                                                                                                                                                                                                                                                            MD5:0765409A8AD341D6CE72D8BE537666CF
                                                                                                                                                                                                                                                                                            SHA1:513CAA974E35432DCDD60D475954784A1DF9CE7A
                                                                                                                                                                                                                                                                                            SHA-256:B4014EF7ED67382F0286DA5C08CC0F9022774F58A38C81160423BA0BBFF2626E
                                                                                                                                                                                                                                                                                            SHA-512:EB749597DB9CADD9930C81EB307DC34E15B9DE618426800827E62DE6EFA4112BB970F90333FFD1A41B2A04741F42CF4234072F8084C1E5E45A05254A88C1071F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var ExtensionInstallationToast = function(){.. this.elements = {};.. this.elements["category"] = "ExtensionInstallationToast";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["sequence"] = "UNKNOWN";.. this.elements["_event_name"] = "ExtensionInstallationToast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.sequence = function(val).. {.. this.elements["sequence"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//E1D32ACC374EC29E5C991FD4475A334929DB54EEAC28C4751D415F8B6F39E7

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\fw_av_warning.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):861
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.111728856148942
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:7WJwqwHwzyAdYETwM6RETwscWmQbwRo5AJbwzyAd1oBPbwM62ogFwfwdu/h8lZ:7LtQbUM6OUsDmQcMIc+PcM6cFZE/h4
                                                                                                                                                                                                                                                                                            MD5:689B8A309AD16423F352A40C09351171
                                                                                                                                                                                                                                                                                            SHA1:47AEC4849F3B73F784CE128E7B2B962D7F20531E
                                                                                                                                                                                                                                                                                            SHA-256:8B4C5F4CAF3B7931E00FE82B80D16C7B3FDA5673AA0C560D2BC079437D3E238A
                                                                                                                                                                                                                                                                                            SHA-512:5E3B75AA3412B93C6D8C10E74FBD07435B1D151A6E8F4CB73EF343D4A559744FCBCC6126C1D0549657FAB1EA239F3A7BEC8B31D0D8B00999EE8EF519A085A4E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var FW_AV_Warning = function(){.. this.elements = {};.. this.elements["name"] = "FWAVWarning";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "FW_AV_Warning";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//E4AA2ED61472348DBE6709F7820BE4969ACDD0237B9B19CA30DF3A3BC4DAD44442C31FE382094FE4FD11DC3BB01357643E6FB6CED13FCD5650BC7FE48900AB26++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\newtabextensionoffer.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1053
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0671130834499625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:RDhLtxVUM6OUDUs2cucwPcM6kcTFZ449xt+YnG9:/txVUiUDUsvXwUdTn4U2YnG9
                                                                                                                                                                                                                                                                                            MD5:F929E7A7BB3C6C74BEF893EA9E6ED16A
                                                                                                                                                                                                                                                                                            SHA1:70477A2B2FB18D4D189CF942DDAAAEA46F1CA95A
                                                                                                                                                                                                                                                                                            SHA-256:1BC49F7323FAE1440BFAE351D8864C7C7FD5F838FDD397F04C478B6DE3B8A427
                                                                                                                                                                                                                                                                                            SHA-512:91CBD722551B8B12ACA9A9197E9FFE601A28F8FD0F58D77293E905074F77C488962766FDB9D392E71E810164AEC8164292BE07FC05BE02485DA00058C0ED437C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var NewTabExtensionOffer = function(){.. this.elements = {};.. this.elements["category"] = "NewTabExtensionOffer";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["variation"] = "UNKNOWN";.. this.elements["_event_name"] = "NewTabExtensionOffer";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.variation = function(val).. {.. this.elements["variation"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//7205A5DA385D43C69C0E51E1F4AD09835C08774E22622DCA5EC744C9E663015E3B50083A07330

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\onboardingballoon.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1053
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.068098061360576
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:hfhLtEbUM6OUf1Us/mQcMIc+PcM6NTQcf9FZRSYR:XtEbUiUf1UsKg+Uxhf9nR9R
                                                                                                                                                                                                                                                                                            MD5:3038E704D1DFCC8353F8A2F3F8ED7873
                                                                                                                                                                                                                                                                                            SHA1:76DD82D492720E356F313F684458744C9CCBDE70
                                                                                                                                                                                                                                                                                            SHA-256:71BB282EC8C4FDD004C4B26EB77EA80228151E7C3FEB9DD0D9E7388870E33B5C
                                                                                                                                                                                                                                                                                            SHA-512:43D54EB3BA4CC3ED75E2F2F3F944DD735CF4D4D1860D629C1397189936730A3B36AE01CD437AE3AA25AAE587BCBC3E6BA1570A0A7A88A57A7B117E35EEF06726
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var OnboardingBalloon = function(){.. this.elements = {};.. this.elements["name"] = "OnboardingBalloon";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["balloonType"] = "UNKNOWN";.. this.elements["_event_name"] = "OnboardingBalloon";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.balloonType = function(val).. {.. this.elements["balloonType"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//611D7CDF646C39C27C2CBA370AC5B4B9C2D9C03D4CF7FDC16E1DD91489246A694AF08B1FAE3D0

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\optionsdialog.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):860
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.091802162139834
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ROQWJwqwLlxojwY9QXDwM6RETwsRxo8DKrbwLuoSQbwY1oBPbwM62ogFwfwB8ewI:RvLt/K5M6OUs0cyQcTPcM6cFZYQPh
                                                                                                                                                                                                                                                                                            MD5:0BE6090C4FD38470248C407DF155D86B
                                                                                                                                                                                                                                                                                            SHA1:2C13BD71993474DD5D172C10639367086B446789
                                                                                                                                                                                                                                                                                            SHA-256:534ED7EF0A1B01F36E86E8227D199C108B6C82C7305ACE5D13FEB833AFF7762A
                                                                                                                                                                                                                                                                                            SHA-512:CEDE3F0E87C7837936E563AA26E64E9B453E820DE0A7F7E6D707D61B95F91D04FD881505864F3037C2B51AC0593B5A0067AC85B5916BC8C0D580CA31C79E6DDA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var OptionsDialog = function(){.. this.elements = {};.. this.elements["category"] = "OptionsDialog";.. this.elements["actionType"] = "Impression";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "OptionsDialog";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.actionType = function(val).. {.. this.elements["actionType"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//DD0278739A748F66589214D59E7F56CC0CDD2D0D7311A364ECF1C6840BEA19609194D495E92DD0D20D93B8133D51281E1E51D3E98BB402E045A483490D997C83++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\productupselltoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1701
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.913495880837677
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:WFt4VUiU7UtUqmUjrUsCXwUPwId1j7nZYZ:et4VUiU7UtUqmUjrU5X7PwId1jzZYZ
                                                                                                                                                                                                                                                                                            MD5:EE600D44FDB644330CBAC5871E2DBB63
                                                                                                                                                                                                                                                                                            SHA1:F77545445F5B4B98359C55B895C80BB8FF891243
                                                                                                                                                                                                                                                                                            SHA-256:272107E518AA33DBDE034AB068D105C93ADC6983BE8F5A37DF32881812485838
                                                                                                                                                                                                                                                                                            SHA-512:1A40D5B972B02A22CAD0DCD658055FDCC9FA0CB936BA4A4154A90956E730335A1DC120C6116EDFC796CCB87BF86AF04066211FDA5C2E0E4D887BD8BE914C914E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var ProductUpsellToast = function(){.. this.elements = {};.. this.elements["category"] = "ProductUpsellToast";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["sequence"] = "UNKNOWN";.. this.elements["product"] = "UNKNOWN";.. this.elements["variation"] = "UKNOWN";.. this.elements["trigger"] = "UNKNOWN";.. this.elements["url"] = "UNKNOWN";.. this.elements["_event_name"] = "ProductUpsellToast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.sequence = function(val).. {.. this.elements["sequence"] = val.toString();.. return this;.. };.. this.product

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\protectionscore.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1033
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.96710548150026
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:eLtj9UM6hUcvjQMs4mQchcoPcM6jTccv5FZNjcrxa37:0tj9U64stSoUwgnNuxaL
                                                                                                                                                                                                                                                                                            MD5:299BE8836225146243D6AA162E5A69ED
                                                                                                                                                                                                                                                                                            SHA1:303F97977B2140EEE0464D38F2CDE374D30B79B1
                                                                                                                                                                                                                                                                                            SHA-256:C9F96586E8721B848C7BEDF3864E5ED6B707CD86C1E3D6EDB28F7AAB17E02FC6
                                                                                                                                                                                                                                                                                            SHA-512:ED51CF1F5453CD6F2D8E16A798D3D0D110474331DEC3CA92F96E8C3FFDE3F22B53B7CC6B42BEFDC96F4D24801C8458A25B16BA5826811BEC505A383BB2220B35
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var ProtectionScore = function(){.. this.elements = {};.. this.elements["name"] = "ProtectionScore";.. this.elements["event_action"] = "UNKNOWN";.. this.elements["browser"] = "ch";.. this.elements["toasts_count"] = "default";.. this.elements["_event_name"] = "ProtectionScore";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.event_action = function(val).. {.. this.elements["event_action"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.toasts_count = function(val).. {.. this.elements["toasts_count"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//51E50DCDF14A65C19BB76E114BB029F79B1D6D040A8FE99C41FBE20297C17C8B985F3AA6F34A87B7E78AA3D7BA0BD953F

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\pscore.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):981
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.028917138411792
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:00LtQcM6jcQshmQc9cwPcM6oaccJFZx4k/6wXU:FtQcP/swuwUsDgnxDE
                                                                                                                                                                                                                                                                                            MD5:A114B2C345B0B63A240DC99B518D567E
                                                                                                                                                                                                                                                                                            SHA1:53FCDEB68C06B0FF66387D37339D6F862EAE9C98
                                                                                                                                                                                                                                                                                            SHA-256:411F58F31AFA580BEC08CB20F82B04876F2394AEFFC0F2A175ED8D53468BE844
                                                                                                                                                                                                                                                                                            SHA-512:0C066599EBE09427F94E67B8ECFBF473B1FE2855493B73A6E1A2CCB5F82A97F62C96FF30DF4495C1B71A60CEE6AC4716293E13661FF9D72EAAD230E6B954C5A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var PScore = function(){.. this.elements = {};.. this.elements["name"] = "PScore";.. this.elements["action_type"] = "UKNOWN";.. this.elements["browser"] = "UKNOWN";.. this.elements["type"] = "UKNOWN";.. this.elements["_event_name"] = "PScore";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.type = function(val).. {.. this.elements["type"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//26DB7EB01783CAA4C77510A33C58767738DB4625C8C32DDD8FC05C2E6B53F3FD37F5F7297117A1F9AE530033F2B8BABE2265785F6D99E96D155647A500AD7C91++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\secure_search_toast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1751
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.868212458153099
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:HFt9ZorU1Qi58eRls5XwUvgYmsQiAXX8O4niO7sT:lt9ZorU1N5PrAX7vgYmsNAHNaiH
                                                                                                                                                                                                                                                                                            MD5:298D7707505C2190A8B79DD2B53FC2B2
                                                                                                                                                                                                                                                                                            SHA1:E635B2DF123C2F458FFEFDA13E4C3EB4002EE16F
                                                                                                                                                                                                                                                                                            SHA-256:928EFFF5B7DBA03975302F6598614B5DDCDC8CAE365DEB35FAF56814F54C196D
                                                                                                                                                                                                                                                                                            SHA-512:6238FF305E60D9FB965E20025E0F1811248201BB89F31ED4A766B4F2D586F83C4862F2053D90B1E776C33050F595695EC0D046017DBBB11FF22B889A54AD0491
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var Secure_Search_Toast = function(){.. this.elements = {};.. this.elements["category"] = "SecureSearchToast";.. this.elements["action_type"] = "default";.. this.elements["browser"] = "default";.. this.elements["provider"] = "UNKNOWN";.. this.elements["toastType"] = "RegularToast";.. this.elements["metadata"] = "default";.. this.elements["response_time"] = "default";.. this.elements["toggle_count"] = "-1";.. this.elements["_event_name"] = "Secure_Search_Toast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.provider = function(val).. {.. this.elements["provider"] = val.toString();.. return this;.. };.

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\securesearchstatechange.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):714
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.318433537665562
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1I9F4kIrfzcbkENLqa+nAK+gUc6N+luPKQUXE5I3ZGlbLLGtz7tKc+SNxtfQlZ:k4kuwtNLqpAfPc6N+luPL5IpQGgc+YxK
                                                                                                                                                                                                                                                                                            MD5:D65D70D31977856940AC9CE8BCE941B6
                                                                                                                                                                                                                                                                                            SHA1:3D7575578483C600D8BCC73CD46DD71C84C8FA38
                                                                                                                                                                                                                                                                                            SHA-256:B087B9C2B72D0BCDE233B93180AF9DEE294A2C433BCA98FD140931989C59A25E
                                                                                                                                                                                                                                                                                            SHA-512:EF5962EB26A26D75E1A27F0E1D93D3C68276F2E6889BBEFCC19F777B3B1432525328E3409DA6AEFF0E345C5FC394E83F9B97B8278C74AC1AC2EBEBF45E03D613
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........,...+...H...............,...+...H...............,...+...H...............,...+...H................2...4...+...>...:...4...+...>...:...4...+...>...:...4...+...>...:...%...:...4...7.......7.......>...H............encode.json.core.SecureSearchStateChange._event_name.prevState.browser.newState.tostring.category.........2...%...%...%...%...1...:...1...:...1...:...1...:...1...:...0...H.....Serialize..prevState..browser..newState..category.UNKNOWN.SecureSearchStateChangeb.......4...%...>...2...5...4...1...:...4...0...H.....new.SecureSearchStateChange.core.json.require...//0E020A48C7874CCF1998FCCB37898F784E4CE6ED5E41BA9A50581EE0939F2873E58ECB0ED63E7804EF8C5BB354ADC7FF4381A4C6CB30409D3A1533C393298AF2++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1690
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.892681272119856
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ltgxDUQUWUVBUiUyJUiUs83NsxnudV7gyEUQnySpM0O:ltgxDUQUWUVBUiUgUiUf3NsxnudV7gU9
                                                                                                                                                                                                                                                                                            MD5:34AD7E902A275E8DCD72EE6C85401BC5
                                                                                                                                                                                                                                                                                            SHA1:54527B456B32F709EA81A189202E467F2E775A8F
                                                                                                                                                                                                                                                                                            SHA-256:83054D8E3A5E88F9F4EC15D234B4E4D1427BB09B7A1AB321E542EEF0BF54EBFE
                                                                                                                                                                                                                                                                                            SHA-512:78C60B08BEEB8A21C455F0C44437C725D329A3D018BB03ACA999AF4945E2FA3FDF90A5738CB45C2886C47C2A432CAAA1A8DF2B18B105EB3A99E6DC76EBEC151B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var Survey = function(){.. this.elements = {};.. this.elements["name"] = "Survey";.. this.elements["survey_type"] = "UNKNOWN";.. this.elements["selection"] = "UNKNOWN";.. this.elements["experience"] = "UNKNOWN";.. this.elements["showTimes"] = "UNKNOWN";.. this.elements["interaction"] = "UNKNOWN";.. this.elements["payload"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "Survey";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.survey_type = function(val).. {.. this.elements["survey_type"] = val.toString();.. return this;.. };.. this.selection = function(val).. {.. this.elements["selection"] = val.toString();.. return this;.. };.. this.experience = function(val).. {.. this.elements["experience"] = val.toString();.. return this;.. };.. this.showTimes = function(val).. {..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey_ui.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1355
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.927772775237035
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:HYLtFiUM6OUxDUcPQMkQMsamQcM/cxPcM6qNXcxeccLQLrcKFZEpYW8hOb:GtFiUiUxDUSGsTLxUONsxnW5KnYGOb
                                                                                                                                                                                                                                                                                            MD5:EC9DDE608D438E75F11F9ECD478842D2
                                                                                                                                                                                                                                                                                            SHA1:A853CD2077E74AEE6516EF6D9C3A0F91F86D64DF
                                                                                                                                                                                                                                                                                            SHA-256:F038EAAED0CA6208E4FB445EDAAC69BE68EA0657433B1A4C9BD1F4CA34AF816D
                                                                                                                                                                                                                                                                                            SHA-512:774782EB60521B774AB4F6DA0FDB0AB1286AC10FB96406D3846CAF854E53DFE7FBA99FB939B920742A77AF924A834F051A25ABDF04DF48D5DB0A197118758158
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var Survey_UI = function(){.. this.elements = {};.. this.elements["name"] = "Survey_UI";.. this.elements["interaction"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["survey_type"] = "UNKNOWN";.. this.elements["selection"] = "default";.. this.elements["scenario"] = "default";.. this.elements["_event_name"] = "Survey_UI";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction = function(val).. {.. this.elements["interaction"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.survey_type = function(val).. {.. this.elements["survey_type"] = val.toString();.. return this;.. };.. this.selection = function(val).. {.. this.elements["selection"] = val.toString();.. return this;.. };..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastcheckcompleted.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1029
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.069769840529232
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:dLtUM6OUc7UdrUsMchPcM6mFQccLcd7FZY9yP:JtUiU+U9UsRhUyLFngC
                                                                                                                                                                                                                                                                                            MD5:7BA23ACAC141217317E62D9302A8FA32
                                                                                                                                                                                                                                                                                            SHA1:31E37BA64128C389A4B9CD6F0EB5B71170C2AF77
                                                                                                                                                                                                                                                                                            SHA-256:6DB9526F470BA32649A794A467F72218EC731AE44648F9966923EA8AC64ECBA3
                                                                                                                                                                                                                                                                                            SHA-512:1A177419D6D8BB2C69AA9D85F67FF5B852252970F624E0063A52389911A0BFC1406EF82DAE6EC1C7BC3868B72FFFBEBF681E0B33DECCB121412C19C3565FC364
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var ToastCheckCompleted = function(){.. this.elements = {};.. this.elements["category"] = "ToastCheck";.. this.elements["browser"] = "UNKNOWN";.. this.elements["triggerType"] = "UNKNOWN";.. this.elements["count"] = "UNKNOWN";.. this.elements["_event_name"] = "ToastCheckCompleted";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.triggerType = function(val).. {.. this.elements["triggerType"] = val.toString();.. return this;.. };.. this.count = function(val).. {.. this.elements["count"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//956C93B9984498F84018B6C0535619DB3616AC855C8EC5198A412595415AF989FD8C7DCFDF7454E9E0866E6E024687428E1DC

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastcheckcompleted.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):691
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.380196279098391
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1I9F4kIrfzlbkENLqaZW+tLVeSuPKQU55qwIZGlbL27tKAlAK2YbZhZ+AMUJBHr:k4kuVtNLqOtZhuPc5CQTaAK3ZhQAMUbL
                                                                                                                                                                                                                                                                                            MD5:A4073F21156A519D3CBCAF2B29F48A8A
                                                                                                                                                                                                                                                                                            SHA1:659A60456B18794E4660D5A4153BF33A711259B8
                                                                                                                                                                                                                                                                                            SHA-256:F0CFC561A0412CFECF4709FD9AC7A7DC5B9F5CFFA464A00115A741BFC408541C
                                                                                                                                                                                                                                                                                            SHA-512:A45752B9F05E709A854A67F08079FA8E731F59EBBF275CC0706A594E1C9D66BDF2F0C8FE3A32220B781B8AF94F1BF66A2EF798921938FAEF2363F58C0181AF09
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........,...+...H...............,...+...H...............,...+...H...............,...+...H................2...4...+...>...:...4...+...>...:...4...+...>...:...4...+...>...:...%...:...4...7.......7.......>...H............encode.json.core.ToastCheckCompleted._event_name.count.triggerType.browser.tostring.category.........2...%...%...%...%...1...:...1...:...1...:...1...:...1...:...0...H.....Serialize..count..triggerType..browser..category.UNKNOWN.ToastCheck^.......4...%...>...2...5...4...1...:...4...0...H.....new.ToastCheckCompleted.core.json.require...//64DEE79C63F2E5B5EC0E7443C76EE20F3CCA5D29028D81EB20A14349B675ED8AD96EE2B69E4C53E0152AFCBB193CD14DB0903750D3C3DB222A367A9A0D122835++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastchecktriggered.luc

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):699
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.382405290536798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:1I9F4kIrfzlbkENLqaZkUo+tLVeen353lRroqwIZGlbLaUi7tKycRY44KJpG:k4kuVtNLq9U9tZTn35QCQaUvnVG
                                                                                                                                                                                                                                                                                            MD5:883B62C7DFE0B395DB60E89183AE80DA
                                                                                                                                                                                                                                                                                            SHA1:75AB2090AB6E5CAC5BCEEE6E207732F5B0F400F5
                                                                                                                                                                                                                                                                                            SHA-256:E2B892FF881E1F11DE9BFE707D5D0A5698CECAD3B6031BA9D8689AF49CC16194
                                                                                                                                                                                                                                                                                            SHA-512:EAA0991C968FB77A0F62412A62174DFA92EDD1928443659FDD5FC95FC54B730299383D96E4512E969779B799556E22F8092D4350DE689CA6102F7DB055158309
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.LJ..........,...+...H...............,...+...H...............,...+...H...............,...+...H................2...4...+...>...:...4...+...>...:...4...+...>...:...4...+...>...:...%...:...4...7.......7.......>...H............encode.json.core.ToastCheckTriggered._event_name.count.triggerType.browser.tostring.category.........2...%...%...%...%...1...:...1...:...1...:...1...:...1...:...0...H.....Serialize..count..triggerType..browser..category.Started.UNKNOWN.ToastCheck^.......4...%...>...2...5...4...1...:...4...0...H.....new.ToastCheckTriggered.core.json.require...//C7D93882ACA7A0118FFB783DD95006C8E7F95B1A0C679A42338468CF9D08179D81F528A009B899622DD03FE1BB118315ADFFAD373B92D4DA104BEC25D23824A0++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\user_welcome.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):855
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.099655861180247
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:PbLtRUbUM6OUsfmQcMIc+PcM6cFZ0Xv/w:ftRUbUiUsqg+UQn0A
                                                                                                                                                                                                                                                                                            MD5:9FAC92371FC7B935F7999ADA0AD24C38
                                                                                                                                                                                                                                                                                            SHA1:06BEAA9471765AD23807D103045257CF9AA23055
                                                                                                                                                                                                                                                                                            SHA-256:C522C4E77D44D7A2E0B7EFE99329F67FF482A5E656CE3AB2B6E73F0AAABBE0A7
                                                                                                                                                                                                                                                                                            SHA-512:97F2FC511600F69899594F8376C6291B7CDFC383E70B9905F43EC52906BD02577FC87F8ED0E51C2542F935CF1EAD4EF5A2A1693D960F4D63CBC9B56C60E3C003
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var User_Welcome = function(){.. this.elements = {};.. this.elements["name"] = "UNKNOWN";.. this.elements["interaction_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "User_Welcome";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//A5508AB4CFD8683C1011F9E272EF08E51E58CA6F27D4D23B441E1CFB39B69BA653EE279E504C37270A0459240139CD8E5D81B2B32040AA286BF345C248FB5EBC++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\webboost_upsell.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):871
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.083940000280523
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:gTLtTFEL5M6OUsHFCmQcMIc+PcM6cFZ7uZcDXXW:gftT+L5iUsHFg+UQn6ZcD2
                                                                                                                                                                                                                                                                                            MD5:FCF4AB088EF2AC175EFAF11ED233CBA3
                                                                                                                                                                                                                                                                                            SHA1:4281BA9EAC52F5CAFE8E5996F8C8E8B47F5F4177
                                                                                                                                                                                                                                                                                            SHA-256:4F61CC006659D49504DE6ADCE89D7C4569FCA43EFE3EE9160C36EF3B58139A05
                                                                                                                                                                                                                                                                                            SHA-512:F5D2746D5AF2E27AFC3BF1A2F782FADE6FD37C67A55E380651D6ADAC2F888BBBD3F8DF2E7E47BB8CE241195E30494C023CFF80C56B43C4429C7B928E72BF3992
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var WebBoost_Upsell = function(){.. this.elements = {};.. this.elements["name"] = "WebBoostUpsell";.. this.elements["interaction_type"] = "Impression";.. this.elements["browser"] = "UNKNOWN";.. this.elements["_event_name"] = "WebBoost_Upsell";.. this.name = function(val).. {.. this.elements["name"] = val.toString();.. return this;.. };.. this.interaction_type = function(val).. {.. this.elements["interaction_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.Serialize = function().. {.. return JSON.stringify(this.elements);.. };..}..//6041E5307506BA2BAA15E35D8E5691D7C09C69EAC89CDD3657B79F6F31EF878010DA0B2DF9270308CEC73CD98CCB5676D3C5EA60FD5D73F45D41BE3F4D8380F3++

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\wssatpassisttoast.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1867
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.887827198337418
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:pFtdVUiUOU71U0DUmUjrUsTXwUi37mId1j7n/PLssr:TtdVUiUOUxU0DUmUjrUaX7i3yId1jz3f
                                                                                                                                                                                                                                                                                            MD5:38EC7A82E2230B6128122A359FF8CB7D
                                                                                                                                                                                                                                                                                            SHA1:6BECB1B592715271EEF456279BACB8472EAF95C0
                                                                                                                                                                                                                                                                                            SHA-256:4211E158572FB535E7ABA5C773C6498E1C50199AF452ECC234FD3A017432F0E6
                                                                                                                                                                                                                                                                                            SHA-512:06935C5EB17AACA243ADBF2DCF0E1F8DCC88CE1FD63FE1ADF158F257F1EFDCFCDA154460FEF6A3720CC21869FD5987CABF58E211566BCC753AA14997502EC703
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:var WSSATPAssistToast = function(){.. this.elements = {};.. this.elements["category"] = "WSSATPAssistToast";.. this.elements["action_type"] = "UNKNOWN";.. this.elements["browser"] = "UNKNOWN";.. this.elements["counter"] = "UNKNOWN";.. this.elements["threshold"] = "UNKNOWN";.. this.elements["product"] = "UKNOWN";.. this.elements["variation"] = "UNKNOWN";.. this.elements["trigger"] = "UNKNOWN";.. this.elements["url"] = "UNKNOWN";.. this.elements["_event_name"] = "WSSATPAssistToast";.. this.category = function(val).. {.. this.elements["category"] = val.toString();.. return this;.. };.. this.action_type = function(val).. {.. this.elements["action_type"] = val.toString();.. return this;.. };.. this.browser = function(val).. {.. this.elements["browser"] = val.toString();.. return this;.. };.. this.counter = function(val).. {.. this.elements["counter"] = val.toString();..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\uihost.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):855520
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.3883568869490315
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:vqDRCc9QnUTmJDeQsPE7R/LeMN7G1UrqwIOIP+JqoZ6MpmN/qn/FC7qlL0b5i7Em:iDRyJGYFCOlL0A7EKiaEcwK+YyoX
                                                                                                                                                                                                                                                                                            MD5:12AC81D29928BF8B46E49A97AA9863C8
                                                                                                                                                                                                                                                                                            SHA1:5016F2ECDC1DDFFE7E259355A2583CA820731BB4
                                                                                                                                                                                                                                                                                            SHA-256:5D8C9AE8B4EEF307319A15C5EC2CA530D2D4FA3C1C2FF6EA555C6D7ED6FC8C91
                                                                                                                                                                                                                                                                                            SHA-512:2B94B01C1D0CE1549758AC1AF070B7ECFBD215E726B5B4A4438BD00835F5A5C58E88B9CCA4E65D38A5467026B630B7A1DB7CD3505EE290A39B283BEEB460A320
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........:..S[.IS[.IS[.I.3.HX[.I.3.H.[.I...HA[.I...HY[.I54.IQ[.I...H7[.I...HR[.I.3.H@[.I.3.HR[.I.3.H^[.IS[.I.[.I.5.HT[.I...HD[.I...IR[.I...HR[.IRichS[.I................PE..d....j1e.........."......(...t.......M.........@....................................t.....`..................................................]..........p............~..........@.......p.......................(.......8............@......`Y.......................text...L&.......(.................. ..`.rdata.......@...0...,..............@..@.data........p...x...\..............@....pdata..............................@..@.didat...............`..............@..._RDATA...............b..............@..@.rsrc...p............d..............@..@.reloc..@............h..............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\uimanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5450192
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.389009034557386
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:IOY5Fbjv7/ioAZ8GPlWPj8wrtHOtxLrNqQoFe3PGMcuOw7PvFGbf8jLk6q/YQnbm:S7PjvxEmHfXu4eT+pK0f2KENR0TBxWZ
                                                                                                                                                                                                                                                                                            MD5:EFA7113287AACD4DA99E30D4B83F5058
                                                                                                                                                                                                                                                                                            SHA1:7BA6E513B220FD7B2D1AD34BCF661DCBBB9A3989
                                                                                                                                                                                                                                                                                            SHA-256:E5A46B5EE5213CB84875C71E00B89B403306414F3343BC871D58C53E1219FCF7
                                                                                                                                                                                                                                                                                            SHA-512:193A2416FFDDDFA0C84759E3C3E7C82FB5330BB5B3D2446B912F91F30DB1203FB87B8C23A831FCBDC2DD44FF1A43E215EC586949712470E2712975E88BD95153
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......l7..(V.\(V.\(V.\s>.]%V.\z#.]9V.\z#.]"V.\N9.\*V.\z#.]OV.\s>.].V.\!.`\ V.\s>.].V.\.#.])V.\.#.])V.\s>.]5V.\s>.]*V.\.8.]hV.\.8.]iV.\(V.\&T.\(V.\/V.\.#.].V.\.#.])V.\.#.\)V.\.#.])V.\Rich(V.\........PE..d....j1e.........." ......<..........t5......................................PR.....d.S...`A.........................................]I.P....]I.T.....Q.P.... N..l...dQ.......Q.....0.E.p.....................E.(...0.A.8.............=.x....WI......................text.....<.......<................. ..`.rdata........=.......<.............@..@.data........I......tI.............@....pdata...l... N..n...bM.............@..@.didat..@.....Q.......P.............@..._RDATA........Q.......P.............@..@.rsrc...P.....Q.......P.............@..@.reloc........Q.......P.............@..B................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\uninstaller.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2508096
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.449144097360262
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:ADiY+1zMkEzRuZLkbZNOyDIyapdEIxeuZblk:AY4F+LkbZgyUlguZe
                                                                                                                                                                                                                                                                                            MD5:4CB9C1010F9CB39B7685612187FE47B9
                                                                                                                                                                                                                                                                                            SHA1:2D8A907B7F84D84420165EEA0658F564F99378EA
                                                                                                                                                                                                                                                                                            SHA-256:AAAD928488C79E3905E2D148D6C83D612D556C137028208E2354EB65865AA503
                                                                                                                                                                                                                                                                                            SHA-512:D443A7BB595C449537450A403DA40CF09E68857CC1F6AC5D7DB3B3DFB5FFF82F046E1BE4C3926161A63688AFE935B27C88818C1F1699BD5F023269D46550E9B4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$..........&..u..u..u..t..u..t...u..t..u..t..u..Pu..u..t...u..t...u..>u..u..t..u..t..uC.t..u..u..uC.t...u..u..u..t...u..Ru..u.:u..u..t..uRich..u........................PE..d...kh1e.........."......p...B.................@..............................&.....;.'...`............................................................p....p...9...F%.@.....%..+......p.......................(.......8...............@.......@....................text....o.......p.................. ..`.rdata...c.......d...t..............@..@.data....~..........................@....pdata...9...p...:..................@..@.didat..............."..............@..._RDATA...............&..............@..@.rsrc...p............(..............@..@.reloc...+....%..,....%.............@..B................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\updater.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2510216
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4744073596718055
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:uHAIJbp1oLJ9gwXzNoK/u1UKVQ96FauwEx0FPryw:gq3mK/NDAAFz
                                                                                                                                                                                                                                                                                            MD5:58F4650AC344EFBBD2F4D1EEE6076FC4
                                                                                                                                                                                                                                                                                            SHA1:2ABA618BCCF485DFD0EBFC36B55E1C61A852E308
                                                                                                                                                                                                                                                                                            SHA-256:97A902EEE7305BFC3549FFEC2C8EA8238BCA7484A0E7F39AA12968231457E50D
                                                                                                                                                                                                                                                                                            SHA-512:80F8C6DDF822C36D91AC4D9644EFF1585062889E140AFBF8C0139BE8368951339BFE7D856BEED6A74C61A18994782AF7215E2E9D01CD9F006BD79C58FB194544
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$..........B.k...k...k.......k......=k.......k.......k.......k.......k..!....k.......k.......k.......k.......k..$....k...k...k.......k...k..kj..$....k..$....k...k...k..$....k..Rich.k..........................PE..d...Gh1e.........."......(...R.................@..............................%.....VH'...`................................................... .......#.8....@".,f...N%.......%..'.. ...p.......................(.......8............@..0..... ......................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data....(....!....... .............@....pdata..,f...@"..h....!.............@..@.didat........#......R#.............@..._RDATA........#......T#.............@..@.rsrc...8.....#......V#.............@..@.reloc...'....%..(...&%.............@..B........................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\wa-ui-uninstall.js

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10214
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.917914647053502
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:/QL4RLAq8F9BeGgTcNPRzNPx6RlrC052J:P1Ii2J
                                                                                                                                                                                                                                                                                            MD5:544A777A890F18D1E538851A33EC1E53
                                                                                                                                                                                                                                                                                            SHA1:46CCE2C4DD9D88B891D19A35E0600537A17B365B
                                                                                                                                                                                                                                                                                            SHA-256:7540877A25FC5DEC269BE4880374FD033ED336F0169A7DDBB050105E1FC672EF
                                                                                                                                                                                                                                                                                            SHA-512:4445E861AAA676419FEF4B116B9B919D19F0E12D96663685298C4B03CA68C2602283F0F8812CF3AC2BB42A0A15025ACAAD0FB68D676334227847983018EB10C2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:/* Uninstaller UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.UNINSTALL).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml(),.. _data = _core.data;.... ui.Uninstaller = function () {.. var checkProgressInterval,.. checkUpdaterInterval,.. checkUpdaterNumRetries ,.. buttonOkId = "wa-uninstaller-button-ok",.. buttonCancelId = "wa-uninstaller-button-cancel",.. buttonCancelCss = "wa-button cancel",.. buttonOkCss = "wa-button ok",.. version = _webAdvisor.getVersion(),.. el = {.. $header: $("#wa-uninstaller-header"),.. $content: $("#wa-uninstaller-content"),.. $footer: $("#wa-uninstaller-footer")..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\wa-uninstall.css

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3354
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.822872455073507
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:UKQqFbbgRjujt6whhzIr3EXNkd9ZcRx1+zRMJ9NDG4lzDiQ:FxFb8Rjujt6wr8r3EXNkFcRx1+zRMJ9t
                                                                                                                                                                                                                                                                                            MD5:45634CD8E91200BDB4B84836D7F3EDE1
                                                                                                                                                                                                                                                                                            SHA1:299F91ADD3A2F7FC1BCF84B58A516BE6B4012AFC
                                                                                                                                                                                                                                                                                            SHA-256:B79054E144C8D658E495FCEBAE0B51AF62585A28592C870B587EFF3216425971
                                                                                                                                                                                                                                                                                            SHA-512:2B4C19BEFA49E5D529E5E54EB1123E019684B32D2F05581FFC6CE30529AEA942B929B5614FABC4DCF7B9005A255359E37034FE89F0B8681AD0D5F68A500FD657
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:body {.. background-color: #ffffff;.. overflow: hidden;..}....#wa-uninstaller {.. width: 600px;.. height: 473px;.. border: 1px solid #BAC6EA;..}....#wa-uninstaller-header {.. height: 48px;.. display: table;.. width: 100%;.. background-color: #F5F6FA;.. border-bottom: 1px solid #BBC7E7;..}.... #wa-uninstaller-header > div {.. display: table-cell;.. }.... #wa-uninstaller-header .title {.. vertical-align: middle;.. }....#wa-uninstaller-header-close {.. float: right;.. position: relative;.. top: 12px;.. right: 12px;.. cursor: pointer;..}......#wa-uninstaller-content {.. margin: 24px 30px 0px 30px;.. color: #404040;.. font-size: 12px;.. height: 67%;..}....#wa-uninstaller-start h3 {.. font-size: 16px;.. font-weight: bold;.. color: #53565A;.. margin-bottom: 5px;..}..#wa-uninstaller-start h5 {.. font-size: 14px;.. font-weight: 400;.. color: #53565A;.. margin: 0px;..}....#wa-uninstaller-st

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\wa-uninstall.html

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1303
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.273683275763177
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:csY0TEL0GNVMz7jVMz7EVMz7VMz/VMzlLVMCdLG7OLG3LGt1LGztukMrHlDb:3XTEL0Sv265iCdLG6LG3LGt1LGzloHl
                                                                                                                                                                                                                                                                                            MD5:A36240CFA6F2DA80C57CB5A3B208B5EA
                                                                                                                                                                                                                                                                                            SHA1:1373A466E045662CAD700FDCB524C310794CBEA1
                                                                                                                                                                                                                                                                                            SHA-256:504EEF52BFB7A3B623D338B204A69BF3B3D352F04007ABE239045528D09C2F05
                                                                                                                                                                                                                                                                                            SHA-512:0487094E1F0138C489C4AA05E8783CA7B72C5C88C3470310C42DFCAD7D93367C77E589A93AE4C934C56651DB9BA9D7F17E7682222DEC1CABBAA323699B76EC4E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-uninstall.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-uninstall-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-uninstall.js"></script>..</head>..<body>.. <div id="wa-uninstaller">.. <div id="wa-uninstaller-header"

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\wataskmanager.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3781976
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.464963495958648
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:ag5BZ7RbbSTy/nBLECoGV7khjMRv0qf9ed2uBmCFEg6ulgCqJNwpMJM7s+b4Me3f:/D9iW5cgCqTKMJM7s2w34wcH0
                                                                                                                                                                                                                                                                                            MD5:A0B763E5B211E3A758883C6800F77B89
                                                                                                                                                                                                                                                                                            SHA1:8A3650F1D920B43FB7E7F2F6662508BC1209BFE4
                                                                                                                                                                                                                                                                                            SHA-256:798F895E9AE8B9334C772616420A5A785D541551449EF52CEA66D9ADDA013AB0
                                                                                                                                                                                                                                                                                            SHA-512:7E4011923A6931062E7CB6BF31B3C194FAD9A93F303FA2DD1F0DF85C1B187F18EB7B8F60EA02E75111D05ADFFAF89C8BE5647BDBEB4310C5C0CDD73563620047
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......................................,.............Q.....Z.....................}......Q.......Z........Q..................Rich..........................PE..d....j1e.........." ......*.. ........%...................................... 9......:...`A..........................................3.T.....3.......8.`....`6..(...`8.XU....8..[..`h0.p....................i0.(.....-.8.............*.0.....3......................text...|.*.......*................. ..`.rdata........*.......*.............@..@.data.........3..(....3.............@....pdata...(...`6..*....5.............@..@.didat........8.......7.............@..._RDATA........8.......7.............@..@.rsrc...`.....8.......8.............@..@.reloc...[....8..\....8.............@..B................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\webadvisor.ico

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):99892
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.9749743269785345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                                                                                                                                            MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                                                                                                                                            SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                                                                                                                                            SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                                                                                                                                            SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):676
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.824937383394461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:ShnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:ShnPOaKioAjxEaN94MpEJq7SBlMZ79oi
                                                                                                                                                                                                                                                                                            MD5:D4525EEF75A5ED31DD1463E94E63EE32
                                                                                                                                                                                                                                                                                            SHA1:9D2B35EF3800BF1CD34F6AFE03EDF1B02F75B7EA
                                                                                                                                                                                                                                                                                            SHA-256:E8BE10CE45725068D0B6F7B90C1F86C90B0F949B9FB4229CF9EE4A82DF9980E8
                                                                                                                                                                                                                                                                                            SHA-512:E92548F4F2B49138BEFE5800DD459F0A9DB3062B32661D98BD9E393D2510E9B41822ABCA3FDF179A7EBCA6B8899E0634B668FDDD1D1A1E67D8A5876F11C85D18
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.199984426997364
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:3FHWb4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1Hi7Gv6iK1re/3dwwBi
                                                                                                                                                                                                                                                                                            MD5:ED06108D883C1FFED6910F55AC4A5A3D
                                                                                                                                                                                                                                                                                            SHA1:7974E1658801A128A23C0B2737545F2AB5C5F3F2
                                                                                                                                                                                                                                                                                            SHA-256:B659E0167E9CEBFB8A031F259D840577B3897ABF3E91C2ABBE3E8F947598FF47
                                                                                                                                                                                                                                                                                            SHA-512:075F93DE9A8065B939BD947D23F2D3F1EA793AFA492CA030B0B24C4FB223F85846A37DF908ED5DD08987AFFA60AB3ECB6ACA512C777F05E9DD7849976868D6E8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):675
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.830153549273225
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:JaWhnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:JaWhnPOaKioAjxEaN94MpEJq7SBlMZ7R
                                                                                                                                                                                                                                                                                            MD5:B09DB140B1A6360DC1D7F6BCF9D85B22
                                                                                                                                                                                                                                                                                            SHA1:09839EFA3B9055D51BFE566E9F5F8B7529B085D2
                                                                                                                                                                                                                                                                                            SHA-256:395D1298C7E5A9D6A7F45A0A84F89A0652DE890F202812FE3EF0DA830F24A98C
                                                                                                                                                                                                                                                                                            SHA-512:F1539E728D9F7DB8870CE58D2B4C49431DB288DD4D26D3C3D52374BB1B856001E8BF541650CF77813308060EDC57939E35E0B21D99EE18F0D2681FE052E91145
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):331
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.221057694206649
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:3FHWEas4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1HZaW7Gv6iK1re/3dwwBi
                                                                                                                                                                                                                                                                                            MD5:49D8FD2B7CDD52D1CD2F2F3F019A597D
                                                                                                                                                                                                                                                                                            SHA1:62548306CE140C5336570EB02D4AF566121CFC65
                                                                                                                                                                                                                                                                                            SHA-256:B114F82CBCB910A1F282E823266801468571F3F2DB9802AFFD3C758F933CE9C2
                                                                                                                                                                                                                                                                                            SHA-512:3F9FA7C2D56A3BA12690D1D2107FC12D66CC6294D0C1A5003221E4B7A6C6481197BFD05CDEFFDE09F2D2AEF55132CE8CBEB40953AD25A96BF40675907FE68B16
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3217104
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.71002959579166
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:UhFvicTAda1cPumVW+l+LR2GG+A5Wl8OLO:wicTngUdqOL
                                                                                                                                                                                                                                                                                            MD5:2DFA127725579A0D6B9D26FB7BC3DC48
                                                                                                                                                                                                                                                                                            SHA1:5FEDE8EB777E613EB6B8216D0B8E0113A8F16634
                                                                                                                                                                                                                                                                                            SHA-256:B28546F835FA47B5BDB80FB2B69F6EE87C6900097D42A19870308DC3BDF77363
                                                                                                                                                                                                                                                                                            SHA-512:5C1896056411D627943EB70AA8FD4CDFEEA0B6161AEB2F2BFF4C9E7BD12834865A52D797B1570DF306EABE5CDABAFEE4A016B1A89745F8CCADF6B326587F4CCD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$............u`P.u`P.u`P..cQ.u`P..eQ.u`P..dQ.u`P..cQ.u`P.).P.u`P..eQ.u`P..dQ.u`P..eQ.u`P{.dQ.u`P..fQ.u`P\.dQ.u`P..aQ.u`P\.eQ.u`P.uaP.t`P..aQ.u`P..iQZu`P..`Q.u`P...P.u`P..bQ.u`PRich.u`P................PE..L...&j1e...........!......%..t...... .........&...............................0.......1...@A.........................B,......C,......P................/......`..0".. .*.p.....................*......$(.@.............&..... @,......................text.....%.......%................. ..`.rdata..._....&..`....%.............@..@.data...(....`,..d...P,.............@....didat..T....@........-.............@....rsrc........P........-.............@..@.reloc..0"...`...$....-.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):663064
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.664650687353078
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:5VbtYOKv7ftQNF8XpUJP6GX8NEojGroS3sh/3JsIRmjM0is1nY:3bL4QojGIJLRmw07VY
                                                                                                                                                                                                                                                                                            MD5:941D40D2F49DAD023D47BCCF575EC46B
                                                                                                                                                                                                                                                                                            SHA1:F73692D6F717A38C9381A39F27E1E86EEEFF847E
                                                                                                                                                                                                                                                                                            SHA-256:6F23B5DC99FEB65A17AB83F15BF5C368FE870E6A8F3610B0E2AAEB1B69E0484E
                                                                                                                                                                                                                                                                                            SHA-512:4BF2BA18BBE7AE2BF817337C1112E200A9EA1AE10AEB61E71614BB348649E5A8635A4A5B22B63AF9D71FB4796F5A95CB34F458F8E30ACDCA13FB102F058F4A90
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......[..~.j.-.j.-.j.-D.|,.j.-D.z,.j.-.6.-.j.-y..-.j.-M.z,Gj.-M.{,.j.-M.|,.j.-..z,.j.-D.{,.j.-D.~,.j.-..~,.j.-..z,.j.-..z,.j.-.j~-:k.-..-.j.-.4{,.j.-.4z,.j.-..v,.j.-...,.j.-...-.j.-..},.j.-Rich.j.-................PE..L... ..c...........!......................... ......................................g.....@.........................`.......8........p..H........................^...A..p...................@C......pB..@............ ...............................text............................... ..`.rdata..f.... ......................@..@.data....Y.......@..................@....rsrc...H....p.......8..............@..@.reloc...^.......`...<..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3745480
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4661329255764635
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:KTM2/qUgXyWFBzj26uRD5Iva4cfyc3e5S3mHt2Vyt9q5P7fSriox5D1gjSOw6Plw:XxNEp7fSrxz1gjSOJrDQFErk
                                                                                                                                                                                                                                                                                            MD5:872A7620CB24ED83B60B1E32C2A1BCC4
                                                                                                                                                                                                                                                                                            SHA1:E9DEEC0EA9CC150DACF08F34F2ED521A14E0F9F7
                                                                                                                                                                                                                                                                                            SHA-256:3A74E2E6CD457D20910AFB03DFEAF034ED172D83AA0441E9C852732D3F352991
                                                                                                                                                                                                                                                                                            SHA-512:7860E4FA72EAE50A344A2C1B4E56AF37934E4D8F813AF213187D295E821B76EF9F2EB9AB67D78B52AF7A87521126CCFE947FB0075F8ED515BBEF0D10156063CA
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......A.s.............^.......^.......W.......W.......c.......W...w...^.......................^...............^...........G.................................................Rich............................PE..d....i1e.........." .....h*.........@.%.......................................8.......9...`A.........................................V3......W3......P8.......6.......7..R...`8..X....0.p.....................0.(...`.-.8.............*.x...PS3......................text...^g*......h*................. ..`.rdata........*......l*.............@..@.data.........3......f3.............@....pdata........6......N5.............@..@.didat.......08......h7.............@..._RDATA.......@8......j7.............@..@.rsrc........P8......l7.............@..@.reloc...X...`8..Z...z7.............@..B........................................................................................

                                                                                                                                                                                                                                                                                            C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):823200
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.402746384497596
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:VSHEuSJFVw4CkQGh5YHWSGBjfPJwo2E9f0bQZQm:VSkhJFxCkQ8YHWPFPJwZE9f0bQZ1
                                                                                                                                                                                                                                                                                            MD5:1E30845BEB801995E8E63550FDD646AF
                                                                                                                                                                                                                                                                                            SHA1:A4D92F20421FAE1FD499AFC1E7567C261031DAE2
                                                                                                                                                                                                                                                                                            SHA-256:05B19FA8537E3DDE3ECFC33951AE1D3B79C612548C95DC466E068160783B7C28
                                                                                                                                                                                                                                                                                            SHA-512:44A861A505B498EECEC2A24395291081C231476AEBB890493F0ACEBFF0620989A323E3AE20649D40BB772B41118909CE1C856B03C490B381AF969F3346D3300B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........CVm."8>."8>."8>.J;?."8>.J=?."8>.M.>."8>.W=?."8>.W<?."8>.W;?."8>.W=?."8>.J<?."8>.J9?."8>.I9?."8>.W=?."8>:L=?."8>."9>.#8>{..>."8>1|<?."8>1|=?."8>.W1?."8>.W8?."8>.W.>."8>.W:?."8>Rich."8>........PE..d...[..c.........." ................................................................e,....`..........................................................P..H........x...........`...... ...p.......................(.......8............0..(............................text............................... ..`.rdata..0....0......................@..@.data...Tt...@...L..."..............@....pdata...x.......z...n..............@..@_RDATA.......@......................@..@.rsrc...H....P......................@..@.reloc.......`......................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Bold.ttf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansBoldAscender - Open Sans Bo
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):224592
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.417825673886155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:JmT6w+rgw9JcJmHeJvjzauutgCNktQFvmnoxXTS4uvpt:M+/9JcJlYqCNktA+SXfGpt
                                                                                                                                                                                                                                                                                            MD5:50145685042B4DF07A1FD19957275B81
                                                                                                                                                                                                                                                                                            SHA1:C1691E8168B2596AF8A00162BAC60DBE605E9E36
                                                                                                                                                                                                                                                                                            SHA-256:5894A3649B213CF5B2D673B6E7A871815FD1D120FA68A463592F27DB14EAE323
                                                                                                                                                                                                                                                                                            SHA-512:9C995725AADE5F126C727FAF1C4453344E37B590A14152D31D44DCA3C9328A54207BBC7C840695CB55BC1B559097B457888655E11199192CD5197C85AAB8B1B6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:...........0DSIG..t:..W....tGDEF.&....S.....GPOS.7.7..S....8GSUB.+=...T.....OS/2.u.........`cmap)./h........cvt .-..........fpgm.s.u........gasp......S.....glyf......%...K.head.......<...6hhea.).R...t...$hmtx$...........kernT+.~..qp...6loca..`+...T...Vmaxp.5......... name.f{"..'.....post.C.l..-...&+prep...k................:.9._.<..........B........J....................................y...............................X......./.\.......................3.......3.....f..................@. [...(....1ASC. . ...........X ........^..... ...................J.u.....+.-...X.5.?...R.!.....R...=.\.?...X.R.?...=.H.u.N.....J...y...N...N...#...d...H...7...H...B.H.u.R.?...X...X...X.....-.f.....`.....w.....{...d.....w.......B...h.P...............^.w.....^.w.H...h.^...).....3.......V.........1.....N.....3.B...J.....L...V.......\...\...\...).....B...q...q.}.....q.......B.....\.......\.......\.y./.B.....................7.'...h...'.R...X.....J.u.......R...q.....h.....j.......d.../...R...X...=...d.....m.\...X

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Bold.ttf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 224592
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):69344
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997723127400972
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:Flvs+oiW6K/p1OAvv/OKFcxuoj3NfNICgV5ZQu5mwTvdqVMfLfs0:Wf3Xn/hF4JN+6wTvdqVav
                                                                                                                                                                                                                                                                                            MD5:27D0867EFF42066B0B4B353DEC9F3253
                                                                                                                                                                                                                                                                                            SHA1:E23C5C182E7963CF518EF388919BA18CF63E0022
                                                                                                                                                                                                                                                                                            SHA-256:BA6577F6AC0123D8BC4F7005EF720C40932AB5FCE644F907311C4E6984F1CF0F
                                                                                                                                                                                                                                                                                            SHA-512:94B887DED1AF9E6738066167AA1D4C93A5600832AA7CBDBE9672A5988FF065F365BF9E64A60250FB0578E1D19D692C50C714C50E523561A5568A22A88E10E809
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.Pm.........R.%...o.[tx.....>FF....UE...N..s...)......9...$...8...]..`.z\.L]...K.#M.,.cT..&....P}..5>.....-#y..^..1v.. )oWq..%a.O..Yu.l..J<..E....z...s.:.....}..."s\AH..SY.@<'..#o8F..W...TCMG...} ....i...b.EL.DDQ.hZf.Z.N...R.^.........$.q..c...7......T.......Qb.....R.]..eS".K...2..K..H.z.3.54....1........hM......3..U.PV..&Y.-o..yXk4C(i...u...>.-..Z..CSC.[......7..1w...w*~....X......>....F..R..j&... F@IT.+.tP`./....z.....P...XE.k..B.:.s........./.. $`..}4..~d..A..^.Z....J.}a/....&...f%..... .{8U....Y2.....r..l.nE..f.-..,8....Ye......1(.....a}....L.|8./\OHe..F.H.....Hs..~E.fT.07.I-.!FG.=..%.I.Hi..$.RlYP..V6F}.m.XR....4*x......y8....U..d]`.*.E...kp9L.N..ro.X..)vQ.i...r$.d/.~}..+n.........$...Az.Q....z.4......@k.Lp.#...!)D@.b..w.N..e?R.(.z.D."*z..@F._..[.9...G...[..K..(..s].h.s...O.../..5..b..z>..'K.p5......nsy.%....._i...!.vub.|I...)....q.c>9...%.FxK.Tj.....0...0.s...9!:.VE.<...a.0*..J.u,$..j.....yS.d..0M.q._.Q...........b...o...!.,-..M..=..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Italic.ttf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansItalicAscender - Open Sans
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):212896
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.4588022246365755
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:pd+7UZNLjEBNutgCNktQFvmnoxXTS4ugD9:jVpEqqCNktA+SXfVD9
                                                                                                                                                                                                                                                                                            MD5:C7DCCE084C445260A266F92DB56F5517
                                                                                                                                                                                                                                                                                            SHA1:F1692EAC564E95023E4DA341A1B89BAAE7A65155
                                                                                                                                                                                                                                                                                            SHA-256:A54DC8488F8193BF30C3820CF6F261F911F9D328D699E1A1B8042641554CEC70
                                                                                                                                                                                                                                                                                            SHA-512:0FE7EC4C8ECEAFE87FBBDB9780519FAFFB646A23579CE5A4F5170808284C1ED85B9AAFDAB18CC4DDCAA9A7E6E2559FA6ED984D986BA93D1BBF4BC0551D5661D0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:...........0DSIGZw.@..*,...tGDEF.&....&.....GPOS.7.7..&,...8GSUB.+=...&d....OS/2.M.=.......`cmap)./h........cvt ............fpgm~a..........gasp...#..%.....glyfPX.T..%.....head.G.c...<...6hhea. .....t...$hmtx............kernT+.~..C....6locaM......0...Vmaxp.C......... nameSt".........post.7.l......&+prepT......................_.<..........cH.......K........b.......................y...................................W......./.\.............k.........3.......3.....f..................@. [...(....1ASC... ...........X ........H..... .....................+.....+.?.h.H.X...\.B.....H.R.H.`.j...h.........7...+.....h.y.h./.h...h./.h...h.P.h...h...h.`.h.b...+.....h.y.h...h.y.j.....o.q.....V.....T.V...V...V.j...m.V.....#...u.V...V...T...T.......V.......V...'.....h...b.......'.......?...J.......J.j.#.5.'.D.o.?...b...;...b...b...b...........;...;.......9...9...;...;.}.b.......b.+.;.m.....Z...q...b...u.......;.........h.......h.s.........h...h...h...h...h.....;.o.............X.h.....7.........m...h..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Italic.ttf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 212896
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):65546
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997200581164791
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:WeMeBkHM/APtPka3x4VD9yjuq0CA7IuNFND:WSEPFxGD9yqls2zD
                                                                                                                                                                                                                                                                                            MD5:87123193B7B5F1BA8F01B76D0FE56C61
                                                                                                                                                                                                                                                                                            SHA1:A03F4E0B46CE187A381F0623CEF54C97D30483E9
                                                                                                                                                                                                                                                                                            SHA-256:5F066686BDF53B19828ECD918A0AF385FBB78BC537A2D43BA2FE807C88935D95
                                                                                                                                                                                                                                                                                            SHA-512:1A0EB3D9EC95BAA122101E6D8C627BB87DB86145B946E88086357BE75620AAC36AA52480CEE9B991C5E9D0449F621FB142ECD997F002562B835777FE5133CFCF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..?.........R.%...o.[tx..:...E..jTb].a\....m..f.g.6.........N..%^....=~..J...5....v..[.O.1.QN4.7.P..U3......x....\...i.%G...U.....>..sT.<\..E...Ro..>..cn~!B..5..e1=!..D....$F.8.....u.c.+g{{....!.t..>E.Q5..:.Lm.....c..../..+..3......2.6.a..~.Q....Z..7'Q....4R.<.....d..^l!v... ...M..M..\! A.}U..q....d..+=.."..(.JK.5......VP!.<}._xg.1.ccS..-.}.._.!.....5.DfJ.K.(G.U...4Bk.S9..at..<.|1p...:..6.b0..........2...o.N..L..W5.......@.2o.c....ae2..-.\.^.5%..%..K...0...FF`$.]..KMy.. ........={.T.*.g....).2.["P..P@.O.#<..};..Rf.p.Lb..,-..q.v.F2.OKM.Jv$B@f4.....'...d}.....vG=%J...u.....Z.....hoR....(.0%...lm.n.......3.o...t.+.+./.Cd92:.o.~5........&>.......o... .W.n.&...M.`.u..(..O.....p...VtBu?..{F:..U......+..".b.Dj..?#..]...........c^.kK.X.i......&.:..Z..+...&.-.JMo.{...Rw;.a.n.....6.4ot.....@... %.h.8..4...:.o.WB..I..2..!..n...... .k]...X...r.......E.....O]8.U......Q.].....Y0....?...P.....>..L@0.....7KGb..RR..-...+z...s..#9.....5.........y.?..Q

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Light.ttf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 30 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open Sans LightRegularAscender - Ope
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):222412
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.431002788848856
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:b4kgACfHoUGMxLutgCNktQFvmnoxXTS4uUJt:z2fHowSqCNktA+SXfvJt
                                                                                                                                                                                                                                                                                            MD5:1BF71BE111189E76987A4BB9B3115CB7
                                                                                                                                                                                                                                                                                            SHA1:40442C189568184B6E6C27A25D69F14D91B65039
                                                                                                                                                                                                                                                                                            SHA-256:CF5F5184C1441A1660AA52526328E9D5C2793E77B6D8D3A3AD654BDB07AB8424
                                                                                                                                                                                                                                                                                            SHA-512:CB18B69E98A194AF5E3E3D982A75254F3A20BD94C68816A15F38870B9BE616CEF0C32033F253219CCA9146B2B419DD6DF28CC4CEEFF80D01F400AA0ED101E061
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:...........0DSIGHE....OX...tGDEF.&....K8....GPOS.7.7..KX...8GSUB.+=...K.....OS/2..Q.......`cmap)./h........cvt ............fpgm~a..........gasp...#..K(....glyf..zU..%...B.head.;....<...6hhea...$...t...$hmtx>.L ........kernT+.~..h....6loca=Z....l...Vmaxp.j......... name ........-post.C.l..$...&+prep..].......:..........f._.<..........B........K........b...........................................................X......./.\...5...........,.......3.......3.....f..................@. [...(....1ASC... ...........X ........?..... ...........................+.7.....u.q...{.....-.R.-.=.h.h...o...D...\...........s.......q...^...+...........m...y...o.......L...o...o...o.^.9...q.................j...............o.Z...H.................................\.o.1...........#.3.N...9.....R...........3...X.J.......=.b.......w...w.d.w.f.../.-...............................w.......w.......T...................7.......R...=.T.....H...o...............N.......+.T...!.....P...d...N.u.R...o...\...d.....m.....o

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Light.ttf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 222412
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):68272
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997046190515417
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:8ZCQmLv0xf8sQc+UK8tYh+Hkswypqagyfs0aYK0/l:3oxfj+52FvZqagyXL
                                                                                                                                                                                                                                                                                            MD5:FFD7F1B4451573C600A333E1CB64BCD8
                                                                                                                                                                                                                                                                                            SHA1:BC5C3B977055B722463615C5159FC9FE3E74E713
                                                                                                                                                                                                                                                                                            SHA-256:9A077B66282170936D58A1545463A8F023DAAF0D65DB956D7A0822561DFB431C
                                                                                                                                                                                                                                                                                            SHA-512:D16ABDE88272B9EE406562B19D9D9083871748F682ADB234ADD35247203B91F43CDCFBC17C3F7E79C131F959310316F8A972DA7CB7852DDE1DFB4E9B83E519E8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..d.........R.%...o.[tx...cC,D.G.`..j..)v...B5.....B..,$"{..ZJ2.y....}....1.S..D.s(..F"F...N.~8...R.....[....:...M.V....A...Y..W...W.......c.~.|.l.........\.b`n.....;...4.i..6.'-.z.WW.c...>.5.@.....>|......[F[._..P...f....0.p..._i2..J.\..O......+W.....+u.OR..k.Ct./\....2...5.yP....P...f......[z=.j.&s.~28..C.@|..9,<..Q........B#..=i8..px{. .../.X.c.,........c.,...V......&..-..;j~.....`.iv{6.X....}@..g....Qm....;<P...c..@Es.4...)...Y.~tsZ....}.......T........Jf..b...4.i.;.m.opu.xxA..{...H.eA..W.8~.O.E.O.e..q+Z...P;;..L.V......W \R..k.m/......C........Y..._...s./..c...(.......<.s~....[Og...f.f.%..y.8.....Y...B.I..1.8C...r..i<lay61QEu...<.).$....Vi..:............i..d.......=E.(81.,S.....3}f......dKF.&.e.o.s$RLE.w....3@.8..g>,.....Z.CVx"...#p...C.L..[E.9..{..@.........|..+0.x$*.D.p:;../QF...US.f,.. ..V......J(...6...]?........z.Yh..W...C>.......@Y.....\|..a.<..)...XU:.W.@g.$..+.F@.b_.m..a...7.T.l.z.../h./f...).........O!.....D..o....,.

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Regular.ttf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, digitally signed, 19 tables, 1st "DSIG", 26 names, Macintosh, Digitized data copyright \251 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):217360
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.419276317380006
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:Y6pzdD/rIJXiQTutgCNktQFvmnoxXTS4ubCl:n9FrIJJaqCNktA+SXfUCl
                                                                                                                                                                                                                                                                                            MD5:629A55A7E793DA068DC580D184CC0E31
                                                                                                                                                                                                                                                                                            SHA1:3564ED0B5363DF5CF277C16E0C6BEDC5A682217F
                                                                                                                                                                                                                                                                                            SHA-256:E64E508B2AA2880F907E470C4550980EC4C0694D103A43F36150AC3F93189BEE
                                                                                                                                                                                                                                                                                            SHA-512:6C24C71BEE7370939DF8085FA70F1298CFA9BE6D1B9567E2A12B9BB92872A45547CBABCF14A5D93A6D86CD77165EB262BA8530B988BF2C989FADB255C943DF9B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:...........0DSIG..D...;....tGDEF.&....7|....GPOS.7.7..7....8GSUB.+=...7.....OS/2.>.........`cmap)./h........cvt .M..........fpgm~a..........gasp...#..7l....glyft8.K..%.../.head.v....<...6hhea...s...t...$hmtx.5<.........kernT+.~..U@...6loca)......4...Vmaxp.C......... names......x....post.C.l...@..&+prepC...................!..__.<..........51.......LL.......b...........................{...............................V......./.\.......................3.......3.....f..................@. [...(....1ASC.@. ...........X ........H..... ...................#...5...+.3.......h...q.....^.R.^.=.j.V...h...?...T.!.........f.......d...^...+.......u...^...h...j.!...!.?...h...w...h.o...1.y...../.....}.....s...!.....}.......T.#.`.....'...9.......;.}.....;.}.....d.j.m...........h.......{.....R...........3.V.1.........s.^.......s...s.}.s.....b.'.............3.......q.........s.......s.D.....j.............9...1.'.......R...=.h.....H...h.....#.........?...{.....h...!.{...5...d...F...R...h...T...d.....m.....h

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\OpenSans-Regular.ttf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 217360
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):68512
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997416260303775
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:WCSadJIXbcu7a18s6tYz4jtn7aEPxwGSVv:WQIrcIa18tI4jVBPxOVv
                                                                                                                                                                                                                                                                                            MD5:AA0671BA020D93BE40204B689F9B5186
                                                                                                                                                                                                                                                                                            SHA1:96673BDE88A42696F829E86376C1D8883FB32F8F
                                                                                                                                                                                                                                                                                            SHA-256:6CADA5E7BED9184980BB8F0D709E91FC7B248A3BA9FCF2A68BF85D48BC1151EE
                                                                                                                                                                                                                                                                                            SHA-512:72F79F17FC1BD9E642C2DBDABC6A5B768A257358C97DAD48E3A5F994D15B148398528BE82FAA9D58E54455CBF857B168302D12AF0F4A19818DCE5F39831F5926
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..Q.........R.%...o.[tx...qC...........mi~.$...1.....g.fN,uo=zW..a.@.2..y..H.:...;6........$....;.}..}b.. k..........1p.....Y....~. ..*.(..0...0Zk.|.c.....m....Q....N... ..Y.....G.............U..[...8<....C}.S.q.O..y3...\K3K.f._C*.;......:..X......=.8..:o........?. .fm...0P...2>_'.U.w`...$.i.P.............>.@1W._.......}...?...1.............Z;Jr...y...-K...Y....Y=Xt...9..1..,.S?3z....!.=e.>.)n....o..pA.....5..@z..".......27..{.j}.....>...Q.../..m.M.-(:.>=....g.$0@.j.K2(l..6+.[..,=..j.Gqw~>.;...b.P?l.....*At.U....M......6.&..-u.X..f>oJ...._.J.&/R8.........]..K....jIT..... .]|..]0..1.od....kv..Ly.....1..Y.......Z.35.........j.v.M......%..N.Cd..o..&,.K.....t...`.g....N.....Usv.$..{...........~.)1.i..R..Pi.R.5Ry#+.kxh.B.u..p..~K/...^........?....W.....4>!....fc....tRc..6U.t.:>..(..3.CN}M]/_.O....A.q... .EB..W+.P...P.........b.....S*.?...].B.S.K.....i...........x.%..S.<Cx..uS.5f....#.u.c.m...~:"...F.X.2=..YN.2..h.M...h..?..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Bold.ttf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, 17 tables, 1st "GPOS", 27 names, Macintosh, Font data copyright Google 2012Roboto CondensedBoldGoogle:Roboto Condensed Bold:2013Roboto Conde
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):141796
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.564942499216475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:mbSquVx4PRILqO/jXTGwiliI5Zju5TzLJEzEXGpNj/brFcaiqprTQgwYwO3QDqqs:mbT9IF7PIrUYohYQRG+tbM
                                                                                                                                                                                                                                                                                            MD5:52F9B35F9F7CFA1BE2644BCBAC61A983
                                                                                                                                                                                                                                                                                            SHA1:C348D9F1B95E103AC2D14D56682867368F385B1A
                                                                                                                                                                                                                                                                                            SHA-256:28A1D37668B4CF94FFF5256E9639F175BAF4DD654EC84BA910485D38BEEFA6BD
                                                                                                                                                                                                                                                                                            SHA-512:DE48B5E6751134C7FCAA8EE4C734E0F458E86FC59249EF19D9C45B7098EB7273C4119D5944332465080154A3D9C8ACDB1AA84CCCE011BBE5C7F32251ACDE6CAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:............GPOS.........S.GSUB1..m..$....dLTSHoq.....@....OS/2...........`cmap}.....X...Xcvt .Y.=..!.....fpgm+.M.........gasp...........glyf>..b..*...}.head...q.......6hhea.......T...$hmtx.H.7.......Hloca(....!....&maxp.?.....x... name..4E........post...v......#.prep...... l...G........r2.._.<...................7........{.................b........................................._.................................3.......3.....f..................P. [... ....Goog. .....b.....b.+ ...O....:... . ...................Z.3...,...O.L.Z...;...4.y.m.x.&.9.....6.../...x...|.......P.......<...5...5...R...P...7...S...K.......Y...0...x...j.....O.(.n...p.n.@.J...n...n...n...Q...n...}...5.q.n...n...i...n...K...n...Q...o.U.C.......^.i.......g...d.....<...j...........&.....u.I...9...\...4...6...E.......6...T...i.......\...i...]...W...:...\...6...\.x.".......U.................s.A.J.,.....J.*.a.Y...}...Y...\...J.:.....l.[.T.......R...b...7...s...R.......u...W..._...O...d.Y.x...8.6.....S...f.+.h...<...c

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Bold.ttf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 141796
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57620
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997011687675609
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:ivlvKDGH9s5MKqBSfmsDHaS2FFMP+nnjX:ivlvKDGH9s+BSfzaSMFM2nz
                                                                                                                                                                                                                                                                                            MD5:1842AE66B7D10245D813A54A84DBA69F
                                                                                                                                                                                                                                                                                            SHA1:1F2D153A92AE04E66D612ADA3A2000E157C0EC2C
                                                                                                                                                                                                                                                                                            SHA-256:69D3C8898C443BEF1910900D04AA76052F801EBC317AA0D8D6394096788ABF73
                                                                                                                                                                                                                                                                                            SHA-512:E0FDB9225C33E3A19385679ADD0019BDCC750DD9DC723297B8E6E2B0CE8B7DE2C7B742F1434697D9C4744BB4F6059A001EA1517858327E1B4857ED64224B391B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..).........R.$...o..g..'8z..........mc.P.._.*1d4........vw...My.-..8..z?.E...j.........E.q.J....~a.ms..?.J....4;..\...4SY.......VcO.C..;82.u.......5....VN...q.3.$t?).v...wt]x~<.,2....Js..:j.7...).5..D.b-:w....;.vbW.a>7.Of.s.....@>!r.p..3.o.!.8...>.b7\."..'/F.h&u..!..Q...n....e.aC.?.....P..F..}....5Q%U..u.....Y@2Y.....v&~7..NE.4...s...;+J...,.. ...W..0.[?Z]..5..].(n....N...)...O.ju..4L..2.....@...R.APu....$..CCy*..x."$.z...?..o...p....=;....^T...r~U<V.2e..<...n.b..<...w>..m./{.a.(...&.(...C.%{.^...........|@.....zuJ=.Y.h....2..?Y......e...Z....y^N.....!t..V...."...u..Pq....|....`............4".'].j..e.8..?.\...#w]=...._4.H....r...9..H...m.....6<!tlj....{?......j.k.z~.<..-...=..Kit?2......1...D....!........\z.....NW.G..u.ms..s.X..{..T`....R.iz............{.A.......1q.*(l.fp. ?.u_.aT......Q..n.e..$.N.<e.Hs.78..R......=2U..Q."=Y.6.e.Vm...3...~.jz.-.......d...x,vr..........'...A)U.gT\$...?=u`V..!........[Z$!7m:..b...=..iC..p......+8.g.D&.tz.j=

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Regular.ttf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, 17 tables, 1st "GPOS", 27 names, Macintosh, Font data copyright Google 2012Roboto CondensedRegularGoogle:Roboto Condensed Regular:2013Roboto
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):140396
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.588782717230592
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:LXd+rtH61MsgXbu4vDVjOvG0uvsb4hoNo6bdkuqYfh3h4/o+K5/j0VNXFYG2ZtCh:LXd+Bygrhvse0uZWJjNpG+tbM
                                                                                                                                                                                                                                                                                            MD5:0E1821FDF320FDDC0E1C2B272C422068
                                                                                                                                                                                                                                                                                            SHA1:C722696501A8663D64208D754E4DB8165D3936F6
                                                                                                                                                                                                                                                                                            SHA-256:4A7C36DF4318FEE50A8159C3A0EBDE4572ABAB65447AE4A651C2FE87212302B5
                                                                                                                                                                                                                                                                                            SHA-512:948ADB943BFAE5807E0E88A23364D8E706A8BDFE8C4D00592A95CDD34081A64A8D44C4BA6E33A65874AC8A7117927C3DE2B995FDC57C2746AEDD7161DF727293
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:............GPOS.......4..S.GSUB1..m.......dLTSH...w...@....OS/2...........`cmap..j4...X...rcvt ...B..!....2fpgm3.O.........gasp.......(....glyf......*P..w.head...h.......6hhea...o...T...$hmtx.~.........Hloca2....."(...&maxp.?.@...x... name.....(....post...v...@..#.prepF..k.. ....j............_.<...................8........g.................b...........X............................._...............H.................3.......3.....f..................P. [... ....Goog.@.....b.....b.+ ...O....:... . ...................M.S.-.9...].F.a...C.?.R.Z.u.^...&. ...C...5.V.I...........`.......N...K...8...u...k...B...Y...N.......[...=.......r.Y...c.I.q...b...<.^...............f...........;.k.................[.l.....].....?.N...#...u._.....).X.0.L.....O...............5.....O.P...T...t...K...N...R.o./...N...q...........u.......t...r...L...t...N.y.t.{.@.t. ...p.|."...).|.#.|...a.L.R.7.....R.....l.......a...M...Z.......{.C.W.......X...k.Y.Q...s...W.o.}...z...Z...e...\.g.p.......>.......d...\.&.m.Y.U.&..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\RobotoCondensed-Regular.ttf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 140396
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):56136
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996846349313948
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:ziXRj7VEX0N2G4Et4SUxeunb7EkO3kk6+65FHNYiT:ziXRjx8REoxeufTO3gr1T
                                                                                                                                                                                                                                                                                            MD5:C550A3B72DA2DF6093CCCC00A7EAA664
                                                                                                                                                                                                                                                                                            SHA1:CF8EDE2AF13057C66E4DEC805D9A8E3E50257F88
                                                                                                                                                                                                                                                                                            SHA-256:75E0C58A46AD2CB93AB59D67F0D8ECAD1F8084836DD4AE073590AE209D0F226D
                                                                                                                                                                                                                                                                                            SHA-512:AED987D70941378FDDC485C6FEEB8D37CF71379AF5A37D386FB5EE98ED69E6507600F458B4EBCEEEA4B0CD230758B4FAAB6E82E98658A67F875E2BAB6C5AFC23
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.l$.........R.$...o..g..'8z....."..%_oa..cE.`..%.5..:..ml......q.i.&.N1W...D.........j3...V..]......x.oOs].8......(.QO.Q.0..........Vn+[[._...){n...UV.\.I..H....0........u.qu.....5H..#....>%.7..}..1F.@"V..|n1........V.J.B<......&....#..y..!.....H.|]YIu.r`..I..Y....Uk|?/):7...]|... e.l...<.~.....W...r....+..r.G.x.B..L..8gw...%..,g...Z..x..^....i."....A.......D[]..*t...Zf.8..7+(...|u.G(...{......b(...N.Z...<..|..........J.. .......0.8*1...[..6..6c.xZl........1.b..3.v..5...o.......*0n..l..P../.@.+/.O.2..P..g."...?"s..!.b.b...cg..8......G../..7G.J.6...5.........g7.U..<o..%.-......Q.......^\...<...A..@.G.n.....:......lGC..o...v..Em.6.46.....FB.../]..:lzI.Zkk.k...I...v.f(...m...X..j.....O+n..F..)....@~vC!..pm..f{.0.@..Q......pkY./2..C.....q.U....6+P..`X9....e....e4f...i.d'..Se.d.R;.l.x>M.....>.'...=.....Z.z...*f+..e:Q...RFY:..G..e...Q7`]u..j.......3.....a.U.h.1"..y+.J.].,...!..5_.v...B.?=..f...d!.`Nn.f..ZT.cMge..+.t4t..VC..rii....M[.....m..I.R

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\proximanova-bold.otf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:OpenType font data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):112532
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.914743636282392
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:9adb0bDpWsk4Dof6rVMPokpi4lPxGcmdZkmiaRThAwTGyWFXWG7hqp:ib0xWn4Ef6rVMPZitnd4aRJTGy6XWWk
                                                                                                                                                                                                                                                                                            MD5:0018751AC22541E269F7C8E0DF8385F6
                                                                                                                                                                                                                                                                                            SHA1:541E47F0B29737B74C2758B1F040783485DE2A6D
                                                                                                                                                                                                                                                                                            SHA-256:9F4D35BD7CA167C7659A872BDAE6FDE11C306B07EB5C758BAE762F7258B39071
                                                                                                                                                                                                                                                                                            SHA-512:6B6465848CDC0FB24FF2B1953E71B17C19E5E4224857DF761222224778B4659443E8CE21BEA15C76ABFBCD9E371E607A0C1A94ADDBE761C2F07C1648971406C8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:OTTO.......`BASEe!]...-....FCFF ............DSIGUWU....l...(GDEFkvl....(....GPOS.gJ.../D..VRGSUB...o........OS/2.......P...`cmapy..q........head...........6hhea.D.....$...$hmtx.#v-...t....maxp.~P....H....name.S..........post........... ............_.<..........!.......!.........7...........................T...................}..P..~.....2.........X...K...X...^...!............ ...............mlss. .............. .............. .....*...........7.............7...........C...........G...........b.........<.s.....................-...........................................................).,...........U...........e...........y.....................................................................n.............q.....................6..........."...........x........... .a.........Z...........0.......................6.%.........6.%.........R.[......... ...........(...........*...........6...........*.U.........*...........2..............Copyright (c) Mark Simonson, 2005. All rights reserved.Pro

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\proximanova-bold.otf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 112532
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):58729
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997121368034726
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:1Yb+q6jdY9d9T3LI0vjizNBHFK6GgZhps:1G14Y9dRbljsvlZ+
                                                                                                                                                                                                                                                                                            MD5:D9785485BB0F00147E00BF94163DDDB1
                                                                                                                                                                                                                                                                                            SHA1:590A81DA0588E7764301784B2897E01C352A28E7
                                                                                                                                                                                                                                                                                            SHA-256:E6FFE1E737F90B865C8DCB20CD280DE7CCEA53F4B9E30FDD4981B0FD5F5182CF
                                                                                                                                                                                                                                                                                            SHA-512:29F6E8F5F6CF05A87B6A17C3D85A750BA1E1D50038D7A07A47D0C2090A802A2D066E350BF9B4908B6F3D37DB6455BFFC29F143D78868047444EA935F202430BF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........'.,.....x..{..T.x.s.@Z...._...Q.@kIj....D..o7S.al.LYo.^9Q?I.&......*...."..Z..b.r.Z...k.|..O.(.x..'..}M.jCJ....9.{.........X#D:cVX...o.sX......h..M....k..zn.$.@.'.........!..PT......x..:..@...N...{....J......{%.F,.z.........8D...>.n...T.\`C....;.L.[......Qy.......b{....uiO.d...H.>m.xs.].jMBGX.O.0...w^..?.M.F..to...H.@".....[............$.....E.:..*.E..L..2PW2.o.}}'ZV.m...il...\..k..<.2..7c.,.....y...U.Z..8...V.t.....0.%.u...~d.G..{u@q#...0{......v.}/.a~.%i./oa>[`Rh.R............j.\..R..o.......R..}.....M.F.!je...E.....^/...`4.\..>f.R...K......}........5..;u.kR...t.H.p>)....$@.....[..o._/.|._.B.v..WYl....J.hx.k..o.r`.)..%.......K.....^...7l......UyS9.OZ.}.sU...@.b.i.BJ.Wr...N..#@......Y#...dp..0..:85..M]F.08.n...X.....Aw.z.3Sw%S.."..*.{..>../%..{....c.;....u.b..Y..xk....OFm.._.`.l....C.pOD..._..u ....&....t....?zR.......6...R?.@.|e...D..7........x.q...].W.>U...t.87.,.N/........%..$.?.$..........7..1....P....k......q-.H...

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\proximanova-light.otf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:OpenType font data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):109800
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.930965600483403
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:ku0xdFTu4d506FUgH4hO4EPszuokgMPQfyKQkPXWWRS:ku0xdFTu4dOLhO4EPsJkFQfxhXWWRS
                                                                                                                                                                                                                                                                                            MD5:B7913E898D3CDDF10A49AD0DC3F615B8
                                                                                                                                                                                                                                                                                            SHA1:560917B699FE57632D13CF8EF2778F3833748343
                                                                                                                                                                                                                                                                                            SHA-256:1E90E49B182C8B5876EE6805FF3CD2E39A23FDA79DF33D2E8B57020D6F208334
                                                                                                                                                                                                                                                                                            SHA-512:BAEE3E6114FB8B4F946CD85FAC7BAE19E1CC681820C6C5824092AD955E70CE7253AE471AAA28AD97412E67D4A9C741137BF3FF27233BD94B6D3A654F72ADEE16
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:OTTO.......`BASEe!]........FCFF k.r.........DSIGUWU........(GDEFkvl.... ....GPOS5.>>.. <..Z.GSUB...o..z.....OS/2.......P...`cmapy..q........head.U.B.......6hhea.......$...$hmtx>)..........maxp.~P....H....name.........../post........... ............_.<..........!.......!.......W.7...........................U.W.................}..P..~.......,.......X...K...X...^...!............ ...............mlss.@.............. .............. .....,...........7.............7...........I...........P...........7.........<.l.....................-...........................................................).&...........O..........._...........s.....................................................................n...........$.k.....................8...........$.k.........x...........".M.........Z.o.........0.......................6...........6...........R.I................................. ...........(...........*...........6./.........*.e.........*...........2..............Copyright (c) Mark Simonson, 2005.

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\proximanova-light.otf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 109800
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57622
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996663251806246
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:iMZm4SLRDdy3Iirbbl4YWkd3bJ1xR0tKBEumYAcwp7AVVObq97iWouAeH3Pl+27V:QRo3IYl1x3JmKeumYAv8Vp8hul/lVZH
                                                                                                                                                                                                                                                                                            MD5:EC1225216BBADEEBD5EC73A3BC3B22C3
                                                                                                                                                                                                                                                                                            SHA1:8C4AC33C84720F549AEE233189D031D680021F02
                                                                                                                                                                                                                                                                                            SHA-256:1415DF6F93F835EE3172A357458DC2EA647E7B42C9668B3EA04B69D8CCBBB583
                                                                                                                                                                                                                                                                                            SHA-512:2124B8A6280E418D90C851BE925E82014754038BCADEFA8CC42F1CCA3EB18303459C819609DD0D95897D1C3FDE6926DD4E2292B80BB1C9B528F196829324F199
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.........'.,.....x..{..T.x.s.@Z..[.-!...z.......a.........;.C.p..d..X.`...X....i....1.X.5....T.....M$..B.'...F..k....|E....o.B.A..T}s7..0)#h.~t+..].HZ2;.Dt=.h._.....]]_.)ry..e..n'W...H._D.F...............6v`.G.QH.I..#..?..K.F...U....SZ...@...B[Hh.K....t.!..EC..L..@....3wC`N.<...l.b.S.&...T..P./......D.y.v.!%..M..@y...3....]k9X.f@...e.g.,...m8......].B...lh.W.\Y>C.#.MY.=|a...\..T...V:......(@.n.<Es<.h..(...G...!......3..7.......y....Fz\..;.v%@C.A.(9.<+.B..>*h.......^5.;b.3N,....,R.@.a....y..$.].B. k+C.4.G.K...h.%..4......S..y4>...].........3F.>8j"&..-~8.+..$...z......|.....5R.E..{+.w.S.g.=..|....ra.?.9..b...r..]....`...#.B.8.MB.Q..X@s.4No....4/..?.~.......m.x.{._...'/K.....|Z.....$.....*O.....P.....wC....?[..@..=q..xk.a..T..J.`.Nhe........qI.v.vr.i6..n`...D......h.c.XZ.VR..]....A.......g..m..S.X...H V...Ed..j..u..!iN.UO..%...!M6m.B.3B...).EH.?)...WN.Ct...R...."Oo...#...,G.kU9t e.p...K.......hZ9d....>E.34.p[..;az..`..A..W.......

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\proximanova-regular.otf.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:OpenType font data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):109812
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.934026734078094
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1B00x3/lCcVKNttpkRdrZs+ElPxBHMbUSiuj+UKQkPXWWm:f00xvlC/9MVspPxegkYhXWWm
                                                                                                                                                                                                                                                                                            MD5:9372D1CC640DF70D36B24914ADF57110
                                                                                                                                                                                                                                                                                            SHA1:374508B24EA24906F25655DE27E854E69CDA2935
                                                                                                                                                                                                                                                                                            SHA-256:31DABA103891ABF8B4D0537661117A8689C9EE5D91EE264F74E64EF1BB37A61C
                                                                                                                                                                                                                                                                                            SHA-512:8100E80E7C7A6283A348FB0C2F9339600DCA96F8DB21E49C3C875CA6C0129D87452CA0D678904E40F65404F5C78B37A82718DEF85EFC085D5F2C9D0FF94182D4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:OTTO.......`BASEe!]........FCFF .`..........DSIGUWU........(GDEFkvl.........GPOS..S".. 0..Z.GSUB...o..z.....OS/2.X.....P...`cmapy..q........head.i.4.......6hhea.%.....$...$hmtx`.._........maxp.~P....H....name...}........post........... ..........._.<..........!.......!.......p.7...........................T.p.................}..P..~...............X...K...X...^...!............ ...............mlss.@.............. .............. .....*...........7.............7...........C...........J...........7.........<.h.....................-...........................................................).$...........M...........]...........q.....................................................................n.............i.....................<.............i.........x...........&.C.........Z.i.........0.......................6...........6...........R.C......... ...........(...........*...........6...........*.=.........*.g.........2..............Copyright (c) Mark Simonson, 2005. All rights reserved.Pro

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\Fonts\proximanova-regular.otf.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 109812
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57774
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996792103044516
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6KWLiHVcITNjGrjXAVC5vPHZ/Wj3hVfqP53AAV6Oz:tyOCkSAC5vP5S3hlYyGz
                                                                                                                                                                                                                                                                                            MD5:2FCBCA6D0E81E7C8D02AF44B60B46B72
                                                                                                                                                                                                                                                                                            SHA1:DFAA96F473044194111E054F0DC06EDAAD21D8DB
                                                                                                                                                                                                                                                                                            SHA-256:B4AE8FBD5052CC5FA6BC15AC1D874BF448A98AFC838E470F82F6743425971514
                                                                                                                                                                                                                                                                                            SHA-512:BDD7B879CE39050741FE28CA767FD029332A5C2C8B0CC244227358414D296CB38230784EBF031C33F06ADBC0314F9B09D465EDA6287910E74785E1DC3D79F8A8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........'.,.....x..{..T.x.s.@Z..J.m!...z..N.O.0l..7r.o..o.....^^M{q.K....(ET..b.$...=K.b....W.[.....;k......LjO.d2)...g$N.Z..q.F..N.wZ...>...W.C>..PY...u...........yM\W.w...I........;.9vm?*.?......n80.m....nx."/..Md....<.N.[.....2...9..u...Nz`.k...xu(...g}....Yi....;6..du...?.i<.E...6zy....}W_......k..*..>.`M.........|..p...r.....>..S.i.-*X^..a...Tve\=..4..g.h,.....i...8.].w.@j. o.Z4._.m...|_k+.1%..3..c...b5.......ZR...\..y5]A"0.z...w.;.h.!+..^+.MY:.......w.O..0....v..g..i...b...k~.!Wf$..`..[.8J.R.....f).K...tC...Q.Y..v.@P..p0+.R..l....7e3.{h.+r...g.S...-j..HD...,.....o....M.6<L...q...g....F}...w..u..Jc...H^.|.7uM..?...U.y._..v......~.lu. L...q.O..Y-..........v..:....U.B.a.[L....1...<......f....*..N.~.>9.,..C.....2..L....N......60......Z...yi..;W.j...].Jqv%z!.n.t.,b...g.Q..".Z..s..H.@.\./..Y.....*.RV."O....'....q..e.+..$.C.3...W..........\.[...z...cA.80.o..~3r.g....LY....m.R=.7.6r..H.X0{.......*.@<.:.....M$..-..C.+..}(...}...9

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):555659
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999646181497576
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:TzPWS8pkoyQC3RZAh5PJvC2TQjMNJ9KHAwS0VHtkpyC/uuAs8:29pkDR2h5PNC4ogwxHe5W
                                                                                                                                                                                                                                                                                            MD5:0BD42763975DC54AD5EFDCD321C750CB
                                                                                                                                                                                                                                                                                            SHA1:24202455A58C7CED31240A90603C6489728BBFCE
                                                                                                                                                                                                                                                                                            SHA-256:4845A0D7B287399933536C12AD5549FA4F4D49F42500C7311DC2C3C108480A7C
                                                                                                                                                                                                                                                                                            SHA-512:9204678DDEF894657C0F6BD5451294E104FFDEA90DAE12FC3F642547DEBB80435B0CC9D08680F50482BC1236DAF5AE1CD79C322EADCDE7765E9E251231753E79
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]....a.;..=........y...>D.M..7.......4S.........l.+1.1..l]|N...7...fx.).N.D.5.F.w......'..Af.>[.u\v........t..E..&.6.u...0...,.V@aI..w.......N`.........N"....c.ZLO.Q.3.>/.g.Xy9.a>..u.SY....c.(...3).j.w..U..G=.vX..C.;v...0.88.._3.......0)dZ.*..f..x....A#vWF4I.'.....Gk..!.......5.;..q.Dl.MJ..?.....^..;Ds<e...........)&+.."..N....y.....C.".)....C.C.w.Y3. ,.%1Z.J... .wi..S....I.vt\w.:....oN.K.e.\.........~...V)7....Z'.....}..-.,..).i..K..fp../.e.E.........@.~v....#..5...I6$.UJ.T...*z.....tv...R...TN.(....q.M...F../G.o....R...(~.....y(....GT.{............qT*.^..6k.{. .F...U..{K1.....>...t.f.^F..x.L.........o.p.#o?.M..6..c5...x.<.u.B&.V.7...Qd$..I.{.6......cD..K..Z-.....A6..v..m.e<....p...a....L.8.A...S....P..].~}=.:T/XX....DcC_%...'.s.:...2.:...?.I..)....Ak...9...9..o5&..K[...`.T:r..5Ubm..u0$.M\A.\....G&..l..,j..g'.2.~.....af...6]xZ..{..B...9.f6.3E....o..O..W./7.+.`7...Q.).R....d..:......b....0..y.y..-..uis.!..J@By.v?..0.....1.aQ..'.$%&'.+...t

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 555659
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):563405
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999626848122112
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:4KlnFUpAm/XmzpMXJXUGtI793oVLmu+yEcU+Bw6AXxgo2Gxf:Jtzm/XaAX1tI79OL0yEcU8wUVGxf
                                                                                                                                                                                                                                                                                            MD5:A882E29D2A00BE8B2DDC54B9A89B7407
                                                                                                                                                                                                                                                                                            SHA1:BB9AC5B409010A1666DBC5634F2FD248C0FB4807
                                                                                                                                                                                                                                                                                            SHA-256:DC640619E16862EB7009AF753F48FC4034333086C19DF6A790FFE99CFC324809
                                                                                                                                                                                                                                                                                            SHA-512:0A27A0A5AEFF1D4F5884EA4A5FC23043D49AC78E00FAFD0FC101B9D81A2AE68DCFA31001E7CD3CEEADCD3069AF3AE928AC11DF18A60AACFA2D703716680101F3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..z.........0.&F/H.<..V....)V0|O.....8..,........"..I....F.PA%=c2...n.v.Y........|5.zu..k..$.N.X...{...~..s.E...D...<E..7./.......QR.......A3..z.P.....EW.F......^......%C.(."...[gM].......'....>.3..=?...w.j...[..%.....4._.X.kk..|W..6..._Wi...%.......HK.$..rD....Su...IZ.d..=.7.._..q.......y..]:q.gD.xb...."..Y.;Z...^...DwI...o.2......o...@E.ow...D.....C[...nD....B.:....Bq..T...k...mrX./...`.V..7...;...v.......T../..>M.u.M...`....t.]b.."."'8.....I..2~E(.....4.U..r:4.FU..t~D.#Nss.......E1....n.-.."O.W.f.8.....i.../s.4..s.+.$.......`.L........4.C..1?K.5K..#EY..2.[M..3.f{...t....wm.S..3A4.+..9......{.t.&...k.g...2.Z......S....3..6.ND.N5.mzn.oA.XO....o.2`.......1......{..i.....O7.#...b..#.M..E.x...U.....].6..={_(.=..Mh...).v..} .bz.c..\..<..N.PT..N.X.R..jQ...%.....u..{...e0u.|...f y.D..N........m......$ .....Q.j@.n.L8M..........C.A...hxGz.\..+..w>B.....W........Q......5QW..P.$......s>..,/e...r.......$.......L.w.y........Z..............

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ver.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Jn:J
                                                                                                                                                                                                                                                                                            MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                                                                                                            SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                                                                                                            SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                                                                                                            SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:15

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dndrules.dat.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1250
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.812941980767714
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:pd4QxebwBgKNIg5gZpfQ2z7IoK792gH7wiu9jLGLXAAaY:AAebwaKNd5gZpt8wtSXAw
                                                                                                                                                                                                                                                                                            MD5:1527C1FD5DA898C3BDB68B8A105937A4
                                                                                                                                                                                                                                                                                            SHA1:D0F9FD4A698F91F54F78DD2043C1349A7E4AE7F3
                                                                                                                                                                                                                                                                                            SHA-256:C269C9E66B2ACDACE62E8AB631F39C24801C4644193BB3934A8DEA3C43F669DF
                                                                                                                                                                                                                                                                                            SHA-512:D574498392A55B47DC81276D63A33E9870232E77F60AC0D78C9BD29E3D419D015A19241E86A7963191643F6C0D0FD2DB613CA5290D559C3801358A60FD5CD27B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]....&....=.=@P...m^<.`..`..>g)'_...!.......3/.....E^."*.9?!..D....b..P....v.:h.hG..Ik....WT.F....b.1.....7...h........$.E..... = ..a...#.:.....[.fo:.oN..3Hv.o...]{...mz&."..n...S.S......K@...C...dPyi*.|....UP..aQ..U&7O.z6_)...7.B.v.V.i....M(.....0F...1..#Oj..GN....r.."...B......H6:Sn.k...#.....S...g.$....F.+`..o`.c:.3... ..CN.D..@.gr7.\....$....h.Ko6....`....$....Da^$...)..d.M.......l.......E..O....i.."..=2.....V|.#C#.......3........n.........?...eD...2.....9..D..P#..K...o.!....-....E..OC..........V-d..b..Z.}C..%...+.$..i........Tg..8......%..#M.6.k......8.b.)....D......b...$n.V<3.o.19...iD..GS&.*....Q..... 6...jJ...2c..(.\...U57&!..MM..P.{c.b.R..%d....%k.....F.5....6.w.0<.1'$q..H.Z'...Z..2....<..,.n...........[..E.....o..H.S.F..DW2g[*..3n....e.j....r6.....#gZ..&.7..S5..?...sS..xp]..j..M>....h./(...S...q....L.....g8.'\h...Z......C.i5...Y.EI.......U...*U.J...I.>......2.a..1'K4d>C...w..Ie....f..i;.A...[].....p..[..C.5..V..+.E0....3..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dndrules.dat.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1250
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1393
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.837083223603895
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:XMpL8+/kPVrXy5kNQZxtjzvhibCO/+DDWr1XM3YR8BDv5MWfrn0G/68n6xUx5An:ELGPAZxdv0p/+DDW1M3YR8ZBMWfr0G/c
                                                                                                                                                                                                                                                                                            MD5:26F9CF613705D86FA6C0E14F6EAA9A6D
                                                                                                                                                                                                                                                                                            SHA1:01D9CD2A9D7916F25B91587E5E206FD16B8958D1
                                                                                                                                                                                                                                                                                            SHA-256:F3BFB9AB78F6BD1BA667DD9D7D9F19B2E718F40936B4EDC396EB3DF9FBF5A3A7
                                                                                                                                                                                                                                                                                            SHA-512:91C445D10EB0C006E7B700D5329493D7E31D2D8CBD03DBFA0697913EA648F0DAE92D877506321944E46193525833180CF2E2A1272D0DDBAA195EAB3AAD291755
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@............0."`..-W;...k.b.mY..3...ge....... ..6Y.K.I...LCi>..&.._!=\5..T.nz6.......J.S.......0T...[.y....8..dD.L#)41?^.*.....k.......;..gj..P.J.....4..7N...X.....B..H~..Q....gx....N.F* ..2..cm.V.2.w.J*.....rMu..bn....ID.....d._.lZ....(...N...#.@..S....kL..y.....<W._.=.x....%.1. ...U.e.j.....,<x........7....-@.YN..1?..L2.r.ds..wC....jfr.....*....R..1I.....-@.{..[O.,0G.....p..q....Y..3.=......<...Z|..W........@.x...c...{E....nZ.-..Nx<.........QS..........tj.._U..<H".....(In.]#..u....w.Z.u.[2.M....6.....a..i...K.2.K....W8.....L.......({&....ZPcP.f`....6.O9......lVC...7(.T.T4.33....\..G..U.O.3&.w\..........$...'..............|......3..6.H..Ey*.<.z...)...).v..3-)L....m.(.O.V....Y|Rq.H......j..(.W. ;.q10......JF.v......O.......b................P....)H7.>2.d.-B.>.G.v[...y1M..-c......F...2.h..'...l..%.qWr.oT.}.d.G...t..i6n{j./4..Z"o.}mxw......#.PWl..C.).....G1.....BTq=0...L.I..R*...i.]O...V.....Kk.R."..~....|..../k..D......~..Qx

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dndrules.dat.ver.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:U:U
                                                                                                                                                                                                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:1

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\gaming_mode\dndrules.dat.ver.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):126
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.948526677922289
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:LXvaRfsH3IlZrHLTAXmx3mJ9wIvoRDaYgitHdDXn:LXkmwrTA2x2LwqG1HdLn
                                                                                                                                                                                                                                                                                            MD5:68239C3BAA900AF75B4D051B4D98CED3
                                                                                                                                                                                                                                                                                            SHA1:76784D653728268C0FD64587943387F50FB1D846
                                                                                                                                                                                                                                                                                            SHA-256:1CD71E27374171446AA87F0556E8533D9AFC8012F1F5A4E89FA5854BD955EC7D
                                                                                                                                                                                                                                                                                            SHA-512:8AD6DFB305D0CCF62A4AC9AD122FE6B1D2FA48DE3782B8DB3CDD649B8C7B0A6D6F3FD6B5F271AF471F428CF3F44EA40FA02AC654168238F195E2B0AC48B4037B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@....................ASWiSTRU...d..dndrules.dat.verW.KG.T...55;O|}.5.........!...N..GM.C-.......VO..C....V......ASWSig2B

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\profile.wprp.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6932
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.644506586723748
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CAZrQTrleU+wfwywewzZwvZwDwhwIwTw9Zw/ZwVw39wk1iQJ7JTJGJOJ7J9JJJ71:DZrCebtwBe
                                                                                                                                                                                                                                                                                            MD5:AD6BB231D6CA341D585CAA0881BBC680
                                                                                                                                                                                                                                                                                            SHA1:249D7ED96BD7368985770FC91243FFC27A6787E8
                                                                                                                                                                                                                                                                                            SHA-256:362C8627A8CDE159DC2B52D1C3315C4499DAFC8A5A6781ACB373307453584785
                                                                                                                                                                                                                                                                                            SHA-512:70C0943D74381C9B00B59CF28297211905A983C3C5B0203D71D9F28A1367C01D821F329AEE1FEF6D2B04F2AD6552E32D5C7F7EB8EC053691D2D1F6B21940694E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8" standalone='yes'?>..<WindowsPerformanceRecorder Version="1.0" Author="EcoSystem Performance Platform" Team="EcoSystem Performance Platform" Comments="Test" Company="Microsoft Corporation" Copyright="Microsoft Corporation" Tag="BuiltIn">.. <Profiles>.... System Collectors -->.. <SystemCollector Id="SystemCollector_WPRIELaunchInFile" Base="SystemCollector_WPRSystemCollectorInFile" Name="NT Kernel Logger" Realtime="false"> -->.. <SystemCollector Id="SystemCollector_WPRIELaunchInFile" Base="SystemCollector_WPRSystemCollectorInFile" Name="NT Kernel Logger" Realtime="false">.. <BufferSize Value="1024"/>.. <Buffers Value="2048"/>.. </SystemCollector>.. <SystemProvider Id="SystemProviders_Chosen" Base="SystemProvider_Base">.. <Keywords Operation="Add">.. <Keyword Value="CSwitch"/> .. <Keyword Value="DiskIO"/>.. <Keyword Va

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\profile.wprp.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 6932
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1412
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.876163465998879
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:frzJ6J72vPSZ9aaOC1x28cmggjpzKupuRlDYokHTMtWaJHxdOd9lVyn:frzM72v63lVpuRlRftZd24n
                                                                                                                                                                                                                                                                                            MD5:989DAF420E3F80BDFC228C8DCB6076BD
                                                                                                                                                                                                                                                                                            SHA1:553700D6E676FB827DC8C1498F946AF5471A2FDB
                                                                                                                                                                                                                                                                                            SHA-256:5F0A721FB683A85550DBB7380EF5D84B81523EEE21176B5BE0CFBC1AA4EF0BAE
                                                                                                                                                                                                                                                                                            SHA-512:EC9DAF28D6639560B6EE8D73C6EF5A3D4C87E27762E00F750D04AD0F8BFC79D617D7E9208DCF275B42EAEC57DC3637CA9ED9ECEC0CFDD73F6C5AFC142F05CEB7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@................f......{3....(1v%f M*.m..].....7T8...:t..........yi..G...._....9..+D...dN...Z..>]...m..-.6l..n....f..9.T..V>.c.....X.O$Vn...U?.m....^./E.Dv.J^.nMA......s../.B{.;..].M./..+A..!..{2.....g...6"..h.P.I.?....:hMv.....b....6......4..R.)n.....83{.....Qx..W.=j.#.5.....>q..-.?.5.~...._..v..F...(/.A...}....V.+.2{...}u.....^.^.......z.............~gb........8......feU.....G..rj.zF.....\j....8.....{...V..9...E.Y-..!d9.u.....9...._Y...S...;..,.....^.'..b..R....&.{..;.NE?...2sFmm.A.UM.........Tl.#l.Dl.".J/...^7n.X..~.z.....b...{..."..v?...M........Kl.1.3...j........h[..G+.R..-...J.o...%.&WDX3..X.R..o.^F.S..[.+.>`j*9}.O.....z..h....#.F..v...}..A..L&E.(..D...<.Ki....7...G)....4.Y......$./.@..,...ZGe..!y~...[......[....@..zg..P.`A...].e|i.9..,8.|.m...Z...q~.2.:........W`u...z..x...b.*.^f.R/.&...".....!gg.e.....C.;.).:.F.....e.rB.H.&P.r.+...a......-.3.*........J...a..KM$.........#).J.v0'......pH.c.(.H.6..\.U....H.d.\...?.r.O...=...k%....

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\settings-23.10.8563.1247.ori.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9848
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.7096465667274034
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:queMmM1rgIBHbJrVMKTCXMKeMXbhu3MBs2MSaefaxi2MzmnGxcMI1Lr5xauMkCyp:qBMmE9HbdOdz/mzniykqUTuOl/Vbl8LZ
                                                                                                                                                                                                                                                                                            MD5:D6D47F2FC4249066CF91A53C7B920259
                                                                                                                                                                                                                                                                                            SHA1:12FD18A223A52963E0365362CF1E350355D9C8E3
                                                                                                                                                                                                                                                                                            SHA-256:1A42BC373998C605DFA8D4DF5E2705E1C209326ED578BC67EBE0F3DEDD2A2951
                                                                                                                                                                                                                                                                                            SHA-512:19CDFE62D19BF5073F28D6693412585843C113D85B4A3E01460FCEFE76AA1C85A1E908E8D89016EB804A4A875A9ED5F99499B254E673074E393981482C21D209
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......[.S.c.a.n.n.e.r.].....T.a.s.k.1.=.{.E.C.4.E.C.E.D.A.-.3.E.3.B.-.4.0.2.7.-.A.B.F.E.-.2.9.A.5.1.2.2.D.6.4.D.6.}.....T.a.s.k.2.=.{.7.C.4.9.6.6.F.0.-.D.5.0.2.-.4.1.2.D.-.A.6.3.6.-.A.C.C.C.3.9.A.2.4.B.B.2.}.....T.a.s.k.3.=.{.A.9.6.8.2.2.4.9.-.0.8.E.7.-.4.B.B.F.-.B.8.7.0.-.E.F.B.C.6.3.A.A.2.8.8.8.}.....T.a.s.k.4.=.{.C.6.1.5.6.7.3.5.-.F.7.A.2.-.4.3.8.7.-.9.4.A.7.-.0.4.7.9.0.0.4.A.7.3.1.0.}.....T.a.s.k.5.=.{.2.2.4.3.A.0.5.6.-.8.4.B.3.-.4.3.2.7.-.8.E.4.6.-.5.F.E.4.1.F.7.2.E.E.9.1.}.....T.a.s.k.6.=.{.C.B.6.A.E.6.F.8.-.D.9.A.8.-.4.7.9.4.-.B.2.B.F.-.5.3.A.8.4.0.5.8.C.5.8.F.}.....T.a.s.k.7.=.{.C.C.1.3.C.A.7.D.-.2.2.9.B.-.4.D.0.A.-.8.D.2.7.-.E.2.6.1.2.9.C.D.D.F.1.0.}.....T.a.s.k.8.=.{.9.3.8.7.6.F.2.4.-.B.4.F.5.-.4.D.B.C.-.9.7.B.9.-.7.6.2.C.D.8.0.6.6.7.1.9.}.....T.a.s.k.9.=.{.D.9.3.E.F.8.1.A.-.B.9.2.F.-.2.7.F.E.-.A.F.5.4.-.9.2.7.8.E.A.8.B.F.9.1.0.}.....T.a.s.k.1.0.=.{.F.D.C.8.4.4.B.C.-.6.2.C.E.-.4.A.5.8.-.A.2.8.B.-.7.7.A.A.7.0.2.7.4.0.6.2.}.....T.a.s.k.1.1.=.{.1.9.E.A.8.B.F.0.-.A.1.2.F.-.1.A.F.

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\settings-23.10.8563.1247.ori.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 9848
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1311
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.845525680867155
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:oggQO5gdzeeHFXMXf5XRuKk2cRWQyaeBerLlj/wC6niLAoFn:YT6d6elXaXA1BAUeMdDgoFn
                                                                                                                                                                                                                                                                                            MD5:F961E72B1DD2DC63B00E261E644D5382
                                                                                                                                                                                                                                                                                            SHA1:87D07C2E70A7B182D0E60EBD8B1DFE772503E4F7
                                                                                                                                                                                                                                                                                            SHA-256:B6CA415DEFC38E7B6F9A9D1DC798679DAAA61455AD8B987FAF55A144BE2A7422
                                                                                                                                                                                                                                                                                            SHA-512:84FF0B5A037C0D0BC7F05587C0C05B21551E173A94066E21DF9BEB77123E10A6A15BC84ABF9B45D7D703C1AB2785040A55FA6C12C33C7D53648B27C3527DF90C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.x&.........}..V...~...\ ..G...y.s..xs.....P..lV$8.....TM|....C.h.L1...Fre.+....q...3..yO......c..dY.m.Q....*V.Zv.~."^{.B.vX\......U?.3.....,!6p.'..... .?.R...%.5`....Nx].ix.....+..}...aM.u......'W5.e8(.?...bkm"o.P...Y,4.bD..[W.>.Ps}Y8.......$...a.........+.AQ...L...nn.......U..<.D..H<.).......O.&.....)...V.5y-u....~.....g.1h..C...../.../...E....H.fNE......v..b....6.. .4$.$.d"..j.a.\I..5EH....6...A..]-.mM.p..?....^.Q..O.5.g....:....L..Y.X.B.r.....E....^|uG..8..S.8~.z$...7....\..W..1......3Z..@`.........M..:H.A'.vU...4...P.Cg.. .zB..}......l.j.iYB..Z.....).Z!hQ)..0.Xk2.ZpD..C...p.....M..[....D."...d..Y3.Y...Sy..}..1,3.h.....(.o.....Ya.V.(..n....c@..K.l":a|<..P.f..}..{.M...5.2..:&u+......N.....1......Z...q.K.F.........../L_......V.4d....?.B.(<.Am..F....]......q.RR.......wVD....g..|8....@.6.}...#...0=-.....$.I\...oP......B...F...-tc.4hX.:.0..../....]G...Nz..i....V..%..<...|f...3...?........@..dL.W.H...77.dI..m.<....\..5...IB.k.`Yr#rj..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\snx_gconfig.xml.ipending.4ab6c68a

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15320
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6253361142370943
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:xofxKonT6KovaNMSKYBl+p4KonLKKokTtKo7KxKo0IVEKoYjk:afBnEvpSKs5n8kTF7y0IVyY4
                                                                                                                                                                                                                                                                                            MD5:DB89473157A2109D2CC065B9C62ACD27
                                                                                                                                                                                                                                                                                            SHA1:D903A0ED7C5AA5A686C883A597894657A8C0BEB9
                                                                                                                                                                                                                                                                                            SHA-256:2B8D115E38B1AC4EA4FE0EA24006E4E2D7E6429F469B4FF0F1EA45FEE4E7E8D6
                                                                                                                                                                                                                                                                                            SHA-512:41486F90632E52127358B7A6046B347D47FFBDD62970ED67980B56C247F68ECE4D7D0250E19C28C7045AB3D4C9D7DB40E1AEAF2A4AB33D6AE4B591F05EBE3D3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.S.n.x.C.o.n.f.i.g. .t.y.p.e.=.".C.o.n.f.i.g.u.r.a.t.i.o.n.". .v.e.r.s.i.o.n.=.".3.".>..... . . . .<.K.e.r.n.e.l.>..... . . . . . . . .<.A.v.a.s.t.>..... . . . . . . . . . . . .<.S.o.u.r.c.e.D.i.r.e.c.t.o.r.y. .n.a.m.e.=."."./.>..... . . . . . . . . . . . .<.T.a.r.g.e.t.D.i.r.e.c.t.o.r.y. .n.a.m.e.=.".\.a.v.a.s.t.!. .s.a.n.d.b.o.x.". .f.l.a.g.s.=.".f.P.e.r.V.o.l.u.m.e."./.>..... . . . . . . . . . . . .<.T.e.m.p.l.a.t.e.s.>..... . . . . . . . . . . . . . . . .<.P.r.o.c.e.s.s.N.a.m.e.E.n.t.r.y. .f.l.a.g.s.=.".f.L.a.s.t.F.i.l.e.n.a.m.e.P.a.r.t.". .n.a.m.e.=.".f.i.r.e.f.o.x...e.x.e.".>..... . . . . . . . . . . . . . . . . . . . .<.E.x.c.l.u.d.e. .n.a.m.e.=.".%.A.p.p.D.a.t.a.%.\.M.o.z.i.l.l.a.\.F.i.r.e.f.o.x.\.P.r.o.f.i.l.e.s.\.*.\.b.o.o.k.m.a.r.k.*.". .i.d.=.".{.9.8.C.D.E.9.4.C.-.5.B.A.7.-.4.0.1.d.-.9.2.C.2.-.9.0.D.B.B.4.2.F.9.A.3.F.}."./.>..... . . . . . . . . . . . . . . . . . . . .<.E.x.c.l.u.d.e. .n.a.

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Antivirus\snx_gconfig.xml.ipending.4ab6c68a.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 15320
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2333
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.922861453789955
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:a0SBWHAQ2ucQ5WLVVEy4RLceCnqmb4Y2bghm1i7YF0vXIBXn:afWH+heWLLEymc9nq8Ughm4Yzn
                                                                                                                                                                                                                                                                                            MD5:9BE9FC293CCDA601EF0BB0305F05FC35
                                                                                                                                                                                                                                                                                            SHA1:A82C73E48E745FEC7F0F30EB06D4D336874B8082
                                                                                                                                                                                                                                                                                            SHA-256:71ECE39EF40939FC0143F785BC5D0DD70773E1C9A7CFF852A4DB12DC2FD88283
                                                                                                                                                                                                                                                                                            SHA-512:E63FAA7D3B500C82EC6BA5A501B7E1AFE3C0A08707318C82140A48B8870FF3FA9429B84412168C2633345E7EF301EB34C9BE54D15A32D6F33DEA0BD67EEA5489
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..;..........D.....%..k.I...d.4.;tK.....f.*........$3\.A.igTU.Q.h.e.....'S.uoX..B..Eu.O..j...yA-..... ..F..R.......z3F..@B.S.\...$..Z ..;.....P.}{.`...1d.q...T.B...A_.K......+q~.f.4&.V......0.....5.4._X.J..~=076&e..D...Q......e.)..k...*).N.y.Z^+.......9...QN.w..%.v)....T..\..\..Y.!x..F.S6....I.<..../C.gly?..|..........n.........>~.<..C..9.8s!(.:.4.x...".%.9/.f4..x...z.t....~h.w<.&..(........../....yH.U. .9"...R.E......$N ..b W..I.?.....1...I.e...O..)f.].9.x\.....5.I....mG.=..k.;Mt.6m..%..,..`.#.....q..[..j..n.A... .f.....>k..|....-o..+.,_L....*.+......*.@..ig.}...G8!W..L;..t.....Ej ...*[a.Q...yO..!.v...-.......=...O..Y.n..~...v.l...Q.bF...}u-i..\:e{.H7..$.........TR{.i.9.S....q,.. .....K...*i.E\..'@.....,f..r...m$".6..!&.Z....S3.}J~.LS....G...gJ....s3...tY....uR.a....(v...`..c....V.d...eL..$.d..:...p..r.V.-...T.!...)B.b>.l.M..>..%...2.t4N{..F.MU.N..2=..S..&{..fa&-......[.BA....$nqn..T.0B.7iwC+.,.`...3.X...[f.S.D...<...t...C....g15.]

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Icarus\Logs\event_manager.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):142
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.491775849044647
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:LPDMuw/B4sR1FiIKdvg3IKRHRoWnB6TewtAocv:LPW/Ow1FhK1g3IKw6B6Tjy3
                                                                                                                                                                                                                                                                                            MD5:E85ED7D6EA8AE2A05021F1640225A146
                                                                                                                                                                                                                                                                                            SHA1:2707212F9C3B00238B2FD8E47BBD80FDA27B6696
                                                                                                                                                                                                                                                                                            SHA-256:98FA5AA92D9F85483936309D1350E78FF6821447B3A5A878BECA69D4C76EB3BC
                                                                                                                                                                                                                                                                                            SHA-512:178269F6E21B2C3FDEA3C4347ECA7A4E475E13BF63756EB23D2BC4373AC45FBAEA93D8B86EBAF9F647DA699C89AE3F98D936B4403D7DD5BBD9A0320650D3591F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.[2023-10-27 12:20:17.079] [info ] [burger ] [ 3940: 4908] [000000: 0] Storage path was not set so neither stored events are read...

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Icarus\Logs\icarus.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (608), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):1301272
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2881886704894105
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:b+2IwRm0WPQnsKMqpfHydW/QyeOkZFpLq:b+2IwRm0WPQ9MqpfHydW/QyeOIpLq
                                                                                                                                                                                                                                                                                            MD5:38CF3E23E27D17E320356447C2A3C170
                                                                                                                                                                                                                                                                                            SHA1:628A4C9361AF43F8E4415E0AD9BC2C89EA781DFE
                                                                                                                                                                                                                                                                                            SHA-256:3D3A33D57BB449075E976C0A4D3001885246D07414CD0D1E9AD8904DB0F0AEBE
                                                                                                                                                                                                                                                                                            SHA-512:2E7E8AC5459447E75BE7EA4C00DEDBB82F9CF7373A29178A0CF3E84DF116F70EDCD60FDAB9C72771C582D04FF32F11345D8E8D6CBE22C557FA7ECC65D7B8351A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.[2023-10-27 12:20:04.500] [info ] [entry ] [ 3804: 4936] [000000: 0] Icarus has been started...[2023-10-27 12:20:04.500] [debug ] [settings_lt] [ 3804: 4936] [000000: 0] generic accessor for scheme registry set..[2023-10-27 12:20:04.500] [debug ] [event_rout ] [ 3804: 4936] [000000: 0] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2023-10-27 12:20:04.500] [debug ] [event_rout ] [ 3804: 4936] [000000: 0] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2023-10-27 12:20:04.500] [debug ] [event_rout ] [ 3804: 4936] [000000: 0] Registering event handler for app.settings.PropertyChanged...[2023-10-27 12:20:04.500] [debug ] [event_rout ] [ 3804: 4936] [000000: 0] Registering event handler for app.settings.PropertyChangedNull...[2023-10-27 12:20:04.500] [debug ] [event_rout ] [ 3804: 4936] [000000:

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Icarus\Logs\sfx.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1332), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):14119
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.46972050285484
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:mnx9/2ETXHnf2pFVh3aiqTZBKcqdXiRMi:mnx9/2ETXHnf2pFVh3aiqTZBKcMXiRMi
                                                                                                                                                                                                                                                                                            MD5:67E36FB0511A51E1167C5D1654722602
                                                                                                                                                                                                                                                                                            SHA1:A987DA1A1A114D4F4B562088D8E3F8ED70B01703
                                                                                                                                                                                                                                                                                            SHA-256:3A8E4F8685EF48BD69B28BD4AEF38AF255CD3FB9FDB8C4CFB05F4122C29198F3
                                                                                                                                                                                                                                                                                            SHA-512:01EDD31BE24FBAE8B02363A3DEE416205C52CEEE55997E6547474B68A866334E284DCC8939532202CF9052E823E8B4371B7CCC3406696E0B55D2CA045D790DCB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.[2023-10-27 12:19:44.684] [info ] [isfx ] [ 1700: 6856] [000000: 0] *** Starting SFX (23.7.6288.0), System(Windows 10 (10.0.19045) x64) ***..[2023-10-27 12:19:44.684] [info ] [isfx ] [ 1700: 6856] [000000: 0] launched by:'5468-C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2023-10-27 12:19:44.747] [debug ] [isfx ] [ 1700: 2028] [000000: 0] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"210fc9be-3e16-4958-bc69-1903a47d072d","time":1698413120872},"setup":{"common":{"operation":"install","session_id":"1f15a32c-af32-4c12-8a6e-e0cb84560a73","stage":"sfx-start","title":""},"config":{"main_products":[{"product":"avg-av","channel":""}],"sfx_ver":"23.7.6288.0","trigger":"5468-C:\\Users\\user\\AppData\\Local\\Temp\\is-NG6P0.tmp\\prod1_extract\\avg_antivirus_free_setup.exe","cmdline":"C:\\Windows\\Temp\\asw.4df19368a3ff7b8d\\avg_antivirus_free_online_setup.exe /silent /ws /psh:92pTtV

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Icarus\avg-av\icarus.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):166
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.990202766082142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:tv+p5RVZCoVENjpbrikf6EI8FWv0dIQLoqDv3RIBLICWvv:tmp53FVumkiEI8FW0IDqDvRIBL1W3
                                                                                                                                                                                                                                                                                            MD5:C043A3BEB23CC43CB3E9ACAE2AD9D8B4
                                                                                                                                                                                                                                                                                            SHA1:F8A300A14643D9D2EF708839D882FA8FAE274F73
                                                                                                                                                                                                                                                                                            SHA-256:3DF024F72A0BCDD90A7C140591E224492481EB7F32A940BFB9AF1CDB6472AF9E
                                                                                                                                                                                                                                                                                            SHA-512:E5BAA81E296B7F06360ED20D9484A137CA49C0505D2C94947B978B09B277F13184E540098E21DAAD0A72D8DDD831A57D6AC0E67C0AA860D87A051B55C3C9FFF2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:...[avg-av]..company-install-path=C:\Program Files\AVG..company-reg-key=SOFTWARE\AVG..product-dir=Antivirus..product-reg-key=Antivirus..program-data-dir=Antivirus..

                                                                                                                                                                                                                                                                                            C:\ProgramData\AVG\Icarus\settings\proxy.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):214
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4031996566857923
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Q9oPdKwoW+lGUlYlUlulnvm4HflKmaGHfltNv:QCFKwPaI/VJNKKHNX
                                                                                                                                                                                                                                                                                            MD5:D6DE6577F75A4499FE64BE2006979AE5
                                                                                                                                                                                                                                                                                            SHA1:0C83A2008FA28A97EB4B01D98AEAB90A2E4C8E69
                                                                                                                                                                                                                                                                                            SHA-256:87D882D37F63429088955A59B126F0D44FA728CE60142478004381A3604C9EA9
                                                                                                                                                                                                                                                                                            SHA-512:CB4B42C07AA2DA7857106C92BC6860A29D8A92F00E34F0DF54F68C17945982BC01475C83B1A1079543404BB49342FC7CDC41D2AC32D71332439CEB27B5AD1C0C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......[.P.r.o.x.y.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.i.z.a.t.i.o.n.=.0.....F.a.l.l.b.a.c.k.=.1.....P.o.r.t.=.8.0.8.0.....P.r.o.x.y.N.a.m.e.=.....P.r.o.x.y.T.y.p.e.=.0.....U.s.e.r.N.a.m.e.=.....U.s.e.r.P.a.s.s.=.....

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (747), with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):80548
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.698569544961748
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:djCLr2kx8xUluDSWSsccssc/Ic8JMjlECQ5qANHcH7XNzLd+jssQkcZ3:djCLr2EuvSsccssc/Ic8OmCTIssQkcZ3
                                                                                                                                                                                                                                                                                            MD5:7AD80EEFE1026FD7487FC48204D5CC19
                                                                                                                                                                                                                                                                                            SHA1:F1E29FD58698D278EF5DD15E5052670241185FE5
                                                                                                                                                                                                                                                                                            SHA-256:F028F3E920B363C7AD3B6336639B1558CE60404DD7C9E7DB9821A1E243D5D3FF
                                                                                                                                                                                                                                                                                            SHA-512:6E0E0DF51EAD5707E5ECD71DB745641270840E5C76903D34B32F5EE23007B73221E3F1C38DB9E6DBDAA93C342006ABF08C3E2752AF3C9A1958A542FE6D9E7DC4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..1.0./.2.7./.2.0.2.3. .0.2.:.2.0.:.4.7. .P.M.$. .-.-. .(.N.o.r.m.a.l.).$. .[.S.e.r.v.i.c.e.H.o.s.t...e.x.e.].$. .U.n.a.b.l.e. .t.o. .o.p.e.n. .r.e.g.i.s.t.r.y. .k.e.y.:. .'.H.K.L.M.\.S.O.F.T.W.A.R.E.\.M.c.A.f.e.e.\.M.c.C.l.i.e.n.t.A.n.a.l.y.t.i.c.s.'. .(.n.o.t. .o.b.f.u.s.c.a.t.e.d.).....1.0./.2.7./.2.0.2.3. .0.2.:.2.0.:.4.7. .P.M.$. .-.-. .(.N.o.r.m.a.l.).$. .[.S.e.r.v.i.c.e.H.o.s.t...e.x.e.].$. .U.n.a.b.l.e. .t.o. .o.p.e.n. .r.e.g.i.s.t.r.y. .k.e.y.:. .'.H.K.L.M.\.S.O.F.T.W.A.R.E.\.M.c.A.f.e.e.\.M.c.C.l.i.e.n.t.A.n.a.l.y.t.i.c.s.'. .(.o.b.f.u.s.c.a.t.e.d.).....1.0./.2.7./.2.0.2.3. .0.2.:.2.0.:.4.8. .P.M.$. .-.-. .(.N.o.r.m.a.l.).$. .[.S.e.r.v.i.c.e.H.o.s.t...e.x.e.].$. .S.u.c.c.e.s.s.f.u.l.l.y. .c.r.e.a.t.e.d. .a.n.d. .i.n.i.t.i.a.l.i.z.e.d. .J.s.R.T.S.c.r.i.p.t.H.o.s.t.....1.0./.2.7./.2.0.2.3. .0.2.:.2.0.:.4.8. .P.M.$. .-.-. .(.N.o.r.m.a.l.).$. .[.S.e.r.v.i.c.e.H.o.s.t...e.x.e.].$. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.L.o.a.d.e.d. .J.s.R.T.A.P.I.S.c.r.i.p.t.H.o.s.t. .e.n.g.i.n.

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\uihost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.234200121870133
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:rtpy67R1RbzlM0RcRJ1VGugARbtpy5L7R1RbzlM0RcRJ1VGugAR3:Zpy2Rbbx8J1V3Jpy5/Rbbx8J1V33
                                                                                                                                                                                                                                                                                            MD5:1B1872EE0042E64D5EB0EDCEC9692EB7
                                                                                                                                                                                                                                                                                            SHA1:AF583EEE34661B3B897A6C851C4100659A95C8E8
                                                                                                                                                                                                                                                                                            SHA-256:34C3030906694FB91290DB4E03A25491EB401F5EFA69202CCA5E9271469A49D5
                                                                                                                                                                                                                                                                                            SHA-512:484C46FF682DAB35C331B8A3D28B4455716D0BD8A3E87E487C2809F2E60D130A66BFCE1E6000AF8610A675A76B1A6663ECC6B2B37C15F1BDA9A0F7357FCFB845
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ERR][20231027 15:26:29.471][wps_utils_scriptable.cpp@57]: Failed to get value of WPS setting CloudSDK.cache: GET /subscription/v1/details..[ERR][20231027 15:26:29.799][wps_utils_scriptable.cpp@57]: Failed to get value of WPS setting CloudSDK.cache: GET /subscription/v1/details..

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1262
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.874383844734966
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:5ut5bVut9utZutORSutQut3OutMutbutGut1huthcutSutHl:5ypVy9yZyORSyQy3OyMybyGy1hyhcySC
                                                                                                                                                                                                                                                                                            MD5:78203CCB97E166AB2B18A643C2B8CA1C
                                                                                                                                                                                                                                                                                            SHA1:8BDA66EE6A1573FF0A4086AF2AD9DE3BA2610ED6
                                                                                                                                                                                                                                                                                            SHA-256:2B2DD0188709BF736CD465B6D3412789D2231137715665EA5CE76301632A39B2
                                                                                                                                                                                                                                                                                            SHA-512:1AAFFE4129934180D5417DE8CBE03AF5E27632EB7B52804E74FA04DECFD244720B5D041507EC10D6E50C7C45846957FC5244192DC814BAD056C1A3C7569957E3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ERR][20231027 15:27:27.125][ProcessUtils.cpp@185]: Failed to open process with id 0. Error 87..[ERR][20231027 15:27:27.132][ProcessUtils.cpp@185]: Failed to open process with id 4. Error 5..[ERR][20231027 15:27:27.134][ProcessUtils.cpp@185]: Failed to open process with id 92. Error 5..[ERR][20231027 15:27:27.137][ProcessUtils.cpp@185]: Failed to open process with id 324. Error 5..[ERR][20231027 15:27:27.139][ProcessUtils.cpp@185]: Failed to open process with id 408. Error 5..[ERR][20231027 15:27:27.142][ProcessUtils.cpp@185]: Failed to open process with id 484. Error 5..[ERR][20231027 15:27:27.144][ProcessUtils.cpp@185]: Failed to open process with id 492. Error 5..[ERR][20231027 15:27:27.147][ProcessUtils.cpp@185]: Failed to open process with id 620. Error 5..[ERR][20231027 15:27:27.150][ProcessUtils.cpp@185]: Failed to open process with id 1476. Error 5..[ERR][20231027 15:27:27.155][ProcessUtils.cpp@185]: Failed to open process with id 3304. Error 5..[ERR][20231027 15:27:27.161][Pro

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\WebAdvisor\WATaskManager.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):100
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.874784975195466
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Q+tWWSnDduDaxltat/kFRekLQNd2mn:rtp6duGBc/M7Gd22
                                                                                                                                                                                                                                                                                            MD5:891DA8929CE46FFF6F6163EF6EACC3E1
                                                                                                                                                                                                                                                                                            SHA1:651D58570E5ACB96438D4F088739DC10DE4A2CA0
                                                                                                                                                                                                                                                                                            SHA-256:19F26CE1BB8A2298EEC1DDDF15FC1B9CA46EADA181CCB67E52F3219797B176ED
                                                                                                                                                                                                                                                                                            SHA-512:9EEBC0E7378004F8EC4013A70D1C8C74D55260C5B57566E024A2C596CC0F433C3D0CAAC859541E4499C7B003CA5A7636D3FBE5E32F179E0EFC885CA8D38E4EC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ERR][20231027 15:29:27.857][install_extension_task.cpp@174]: Failed to install firefox extension...

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):188
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.053460260859462
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Q+tWWSnPipKBkrjLRkFReOAbduSQBFgHK/S3I+tWWSnNco+nWjoEVpiXwZJgOlxY:rtpVp8k/LRMO4S+tS3Dtp7DwZVjwOrAt
                                                                                                                                                                                                                                                                                            MD5:070064F87E3F14B0D95D0FC77A8D9713
                                                                                                                                                                                                                                                                                            SHA1:BF73911E2092869107803186521B46BB0307F58B
                                                                                                                                                                                                                                                                                            SHA-256:9814AE2AC5A60692D377C17EFA675DD918E149C0EF91C29EAFC28F54DC36B246
                                                                                                                                                                                                                                                                                            SHA-512:D90081E3E6C999DE0CCEC11CC3A4D98795A02E6E748B2F482F085ABE17EB4E59203C10F3D3E611F139C590178BE20217CB5EA317CAF6F7AA880381BBEB5F3D32
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ERR][20231027 15:25:18.368][ProcessUtils.cpp@185]: Failed to open process with id 6960. Error 0..[ERR][20231027 15:25:32.942][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\WebAdvisor\updater.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\updater.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):110
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.895339004253118
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Q+tWWSndReM3d1MqQGVJtC99euXWaXTCsnEjQn:rtp0Me1MNCUj/nYQ
                                                                                                                                                                                                                                                                                            MD5:04408D138F8E876B400288C35A95F5AC
                                                                                                                                                                                                                                                                                            SHA1:50AC05AB03F799FB6816A9BF5E515FB4F6B4C355
                                                                                                                                                                                                                                                                                            SHA-256:5CD2990B7D378CD62B148443AA2989236AF78BAD0B7C73070ED40B2E108B6980
                                                                                                                                                                                                                                                                                            SHA-512:A80246DF7AE2631C827D607131F9ADA94240508056CB16D89238AADD10A89BBCDA01B26F5C248FB1C6E11921836095A153A3F28876585401F1C131C69C65BB98
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ERR][20231027 15:26:43.466][DateDeltaPrecondition.cpp@65]: failed to parse date from name: Invalid DateTime..

                                                                                                                                                                                                                                                                                            C:\ProgramData\McAfee\WebAdvisor\wa.dat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3040001, file counter 183, database pages 14, cookie 0x3, schema 4, UTF-16 little endian, version-valid-for 183
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):57344
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.243065548178067
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:qPKrApAi324omVI4nq+Ryji5ARW8uittX3pVBl:cKrADG4omVI4nq+n5MW8rtX3pVBl
                                                                                                                                                                                                                                                                                            MD5:F689ED6AC33AAD9F9A511C21417BE1EB
                                                                                                                                                                                                                                                                                            SHA1:957325FB17628E868720FBFB144177CBE11542DD
                                                                                                                                                                                                                                                                                            SHA-256:40F67D052855B9400A2417805E1887228D917AB73BBCB19922E257D30E7EEA49
                                                                                                                                                                                                                                                                                            SHA-512:32448B49FBA2CCEF59A123FD60A258ED92804B2999FC32DCEC43BDA0CDDC8717AB9097999F5AA8B8F70945DF46EF9CE1BC88DE6B922976042E4367C466915995
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................c......._..=.R._......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.3268828779214823
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr1:KooCEYhgYEL0In
                                                                                                                                                                                                                                                                                            MD5:2E2BF9D5A4C68852A7A3932B8069D35A
                                                                                                                                                                                                                                                                                            SHA1:B0111A7698E80411024BBF3BF046587108D957FE
                                                                                                                                                                                                                                                                                            SHA-256:837945C19B4D1D20FC3CD7B66A9EFBC7B3ABBCC1EF7CB4D897E2FD7AD8D1394C
                                                                                                                                                                                                                                                                                            SHA-512:92F77988AFED15DC12BD52BA719582C628ABFEECF9E2004DA36CBCD55FCD8230F8C92FEF0D382E7B554166F60425A2986A7FC139262EB5D60F3FE9CDA6BCFBC7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xe817c2ac, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.42214262004645
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:JSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Jaza/vMUM2Uvz7DO
                                                                                                                                                                                                                                                                                            MD5:84C66E75FDF7820A4FB81CBDD2B53A94
                                                                                                                                                                                                                                                                                            SHA1:49FDB0B866A05D7A3B5E918583397DCC5BEDDBD7
                                                                                                                                                                                                                                                                                            SHA-256:E6E63D66D0BFF30BB2617D8385312D7B2A92297DC4B9E66F97A5EA24B26D2C8E
                                                                                                                                                                                                                                                                                            SHA-512:D03DE2CB1905F02A1A4125E419FB66C39E062D740220C1160463349BF9586273644BA1853C3651163A7474C108844840D44749BB0C6F0FC2AB1587CD11F01B81
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:...... .......A.......X\...;...{......................0.!..........{A.1....{/.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{....................................+1....{O.................rM3.1....{/..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07637716285775553
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Z6YejJJ+Yajn13a/FJJlt/ollcVO/lnlZMxZNQl:Z6zjL+Ya53qFJJXAOewk
                                                                                                                                                                                                                                                                                            MD5:85F5C4BFBA41B4E50597D82ADE70DE49
                                                                                                                                                                                                                                                                                            SHA1:01555342121CDF073F1FA5AB3B62C0359279B0F7
                                                                                                                                                                                                                                                                                            SHA-256:71CB2FCC6D52E196B90089FD719C89CB66D8F54E3E78E5D9A068667EE44F4B55
                                                                                                                                                                                                                                                                                            SHA-512:F4799A8F11738BDBE24AB9F412223B282F6CDF75C10ECE3E8B0E0C7A8E720B4B45702036E8A73C4F9C480D965DBABEC048B43568CE36F23E9CA5A93BABD90A10
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:A........................................;...{..1....{/......{A..............{A......{A..........{A]................rM3.1....{/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                                                            File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1398
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.676048742462893
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                                                                                                                                                                                                                                                                                            MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                                                                                                                                            SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                                                                                                                                            SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                                                                                                                                            SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):264
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.10545065785345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:kKBgM2WFkYGhipWhliK8al0GQcmqe3KQjMIXIXL/:ZgYkYGIWzyZ3qe3KQjxXIT
                                                                                                                                                                                                                                                                                            MD5:2BC952F4012DED4A293C6989296E00FA
                                                                                                                                                                                                                                                                                            SHA1:28C7875474D6389DDAAC323C347F33CF353C1442
                                                                                                                                                                                                                                                                                            SHA-256:2142A2B118279BDD32B55313E2520C447312363C195B8F5FA81A9714938970EC
                                                                                                                                                                                                                                                                                            SHA-512:262F515A0302B4845A2423866420CBC085563D03B479982E4D0ED3BC452AC7DB9645B56F3D532604B303359628DD60BBE360449E9F4A9DF2C83AD08A2248BAF6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:p...... ....v.........(....................................................... ...............(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.4.8.4.5.-.5.7.6."...

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1216
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8863044022666173
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:V98uCe+julfOPWN+vl0sab5oRIbFisqmlve5fU+AGIre8RuXUB2GiIQPoGqwL4hf:V98uzJfN+90/5WI/qAe5c+3Ir1/5w5pC
                                                                                                                                                                                                                                                                                            MD5:DD615F082963416623800AB00FF034E6
                                                                                                                                                                                                                                                                                            SHA1:23CD81F7DA516DDC55D091599B8403D77C025FE6
                                                                                                                                                                                                                                                                                            SHA-256:7A166C6A38509D2E393CC9789DA5C6189462D89BA8E0DDC421901DC3BC0C3079
                                                                                                                                                                                                                                                                                            SHA-512:5DBABD1D9E3A147BEFF2FF805D7FC0F91FA3A99EAE24AEC60271770E7B2E3227C9EAD3BD1F3551EC6C29576CF322E16F8646EBACB84C4DCA2362F075DFC5FD31
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.F.i./.I./.i.m.N.K.E.e.O.q.F.n.Q.Q.g.O.T.W.w.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.C.Z.0.M.g.1.U.w.E.c.f.C.j.I.X.m.h.N.V.6.L.V.c.r.k.S.1.N.u.D.e.P.I.z.q.Q.K.3.3.u.g.S.b.Q.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.A.e.i.5.S.M.0.B.9.t.K.p.r.O.W.c.D.h.o.6.m.B.r.A.g.6.R.A.V.h.i.O.7.7.B.D.s.N.r.D.R.1.S./.A.A.A.A.D.n.H.1.F.B.R.X.U.4.2.x.c.1.R.V.Y.8.6.v.s.5.c.Q.4.i.Q.u.l.I.5.U.b.b.O.D.Z.n.M.y.e.R.I.4.0.W.k.j.9.+.j.2.Z.1.U.J.U.o.O.e.D.m.M.t.q.H.2.J.s.b.i.O.T.b.g.B.P.u.A.Q.V.8.V.L.4.l.F.s.w.K.x.g.9.5.S.q.y.B.s.Q.7.n.G.X.S.d.e.f.d.R.r.n.T.V.o.I.k.I.v.d.9.L.e.9.y.6.u.u.5.o.D.p.k.t.I.U.H.1.G.r.n.7.p.j.N.G.I.H.3.d.n.4.P.h.c.o.T.X./.J.j.e.7.k.L.8.n.H.7.a.B.N.p.K.d.G.3.u.6.R.w.i.t.F.T.L.c.k.v.W.U.W.R.5.f.D.V.w.R.k.l.R.6.3.W.T.d.V.7.4.o.c.7.D.x.b.Q.F.F.e.m.z.X.i.N.V.N.R.h.4.G.2.8.B.D.e.4.n.S.n.D.y.B.s.l.f.t.L.r.8.D.N.u.l.j.4.t.W.r.O.8.f.G.g.Y.8.L.9.Z.d.B.5.g.k.7.B.7.c.i./.g.l.H.c.g.2.9.s.V.B.A.P.i.k.I.m.Z.v.O.w.3.3.S.9./.O.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.8011085007312415
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:W1lTrwWDV3gbUS8KWDQbl:WLwoS8KiQbl
                                                                                                                                                                                                                                                                                            MD5:8E986FB65DDA40518D0BE59090662343
                                                                                                                                                                                                                                                                                            SHA1:02E791DE4F43A178C77DDFED1B3EA21E24C54082
                                                                                                                                                                                                                                                                                            SHA-256:3D99E996567A471FD77B2EF1157EABBBB415094A7DA427AC02497278F0EDE78F
                                                                                                                                                                                                                                                                                            SHA-512:8C43C055DF696D96280B5EFCAB227FD5E067E920CF96A6DEDD687D125C1E0508048CDDF61A5A1654C610B87F04B7DE92066084FAA617EEFD3CC3C0EE1C48E19F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:E.7.2.3.1.E.F.5.C.6.5.7.4.0.2.E.B.0.2.D.A.7.7.7.C.5.F.3.4.5.A.5.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):72
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.854001521789341
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:alkYOAlp1bUAGlcoIPA8:alkYvjijGoIPR
                                                                                                                                                                                                                                                                                            MD5:EE1E76F05643D7672522674F83C7CD8D
                                                                                                                                                                                                                                                                                            SHA1:1E07085D78F25FF05A03F72FCD9FD8D78592B7D1
                                                                                                                                                                                                                                                                                            SHA-256:82E85F24933E9A473C44198B0B1A2AEFC593A0DEFF4C8517709835EE2B7C769F
                                                                                                                                                                                                                                                                                            SHA-512:95E17ED28659E35A7C58FCC353871E8742CD9E718AC52C2DC762FF425166938BC849E5C3011F73EBC3D94E0437EE2B19E675FE057C8C3F2C51E478EE32D5A81C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:2.5.8.3.8.b.4.1.-.2.e.0.9.-.4.6.f.1.-.b.c.9.1.-.3.4.1.9.c.7.b.0.c.0.0.0.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TeamViewer\TV15Install.log

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                                                            Size (bytes):3294
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.0533513789849005
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qZLRC7U6BWKlzcoKB4yhdZyfHEHNdNuGxsrt1Ms1an0s16c+UfHbbbHV84hAj4H4:qZdC7U6cMvKOi0Epjq3MWa5SCG153
                                                                                                                                                                                                                                                                                            MD5:D6B0F7AAD9E9674EC00A4663B9281C0B
                                                                                                                                                                                                                                                                                            SHA1:878269054318C5C2CB06C25F80DEF15608CF0D7D
                                                                                                                                                                                                                                                                                            SHA-256:B29B99DD7CFBA8E266BCD9810548393396A0A77D3B3442D2D9444F14B8C63B43
                                                                                                                                                                                                                                                                                            SHA-512:1549686E86176F0B23DEEE4D39C9F8EE1EABF14FAA946C07C11B618E99E75E9117A8EE15AE5AC9B504882B1AC4F3B73BCC0AA60F90657A84D113FA88521D5243
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:2023-10-27-14-19-59 ----------------------------------------------------------------------------------------------------..2023-10-27-14-19-59 Installer: TeamViewer..2023-10-27-14-19-59 Version: 15.37.3 (JMP-91.4)..2023-10-27-14-19-59 Install mode: Admin..2023-10-27-14-19-59 Account type: Admin, UAC supported:1, Elevation:2..2023-10-27-14-19-59 Time: 2023-10-27-14-19-59..2023-10-27-14-19-59 OS-Version: 10.0.19045(64-bit) SP:0, Type:1..2023-10-27-14-19-59 OS-Info: Server:0 Home server:0..2023-10-27-14-20-00 User-SID: S-1-5-21-2246122658-3693405117-2476756634-1002..2023-10-27-14-20-00 Log level: 100 (default)..2023-10-27-14-20-00 ----------------------------------------------------------------------------------------------------..2023-10-27-14-20-00 ..2023-10-27-14-20-01 TVInitRollback(): create scheduled task for restore..2023-10-27-14-20-02 Create backup directory:<C:\Users\user\AppData\Local\Temp\TeamViewer\TVInstallTemp>..2023-10-2

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Downloads\teamviewer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42543224
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997942604118609
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:b5bTkNde3NvoxYDk49MvgsV7FzV83hUcvPYRYntnwHu/olv1qR:bGedowMRFzV8xZvP+YntnwHiR
                                                                                                                                                                                                                                                                                            MD5:2E185F8A6622BC3062254F6F195ACC81
                                                                                                                                                                                                                                                                                            SHA1:B99F246AFB7749FDE563CBD37F217FE5D2A80585
                                                                                                                                                                                                                                                                                            SHA-256:F46F2978F32714C142B92569173FC68B2DC1374D988F6F041F7EAE0190C5BF9E
                                                                                                                                                                                                                                                                                            SHA-512:CF9C58DD76E40C132BB7ACC057026AD41282639CBF27EBF27C7296C52C9AAB64AED08663CE82A31A9DB6035BE6F23CCB0EA021C228556E7B94BF15A27585A3E9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P...P...P..*_...P...P..OP..*_...P..s...P...V...P..Rich.P..........PE..L....z.W.................b...*.......3............@.................................'.....@..........................................P..@...........@...8/...........................................................................................text...]a.......b.................. ..`.rdata...............f..............@..@.data...8............z..............@....ndata...................................rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TeamViewer\install.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):78
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.299916880895009
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:HWRBXUrDikRLWvSGXR1mQWRKRL4RLJ:H8XUWkRL+TWgL4RLJ
                                                                                                                                                                                                                                                                                            MD5:A3C26DD25FC88922E9297E2A9D04AC53
                                                                                                                                                                                                                                                                                            SHA1:807B0CA16C4080B6CE7AE8B09E7DCCE7E52D5C19
                                                                                                                                                                                                                                                                                            SHA-256:1C5231379C3025A42D51F956F649C445EBC550F9AD9B9F5CC4AE5E627EF456B3
                                                                                                                                                                                                                                                                                            SHA-512:1D36EE7B43D82B72000520C0B0C37585576363FCD506AEAB362C544000B0BF9702A357E118B2AE3499D8F8C9A7529F56169CC14E5281A5246AE9EFD342C4FA59
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[Installer]..DefaultInstallation=1..UnattendedAccess=0..CustomInstallation=0..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\TeamViewer\tvinfo.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Downloads\teamviewer.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.443942707918269
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:HWRFRLMKxAI9kdNv:H4RLMqAI2rv
                                                                                                                                                                                                                                                                                            MD5:D0C487348258D7A04A27840DF375D184
                                                                                                                                                                                                                                                                                            SHA1:A1049F6B7654A88693A3BDA5693BE021A772443B
                                                                                                                                                                                                                                                                                            SHA-256:09DFB5AEDD358B2679EC84DD366A015024C4360CCDBDB5FCD5FECD8B508ADFF5
                                                                                                                                                                                                                                                                                            SHA-512:409C77BF2F65BBF61A853A95D1389D40A173051B93799E47BA73D358697EC21DA1B53D072C60D3F7FF4ADCEA2D3DBFCBB15A588940952620482319096C886C35
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[Installation]..INSTEXE=teamviewer.exe..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-12944.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-12944.tmp\is-K6OSH.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2457016
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.708667186018291
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:6qe3f6aje0NQq5rISAGF6KDaaAexGENRbUgPVlDlp:TSiUNNC7exGa/xlbLP/hp
                                                                                                                                                                                                                                                                                            MD5:EE66976DF0A5C903F5A718ABF3E8AC85
                                                                                                                                                                                                                                                                                            SHA1:318A2ECA8E968701A07F3865D6023B3933E5C30F
                                                                                                                                                                                                                                                                                            SHA-256:0A9F97CF2F9CA211C6986EF572C852B48098D3C6C28020229334AC788339A32D
                                                                                                                                                                                                                                                                                            SHA-512:FB756836AE30F0480ED98F32B409A81B3E0CEDA2A93267A1729497791F9CE7993BF7F72719949AB1130D442F390882CA24CD968BA6A64E47693D089BD529ABBB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...n.._.................P...........^.......p....@.................................R.%...@......@...................@....... ..6....p...H...........O%..-...................................`......................."..D....0.......................text....6.......8.................. ..`.itext.......P.......<.............. ..`.data....7...p...8...T..............@....bss.....m...............................idata..6.... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc....H...p...H..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\teamviewer_Px-yDq1.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3206136
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.336058344982459
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:TEA9P+bz2cHPcUb6HSb4SOEMkBeH7nQckO6bAGx7jXTV+333TYZ:n92bz2Eb6pd7B6bAGx7s333TC
                                                                                                                                                                                                                                                                                            MD5:C2A9A21C0C0BD341958033EA11684FEA
                                                                                                                                                                                                                                                                                            SHA1:D8F4808668013A5FE42D058C88766CE95245C8C3
                                                                                                                                                                                                                                                                                            SHA-256:CE5E277874CF3E662A7835D964F9FB3AAFC1F44DB502B2640F08D1A508F8EAA4
                                                                                                                                                                                                                                                                                            SHA-512:63BD5CBC2ABCEDED8719399DB11C32FBB7EB214355DD1825E778830B352D4945EBD476DC4E08730B15B0BA82C161DEDDF01439ECF5649F2BFA99519BCD289AEF
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...(..`.................:,.........`F,......P,...@...........................1.....2!1...@......@....................-......p-.29....-...............0..-....................................-......................y-.......-......................text.....,.......,................. ..`.itext...(... ,..*....,............. ..`.data........P,......>,.............@....bss.....y....,..........................idata..29...p-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\Helper.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2058752
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.610135572277166
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:FtDCT6XR9MsiubS8JDv6BzxllWR08G2rBqPnkvZ4yEuuk:FQW/DiubdJL6BzxlY08G2rBqPnkJ
                                                                                                                                                                                                                                                                                            MD5:4EB0347E66FA465F602E52C03E5C0B4B
                                                                                                                                                                                                                                                                                            SHA1:FDFEDB72614D10766565B7F12AB87F1FDCA3EA81
                                                                                                                                                                                                                                                                                            SHA-256:C73E53CBB7B98FEAFE27CC7DE8FDAD51DF438E2235E91891461C5123888F73CC
                                                                                                                                                                                                                                                                                            SHA-512:4C909A451059628119F92B2F0C8BCD67B31F63B57D5339B6CE8FD930BE5C9BAF261339FDD9DA820321BE497DF8889CE7594B7BFAADBAA43C694156651BF6C1FD
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........-..~..~..~.....~.....~....~......~.....~....~..~..~.....~.....~......~q....~q....~q.w~..~..~..~q....~Rich..~........................PE..L......b...........!.....d...J............................................................@......................... ..........T........A..........................4...p...............................@............................................text....c.......d.................. ..`.rdata..&I.......J...h..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\botva2.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):37888
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.216405702855349
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:kyNq+QWR4gxSUzF08/zFlKcLdQxNld36fJPHw5g4wT1C:jNq+Qw0+JLAqf9Hw5C1C
                                                                                                                                                                                                                                                                                            MD5:67965A5957A61867D661F05AE1F4773E
                                                                                                                                                                                                                                                                                            SHA1:F14C0A4F154DC685BB7C65B2D804A02A0FB2360D
                                                                                                                                                                                                                                                                                            SHA-256:450B9B0BA25BF068AFBC2B23D252585A19E282939BF38326384EA9112DFD0105
                                                                                                                                                                                                                                                                                            SHA-512:C6942818B9026DC5DB2D62999D32CF99FE7289F79A28B8345AF17ACF9D13B2229A5E917A48FF1F6D59715BDBCB00C1625E0302ABCFE10CA7E0475762E0A3F41B
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................r........................@.................................................................................................................................................................................................CODE.....p.......r.................. ..`DATA.................v..............@...BSS..................x...................idata...............x..............@....edata..............................@..P.reloc..............................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\error.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2422
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8500590324389306
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:wDrppUOBdVMdsJUOip+ePaJaZLiAxgjN1OEZTR:cprdVMaJUH+ePaJaZLiAxs1HZTR
                                                                                                                                                                                                                                                                                            MD5:EA1797CF79BEA7C5D9946434EDAF980E
                                                                                                                                                                                                                                                                                            SHA1:C340043CB4C147E31C79E94DDD699341AC303E4C
                                                                                                                                                                                                                                                                                            SHA-256:9E1DB37C2E72427064DB09F39C1908053DCCCB7385312D63D2F6E80BA8820AED
                                                                                                                                                                                                                                                                                            SHA-512:2955BD434F149150AEF0F3F87F9AFE5CEC08E60FE665F163E22539AFE00193B9D6F6DE3F511F3B6E80C7F39692EB3EE3BE878B96CA03B5F0EC2E03A425064B99
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...@...@......iq.....pHYs..........+.....(IDATx..mlS.........$.$q.`+B(...mHPM.*C)mi.U0.....l#...c.....D..V.(l.P..JUHE...e../.K...qmb...s.!N.H.$..$.x..9.....9..s.s..1...w....<.|.....a....0..:.. D....8.......W.^__.n]..v....h-...G.....c+..KA...2$...Z!I.6[].........j...Z....}.b...b..{:..5*.P,....J.... 1..../.....;..........+%8...c...........{VkuRcc...2..cW....`.... ...q.H..W...{.3.V..\.5...B...\f&.......,W.P....F.y.0.P....*.v.4..4...&$.|.c...#M9.@<....6.....?....4.0M8....L.:....R...[..../..|....Q.....L.....n..hM"..f2..Oxc>.$..z......<...2...^M..N..@....@gn..]]G........u.nnn.......s..z..*.(Hp:.?..}C@.X,....bx....$.O.!4.s.I..B|.0.6..O(1qj...}=....1.W:....L...f.n.^o.g...J.A..f....X.....?.rI+(..f..-.>.....32..|....?..^.J...f....g...?....!.1..}Bo.....X..}.....G ...\ ...tk_x.../..1...0+.....G.....9s.d....@..T...T.S.o.@.......w~>..`.......#.........`rr.@...........p.@..2..f.....@B..*.0...rY.6.--.b6...C..}..x{.6...t:..8.|....x........

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\finish.png

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2160
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.849847219042475
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:bdrpIH1BhPIAkArKhCZsnU0qUDngKHhcB+9MxD5jxi27m:h1210f3I3FUDnLcBhhnm
                                                                                                                                                                                                                                                                                            MD5:7AFAF9E0E99FD80FA1023A77524F5587
                                                                                                                                                                                                                                                                                            SHA1:E20C9C27691810B388C73D2CA3E67E109C2B69B6
                                                                                                                                                                                                                                                                                            SHA-256:760B70612BB9BD967C2D15A5133A50CCCE8C0BD46A6464D76875298DCC45DEA0
                                                                                                                                                                                                                                                                                            SHA-512:A090626E7B7F67FB5AA207AAE0CF65C3A27E1B85E22C9728EEE7475BD9BB7375CA93BAAECC662473F9A427B4F505D55F2C61BA36BDA460E4E6947FE22EEDB044
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...@...@......iq.....pHYs..........+....."IDATx..kl.......aw..Y.e......E...@.2.v..&V)RQ>ZqD"a,..".J+..D%..H.....U.P.JI]..w.v-..E.Dc....A...x.;.{.....]{.;.;.|9......}..s.Rh.u..?..y..Tr..B.T@x...p..........;.d...Q..Z...s.../....#1:..+.tp.f....B...D!....V...MB.EF........*.a......~..~.Cx...C.AJ....oT.GM!@Q....-\.C..FC..!Jh..l.>OR...(.}L...=...U........1..eO.]_hi. .g.2....b[...y.ru.....(.W.BW...N.A.J.Y.....M.J..N.!e#...#...;....L...3.Z.........K...#...........y...V?._.u(i.J....6......p+.....z.r",....z..m..../.p......z......w.a..1D..*|..R.1...N.A...a..d.D..Gj..q...nQ...@.t...a..VD;'DL....).....C...W..='b=..`4|....9F..F./.-9....wH..'Sg.T{.cv.i......'[...b....'[.......CH.'m.|.!9.g.'....~.a.G.q.3..L..K(..`.......)a.I-....}....0..U...XF.y.J..h.>.....L4.....oU...... ..'.#5.9......lf...h\]h......B....6.|.H.v....+..u.?....P|!.~=.2%E..7..o........o.jo!...W=9.Ou$.u.%G.Uu.....~..>..R>.O.'snQu..r..L..x.-#....>.VU....Jj7.....l......Q...-*....;.. ..

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-4L4VT.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43363312
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.993304973703554
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:n5bTkNde3NvoxYDk49MvgsV7FzV83hUcvPYRYntnwHu/olv1qb:nGedowMRFzV8xZvP+YntnwHib
                                                                                                                                                                                                                                                                                            MD5:D9CC2F111B059473F9AAEA203B42104F
                                                                                                                                                                                                                                                                                            SHA1:30E47AC0CFB7C1FCE7290ECE71BF6994DDCD9935
                                                                                                                                                                                                                                                                                            SHA-256:BAE251109038D2F25EC7EC74BE869A47E9493135D2D5AF37848C5C3EA2F41550
                                                                                                                                                                                                                                                                                            SHA-512:88D153C8A29A2F09C49ABAD0DE354D7ED84ECAA821870FB99795970FCCA9C04E7D5A573AD7238F8C3DA533626A46C64C2BD14150821A0C58264EB055A8B5278D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L....z.W.................^...........0.......p....@..........................`............@.................................(t...........e...........|..8/...........................................................p...............................text...[\.......^.................. ..`.rdata..F....p.......b..............@..@.data................v..............@....ndata.......@...........................rsrc....e.......f...z..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-4T94T.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6959
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.966758799391185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:R6FT6i3p+0+QHKJ69cSzGMGTV9Uyppg1MxM:oFOTQHKJXyaTVKype1M2
                                                                                                                                                                                                                                                                                            MD5:30100EA3F4315E291F2F639655E85AC1
                                                                                                                                                                                                                                                                                            SHA1:1794FF0D7B796AFED055FB1B5A8B1936CF3E906F
                                                                                                                                                                                                                                                                                            SHA-256:6A44BF6BA64D5414D56A7CE9BB97864C97030872A7C0A56B2AE47F73D15F79F6
                                                                                                                                                                                                                                                                                            SHA-512:FF5CE19BFB1DFA267C770761DB2BEC4136A079A725D9EC8BCCA039555FC25BF38E7C9619DD7067517B4ED3F4C5E1916F4E776E12A638D81E4553259AF06127E1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..yt.E...%...d'...a....3.,..?...?.1.3..0..{..,.!>d[.oY.Or..!.!a` ..p........$...V.e..X..c_u.Z..es$.}.S]U]U....K...Fc.X4..D.c~!r...}4u.^.~...I.F.}.o......;.Rm.M.!....X,..DYD.....Ny...:*.n....'...|.D.G+.7"...>.{D.E....)o.....@.v.....3Wn..hGJ.}2.....bS..5...B(.\..w``6....e..b.....$..[...AII..T|4...'.x....._.6......}x.HI..p..\.p}....?..UL*...H....D.6.@(.W.....r....,R....HP........=.......o^..."..# .z.....t.....D.q7..T..W:..mJ.((.?q.._..{.K.'I.4...Tq.%.9.....2.vRf..$?.w......N..........(a7%....vSX.}.X..uQ...H.....GB..h.P...[ii!.]T.Q?..yJ.M.yg...f....%..MF3.vQ<.Y......%....}.v.6?M..z....P.9.{.u...]#.o......P... OC..Hi.%.g.T.r)p..I.g..).G..D.)".-...p...3...*Y...d..,Ty/.#7>.......|...g.h...3..........|F..../.6>..&.FM..a.8.L.... ....U.$....$.EX......G.K...Z.(..z.?.3.......<...aq..%...@.A1=.....z...........W....za..`.l]U&....w.HX.].(

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-76JRG.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):125405
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                                                                                            MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                                                                                            SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                                                                                            SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                                                                                            SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-LNM8M.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 700 x 360, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):48743
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.952703392311964
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:RtwR1Dy4rQznr1GYfvLn6froelhVNSyCPtSOeVlTTqYueg:zwR1DybhPwhvSyClSOk/geg
                                                                                                                                                                                                                                                                                            MD5:4CFFF8DC30D353CD3D215FD3A5DBAC24
                                                                                                                                                                                                                                                                                            SHA1:0F4F73F0DDDC75F3506E026EF53C45C6FAFBC87E
                                                                                                                                                                                                                                                                                            SHA-256:0C430E56D69435D8AB31CBB5916A73A47D11EF65B37D289EE7D11130ADF25856
                                                                                                                                                                                                                                                                                            SHA-512:9D616F19C2496BE6E89B855C41BEFC0235E3CE949D2B2AE7719C823F10BE7FE0809BDDFD93E28735B36271083DD802AE349B3AB7B60179B269D4A18C6CEF4139
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......h.......(.....pHYs.................sRGB.........gAMA......a.....IDATx...eIu....(..Y31.}q....`...t....Z..8t;x3._@.3.0.{.E.".&.5.g.C..@..%.>r.5....B...O...^.*..s....{.7..{....r..+W...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(...B.P(.n+.t.B.p.x.....^.?/....p,..7...{.P(...B.H...r.y..|.....{l\tO.|..<..P(....w......o..P(.<h...n[\tO..?......E...}...F.P83....<z.....W..7...w.....?..?.YW(.N.......?N[..E..A..z..[...'.$..'....8...?~.K.|........[#.....6........;.......s.=...}.c...{.._..z....;w..........(../..n...?..??..?.........z.......~....[o.<.......x.).Z.(..s.N..Wb.....f....../.P8.|.......?..#......2vO....F......@.|..w7].|..$..}?.L.Go...A.1..^...j...$.6....~..x...{..IwD`|..?.....?...{..~~........).........`$.......tG....|.n.2..........[..._....e.}.=..<........h.7|?Kg....+

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-MDKEF.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):511969
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.996152621854539
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:bVvrkApG/uBdvBLPzHb4HZDed4fze+xe3/x3y:btkeXv1z74HJtfzeNPx3y
                                                                                                                                                                                                                                                                                            MD5:CD9C77BC5840AF008799985F397FE1C3
                                                                                                                                                                                                                                                                                            SHA1:9B526687A23B737CC9468570FA17378109E94071
                                                                                                                                                                                                                                                                                            SHA-256:26D7704B540DF18E2BCCD224DF677061FFB9F03CAB5B3C191055A84BF43A9085
                                                                                                                                                                                                                                                                                            SHA-512:DE82BD3CBFB66A2EA0CC79E19407B569355AC43BF37EECF15C9EC0693DF31EE480EE0BE8E7E11CC3136C2DF9E7EF775BF9918FE478967EEE14304343042A7872
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:PK.........Y.V*..@I...h.......saBSI.exe..\......6i.%PJ..4.i.h....U.b...kZ...-*.C.+U.pF.`..\....TT.i.J[.ie.......9.Ne..S....w...\(..>..........{....J/7..x..W_q\;G....lq.7s...\.W...J_...o......-W.h...n.\m..:.7.o..\|...7W^wZb..<...-..../..I..7.W.9...@.Ov......W?.>...../....!,WW.'...~......>.F.........}.....}...vC......^.W..e....!.[..<....c5..M..T..nR....\w..U...O..g.....<....'.N.o.....CH..'...o..$...>....H..f..4p.....K.....C.,..c.....}5.3.E..V}]M5.,=.....+e...<mK...Ws.kS'.....}2......w?:.'q.....p..i.7 It.*....zC..[.\...mHle.H.[...............U...M\..u.q..uz....r.j8.'...M...-..m...EU.[......-..b]f3:n.@.p3R8.z.F..Y...../...X...C.p...Z=:..C ......b.X...T"<...@..|1.......j..p<...0...,..p|..C....O.a=.......X...Z.I.........aa..^...Zp"a.U.u......|......A._.[.d.(,#..`.....;.a'V...Z...i .0.x...`.Z,...;.Xx:..A..|...b.]X........n.a8..X....ba...D8... .......p'..j.R".... ......p?..ja...... ..~;.....0T._...I <.[Z?.D.....<...(..a.....>8.^l...

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\is-S964R.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):117272
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9928375793958635
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:9xwxeZJTsemawwm/0agvP01rZ44iZ89C6B8bf11TMd/:D+Osem/jQP0lKTWgd9Md/
                                                                                                                                                                                                                                                                                            MD5:5EF5291810C454A35F76D976105F37CC
                                                                                                                                                                                                                                                                                            SHA1:8CE0CC65AE1786CEF1C545D40D081EDA13239FA6
                                                                                                                                                                                                                                                                                            SHA-256:03E69E8C87732C625DF2F628AC63BD145268F9DEA9C5F3DD3670B1CF349A995C
                                                                                                                                                                                                                                                                                            SHA-512:3BEC461BB3CBBBDB3C05171FCC5AB7E648B2B60D7B811261662F14D35C3836148B14CDA1A3F2BE127C89CC732DE8CF1644D2E55E049EEEB2DA8E397C58CC919E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....IDATx.....eGq'.W..fFa....#.0I.]c.d.......5...v.........v..q...M4`..$...."ym.6..HD.. ..i$........o......3..7......:.s.....DZ.......!.4....S.....5...i..M.M..0{8).,...X_Q..s...w;.$mk..M...<........F<jxL-..^..(pNm...Z4u.p.9..}.T=...6.....C:..R........Q...{....ca..D.O.g.....kp....f]x.8L.M.YS....?KN.4...x....1..H.4(v...)..6..rS.....Q.....ZZX^9c.0.........!D..G.....Z.4.....h..L...`0..(....^.....;...MC.......g........H..k...M;.EY......~S.t..0.?T.k..i:.@y5.C..HGn]..F...w.]~......f..x...e..P....r.....)...].#U....8.....N....k.:m...:(&.....2.6..f.Ty@.HT.=\._.{.....Lu......x...g<....}.O...{...(6hh../.......t.......r... iPx.k...&&;...b...;.gJ..x..3`.e.@........>..$..czY1...".......]Z,...s.....c....2;...........fTd)U.qLS`T<.E1.n..j..,...1.U.i...q......&....L@.{E.....ur..(_KY...sT.D.......'..,... ..cP..KPo.1.H...a.%..S.......D..1..z.....IeV.........a...{Oh..'g...~..X=.7....}j

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):29187936
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.992611077292814
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:zzhigC1vaewCYh7AHeNNwbs3N+B8ODqKX4DiYpRw1o5uC:JrC1vMhFDw4OZDqKXUtzw8h
                                                                                                                                                                                                                                                                                            MD5:58EB889F91B5133D5DB88612CA6E5887
                                                                                                                                                                                                                                                                                            SHA1:13AE62947B7E8804227552A32647BB169F6567B6
                                                                                                                                                                                                                                                                                            SHA-256:2170578D619B2CA143DB3E58BB367ACC64D691AB875FF449A40466B5CF4F40C6
                                                                                                                                                                                                                                                                                            SHA-512:2BB69FA7AA07BA23449F21CF6B71AC3E7C27BE0DA5EED88EB589566FFA968D4CE99B41975CF10910BB48CFD64BFDE4A3AF2F35B0CC6D22D6CFB174176C19E26E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........w...w...w.......w.......w.......w.......w.......w.......w..4....w.......w...w...w..l....w..l.o..w..l....w..Rich.w..........................PE..d....gbd..........".................D..........@.....................................o....`.....................................................(...........p..L2...X..`...............p.......................(.......8.......................`....................text............................... ..`.rdata..vz.......|..................@..@.data...t1...0......................@....pdata..L2...p...4...6..............@..@_RDATA...............j..............@..@.rsrc..............l..............@..@.reloc...............L..............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1162856
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.592896831755123
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:xoBm5Cq04JaEboVGtDNmCHUJX+va3BR1j0TbcsuefReNbHgYdGcp6S58p0Q894xp:Bo2oVGtDJvva3BR1jxCfReNbHgYdGcQv
                                                                                                                                                                                                                                                                                            MD5:BB7CF61C4E671FF05649BDA83B85FA3D
                                                                                                                                                                                                                                                                                            SHA1:DB3FDEAF7132448D2A31A5899832A20973677F19
                                                                                                                                                                                                                                                                                            SHA-256:9D04462E854EF49BCD6059767248A635912CE0F593521A7CC8AF938E6A027534
                                                                                                                                                                                                                                                                                            SHA-512:63798024E1E22975D1BE1E8BFF828040D046D63DF29F07D6161C868526D5F08451E44B5FA60BFB0C22CF7880ABC03AAEDAFA2C5C844C3AEFF640E6FAC9586AAB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$...............................:.................p................................;......e......D............e......;......;.r....;......Rich...................PE..L...]..d.....................d....................@..................................(....@.............................................p...............h.......8.......p...............................@...............(....... ....................text...L........................... ..`.rdata..............................@..@.data...$........~..................@....didat...............R..............@....rsrc...p............T..............@..@.reloc..8............X..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):234936
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.580764795165994
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:y2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh3K0Ko:y0KgGwHqwOOELha+sm2D2+UhngNdK4d
                                                                                                                                                                                                                                                                                            MD5:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                                                                                                            SHA1:6CA3FE45B3CCD41B25D02179B6529FAEDEF7884A
                                                                                                                                                                                                                                                                                            SHA-256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
                                                                                                                                                                                                                                                                                            SHA-512:2426E54F598E3A4A6D2242AB668CE593D8947F5DDB36ADED7356BE99134CBC2F37323E1D36DB95703A629EF712FAB65F1285D9F9433B1E1AF0123FD1773D0384
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A...(..3A..Rich2A..................PE..L....m6d.........."..........\...... ........0....@.................................V.....@........................................................Hl..p)..........p...p..........................`M..@............0......T........................text............................... ..`.rdata..`....0......................@..@.data...............................@....didat..L...........................@....rsrc...............................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3014144
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.39384693362043
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:fLJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvu:dwSi0b67zeCzt0+yO3kS
                                                                                                                                                                                                                                                                                            MD5:4AFC5E8740E48A3A9DEF088703BF320F
                                                                                                                                                                                                                                                                                            SHA1:4D33C70DDE306F1B8FCBC5D29CEA7A7E8D765EB5
                                                                                                                                                                                                                                                                                            SHA-256:88962C0640E0044A29ADBFFB91D71DABAB558FF1AF4E42EBC00B1CC4E90C0F4E
                                                                                                                                                                                                                                                                                            SHA-512:F8538CBD53C10912D40E4D118AB91FDE52642DE5718CBCA9E2DE5D76DFDE13B6832122F64776D098415A320CE64CCA2DB7E6B48FD25C507782D35F714BA2FAA3
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@.......................................@......@....................-......`-.49....-.......................................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc.........-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\System.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Downloads\teamviewer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11264
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.770824470205811
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
                                                                                                                                                                                                                                                                                            MD5:B8992E497D57001DDF100F9C397FCEF5
                                                                                                                                                                                                                                                                                            SHA1:E26DDF101A2EC5027975D2909306457C6F61CFBD
                                                                                                                                                                                                                                                                                            SHA-256:98BCD1DD88642F4DD36A300C76EBB1DDFBBBC5BFC7E3B6D7435DC6D6E030C13B
                                                                                                                                                                                                                                                                                            SHA-512:8823B1904DCCFAF031068102CB1DEF7958A057F49FF369F0E061F1B4DB2090021AA620BB8442A2A6AC9355BB74EE54371DC2599C20DC723755A46EDE81533A3C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L....z.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\TvGetVersion.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\Downloads\teamviewer.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):212792
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.710515453438483
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:c+dWYjMt9+jA5DhM/YYsP+f7k1No5vw1YoX+hYsQy2zr9GQHV/6SxR:nWYj+9TDhMQYs6k3o+1XT3r9HVL
                                                                                                                                                                                                                                                                                            MD5:88C2C2A3DEF9F002E24164212BB6884C
                                                                                                                                                                                                                                                                                            SHA1:DAD09D3B81AC093C5DA7823060B292E4F9605F32
                                                                                                                                                                                                                                                                                            SHA-256:DD714698383FC44DE094FF9A8F97709AA8F44A76D06A5DCF434913A1DEBD4C44
                                                                                                                                                                                                                                                                                            SHA-512:FB31D81E0F3242DA337BA8B0159793DB35D248106F5069B44A5D103939F3CFF33FF44E1B57F3D41E500E78D479B6A98582602FCE157298D2576D4814CC34DED1
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........).b.H.1.H.1.H.1.>r1.H.1.0J1.H.1.H.1/H.1..G1.H.1..s1.H.1.k.1.H.1..r1.H.1..B1.H.1..C1.H.1..D1.H.1Rich.H.1........................PE..L...;.|c...........!.....2..........H........P......................................|5....@.........................`.......<........@..................8/...P.......................................................P...............................text...L1.......2.................. ..`.rdata..~....P.......6..............@..@.data....H..........................@....rsrc........@......................@..@.reloc.. '...P...(..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\InstallOptions.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15872
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.470704479865464
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ErC43tPegZ3eBaRwCPOYY7nNYXCT/Yosa:EmTgZ3eBTCmrnNAh
                                                                                                                                                                                                                                                                                            MD5:033EE34C40E8FA85BF2739BCB2F3E186
                                                                                                                                                                                                                                                                                            SHA1:2CA942F35F77F37DF3FC6097ACAC34F2E77341B7
                                                                                                                                                                                                                                                                                            SHA-256:C91C1796338A265B49039C0B2C7A312D764B99E5174FB2DAE455CA54F8F41EC7
                                                                                                                                                                                                                                                                                            SHA-512:2204E0B8721B8D85C51BD068B1695B16EE096BFC1D1CD5843F48FD04032AEEE2B6A91CE82978A4B3414F3D966EC5B36FB337A4149DAE3A1D0445935D964D247F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L....z.W...........!.........`.......+.......0.......................................................................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\System.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11776
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6557532861400945
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
                                                                                                                                                                                                                                                                                            MD5:0FF2D70CFDC8095EA99CA2DABBEC3CD7
                                                                                                                                                                                                                                                                                            SHA1:10C51496D37CECD0E8A503A5A9BB2329D9B38116
                                                                                                                                                                                                                                                                                            SHA-256:982C5FB7ADA7D8C9BC3E419D1C35DA6F05BC5DD845940C179AF3A33D00A36A8B
                                                                                                                                                                                                                                                                                            SHA-512:CB5FC0B3194F469B833C2C9ABF493FCEC5251E8609881B7F5E095B9BD09ED468168E95DDA0BA415A7D8D6B7F0DEE735467C0ED8E52B223EB5359986891BA6E2E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....z.W...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\TvGetVersion.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):231736
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.501157423383711
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Cxk3bYmDGHLQk4h97Dr8TTN/WIKI8NBkAC7cOzgX04h7fKl6zYbpJ/nxw:j3bYmD0ih9fwTTIIKnCDHgL26zqpJC
                                                                                                                                                                                                                                                                                            MD5:93212693138EE84635BAF43345955598
                                                                                                                                                                                                                                                                                            SHA1:14E01E4C6AE4FC82B52B820E62C5353241D1A3F0
                                                                                                                                                                                                                                                                                            SHA-256:86CE1591B184A128ED965F43AE43D1608970065D0BBDF286354B59FF29E87759
                                                                                                                                                                                                                                                                                            SHA-512:F5F373C91FDDADB73CD6BF68E06DE99CDBBA920DE6F88C09344B129B070101DDA4E115EB26C1AFEE13FB26E271B5949773E3512D70A616C8FFB17116C27FAE82
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.../.../.../......./......./....."./......./.....8./....../......./......./......./......./.Rich../.........PE..L...1.|c...........!.....J..........x........`............................................@..........................................................Z..8/...........................................................`...............................text...mI.......J.................. ..`.rdata.......`.......N..............@..@.data....W...0......................@....rsrc................*..............@..@.reloc..z(.......*...0..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\UAC.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18432
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.858723390475489
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:5cdcpry0igQ1Ii1rzn6U4gbfW6irWP+vOg7XRSEi+OPLjte86jugnincl0Nr90Og:WqVibvTh4qnFP+OPEzinclP+
                                                                                                                                                                                                                                                                                            MD5:113C5F02686D865BC9E8332350274FD1
                                                                                                                                                                                                                                                                                            SHA1:4FA4414666F8091E327ADB4D81A98A0D6E2E254A
                                                                                                                                                                                                                                                                                            SHA-256:0D21041A1B5CD9F9968FC1D457C78A802C9C5A23F375327E833501B65BCD095D
                                                                                                                                                                                                                                                                                            SHA-512:E190D1EE50C0B2446B14F0D9994A0CE58F5DBD2AA5D579F11B3A342DA1D4ABF0F833A0415D3817636B237930F314BE54E4C85B4DB4A9B4A3E532980EA9C91284
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......DH.".)lq.)lq.)lq.)mqP)lq.!1q.)lq./jq.)lqT.]q.)lq..hq.)lqRich.)lq........................PE..L...lKPJ...........!.....4...........:.......P......................................i/...............................B..J....:..x....`.......................p..........................................................L............................text...Z3.......4.................. ..`.data........P.......8..............@....rsrc........`.......@..............@..@.reloc.......p.......B..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\UserInfo.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4096
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.2985268507239933
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:qKlqD22TZ4s9XXqQr1wHGzzofD4x/X/3Mbj+cZSoJwhSv3:5Q/RKQruH0pxvcecX+hSv
                                                                                                                                                                                                                                                                                            MD5:9B0DB6A6056E8E51AC35E602AEAB769F
                                                                                                                                                                                                                                                                                            SHA1:B541C6D2635141CDC3A74F59D55DB8DF4A92E7AC
                                                                                                                                                                                                                                                                                            SHA-256:925D80C31702A95D58EDE91EE97FD842DE78CA6DDE69156A6C1A755FBA93CD5C
                                                                                                                                                                                                                                                                                            SHA-512:83FE9D346835940A37E0E0A18D041C9D13FC95A0E9ECE3BC18E555CF0E8E7DDF7B42DBA422B1E55ACE31DB3C9FC807E0B44E93B8F07F5ACB943EAAF77B4F0AC6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L....z.W...........!................j........ ...............................P...................................... "......L ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\advanced_unicode.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1332
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6031642286014898
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Q+soqioC/irl1vSCm6a/gC863pXH/aKCo6sSljRF3Cb6LlTQ8CC6Llfnq84RUv:rs4Yx1vEFhaoWXrEJfq86a
                                                                                                                                                                                                                                                                                            MD5:F68824A4130EBAF6BC7AB0F62256D7D7
                                                                                                                                                                                                                                                                                            SHA1:40AF19A0D92B3C9E1A8B1EAAB7D12C69E5DF436A
                                                                                                                                                                                                                                                                                            SHA-256:CD8149A2E89373075EE6DB800B7F2496BACBFE21B23E4A06A3453632503B3965
                                                                                                                                                                                                                                                                                            SHA-512:6A173AAA183BE0E5A516CAD484802DAE1FC53A414F870F93EA846A9EF9F9DF35153766EF632EB5E8CED8F94C2ED09A9DECDF3465D46B0DCC44A6918D88E242CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..[.S.e.t.t.i.n.g.s.].....N.u.m.F.i.e.l.d.s.=.6.....R.T.L.=.0.........[.F.i.e.l.d. .2.].....T.y.p.e.=.T.e.x.t.....L.e.f.t.=.1.0.....T.o.p.=.1.4.....R.i.g.h.t.=.1.7.3.....B.o.t.t.o.m.=.2.6.....S.t.a.t.e.=.C.:.\.P.r.o.g.r.a.m.m.e.\.T.e.a.m.V.i.e.w.e.r.........[.F.i.e.l.d. .1.].....T.y.p.e.=.L.a.b.e.l.....L.e.f.t.=.1.0.....T.o.p.=.0.....R.i.g.h.t.=.2.9.6.....B.o.t.t.o.m.=.7.....T.e.x.t.=.D.e.s.t.i.n.a.t.i.o.n. .d.i.r.:.........[.F.i.e.l.d. .3.].....T.y.p.e.=.B.u.t.t.o.n.....L.e.f.t.=.1.8.9.....T.o.p.=.1.2.....R.i.g.h.t.=.2.6.9.....B.o.t.t.o.m.=.2.7.....T.e.x.t.=.B.r.o.w.s.e...........F.l.a.g.s.=.N.O.T.I.F.Y.........[.F.i.e.l.d. .4.].....T.y.p.e.=.C.h.e.c.k.B.o.x.....L.e.f.t.=.1.0.....T.o.p.=.3.6.....R.i.g.h.t.=.2.9.6.....B.o.t.t.o.m.=.4.5.....T.e.x.t.=.I.n.s.t.a.l.l. .T.e.a.m.V.i.e.w.e.r. .P.r.i.n.t.e.r. .D.r.i.v.e.r.....F.l.a.g.s.=.N.O.T.I.F.Y.........[.F.i.e.l.d. .5.].....T.y.p.e.=.C.h.e.c.k.B.o.x.....L.e.f.t.=.1.0.....T.o.p.=.5.5.....R.i.g.h.t.=.2.9.6.....B.o.t.t.o.m.=.6.4.....T.e.x.t.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\finish_unicode.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1264
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.530715965349217
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Q+soh1v05h6KPlUwmCX6sXxoByx2/uwmpCG6sULAQl6R5wJCD6sUqQ8lICx/L1:rss1vqDUwrXxRxMuwM+AQowQtICxT1
                                                                                                                                                                                                                                                                                            MD5:DB0713808219E4D7334171F9E1E6C2BC
                                                                                                                                                                                                                                                                                            SHA1:8D8C463837CFCE60B6F501DD75B398E3C7ED8A06
                                                                                                                                                                                                                                                                                            SHA-256:51B57CF2C70006646A76797CADAA5D014C9FF707DA8A4B4E17BCDFCCC3C00FD8
                                                                                                                                                                                                                                                                                            SHA-512:EF0F8FF01E4F6419BC64AF3A0FADADA15F0C1F23F95A544460DD4FAC83C1DDE3758537FD5F93CC8E3B39A45B310261B3F6511A286D95EE5EDF615EC40AAC08AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..[.S.e.t.t.i.n.g.s.].....N.u.m.F.i.e.l.d.s.=.5.....R.T.L.=.0.........[.F.i.e.l.d. .1.].....T.y.p.e.=.L.a.b.e.l.....L.e.f.t.=.1.5.....T.o.p.=.2.0.....R.i.g.h.t.=.2.9.7.....B.o.t.t.o.m. .=. .3.0.....T.e.x.t.=.H.o.w. .d.o. .y.o.u. .w.a.n.t. .t.o. .u.s.e. .T.e.a.m.V.i.e.w.e.r.?.........[.F.i.e.l.d. .3.].....T.y.p.e.=.R.a.d.i.o.B.u.t.t.o.n.....L.e.f.t.=.1.5.....T.o.p.=.5.5.....R.i.g.h.t.=.2.9.7.....B.o.t.t.o.m.=.7.1.....T.e.x.t.=.I. .w.a.n.t. .t.o. .t.e.s.t. .t.h.e. .c.o.m.m.e.r.c.i.a.l. .f.e.a.t.u.r.e.s. .w.i.t.h. .a. .f.r.e.e. .1.4.-.d.a.y. .c.o.m.m.e.r.c.i.a.l. .t.r.i.a.l.....S.t.a.t.e.=.0.....F.l.a.g.s.=.N.O.T.I.F.Y.........[.F.i.e.l.d. .4.].....T.y.p.e.=.R.a.d.i.o.B.u.t.t.o.n.....L.e.f.t.=.1.5.....T.o.p.=.7.1.....R.i.g.h.t.=.2.9.7.....B.o.t.t.o.m.=.8.7.....T.e.x.t.=.I. .w.a.n.t. .t.o. .u.s.e. .t.h.e. .f.r.e.e. .v.e.r.s.i.o.n. .f.o.r. .p.e.r.s.o.n.a.l. .u.s.e.....S.t.a.t.e.=.0.....F.l.a.g.s.=.N.O.T.I.F.Y.........[.F.i.e.l.d. .5.].....T.y.p.e.=.R.a.d.i.o.B.u.t.t.o.n.....L.e.f.t.=.1.5...

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\ioSpecial.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):546
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.654262909261344
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:Q+samuIfHaHNCsgsSaJRKQ1AIGDLJpDTV9:Q+saIPeCsGaJ9aIGD9h
                                                                                                                                                                                                                                                                                            MD5:D4CBADB0346C3911FAB5A5F36A44CAED
                                                                                                                                                                                                                                                                                            SHA1:0291587CEFA8BF730938876E8802682B348E0986
                                                                                                                                                                                                                                                                                            SHA-256:0A9B32F2F5E369E08E5A2BA9FEC86C19C396A66245464F58A81F6CD57CB4A45D
                                                                                                                                                                                                                                                                                            SHA-512:80CF5180107457C81BB63877C5EABDA59714C1BC40894E9B5A4528C62A7E18C753F52C8431D7A2CA58FD80867EB67B54068372045E63344A272869D8CB7955FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..[.S.e.t.t.i.n.g.s.]...R.e.c.t.=.1.0.4.4...N.u.m.F.i.e.l.d.s.=.3...R.T.L.=.0.....[.F.i.e.l.d. .1.]...T.y.p.e.=.b.i.t.m.a.p...L.e.f.t.=.0...R.i.g.h.t.=.1.0.9...T.o.p.=.0...B.o.t.t.o.m.=.1.9.3...F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T...T.e.x.t.=.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.l.5.6.E.9...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....[.F.i.e.l.d. .2.]...T.y.p.e.=.l.a.b.e.l...L.e.f.t.=.1.2.0...R.i.g.h.t.=.3.1.5...T.o.p.=.1.0...[.F.i.e.l.d. .3.]...T.y.p.e.=.l.a.b.e.l...L.e.f.t.=.1.2.0...R.i.g.h.t.=.3.1.5.....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\linker.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):46080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.178303301960086
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:vmTLl3rmEgLMP/rLqgidfwHJQDEExmE+Ji4RdVt//w:vgLFm8OdfwpJS/fqt//w
                                                                                                                                                                                                                                                                                            MD5:4AC3F0AB2E423515ED9C575333342054
                                                                                                                                                                                                                                                                                            SHA1:A3E4F2B2135157F964D471564044B023A64F2532
                                                                                                                                                                                                                                                                                            SHA-256:F223D6C72F86544B358A6301DAF60CCDD86198F32E3447A1860ACF3F59F2DAE9
                                                                                                                                                                                                                                                                                            SHA-512:8FBD5B4989BE51C27FA15AF155D2921BEA9AA5D0557A22D4224256E678DFE7DCAA5F80917A748C31DC9C9A91573E4618E2497CCFD47EEFD7A0FA08C12366A1E5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6e..X6..X6..X6...6..X6..Y6..X6.X.6..X6..%6..X6..66..X6..56..X6.."6..X6..$6..X6.. 6..X6Rich..X6........PE..L......Q...........!.....n...N.......................................................,.................................d......d.......x..............................................................@............................................text....m.......n.................. ..`.rdata..4........ ...r..............@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26494
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.9568109962493656
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                                                                                                                                                            MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                                                                                                                            SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                                                                                                                            SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                                                                                                                            SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\nsArray.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.182754987468525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mUODeqedh6EHFRA5sX7d7KnnpOKxX22v:2qqedh6EHFRksp7KpFX
                                                                                                                                                                                                                                                                                            MD5:82D49C227928741F6F09C5CEA3BDE9F1
                                                                                                                                                                                                                                                                                            SHA1:B0904368A5E94026D0CA5760D4577236F796051D
                                                                                                                                                                                                                                                                                            SHA-256:8BC5E75BBFA5A8F10526AEC2AF441153B2883D6D288726ED8F7C9AF12A1EE02B
                                                                                                                                                                                                                                                                                            SHA-512:D4F588E3613886E3DAB58330CD69CE7F24C39BE2C4854CC8EDFCEF98E1324926FCDE0D79DF1A8FDF5E2BF9327B17F22A9FA1396568C0ACE4E46D4F548FDC7530
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%)y.aH..aH..aH..h0..dH..aH..jH..h0..`H..z..cH..z..`H..z..`H..z..`H..RichaH..........................PE..L.....iO...........!.............p..0.....................................................@.........................$.......X...........X..........................................................................................................UPX0.....p..............................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\nsExec.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6656
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.140229856656103
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:J7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN738:HbGgGPzxeX6D8ZyGgmkN
                                                                                                                                                                                                                                                                                            MD5:01E76FE9D2033606A48D4816BD9C2D9D
                                                                                                                                                                                                                                                                                            SHA1:E46D8A9ED4D5DA220C81BAF5F1FDB94708E9ABA2
                                                                                                                                                                                                                                                                                            SHA-256:EE052FD5141BF769B841846170AABF0D7C2BB922C74C623C3F109344534F7A70
                                                                                                                                                                                                                                                                                            SHA-512:62EF7095D1BF53354C20329C2CE8546C277AA0E791839C8A24108A01F9483A953979259E0AD04DBCAB966444EE7CDD340F8C9557BC8F98E9400794F2751DC7E0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....z.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\nsis7z.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):179712
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.382819581405801
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:eBFxfbJUIW9WGExPYD5JFBJOYWjm8KCmRv1fPIVF2tbRp:6xzJSAGEdYD5JcYl78Fs
                                                                                                                                                                                                                                                                                            MD5:87853C0F20F065793BDC707ECE66190B
                                                                                                                                                                                                                                                                                            SHA1:738E11A9A565923EC75400A0CD4BCE4DB257B21D
                                                                                                                                                                                                                                                                                            SHA-256:66B2F36274DDFEEF35B1D6AE6E5755F834446E5D78A719063347543793987161
                                                                                                                                                                                                                                                                                            SHA-512:FEBFCD11795F4EF0FF3D25CBF1856BE01E7F6423A9F16028C927988C04AB21DE5F0B076D7F4CE9294AA7603C0DB61EA5FFB888AF2E9F7C6A6A11BCABFE9795A2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.I............7y......7y..9...7y..c...........................i.....7y..~...7y......7y......7y......Rich............................PE..L......M...........!.................w....................................... ...................................... {.......q..P.......H.......................0...................................8;..@............................................text............................... ..`.rdata...k.......l..................@..@.data...._...........p..............@....rsrc...H...........................@..@.reloc...........0..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\start_unicode.ini

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with very long lines (349), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2480
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.6670054157206033
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:QXr9J3oGhsCA6KijVTw0CC6yXQ22EZC16O4g1wdCo6sw+qlJWRlW2w3C+67NC2qX:ArTYGhjhTwM2f4owXu2wYqKD3GqIkT23
                                                                                                                                                                                                                                                                                            MD5:9DDCC93D89B2E51C086944D91D6311D3
                                                                                                                                                                                                                                                                                            SHA1:A64F03148372274495FD466BB27EF7AF869DEFAE
                                                                                                                                                                                                                                                                                            SHA-256:142353A8A827788B682E95CB7824749CBA42F20180C23297CB1F95C8A39D520A
                                                                                                                                                                                                                                                                                            SHA-512:E7D4CE5E0C0486DDEBC0AA42459649B2035958244AF11B531262E721EBF7C0AB9A865008F0CDA7F04534FD55248480D1DB31BEB24C4FC99552575A776A396096
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..;. .A.u.t.o.-.g.e.n.e.r.a.t.e.d. .b.y. .E.c.l.i.p.s.e.N.S.I.S. .I.n.s.t.a.l.l.O.p.t.i.o.n.s. .S.c.r.i.p.t. .W.i.z.a.r.d.....;. .3.0...0.1...2.0.0.6. .1.1.:.1.9.:.5.5.....[.S.e.t.t.i.n.g.s.].....N.u.m.F.i.e.l.d.s.=.9.....R.T.L.=.0.....S.t.a.t.e.=.0.........[.F.i.e.l.d. .8.].....T.y.p.e.=.L.a.b.e.l.....L.e.f.t.=.1.0.....T.o.p.=.1.....R.i.g.h.t.=.2.9.7.....B.o.t.t.o.m.=.1.0.....T.e.x.t.=.H.o.w. .d.o. .y.o.u. .w.a.n.t. .t.o. .p.r.o.c.e.e.d.?.....H.W.N.D.=.1.3.2.2.7.0.........[.F.i.e.l.d. .1.].....T.y.p.e.=.R.a.d.i.o.B.u.t.t.o.n.....L.e.f.t.=.1.5.....T.o.p.=.1.3.....R.i.g.h.t.=.2.9.7.....B.o.t.t.o.m.=.2.9.....T.e.x.t.=.D.e.f.a.u.l.t. .i.n.s.t.a.l.l.a.t.i.o.n.....S.t.a.t.e.=.1.....F.l.a.g.s.=.G.R.O.U.P.|.N.O.T.I.F.Y.....H.W.N.D.=.1.9.7.8.0.8.........[.F.i.e.l.d. .7.].....T.y.p.e.=.C.h.e.c.k.B.o.x.....L.e.f.t.=.1.0.....T.o.p.=.1.5.2.....R.i.g.h.t.=.2.1.5.....B.o.t.t.o.m.=.1.6.3.....T.e.x.t.=.S.h.o.w. .a.d.v.a.n.c.e.d. .s.e.t.t.i.n.g.s.....S.t.a.t.e.=.0.....F.l.a.g.s.=.N.O.T.I.F.Y.....H.W.N.

                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsv55EE.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):44280882
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.887767020203468
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:786432:uIxbkCYIcHz7Xpcrd+LySQX3Mh2FcVaoHWtFb08sQ8UyD7nCWTFxI:u0wCTqpMILyh3M0sWtFwpfmEzI
                                                                                                                                                                                                                                                                                            MD5:9DBC2C05CDD7A91F5A8A481CC468A0BB
                                                                                                                                                                                                                                                                                            SHA1:8841BFCC2C7E485364A7B2449A7BA7917068BD0B
                                                                                                                                                                                                                                                                                            SHA-256:48C596E816421D66E26690FB899F13922F8C5BF47A5FB9BC433078837FACE44B
                                                                                                                                                                                                                                                                                            SHA-512:BD50A7E49CCDFB1E9F844B824CFE81E688CF8FD2FF6E69AD1FBAFBCFEC9DBFB86860ED33ADA1E7AFA3129BB3DFB84116363D69A84500E2AF8443844CBF5C10B6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview: .#.....,.......................@.........#.!.....#.........................U...i.......................z.......2...........................................................................................................................................................................G...J...............................................................................................................................................................=.......................................................................................................................C.......j.......T.......................................j.......k...q...s.......T.......................................................................................................................).......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Users\user\Downloads\teamviewer.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43363312
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.993304973703554
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:786432:n5bTkNde3NvoxYDk49MvgsV7FzV83hUcvPYRYntnwHu/olv1qb:nGedowMRFzV8xZvP+YntnwHib
                                                                                                                                                                                                                                                                                            MD5:D9CC2F111B059473F9AAEA203B42104F
                                                                                                                                                                                                                                                                                            SHA1:30E47AC0CFB7C1FCE7290ECE71BF6994DDCD9935
                                                                                                                                                                                                                                                                                            SHA-256:BAE251109038D2F25EC7EC74BE869A47E9493135D2D5AF37848C5C3EA2F41550
                                                                                                                                                                                                                                                                                            SHA-512:88D153C8A29A2F09C49ABAD0DE354D7ED84ECAA821870FB99795970FCCA9C04E7D5A573AD7238F8C3DA533626A46C64C2BD14150821A0C58264EB055A8B5278D
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F..v...F...@...F.Rich..F.........................PE..L....z.W.................^...........0.......p....@..........................`............@.................................(t...........e...........|..8/...........................................................p...............................text...[\.......^.................. ..`.rdata..F....p.......b..............@..@.data................v..............@....ndata.......@...........................rsrc....e.......f...z..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                                                            C:\Windows\System32\icarus_rvrt.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):50048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7242310270979555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:80GTBuw+QK1wzf06MEJH9Eh3uilXnK2wYifAPPxWE9tEHx9zFQZ:6TwwjKuf06MEJHShPXnK2w7fePx8jzI
                                                                                                                                                                                                                                                                                            MD5:4E7236C6B0250F15CD2A7B6C0837E96F
                                                                                                                                                                                                                                                                                            SHA1:A6292B400D48B48D5A6C9D399916A79860D1F408
                                                                                                                                                                                                                                                                                            SHA-256:478DCF15F9BD7A3470971C05CCF0E53ED3418D5236E1FDB9DE39BCB1F1B588E5
                                                                                                                                                                                                                                                                                            SHA-512:56B30DFD29F2BCAE85D3A43B0FCD49175E8E7FD63A31B3419EA25B8B902AB69DEB8FECBC32217A2FE19C6733675DFF6DC47A8108F2683B9F22F6F57524F6B05E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s..s..s...r..s..r..s...z..s.....s....s...q..s.Rich.s.................PE..d....t.d.........."......J...(...... ..........@..........................................`.................................................Hu..(.......8............t...O...........l...............................................`.. ............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...............................@....pdata...............h..............@..@.rsrc...8............n..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\bug_report.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4847032
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.519635252550112
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:sMLHHJldomYj0301WmAeyEUyz1kSj4PQCteNOkbBnIQQ9FR8puWuMd7qt/LPQ4zk:28wWSUyWSbBoFRAuWwFw6Ff2p
                                                                                                                                                                                                                                                                                            MD5:38649FFACDA7C9F7176CCFDF11D369D8
                                                                                                                                                                                                                                                                                            SHA1:CF8E7A12F4DD9DD8B5225720244184BEBE8F4DBD
                                                                                                                                                                                                                                                                                            SHA-256:E64E1CEFBDCB5293405A3FE5024C5A627366343689948A40B61103ABD9C794DE
                                                                                                                                                                                                                                                                                            SHA-512:C45A27FC5A33A38A84CB3F26E7528216F5898258D057229C8716FE1C14FE1384250D08C305CE47C0FE9498A0B31AFCDDF8A685741F1F48AB8A2103ED4B67D301
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........kL(]."{]."{]."{.x'z.."{.t.{Q."{.t&zN."{.~'zT."{.t'z*."{.t!zW."{.x!zM."{Tr.{_."{.d&z[."{..&z.."{]."{Q."{..'zu."{..&z\."{.x&zy."{.x#zx."{].#{.."{Iu+z.."{Iu"z\."{Iu.{\."{]..{_."{Iu z\."{Rich]."{........PE..d.....2e.........."....$.R1.. .......V.........@..............................J.....).J...`...........................................?.......?.,....@J.P.....G.LK..H.I.p)...PJ..g....9.......................9.(...p.9.@............p1.p............................text...zP1......R1................. ..`.rdata......p1......V1.............@..@.data........ @.......@.............@....pdata..LK....G..L....G.............@..@_RDATA..\....0J......ZI.............@..@.rsrc...P....@J......\I.............@..@.reloc...g...PJ..h...dI.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\bug_report.exe.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 4847032
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1416796
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99985206342898
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:nGqsRRTj1yDfl18kJoSQ+ZVUDY61fr1hkNEJWqfeoy+/iVkzOPD5A4z8gz6UCYch:nGTjqfP3ZeUcz1hkifeB+/qkzOyrwCJh
                                                                                                                                                                                                                                                                                            MD5:0B6ACF55679872FCB8DC1F07292DF1B7
                                                                                                                                                                                                                                                                                            SHA1:46A0B7E0C4D3C63EEB50E965F63C11BF7C5A8E5E
                                                                                                                                                                                                                                                                                            SHA-256:056F1D35C8CBFFB203A20DCF14C9D5866B746D20C296051EDB1E73B35E4F51AA
                                                                                                                                                                                                                                                                                            SHA-512:A2E1BDB3CC21A6686417145A183FEDED5451BD9AE60A3EB3C075F22DC319EEBBA2058F813BB25915AAEDE4893EAD0638179EE9C5A82F5E97D5B6A3202499AC43
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...I......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV..5.z:.D...Z...]..F.(...I..u/+g/.B.:dh.t..h.;.t.s.<....e..`....~.PP.....(.s....(..|.].K..<0w....^]......l....1Q.._.E.&...O.S..........a.V@..........0.....[;F.\.*.H..>.^..:=..t...Su...............2.....iKTR=.U.ZL.D.....\vk....6..?{...o.D...."H"KO......q.........oN..pG.s.5....<.....2,aL...,....a.....s...ZX.'..M.&D5(6~t?o....'..w.}.3.....)XL....a.4 cF.5|w~(...d...6h^.'..+....Cz......+...<(.@E q.....y...O...=.Di.z.g.+/.... .`][......8.v..X7m&.4qFg.P.....E<.0V0h;.....r/`.{...wW..... .>E.!.&..f....gN!t..$..>J$<?'q..+...MCD...g...b.......3U....Xx.d..!^........q..x..r......!`)..a......:.P..U.&...c..#ip.U.3.._.....y..P..N..>jl.y....u....a.U.CV|..$....NM.0.O4'.Q#...z.2..h..l%.-.^....U8../Uv.....L...h.%wye..o...F.~..!.W.....v@@VO..s...[^..i..i;)..d...o}|..l.V.....@..AH...]..l>...]'...........m.'X.WW.8k..S.p.2..Hs&..wce.".I..R$..+X.IT..-%.t...z.[I

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\config.def

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):509
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.404008286868016
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:2xpyBjPAcWBjPqyCJYB13Uk7okOfzUoygMovZYZ4kVKnIStk:qpyBj4VBjOJYBRUk8HL6ovZs+n1k
                                                                                                                                                                                                                                                                                            MD5:B11D12DBE5978049F84C29EC4F18696C
                                                                                                                                                                                                                                                                                            SHA1:DABA59951603CE05B5836F849AC402469834AD0E
                                                                                                                                                                                                                                                                                            SHA-256:C064266DEF7923FC26BBE315EF424283A1A6F427C090F2858A3FE055A123AF7C
                                                                                                                                                                                                                                                                                            SHA-512:88803EB75E6B772A8D1D62FCFDD222DE4A3C1E295EDC6F4E52EDB9EEAFA7FE6DF9AEF096960BDA5C669E10C51D742460A71385546AC34585B2EFF55218753F7F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ui.offer.progress]..url=https://ipm-provider.ff.avast.com/..[ui.offer.actions]..url=https://ipm-provider.ff.avast.com/..[ui.offer.welcome]..url=https://ipm-provider.ff.avast.com/..[common]..report-url=https://analytics.avcdn.net/v4/receive/json/25..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[CrashGuard]..FullDumpFraction=0..[Signature]..Signature=ASWSig2A3347A6BB6F44B62065D07CED1522933F772741E17BBD223A9CD8D832C7EFEAE41B54BDCA06ABD1EDCB5F9F948F9FBF8C6E72D032B37623F8A118835C219A8342ASWSig2A

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\dump_process.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1213880
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.6083157420290135
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:tUCgkCGjKkZs9QrKKUboalbsg/oJxEx4Ih0lhSMXll7iRiPlJkdV4KP:ihLk69yKXoal9/oMx2b9JIV4
                                                                                                                                                                                                                                                                                            MD5:81058D604C247D6EE88316FBE85360C0
                                                                                                                                                                                                                                                                                            SHA1:9D030B38DFB746B08166CA887100429454CCC7CB
                                                                                                                                                                                                                                                                                            SHA-256:71C8D17B7EC93A3681A5E7871DB89E811003DAE88280C39F164F1808C217D79D
                                                                                                                                                                                                                                                                                            SHA-512:1529E7551CC984868DC00C239533EC9C0A1C28E0A95C335D9D5367CBA92817F5EF92404DA3AEBF237EC5859E7C21AF908A1369F388098972E782C72F3D11C1E8
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......=...y..y..y.....u...........m...2.{....k....s.....p.......p.\.{..y..z.....v..y.....m..$..m..x..m.0.x..y.X.{..m..x..Richy..........................PE..d.....2e.........."....$............`..........@....................................?.....`.................................................d........p..`Y..........H\..p)..........$...........................(.......@.......................@....................text............................... ..`.rdata..............................@..@.data........ ...`..................@....pdata...............`..............@..@.didat..P....P......................@..._RDATA..\....`......................@..@.rsrc...`Y...p...Z..................@..@.reloc...............F..............@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\dump_process.exe.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1213880
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):473158
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999584643378697
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:++Yeps/J1uEzNELXReyWF2/vaCQf55/REyl:+Sps/JBELheyMB7pEyl
                                                                                                                                                                                                                                                                                            MD5:2D7F8CA84D8DDD314CE58009F1F67905
                                                                                                                                                                                                                                                                                            SHA1:D48E09243A505BCA49A5251203A55F416911E46D
                                                                                                                                                                                                                                                                                            SHA-256:857A458F5E8C44D945EA8E339FF720AFCC158ADBE325DDCDD10F9F3074C2C364
                                                                                                                                                                                                                                                                                            SHA-512:AD652159D31559D09CF1BA7785D88B78AA29E5E679EEF65973271B076DA561E8DB42B75D42B6E40F58363ADFD04D4ABF1B2E7EE2506802428C80F8F75B5C2A5C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...ar.u....\.n.K...n0.w..T........~8%.....s...(.2.....HP..../..Y...B..J....x....C.....}...g].#y..L.(.K..O..^....9..7A~.O...%..Vn......z..{.. a8.........o......$.<h..Y..p(n#-.t...?...1.7.g....st.,..c...;......a......(..!.)..M. 6..T.c>Z.f.Z`...f..q..wo..._.+C...Z*s.r!.........w..$.T3..{$.,gf..c......b..w..O/d...B.N3.....c8...>....`.&... .It..:..V|i.....U..\.....MKa...D).D.z3....w.QQ.Zg.Qg....zMu.^..D,..D.W....%F.......Bu.My.7km'.........H'uN..^...@..~.+q).'..L.6..RmE..&......O.(..k9..a..jp.....S.#..G.Q.....$.w.....y.....)]......z........O...?..f9}....1.D.../...Z.]V......S$f.22..\..G...n%b*E...zd.r.JH...M............R.,.l2%d<:...B.q ..F....T..nwnP.A../t..5.....a!.l.............i....q.n...; ........l....(.e.[J..h...D+......0..wo$....G...k_...t4..P..u#..U.b`....w.../...I..1...(Y5.....8X..6......R.... ..bW.%r..w.[B.'kf.2K.....3.U.l.Lg....(.ad

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7344064
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.474368524124362
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:Z75x+ifYBKzkbFo3vPtexRl4q5BuvPa4Wg:N5xFfYBS1fPte548Bub/
                                                                                                                                                                                                                                                                                            MD5:9A20D03282B552AAE11F3EBB5C6FE6EC
                                                                                                                                                                                                                                                                                            SHA1:3E517F8239AFF576519F607A49C271AA4297DE4F
                                                                                                                                                                                                                                                                                            SHA-256:E366797102963D17531351F422771A56D6567FDB50A241812222EDE39FF8C5E5
                                                                                                                                                                                                                                                                                            SHA-512:932B5286B74DCDFB7C0E81F401B24C2791DEF63B9935B78112D12F62F633DB289304FDC81EE2EF5EC1557F61CC8C05E4297C0AAC99506DC663FA975CC0A132C0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........d`.............ow..j....{.......{.......{.......{......ow......ow......&k......&k.......}.......p...............p......ow......~p......ow...............z..P....z.......z...............z......Rich............................PE..d...@/2e.........."....$..L...#.......)........@..............................p.......p...`......................................... Mb......Nb.|....Po.......l.....H.o.x)...`p.`.....X.......................X.(.....P.@.............L......Jb......................text...<.L.......L................. ..`.rdata..D.....L.......L.............@..@.data....x....b......|b.............@....pdata........l......Bk.............@..@.didat..p....0o......\n.............@..._RDATA..\....@o......^n.............@..@.rsrc........Po......`n.............@..@.reloc..`....`p......bo.............@..B................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 7344064
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2220583
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999917899300359
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:U/G4o5xkaJ6/tav5kjKVRWiQicS0MJCz/IJZk3pA475b:U/GD01+5keRBQicSTJCz/IJZk3775b
                                                                                                                                                                                                                                                                                            MD5:404611D3727A35A6ADC617416AAD3665
                                                                                                                                                                                                                                                                                            SHA1:1EECA483D4F95D177B27BAA7796D87335B4D9044
                                                                                                                                                                                                                                                                                            SHA-256:AF281A397087342015CA3CAF427403158DF0744FAFA2D9BCFF7A526CFD68CE41
                                                                                                                                                                                                                                                                                            SHA-512:AC0FB4B69E0C53F3E8B33646737F8708BBF6750F8D22C83FD868848B1A57519403172E309C750DE1AF428273861689E5229F63EA7A1BB8D0A9C3EA973B5366FC
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...p......&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.)w.....G.~...]9..3".1.'.KZ......D...'.n]u..1.@.s.;X....-r.r...]........=7M.4N"(..W:@......."..o...m......JW.........`.K`$...<......1B..n.0. ......K.'.A.>..ja.u.3....:..[.....q.)..9.Q..*s........IJ.&..4...h,m.O..^.$...mJ~|.M...~..-..T..|E*%).}2zv.o..P.^..g.#..%^R.*.x...#.f.:....B.x...j ...x.."Z.8n........W..,..M...I"._.~.u.b....L[r.N@.-D...... *..X.\b.|...XE.l..`.#.....Up5W...DV.]h;sp....,..t..cN_.;................ ....k.....V...Wh%...8..'....=g).~.:...h.....x%1...r.2E..H.$K...-.y.9.~...@.mK,...`.......DjL..'.4d+.MP.#.@....?....m.u.C...0...W.......i.X.M.|X.ma2..U!.<..f...7+^!T.C..~.G.7Z...My.]5Q;pRl....^^G..T......+..v. ...UtG.l.,P`D.s......*.#...C...8.M..O..!..T.p.....q..g.+.8.)......./..q.l..g(dG....ul.]O.i$&..r...}8.B".99..(.?.ibp.6....o....l5tD$i3. X.2..p.q.Fd...8.4.,.......f.%.&.VU....d&.....Mv&....h.4%..0.P..+-`...?....i..5q.D._

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_product.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):809400
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.573990374494777
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:ooLj2W+3WZ1licwT/5C3Qh0lhSMXlP8ZtM:ooLx+3kLirdC1
                                                                                                                                                                                                                                                                                            MD5:A6A744FFE205D820082D365983D49DFA
                                                                                                                                                                                                                                                                                            SHA1:F1D8C40020140AD707666394B457281B52156CA6
                                                                                                                                                                                                                                                                                            SHA-256:5908CBEFE21A5E6518DF8EB8077A1DF8DD8DC3E1449F79557121F92B13DF33EF
                                                                                                                                                                                                                                                                                            SHA-512:23AF2D33DE3B2F35C975107701033474BC3F65FAD96EFDEDD61A9A234EC4B5BC7D7348E313392A99E0BE9DE530DAA8390C9E5941AF8658EB33C584727DF717C6
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$.........!.sO..sO..sO.|.J.bsO......sO...K..sO...J..sO...L..sO.|.L..sO.|.K..sO.5.L..sO.5.K..sO.....sO...K.1sO..sO..sO...J..sO.|.I..sO.m.K..sO.|.N..sO..sN..qO...F.<rO...O..sO......sO..s..sO...M..sO.Rich.sO.........................PE..d...//2e.........." ...$.&...@......P................................................a....`A.........................................j......Pk..........x.......<f..H0..p)...........}.......................~..(...@|..@............@...............................text....$.......&.................. ..`.rdata..L<...@...>...*..............@..@.data............H...h..............@....pdata..<f.......h..................@..@_RDATA..\...........................@..@.rsrc...x...........................@..@.reloc............... ..............@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_product.dll.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 809400
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):307340
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99943192939091
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:LLb6XM3IKBhQK5q3I22jC1MFWKLHShyKul8SIKHtXgg:j6Xw/Hq3fu1LrKuyS3tXgg
                                                                                                                                                                                                                                                                                            MD5:A49D47B086CF68E3D0068D448433608A
                                                                                                                                                                                                                                                                                            SHA1:1DAC154F6AD6AB3ACD9B66CA12EF97AF80FFB444
                                                                                                                                                                                                                                                                                            SHA-256:B6C361D05A805328706A6A115CF1FC150E02305D8B10F8A69846BD73164F8009
                                                                                                                                                                                                                                                                                            SHA-512:EC1231C18A66E47B1AA3B3046C7636E3FF3672E51CA37BDAFC623911B5B7F8F39206F3B7812B7B2E20017D4C700E49341F603B9D367BC09349D19DFE65D5AE9C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..Y.......&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f..^;[..._...s...Q.O....U.sg..i#..j..K.6.js./....@....Nk{. .Z..d....E.....>m....{U......I...r.....T.EO..pDs.w.....W ...U..j?..j.z....v...../.K?z.k...Fy9v0.J.OP.``..E.y.o..T..{.P..;.!.4.......)..k.W...M*...[.{.~L0.L:H.Fl.w..PQ(.m...&R.r.}.H..*.r...xqa....+......B....P.$p....z..I..7..U.;..)..3...`1v...#...P.....OH...B...U.*...._'.W.t...z.....L.........fg.M.'.......^.v.>ZgN...N*k..u.P....]..W.<.....hi..)...%.%Y.......g..r.{..g<k$..o.7...-.4.l.V.{....^V...}[..Q....P.....'.....Y_c....:.X.+2..t...C0..$../...........G..j.7..Fk.....].n....Z..$`..2..#$.Ge.)..f.Y.*....J[.r....]Q..>e..u..[v.AL..O..q.`.\.'...u<.....y.$.....U.L.=4x.R.o.pf...4.{.i*.......'......9......cww.8......b...Y...E......V..A..n.._<.5..Dm............DE...k.c..%.G...]3.Y.;$.;I.....!4...,.I...C<..$WALn..K+.l.0..P..7.=..:.....{....H.\q.1...5L;v.!L.A.....y<....%9/&`2K.\.I.;_.......|..

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_rvrt.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):50048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7242310270979555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:80GTBuw+QK1wzf06MEJH9Eh3uilXnK2wYifAPPxWE9tEHx9zFQZ:6TwwjKuf06MEJHShPXnK2w7fePx8jzI
                                                                                                                                                                                                                                                                                            MD5:4E7236C6B0250F15CD2A7B6C0837E96F
                                                                                                                                                                                                                                                                                            SHA1:A6292B400D48B48D5A6C9D399916A79860D1F408
                                                                                                                                                                                                                                                                                            SHA-256:478DCF15F9BD7A3470971C05CCF0E53ED3418D5236E1FDB9DE39BCB1F1B588E5
                                                                                                                                                                                                                                                                                            SHA-512:56B30DFD29F2BCAE85D3A43B0FCD49175E8E7FD63A31B3419EA25B8B902AB69DEB8FECBC32217A2FE19C6733675DFF6DC47A8108F2683B9F22F6F57524F6B05E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s..s..s...r..s..r..s...z..s.....s....s...q..s.Rich.s.................PE..d....t.d.........."......J...(...... ..........@..........................................`.................................................Hu..(.......8............t...O...........l...............................................`.. ............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...............................@....pdata...............h..............@..@.rsrc...8............n..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus_rvrt.exe.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 50048
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26103
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.993771307079847
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:384:RspI7z9vekX1IYi4n8YNfqxcNMT/e0fW5vKG1p6DKFFYFXpGQ8:RKMFX2rSNfscWnfW5VF2pgQ8
                                                                                                                                                                                                                                                                                            MD5:5EA78A3959501E4FA1924B3EA9E1B244
                                                                                                                                                                                                                                                                                            SHA1:AC80A6CE1431A847BEF6368082CFBF55A78C8536
                                                                                                                                                                                                                                                                                            SHA-256:264182E7566F82B33845911D769F7EC3150EFDA17799450FF0C151FA1E6D16E4
                                                                                                                                                                                                                                                                                            SHA-512:B35F00F0F07E42CC77977BF1CD8B26A86758666F0E7A6F4F0EF2EFD6F25D240DEED07C86F267E29CD376A7001423F519BE6E393BD360680A4D05468054134AF9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;.6I\&...A...@...b!~h.7...iXOo..4.m%.......".61..B.....Y...UPt..,....-.-..)...f7Rv..#~O..G..c....b..d.#sw...xj0UeA.]Q.e.A..Ja..?.n..gC.....&.....^,?N......;.X.....l..Fxg.'P.$N.5..Ty.l-S.i..8g..P<-...w.L...*...xgK...(Tm...n.s..H.e.^.h.......R..Q]..1...h|..dJ....o...._...^...........EV...~...........k...C...Cr.q.'.*q.@..x.w...6!.9pu.D%....*...?.#M.........a.w&..H<x .....Rp..*.(O..&W=.q=..`..f.......tv."....(...F.R..Nz...B...xx..qC{'..`..P.h.'p.U..a}...Z..[....}t.9..W.x$i;..|P.lf.M.T.u../.P..?..0...9..Zv.|...0.N..rl.].DSl.......=In..).>.? Q....SA...].....\.f.:........o.U.Ky.;wr.].V.[.:........Q...f../.D..9.<\...d...K.U.....Y^.9E......R....."*O.....L.w.B=..... ...mW.<....)fv<[.S|'B....o......T\'..e...3.|YW.4.a..p.i....$m.%|..c..=V,..Y.n.._8}q.@.'....JO...#O...m.i.s*...e(.1{.z...v8.6..).;Y?.q..`.3.MU.b*...:..Q.....q....0G.....i4v.k...#..[B.\T.._..k.o..R.v..

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\product-def.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):56896
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.121067082745384
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:vOtgPgPXIZcgY0NyvnhYYfbVQ9T7G4OEAdy9g4kft9Fcmi5H2mhxpwqi+5J58Rvn:qe8SVGOtO
                                                                                                                                                                                                                                                                                            MD5:1F4E93C7D5A1F0BDCD0A2CCCC0297266
                                                                                                                                                                                                                                                                                            SHA1:D6B9A429146C7D95A2075EDADE7535B24660B337
                                                                                                                                                                                                                                                                                            SHA-256:1F98585D5DC25E2499D4D74DEEF89744DC8DE9CE319C4178243B96B8FBC82828
                                                                                                                                                                                                                                                                                            SHA-512:4578E96D00CB01C0E110721EDEC6FA532AF630522DE8A5E6A0F681371EED8E9EC8042976AE50B52E9BB169968D7668DE66A108148CD97D030EDCC0CC4D0927B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" ?>.<product name="avg-av-vps">..<product-defs>...<config>....<install-folder name="AvVps"/>....<full-name name="AVG Antivirus Vps"/>...</config>..</product-defs>..<group-defs>...<group name="base" mandatory-selected="true">....<action-list op="install">.....<delete-pending-files/>.....<commit-extracted-files>......<important>true</important>.....</commit-extracted-files>.....<expand-vps-version order-base="commit-extracted-files" order="+1">......<important>true</important>.....</expand-vps-version>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg-av]%" exists="true"/>......</post-condition>......<src>%PRODUCT_INST%\*</src>......<dest>%PRODUCT_INST[avg-av]%\defs\%VPS_VERSION%</dest>......<ignore-same-files>true</ignore-same-files>......<move-type>Immediately</move-type>.....</copy-path>....</action-list>....<action-list op="uninstall">.....<commit-extracted-files>......<important>true</important>....

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\product-def.xml.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 56896
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12955
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.986470808559502
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:dRC2HpUavGLVCoV9ngCVQ+5KhjbVBHD6Ib9vmWcHM1L1Nz5yZbW4qZjwvrjHDybR:LCapUJ51rWbVdPb/DzpjwvHO8W62d7
                                                                                                                                                                                                                                                                                            MD5:03E397B8F410ECCA1332444633CF85B2
                                                                                                                                                                                                                                                                                            SHA1:FD5EA916B9F77082CA699EAE4335EA69E8A31F14
                                                                                                                                                                                                                                                                                            SHA-256:CCECE2D04C35841BA7E55ACC2D2CB1530508A918E7090B71F20999346B8D38C9
                                                                                                                                                                                                                                                                                            SHA-512:42ABE75A99C37D029362867927737083D79448A2570B5E8D72FC78F4CDBF8A4AC148A7182BAF018D7EFA38B17A7A7A70793E5EBC8ED125CA149C45776BE04457
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.@..............f......{3....&.7d..>$....`K...H......8..:_..~...\......>./........%..H.......o...Y....9-.f.P!....p...tC.k.....[...j...7^..1......N8...2....`..D.X.....h.TXhJk]......k...*3...J_..@[...URa.nK'.9W.a..Z.3k/.1e..gF6?.t...~.3e.=........BD....v...G7=..C.zM[B9d^..A...!....3BN3.(`..5T.....ZY&#AM.JA.......lnm.L.`x.......b@.`!...:...ZV.M~.P.%,.p.....Y..X2.oa.\.....}^....>.....7.{R=...3m>......I40Bua......[.q..Fn3j1....#Z...{.P.D...]$.P.yl\v.;..s......0.ha.J.0...8Z2N..D...sx....y......9...w.U..Y..h4.bi\Z.....A`...mE..P..!....l.B..,@...BM..\.+7.....qa.R...W..[|.V@N.5\..V..7...jU.......59..../.{.".o......m.....l'}.ac]q&..5...s.8.o.=.{...,..:....~&,.$...7!.[+.cNu`...O....tp.:8.O.j.N.,....|W[.."4.~.G*.?.z.,...@...Gyp..8$....4.h..H...*.c....o...B/..$[x.....g.u....\..c..\.$....0...%...U..E..#..S.^..,P!O.WJ....|..J...G.&...B.A.v.e."...w.c5%.......3me..".NS!...&SjK)..-:."......k.4Y.....E^..@,U.;/.t....(.\..o.y.m..].yY[...vJ.. .noYT^FM.Q........

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\product-info.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5931
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.107271951547609
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:aV4ZwWBE0rhimhw/h5hJUc9IQjqWSvXoqWDCITPivefWi0V5Q+gNoM:aeZwZ0Fim2/hbJUc9IQGWSvPbITqvefX
                                                                                                                                                                                                                                                                                            MD5:6D5B220A61F09EC828CACAC75BC35AC8
                                                                                                                                                                                                                                                                                            SHA1:0C3F286540E0DFD86D4D0E1AA337B6760381D4F9
                                                                                                                                                                                                                                                                                            SHA-256:B65FB54E98DAB218B6A9C19E7AE3394B4B0118540940A3F00CA69368CB6FD694
                                                                                                                                                                                                                                                                                            SHA-512:7F1AA31168D24E70819DAB4E4E339B87F38209394EAED45D1DA9BEB082BC305443E49477C5E3FEEC8F833540BD197578AFD5D186A87D11BF7ABB315E327B1AEF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av-vps</name>..<version>23.10.2702.3679</version>..<build-time>1698402534</build-time>..<inner-version>23102702</inner-version>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>a1fb1bf840d417e6baeaf525ce6f4c4c6ed5e6c669d7f5f35f5832c88c0ff431</sha-256>....<timestamp>1698402472</timestamp>....<size>6571448</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>e366797102963d17531351f422771a56d6567fdb50a241812222ede39ff8c5e5</sha-256>....<timestamp>1698402473</timestamp>....<size>7344064</size>...</file>...<file>....<conditions>.....<o

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\aswOfferTool.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2343864
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.799756934080038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:EKggggMGvxFqA51R48QUTk5AvAfAAEV1rnFTZT0krlGW+:DvxoA51R482Ao7ELxTZT0krg
                                                                                                                                                                                                                                                                                            MD5:61CEBC6B9E393B36D6A89A16EE7CEE9E
                                                                                                                                                                                                                                                                                            SHA1:22997CE4600037BA4618875DC03C4EA04D84E1D6
                                                                                                                                                                                                                                                                                            SHA-256:9FE456AB74B9825AED2E1E42BDFCD80D2C71C70A2B57CC17EDC5AF35E4F092B0
                                                                                                                                                                                                                                                                                            SHA-512:5EB0DBB6A17C16F800FAA716B26FED2F451E81162B30951F3B528AF1B5DC5F9C16E8AD575FB11ED1AE450CB46BD9D1C77F9FEDD4F72709026262F252E4A38C7C
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........Y...8@.8@.8@.BJC.8@.BJE.]8@.5F..8@.5FD.8@.5FC.8@.5FE..8@.BJD.8@.@..8@..MD.18@.8@.8@..VD.8@.BJA.8@.8A.?9@.GI..8@.G@.8@.G..8@.8..8@.GB.8@.Rich.8@.................PE..L...a&.e...............$.............0............@...........................#.......$...@.........................0...............................H.#.p)...0#.....(k.......................k......hj..@...............l............................text...:........................... ..`.rdata...G.......H..................@..@.data...$m... ...H..................@....rsrc................R..............@..@.reloc.......0#.......".............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\aswOfferTool.exe.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 2343864
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):895072
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999787063091785
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:3/Tliz1mmM6BoCkuim7PiZVNjgx1MDPWxaRqvV4hrJ19vLAzw787gYk8kIhf0356:v5iz1hzTP6qYdTrzyk78ExYfG58Pqy
                                                                                                                                                                                                                                                                                            MD5:29ADE4000DD199A072C72313E8D094D6
                                                                                                                                                                                                                                                                                            SHA1:BB9A9BFDBB22C113E1E7AAC6328D397E8BA3C7D5
                                                                                                                                                                                                                                                                                            SHA-256:BE0FF1C4FEED0F5E3699F4CB741ECAA701C16E5AF2F8C1260A496EABB008B338
                                                                                                                                                                                                                                                                                            SHA-512:03C4032D9355974FF03E4C75912C850DDE719DFFBD57B84710502E5BB21FF91E931690768588C7425797BB11AC615B629BD92763C7A9ECD5EC5FE08DC0A1ABEE
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...#......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...av.........A..qNQF..O'..M...B6."......<........z.jw.4..9..A.K"U...fi...IDg.h......q.PY......["..*....z.q.p>..?.k8.'q..\..q....jq..)....-....J....T`. ..3.....@].Y..tu..M~ ].9...hX........kL....+..$....@......M...L#zP....[o....=T.K;......I..........[.N...FB..4..G...bpBF..YFg..B..M@......c....X....IO...-.s.3.....Yp.Y....S.6..wE.N.#....^......n>B.F.g.4..jN.....2K...0q....m.;.3.06......!.=....41:g.Oxug".O..?=.rs+...L..A=.,.S.2......xk..BG...,.I1`..u{...;....EX..dF:nck..V4..G...bz.x..]..}2<%..N....,.%."...WN......aW....i.1=...{NR%..P.......>..7..f....n..A..(B.R.(T....Q..O.w....5p..S.x..X.SxY..Z..._.K.&9.=.....B..lP...........:E.U..k..?..U....y..6..H...W.=..=..MQ..zZ.}wV/....lEx^.YW.{....o.07..v4...sRpD>..@...fz\i>..+%L.`3.{R"..jt....Px@.b<(s...h...U..P.....}..... en..Se}..F.1Y.KX.zZ.9..7..s.2PaK...eq..ySq8..o...{.n.Y.]...2.........Y..... .= ^.R~..

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\bug_report.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4847032
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.519886418886043
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:VMLHHJldomYjw3stmiQKWIUyz1kOn4PQOtepOAbBnIQQ9FR8puWuMd7qt/LPQ4zF:vgwmmUyWObBoFRAuWw9sZFf2p
                                                                                                                                                                                                                                                                                            MD5:B1A603C438CC546915BE82D1A193FFD9
                                                                                                                                                                                                                                                                                            SHA1:AC2C1200D4451F781543D85327C8979CE8D8C3B1
                                                                                                                                                                                                                                                                                            SHA-256:F3D41563EF598F824DB6DCE8E182B3110696C20A868329C5BD82F53DB4FA0337
                                                                                                                                                                                                                                                                                            SHA-512:F4D1428E0478A43C2BFF8E78902DF4EDCCCBFE58FDE438DCEC1D7BCBBDD121658CF95A978FB2A893FF3923C1EBB2B98275F7F1BBFB15A997B4219CA47B09D45E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........kL(]."{]."{]."{.x'z.."{.t.{Q."{.t&zN."{.~'zT."{.t'z*."{.t!zW."{.x!zM."{Tr.{_."{.d&z[."{..&z.."{]."{Q."{..'zu."{..&z\."{.x&zy."{.x#zx."{].#{.."{Iu+z.."{Iu"z\."{Iu.{\."{]..{_."{Iu z\."{Rich]."{........PE..d...j&.e.........."....$.R1.. .......V.........@..............................J.......J...`...........................................?.......?.,....@J.P.....G.LK..H.I.p)...PJ..g....9.......................9.(...p.9.@............p1.p............................text...zP1......R1................. ..`.rdata......p1......V1.............@..@.data........ @.......@.............@....pdata..LK....G..L....G.............@..@_RDATA..\....0J......ZI.............@..@.rsrc...P....@J......\I.............@..@.reloc...g...PJ..h...dI.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\config.def

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):679
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.374487617780376
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:2xpyBjPAcWBjPqyCJYBheSfU3Uk7okOfzXy9FQV6UaAAOheMOB94UNfm4k:qpyBj4VBjOJYBBfEUk8HLC9m3OzZNfmp
                                                                                                                                                                                                                                                                                            MD5:31F29F1B6F46769195F001ABD4292EE6
                                                                                                                                                                                                                                                                                            SHA1:55CEE013F168602B2A04AEF6787D4251D4B48318
                                                                                                                                                                                                                                                                                            SHA-256:142967F80C46AE111207ABBD09C3FC23478C9DB7457ECD6BF828F71E7966F938
                                                                                                                                                                                                                                                                                            SHA-512:7736844FCC51A15C4CE108E58B92FC61D2B36BE251566D2DFE2D9ABE742B61DD83FE7A1D1B18DCAE50D1CFD41587F29F156D67B2ABB921709DCA8687C291F2AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[ui.offer.progress]..url=https://ipm-provider.ff.avast.com/..[ui.offer.actions]..url=https://ipm-provider.ff.avast.com/..[ui.offer.welcome]..url=https://ipm-provider.ff.avast.com/..[bugreport]..product_finished_errors=45005..[common]..report-url=https://analytics.avcdn.net/v4/receive/json/25..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[offer.browser.asb]..decision_type=2..download_url=https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exe..enable=1..priority=1..ui.offer=welcome..[Signature]..Signature=ASWSig2A29D0DB7B3CB409C4CDAE018DB2F530D70264B769BA0969CD1BBF138F5877A22C4547A7469524BFDBD688DE308654CE81A3B628217192AB4E49C76D6A115033C3ASWSig2A

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\config.def.edat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2194), with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18035
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.647824586371176
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Dw9+iXHcV2gJJi0YkdTJ3p+qOlG1srr7dl9D3e7A5obqAY:O+iYJiaJFOlWw/D3es5oGAY
                                                                                                                                                                                                                                                                                            MD5:637DCC5D11B6EB98BDC309EC36701DE8
                                                                                                                                                                                                                                                                                            SHA1:1ED8107B7B5EACCF4A9069BEB53CFB9C0BC88B22
                                                                                                                                                                                                                                                                                            SHA-256:CE0F73CEA417942AFE49F0F902D85EC18AC16A7ED5D3AE758AE825FFB0F7C152
                                                                                                                                                                                                                                                                                            SHA-512:BA4A0323A5EEB9DE9EAC3F8DFFE2CB38FCA840F78E2907C3F50748BCAC14696003CA25D0F7C0EB402C0D3EA0D9125CEFDC479147A1CAC16858C9C072BB3C37A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=0..MaxRequestSize=16384..OutlookEnabled=0..YahooEnabled=0..[WebShield.NXRedirect]..Redirect=0..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=2..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=0..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..ais_cmp_fw=2..ais_shl_spm=3..[GrimeFighter]..info2_licensed_period=3600..info2_unlicensed_period=3600..LicensedClean=1..UseGF1License=1..[StreamFilter.HttpPlugin]..ATisON=0..DohMode=3..Pinning=0..[OPM]..def_base=e

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\dump_process.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1213880
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.608370550710603
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:PACgkCmLmk9Q9QrKKUboalbsg/oJxEx4Yh0lhSMXll7MSiPlJkdV4K/:4hHkq9yKXoal9/oMxm69JIV4
                                                                                                                                                                                                                                                                                            MD5:36B9397D83C5A7BF33C02D5213BEB1C1
                                                                                                                                                                                                                                                                                            SHA1:792A44D1E5478575E658C304E742E84A13EFF5DA
                                                                                                                                                                                                                                                                                            SHA-256:4246AF29405597481F4D3E6F1E55CF71175E7762E69F97A3470C1253959D768A
                                                                                                                                                                                                                                                                                            SHA-512:5FBA613D021921A603D3462EB50AC767AF867CF3F706132A461A82EEC481309862AC868076F3E9515DA0034110782DE500B27114FCB57B7BBD637B7332D232B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......=...y..y..y.....u...........m...2.{....k....s.....p.......p.\.{..y..z.....v..y.....m..$..m..x..m.0.x..y.X.{..m..x..Richy..........................PE..d...D&.e.........."....$............`..........@..........................................`.................................................d........p..`Y..........H\..p)..........$...........................(.......@.......................@....................text............................... ..`.rdata..............................@..@.data........ ...`..................@....pdata...............`..............@..@.didat..P....P......................@..._RDATA..\....`......................@..@.rsrc...`Y...p...Z..................@..@.reloc...............F..............@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\edition.edat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:Jn:J
                                                                                                                                                                                                                                                                                            MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                                                                                                            SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                                                                                                            SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                                                                                                            SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:15

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7344064
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.475073805528636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:zzhxeOfs3SHwHF8TjntexRl4mVUuvPa4Wg:vhxpfs3SVPnte54wUub/
                                                                                                                                                                                                                                                                                            MD5:A87978C382EABC0165DB0C7EDC5797B2
                                                                                                                                                                                                                                                                                            SHA1:2D145E3C71549A378DD9ECACBB99FA5F0AD2565F
                                                                                                                                                                                                                                                                                            SHA-256:7794CF36A6228135BEF6581458EEB15D420159596FE2F0EA6296CBB2971089FD
                                                                                                                                                                                                                                                                                            SHA-512:1D1E1212A3BE1A7DC4FB508DAD20A2502217DF2CFBBB8B5AF672E85EF68AAE740C9FAC2095A6082A993127FE210D0635ADA72B2E90D98ABF306C7CA9AC3D5CB4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........d`.............ow..j....{.......{.......{.......{......ow......ow......&k......&k.......}.......p...............p......ow......~p......ow...............z..P....z.......z...............z......Rich............................PE..d..._&.e.........."....$..L...#.......)........@..............................p.....)#p...`......................................... Mb......Nb.|....Po.......l.....H.o.x)...`p.`.....X.......................X.(.....P.@.............L......Jb......................text...<.L.......L................. ..`.rdata..D.....L.......L.............@..@.data....x....b......|b.............@....pdata........l......Bk.............@..@.didat..p....0o......\n.............@..._RDATA..\....@o......^n.............@..@.rsrc........Po......`n.............@..@.reloc..`....`p......bo.............@..B................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_product.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6014392
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.481855729868027
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:DMLgHYldBpyoolheLtE1dzXMrB6ZgYAXUwzmcaFS0qrMOyMiqXrmrkT7RxnZZPUD:UGoVzygLnl1LpRHDwyva
                                                                                                                                                                                                                                                                                            MD5:98E1C0556DBB60FA186052A18A8E23E0
                                                                                                                                                                                                                                                                                            SHA1:382A506F330EB8EF25D36330A8289C0F73F8E5A8
                                                                                                                                                                                                                                                                                            SHA-256:39174C0022763E52089A0A3D3CC047AE80A64244E358E001389F499A8160C579
                                                                                                                                                                                                                                                                                            SHA-512:CC82F73503ABCABE840DFACE0424092F047773233AB033E295F6C1B30C467260790B2285C0CFCA176D506A1E217B421BC1358C5D6E1CB8F4CE233AB1A2D2C110
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......Gb...............q.......w......}......}......}..m...}.......q.......{m.....Uv.....Uv..+............q.......v......m......m.......q..........l....q..$....|..4....|.......|........i......|......Rich............PE..d....&.e.........." ...$..<..2 .....@<#.......................................\......\...`A........................................@.O.......O.h.....[.h....0Y.l...H.[.p)....\.4...PqG......................rG.(....pG.@............0<..............................text...n.<.......<................. ..`.rdata.......0<......"<.............@..@.data....$....P..n....O.............@....pdata..l....0Y......VX.............@..@_RDATA..\.....[.......[.............@..@.rsrc...h.....[.......[.............@..@.reloc..4.....\.......[.............@..B................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_product.dll.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 6014392
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1675280
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999896428853255
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:UJNNrs21hNKbAE9Ljhn5snOO+j2OUdSITmKJ+msUGRTp:UJNNrsiErvh5sOvoRTmYkUI
                                                                                                                                                                                                                                                                                            MD5:201656CEA6EB0C43CD283456955AF3A9
                                                                                                                                                                                                                                                                                            SHA1:4E694FF5E8808DDD83002763BEE78C712FC66736
                                                                                                                                                                                                                                                                                            SHA-256:0A68E6C021F8B4CC993AA70E1408C59CE4B6F82B2F586A9BAEC9DAC4F586B13B
                                                                                                                                                                                                                                                                                            SHA-512:B903B53B0FBDA4DEFF103979C1F0239426B15F13CBE20A5D63DE36D6B65C897592FD6AA296F853647ECBDD139F3AD8C39FE409E8676A3DB60E2B05E3EE0DC642
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...[......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg.!W8 k..tZ.}....m..*..O..T.>.....N.?._.r.g.;.$..... .Y!a... `cs.l.....P......v..{..HC.....Wb.8....e..b.....8....F.E.0......K..B..P..=,...D.-...FM._....+.S.....I.Fb.@.c..4..@..."N..Kc.....U..T^...C.........5..3.f..2...f....,.&./g..M.'..@.|h...y.....v.#$C..,.D....@.H..s/.zd..9...x.d#L.Y.M-.1.hXz.e..d.8.A...lt:Y.d.....GV....>:....9...._.....bS P.Q....X.>.....H$......>.,q.E....kJ)>$..:6zC*F.{...d..c....j.....%..9.ZR....*......"6Q..&.Y..&......).A.:.SN.O..].mT..)M...Y...a...j..y.>.4.^d...]Q..}d.S........!....{oy..qZ..._....n...7.A.g.d....tLC.s.[.:.%....".2.?.....49.9.I.Fq.qR,....-..q.J....x...RI..Y..>...B./.....y.y.21..e...6..q.B..cS...7@.Y.d.g.d..y).3........Ae..;....I.9....8...bB.=.".|.o..||...S.~.;L...Y......*.C.`r..C=L..wN).....T.|.P.Os...f+.....=...MFh..r.LDa...P_.U....j..2.M../dh?TV.../...=?..f.%{.&......G....'U.FB?..:.. ...(.......9Q.....t..

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_rvrt.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):50048
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.7242310270979555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:80GTBuw+QK1wzf06MEJH9Eh3uilXnK2wYifAPPxWE9tEHx9zFQZ:6TwwjKuf06MEJHShPXnK2w7fePx8jzI
                                                                                                                                                                                                                                                                                            MD5:4E7236C6B0250F15CD2A7B6C0837E96F
                                                                                                                                                                                                                                                                                            SHA1:A6292B400D48B48D5A6C9D399916A79860D1F408
                                                                                                                                                                                                                                                                                            SHA-256:478DCF15F9BD7A3470971C05CCF0E53ED3418D5236E1FDB9DE39BCB1F1B588E5
                                                                                                                                                                                                                                                                                            SHA-512:56B30DFD29F2BCAE85D3A43B0FCD49175E8E7FD63A31B3419EA25B8B902AB69DEB8FECBC32217A2FE19C6733675DFF6DC47A8108F2683B9F22F6F57524F6B05E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............s..s..s...r..s..r..s...z..s.....s....s...q..s.Rich.s.................PE..d....t.d.........."......J...(...... ..........@..........................................`.................................................Hu..(.......8............t...O...........l...............................................`.. ............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...............................@....pdata...............h..............@..@.rsrc...8............n..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_rvrt.exe.lzma

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 50048
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):26103
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.993771307079847
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:384:RspI7z9vekX1IYi4n8YNfqxcNMT/e0fW5vKG1p6DKFFYFXpGQ8:RKMFX2rSNfscWnfW5VF2pgQ8
                                                                                                                                                                                                                                                                                            MD5:5EA78A3959501E4FA1924B3EA9E1B244
                                                                                                                                                                                                                                                                                            SHA1:AC80A6CE1431A847BEF6368082CFBF55A78C8536
                                                                                                                                                                                                                                                                                            SHA-256:264182E7566F82B33845911D769F7EC3150EFDA17799450FF0C151FA1E6D16E4
                                                                                                                                                                                                                                                                                            SHA-512:B35F00F0F07E42CC77977BF1CD8B26A86758666F0E7A6F4F0EF2EFD6F25D240DEED07C86F267E29CD376A7001423F519BE6E393BD360680A4D05468054134AF9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;.6I\&...A...@...b!~h.7...iXOo..4.m%.......".61..B.....Y...UPt..,....-.-..)...f7Rv..#~O..G..c....b..d.#sw...xj0UeA.]Q.e.A..Ja..?.n..gC.....&.....^,?N......;.X.....l..Fxg.'P.$N.5..Ty.l-S.i..8g..P<-...w.L...*...xgK...(Tm...n.s..H.e.^.h.......R..Q]..1...h|..dJ....o...._...^...........EV...~...........k...C...Cr.q.'.*q.@..x.w...6!.9pu.D%....*...?.#M.........a.w&..H<x .....Rp..*.(O..&W=.q=..`..f.......tv."....(...F.R..Nz...B...xx..qC{'..`..P.h.'p.U..a}...Z..[....}t.9..W.x$i;..|P.lf.M.T.u../.P..?..0...9..Zv.|...0.N..rl.].DSl.......=In..).>.? Q....SA...].....\.f.:........o.U.Ky.;wr.].V.[.:........Q...f../.D..9.<\...d...K.U.....Y^.9E......R....."*O.....L.w.B=..... ...mW.<....)fv<[.S|'B....o......T\'..e...3.|YW.4.a..p.i....$m.%|..c..=V,..Y.n.._8}q.@.'....JO...#O...m.i.s*...e(.1{.z...v8.6..).;Y?.q..`.3.MU.b*...:..Q.....q....0G.....i4v.k...#..[B.\T.._..k.o..R.v..

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus_ui.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11592120
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.579092922372079
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:196608:jJ9aK4TOtq7qJwlsADfPSo5nagrqNO0L:V9Pbq7qJwls0PBagrqNOc
                                                                                                                                                                                                                                                                                            MD5:0DC17CA800AEA2358E0A565D7FB38299
                                                                                                                                                                                                                                                                                            SHA1:634F5963D0B49B10CE584E122E2E879328FAC8D1
                                                                                                                                                                                                                                                                                            SHA-256:AC47C136E574DA442AD0961667930A5076C3082F98E0EDCB8FBD732D51E3B6CD
                                                                                                                                                                                                                                                                                            SHA-512:5853CFB68C74CF473916F8F19CFDA0DC0299D0F10DCF47A8BC9E022C3F936D9FA8204CE258DD5E7C0F0361E16882C06EE4229199EE927B8DC68C7CB547EC8B15
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........'.._F.._F.._F...4...F...8q.VF...8..KF...8...F...8..SF...4..@F...4...F...:...F...:...F..V>..]F.._F..YF...3..\F...3..^F...(..]F...(..OF...4..jF.._F...E..K9...F..K9..^F..K9s.^F.._F..]F..K9..^F..Rich_F..........PE..d....&.e.........."....$..}...]..... ..........@.............................p..........`.................................................t...................L...H...p)......................................(...`...@............ }.x............................text.....}.......}................. ..`.rdata..p.".. }..."...}.............@..@.data.....3.....n.................@....pdata..L............8..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\product-def.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1272872
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3949942288945785
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:1FBLzSYiQizFv2okIuzNrGmmaeAjfde0hfHge:1FBtd8vTuzNrGvofU0hfAe
                                                                                                                                                                                                                                                                                            MD5:ABF68F41FD38238488C9984783581B8B
                                                                                                                                                                                                                                                                                            SHA1:F4283041B4A747A2A696D162466335AC59274B7A
                                                                                                                                                                                                                                                                                            SHA-256:1DE662D6A41687462BC259FB9E3BA374EDF79947739CE997D3E9DF297CE6392D
                                                                                                                                                                                                                                                                                            SHA-512:7CCECD2F9B501DAA96F70CC2378C115EAC0E3CD85559B9B25038E374416B9555D526B5B55194808B654132C759B6E874D8D7710F567D6291D20765D2CFCEBFEF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\product-info.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9649
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.275866628060874
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:KXjXXliDZwBmNvpgGm8I6AERUc97Qlv1i+FKqJe1oGA0Ny8RzQ2gWwKsVijk:KXb180mNv+GPAj5KCe1xbNyW3kijk
                                                                                                                                                                                                                                                                                            MD5:C19FCBF02140B9AF1A3BA40B3C8586CD
                                                                                                                                                                                                                                                                                            SHA1:B6580C396DFDC265F0A5EADE38BCEFE052538635
                                                                                                                                                                                                                                                                                            SHA-256:FFCC9BB534F4C1DBED3A01008CFA4B0EEA83741CC67010FC518135C0CA397EAF
                                                                                                                                                                                                                                                                                            SHA-512:9801181AE3CE4D47AB8D4218ED64AAD473574F4DC580EE6494BBCA1E4A91975F4F7101DF02F561690135D9642BD95C25278222FB7B670F1BC0042FE0DC82F466
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>23.10.8563.1247</version>..<build-time>1697532238</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>4c3e1cdb48f03e9cd05318adadcef0545af250b36b9dbe5c9839985baeb05e0d</sha-256>....<timestamp>1697532136</timestamp>....<size>6571456</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>7794cf36a6228135bef6581458eeb15d420159596fe2f0ea6296cbb2971089fd</sha-256>....<timestamp>1697532137</timestamp>....<size>7344064</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\setupui.cont

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):312724
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999459609867886
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:EV41wbKO2TLKSLAhJnwDlQIRBsUAjYCUozoM2B1NEOWZKpJtqZTQLLRVLc7SryyR:EVW+KOovEhJCsUAkffLNExKpOT0s7LEn
                                                                                                                                                                                                                                                                                            MD5:053FF55435136DAEBD2F6FAA12FE1831
                                                                                                                                                                                                                                                                                            SHA1:815113C56692EB0819E19BE9A72FA57B3A6BFF3F
                                                                                                                                                                                                                                                                                            SHA-256:F376E9AF363D39E60246C7DCE9C8C9ACCB7DA5DC8D23E54861778C278E60C0D2
                                                                                                                                                                                                                                                                                            SHA-512:0352E13FECE37EA1B326CE6FE1E2556D5E239950372E42D57A4BE509A8F680F19EA720753DD40F904638835E12CF4B75D15145D18BD64015DC5D481BCAD7F2D4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.7zXZ...i".6..!.....#..,.q...].0...?..Lm.K%. .6.X.....L.@#.....n.....=...+..^......XmT"....o..i..^wp.Tp..........uH.u....1W...jZ.`.(C.....J.uu..$....T...0]d.....HAa.!._/.b.....{|.L...W..3Sq..h.T..@N...A.;..J^XS.....;7....+.).C..Y.Uw.[T.w_(-.i.4...r?Y=qR.;.....>.......aDi1..g....6.@.H..0.Y U>.......[m&.N.~0.ns\.......+..{.L...r..Z!..'.t3.k....-w.1.!.~..'.f~......u/[*@.h....X. .j6.....2.b....@.Aj1.8...,.Ofz.b...Aq..e.o.=]..`z!..Y..jQ9.]........TboT.^..[r...........(.O..'.`UG..:"......5......-.'..e.}^.FI..%Y4-.|.._...BlEV.5.f...3.M8*.g...#.=;........7..\K.t.s.".>>.......M..=[(....U....&l..P.....+.".P..R...A....y(\.S<O)j...eb8.UH...D........a...e..A.L..O...vF.dD>..WR.l....%....X.P....C....;...c...k.r.....O.y..;.;..6e\o.F]..#.4D)....a.>..M.N...:...+.Nn.{i..A......Z.._(..Y..Iy:.&.M$.k==..*.N3...q.7.]...l_...R.B...;.A#......V..7../..0.S.)b..z@C...}...B?...@..88...rk.Q#....E..rf.u}..%.".UX.ZzHxx...F.A'?t/*........5...y...|PIWC.Gh..k<.~..t...o(.5j.V

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\39c2fa3e-f823-4454-a605-dbcf48949c0f

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1272872
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):137458
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.998649906987011
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:3072:+3Bc4psJIXIoMyp7hjIiVN6r/cTOM6w2xlIUS5MO+YO6ETIldsGqw:+xzxXIT0jIGRORDn3O+vTIldsM
                                                                                                                                                                                                                                                                                            MD5:C4C765BC9080D175CB7824F4E9D14736
                                                                                                                                                                                                                                                                                            SHA1:A006F47C65DDBE21A50D0FACCAA19B25818E1D1F
                                                                                                                                                                                                                                                                                            SHA-256:17F8258161634A2C55C88D3164D1D41EB8C2F8496B0F6DF2CB0B3C523766F959
                                                                                                                                                                                                                                                                                            SHA-512:3F717054F3F00147EACA6D0C5187A2987FD0E7831F921CD70CE7318AD8BFF49C0276C8F54B9CBD2EB4291588C0155FD7E8486A6B5AFD4D2DFB192C01C83FD254
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@.(l.............f......{3....&.7d..>$....`K...H.......4...^.a.)....0C:.6..n.f.c...j...$Px...........X.PMf$5.B....O..DN....[.d..s..s..M..:B..(.N..L.?7=~Rg.[...N!."..8......1uW.#....;u<Q..MC..Kl.#.9!U.3N..N...^....Gp..a.@....-.m..Q...c.6.....]..vK..I..(.<..s.1h.r..)y.]!J9%...*/.(]X...%."....Y.,.J.......Z..T,....u1.&......n..&.!E$Dn<..;."....@..90H$Jk4..{i%.@^...q;.%.t!......Md..fJp) m.0..>3......hs...Y.4..<...Q8.$.@.n...u..N..X..ia.f..o.."....b<...^X...z.U;..[..[....A.`.W.0.X..l...v.GfM.9..y..q... $.....4E..Xd..[l.>..R...z../KjC*d..9J...!.O..U.^.l..].S).zLS.[90....O."0...kX[$V!...b{...1&.*@a{....|.Bg.....d0K.KGS.....r.h.]m.9..}.>Y.Ha..Sh.\.UgmX.......Hm.!8.?..k..r)..z.M........bc0:...N9?Qf.w78.....j.C y...;...V8.8..'....HE.Ur..A.,.4.....k.:'Vm.M.J.`..V....*.`.U#...\.8.T....C.K.H..#UD.?..#..;..#......P.!...(.QS..v*...>..T.....T...65.vX{l..8.G..E......A.....+.Q...G.<..!k.....f."._...&.t...Dm....wZ.-..W..uX.zb.....Ru..h.-.OV..c.^.l..`..

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\4573d21f-2216-498f-b102-4ffd1d936bd5

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 7344064
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2220031
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.99991575289602
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:49152:KWwcWTyp+tRc3Yim5fDR0qVGlgLiOA4cbC1MW6+qEvGTa+:KWwx2qrfSqCgeV4cb5WWPa+
                                                                                                                                                                                                                                                                                            MD5:6AAA46341BB03CDCDC70C1A1A15CCBEA
                                                                                                                                                                                                                                                                                            SHA1:7220C1189CCE38A552F1F69FB6F33B61DE8F458A
                                                                                                                                                                                                                                                                                            SHA-256:A58DD457E935D612C7941F245A7DF6C0EEEF801BF65F799DCFB96725DEF3CFB9
                                                                                                                                                                                                                                                                                            SHA-512:ACC8B8E791BF701230F99E4750441509C0C681FB382707F427E7109E462BEDA80E075072461C994EA280B2134D58229AD64E5A0757E59CF2635B8B2401B38534
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...p......&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.)w.....G.~...]9..3".1.'.KZ......D...'.n]u..1.@.s.;X....-r.r...]........=7M.4N"(..W:@......."..o...m......JW............vG.HDA......+wA..`....yO.m5..2...l..J;......J.&aX....u.....o$>W..u'Ar.2&.~.xx. .R.hD...,.,j.....B8..e)D.....G..)2.SO...j-.4QlD.Mc&..+s.oX.tC.....ew...*xTh..u.G..S.,.B.r).w..8..Q....F.5.KBg.....i}Ly..K9~h..a..<..O.ca'.Y.bs.$4.y.m.5.....!]..... ..G......?.|..>'G...0....x..Md...I*.Q.%..?_q.....d=.3.|B.H...q.bn...h..p..DJ.Tn9)...@.s......SM....d...2.qw0....:9Q.1Y..P..E..V.@/_GF....O..%....S..<.).....h.8....{A...|sP..9.A..i.e....@oa@.z.~...{.nMQ..'.;.}...J........a..{.UC,.!.%4L...jM..o.......x...q.d.W3m..?..z...r..a....j...2...C......`....:..C.R.4..x..N.....I...Z.'5.{.TSN~C.5.+...^...(*.[E.<p\.....d.+.Z.P..E..P..Z<.........![{.S5.7.\..f.jTT...{...w..?^.....).%......ZA....dR"..KU.m.km.)...h......)t.c.n!....J...s........O+..6

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\468fef76-f5e5-4065-8dd1-90c0812fa466

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 4847032
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1415844
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999866705663655
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:24576:h4PPqpRJmKFgrEmD6oWFpqbSotqjR6GABXWe1mLB3mWtmr7hYAQmyt3UNDyr:h4PiZmKFWEmDyq+JR6tBWgaB3ftmnhYl
                                                                                                                                                                                                                                                                                            MD5:2172190ADA7E15B64D6F3DAA990BE549
                                                                                                                                                                                                                                                                                            SHA1:6CF38464829DA5E6D3C5C144BCFCB6884FC7C4D4
                                                                                                                                                                                                                                                                                            SHA-256:963801FBAB933E4D8B5361EC12FEED902E5D8CD08A0CCF2E772738AE46C11317
                                                                                                                                                                                                                                                                                            SHA-512:102ADB9D29F3F792217168EC9E97071257423935591A522A72202FE14DF824EA4017C1994D640ECA742DE5046884FEE50A8245F95B4E921EBCC83DCDD7F03D34
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@...I......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV..5.z:.D...Z...]..F.(...I..u/+g/.B.:dh.t..h.;.t.s.<....e..`....~.PP.....(.s....(..|.].K..<0w....^]......l....1Q.._.E.&....`#.~..yv....:N\.`.]...1.38.M{...y.P.t..~Ce..@E...J|Als..-e.3I....4$...u.>....o..8.l.Z.`.........;.!.*.....M...../..u.n.....A$.Q..Y.....&.$p...9(C......%....3.A:.4.n...x..1q.v...b.`..+f..h`R.&/. .c.2.....0r.y..dpT..p......e8.U_w.!.5%2..5n1......l....Q.\....O....D...mr.?.S*9j...#..J..{.b.....0.......Da...vF....H..j"..nB.8..6....4m3u......8.O.....D.c....$.O.:+..T....3.B.tW....O=.:.D9.-g..P.....w.T.>..Zz"6An.M.....*.J....M...s..|W.K.e9.f.2.d...%...qn\.J/N.4...C@.l.&..z...8.......x..:.e"0_'E.:..&. t>.H..g.mZ.. K.4o.F.k....z.....Eha.Zv...<y..9.6..f.........Y..%...'..?_.M...B.C.....De.?...;.i.|t..._..< q/.....'.u........L(.7L$..u.}.Y..*Y@.\v.U....ey.. .<><.8."..J...^m.....j2......j..."..O.RY.).+...i...H..9.$Q..{...,(..\.E.)..m ^...X.9..G.

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\651b0b1e-94f1-44e1-91fd-e39dafaab7eb

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 312724
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):317112
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999368198678113
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:IiFbJakFmw5J05I4728FIGaiwPdgmbwlCyRRZX72pwKO:TP9mHID82+0gIwlCADiKt
                                                                                                                                                                                                                                                                                            MD5:B1E352EB58FD17D792FA4C87C053ADA8
                                                                                                                                                                                                                                                                                            SHA1:CA152C01D71D7DEBC2388022667E24249D31D65E
                                                                                                                                                                                                                                                                                            SHA-256:87EF9FD888F9F4275AEE2A1D2177F1EA9EC460FECEA11D879F7977929A2F020D
                                                                                                                                                                                                                                                                                            SHA-512:D29F6E31CA288489D07725842CEA3EE5A4AEF1E768D24FED1AE0538D50A8F15B25F188B1B6B208D17F35612332C5B530743CCEA02DD358178C7DADD3ABF47ABB
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........~..E..8... .rZ.~0..9.I...T.....<.|q(..n.c..y%=D....# .....HfK......4...yz.E.R8...G5;R.7...i.....'...S.+*^V.W..3..w:..T..l.....A.B.sD..y..>...`..J(Uz......{..SH6y....<M..|.]q.T..< b.H.s.......%g2.6..y.U%.=!.7t.....u...Ak._..7..*C...P...mX+qT...........v:.5...cu....v..u.$g|g'3...?``...E.A./a.@..f...4.=.L.x......|..w....m.|.,[.....6 ..pY.M]<.]..),}vT.....|H..J..+..\..N..{M.....!..2\.......!u..A....!4..._6...~.....U....s...;..n.G..`.N.x...sl..Q..ui~.....-0.z/.{..(@.rJ.+2S`......!k._..(.{1.?.<..Lr....E./..7X......E<QQ.......uL/.......4..8........;....%.Y~}f...j..g....G..HH.....(.e`.fr*<...@.."..V..........t...$.....*sa.?...@.[Zrd...szg>WaR..QT`l..;...Bd.3.P.A5i.}`.E./...k.[L.F.n.....sD{.X..u.0....x.[.u-RiW.M....... L j....\A,....._'..XW.|C.{..A..|.......0`.e\.g..z...R"....<........0.a.:....WO.z..._#..ura...G....K.^..e.w...B4."...%.M.B..>.#2...ZB...8..hEe....<........o.s5?u...o.....8....Q..9.n.:.....x.e@.*1I.5BZ. e.IY3

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\781ca0b0-b587-4422-a970-7747491be89e

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 15296
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9561
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980334307230947
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:HmAMdKXJd6hvLTG+y8XjWlMB5r1ZP37g+L/Qc5khlN2i:nMYd6VmeXKqV1ZP7uH8i
                                                                                                                                                                                                                                                                                            MD5:6B5A05BDB671ED214CE616C8933F3DD5
                                                                                                                                                                                                                                                                                            SHA1:63191E9AEDF21D9D4962E14361B89AB6C29C4214
                                                                                                                                                                                                                                                                                            SHA-256:15F1910F8920F543E0CB4EF3F95E372DC9327328A673E1D4D6A2FFD5CB392D18
                                                                                                                                                                                                                                                                                            SHA-512:ADE79B94FA0DF26C0FDC5F8081FB3CA3DF552F85DE95A41FB1BBD22A676DD42FCEBFF1F563FE767F537052C4370730FDC83AA5F1295DE7EDDDF7FC80681A0BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..;.......&..p.........../D.|...G'_..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y..mR..O...8.C'.B!...Y...;Pn.,.4Wl.xg........7.Xv.x...Z.I-.....k......H^..;.^.....?..c.qP*..s....x.D..)T......$XA.Z.K..zB..r......kt.,....X.\..c<R'..jmt.y.FLT[..]=...$4..RW.\9.t6.1.s+(>.9...o...`.jD.o....8.^NW...D.....}~.q..W..?J..4...}.....,..-CGe.p.J..0.~L3^.#.}iG...z..:S$...PG......WE';G..u.5........'...;r..u.T.e&..ep\y..l...9..xbW....R..(%&..q..*......)...S..?........{6.._XM.....u..9O.tf 3..u..67dS.Z.O5....<...Q6.....d...pb...E./X..........7..s...Q.@Q.r#.@.....O..e>v..2.[X.'..)eNE.wb:.......i.....C...^..o...Zw.{.d....R...w=U.......j.}..^..U.,..?..+(;..*P....G...)k..h..:y..e...H.5|....q&.?~BeW5....A.A...h..k(..i..+.....L...3..].f.%w..u.....2^...V..Rg.|....M...N<......sR...b .xhva...$...l/I...@w.....:]W...o.Bt.SZ..@.]~.?.L...Q...nk.uT.$f."..o.>.....k)..bL~.......f.q...Zg..N.OQ...H74..n|"..B./..q...aLv........eJ.Q...g*O....^.{..5:...4.*..A~"O

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\a12b761c-8740-40b5-9833-826bc4bc41ab

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 11592120
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3758974
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999951681815112
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:98304:1OA6B0RzGWziOfUR5fJqxJ8bMh3MdZrHaWpnfnGTFVbQj0:XpRz9iOcfJq8Mh3MDaWlvGhVh
                                                                                                                                                                                                                                                                                            MD5:A176AC1BE3E12A19F0C46B75B25DDC30
                                                                                                                                                                                                                                                                                            SHA1:AFACB85BFF440F91B998B98B152034276034CADC
                                                                                                                                                                                                                                                                                            SHA-256:46A429E2A85808C97CB3785340B60FCBCE6B622F081341E60CD5ADF7DABA54C6
                                                                                                                                                                                                                                                                                            SHA-512:64DB53B689DE540613CD88FFC0FB5BE4BD620DEC44C3F21990280F2B194B822F698D6FA5C4CFE282E477026185286FEC2950C39B4A3796634A5D87F69F350D93
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]............&..p.........../D.|......e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg..8..]....&..z`..c..`Ed....].._.WP..N....:..<..IAY[...R{.rd.c.Iz..l)..9.....$...........?P'....T1....Fu.9..|E.M.,....N...}0..r&w:/..F.....j...`4..4...\...8.DR.j..Q.}...l..o.!.:..MQ..A%.0..%.[g..F.~!P.....`rJ.T.`..=@o....r.!F...`-CAPhq.R.RSD)........A..2.Q......i.....O..6....v.g.;Do....0.....T.....*6..>.I.o..z....!......IYcB..n....V..w[. Et.........H.C.s.Y.....8w......j.7G.pu.o0G..d;.]...l..ptSg....XM.i.....Jn...r.;E.VU,..(.V.....&U..r....f..Q....[:.......>.o$9.2X:....hSaq|.z.vQ.,....\.....B1.1=..P.u..>..4C.sn..o"J...l.(.)f9&q.`..-.g......6/..O.s.O.....Y.8}c.}f-.2.]...........~..1...`........R......"[...p.6..]...P......U.CHV.v.G{.Z..Zt.0X..!....k...{I.. ....4ku.p?....~...)...Dg{BB......;....).Q..zG.a.................2...+.#..)..^<.#...M...!.=...u.&...:.....h.,=. O.h.j.^]..{Z...&(.\].r..q^"...A.. .8&mm+...=8...v.O.+@..W.....y.#q...V..9K".....#

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\bug_report.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4847032
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.519886418886043
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:49152:VMLHHJldomYjw3stmiQKWIUyz1kOn4PQOtepOAbBnIQQ9FR8puWuMd7qt/LPQ4zF:vgwmmUyWObBoFRAuWw9sZFf2p
                                                                                                                                                                                                                                                                                            MD5:B1A603C438CC546915BE82D1A193FFD9
                                                                                                                                                                                                                                                                                            SHA1:AC2C1200D4451F781543D85327C8979CE8D8C3B1
                                                                                                                                                                                                                                                                                            SHA-256:F3D41563EF598F824DB6DCE8E182B3110696C20A868329C5BD82F53DB4FA0337
                                                                                                                                                                                                                                                                                            SHA-512:F4D1428E0478A43C2BFF8E78902DF4EDCCCBFE58FDE438DCEC1D7BCBBDD121658CF95A978FB2A893FF3923C1EBB2B98275F7F1BBFB15A997B4219CA47B09D45E
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........kL(]."{]."{]."{.x'z.."{.t.{Q."{.t&zN."{.~'zT."{.t'z*."{.t!zW."{.x!zM."{Tr.{_."{.d&z[."{..&z.."{]."{Q."{..'zu."{..&z\."{.x&zy."{.x#zx."{].#{.."{Iu+z.."{Iu"z\."{Iu.{\."{]..{_."{Iu z\."{Rich]."{........PE..d...j&.e.........."....$.R1.. .......V.........@..............................J.......J...`...........................................?.......?.,....@J.P.....G.LK..H.I.p)...PJ..g....9.......................9.(...p.9.@............p1.p............................text...zP1......R1................. ..`.rdata......p1......V1.............@..@.data........ @.......@.............@....pdata..LK....G..L....G.............@..@_RDATA..\....0J......ZI.............@..@.rsrc...P....@J......\I.............@..@.reloc...g...PJ..h...dI.............@..B................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\c0973fdc-da6d-4d93-a033-c5264fd67457

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 15296
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9561
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980334307230947
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:HmAMdKXJd6hvLTG+y8XjWlMB5r1ZP37g+L/Qc5khlN2i:nMYd6VmeXKqV1ZP7uH8i
                                                                                                                                                                                                                                                                                            MD5:6B5A05BDB671ED214CE616C8933F3DD5
                                                                                                                                                                                                                                                                                            SHA1:63191E9AEDF21D9D4962E14361B89AB6C29C4214
                                                                                                                                                                                                                                                                                            SHA-256:15F1910F8920F543E0CB4EF3F95E372DC9327328A673E1D4D6A2FFD5CB392D18
                                                                                                                                                                                                                                                                                            SHA-512:ADE79B94FA0DF26C0FDC5F8081FB3CA3DF552F85DE95A41FB1BBD22A676DD42FCEBFF1F563FE767F537052C4370730FDC83AA5F1295DE7EDDDF7FC80681A0BB1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..;.......&..p.........../D.|...G'_..z.-~A..\..*~kHy54......<.....=......6......! o..- 6Y..mR..O...8.C'.B!...Y...;Pn.,.4Wl.xg........7.Xv.x...Z.I-.....k......H^..;.^.....?..c.qP*..s....x.D..)T......$XA.Z.K..zB..r......kt.,....X.\..c<R'..jmt.y.FLT[..]=...$4..RW.\9.t6.1.s+(>.9...o...`.jD.o....8.^NW...D.....}~.q..W..?J..4...}.....,..-CGe.p.J..0.~L3^.#.}iG...z..:S$...PG......WE';G..u.5........'...;r..u.T.e&..ep\y..l...9..xbW....R..(%&..q..*......)...S..?........{6.._XM.....u..9O.tf 3..u..67dS.Z.O5....<...Q6.....d...pb...E./X..........7..s...Q.@Q.r#.@.....O..e>v..2.[X.'..)eNE.wb:.......i.....C...^..o...Zw.{.d....R...w=U.......j.}..^..U.,..?..+(;..*P....G...)k..h..:y..e...H.5|....q&.?~BeW5....A.A...h..k(..i..+.....L...3..].f.%w..u.....2^...V..Rg.|....M...N<......sR...b .xhva...$...l/I...@w.....:]W...o.Bt.SZ..@.]~.?.L...Q...nk.uT.$f."..o.>.....k)..bL~.......f.q...Zg..N.OQ...H74..n|"..B./..q...aLv........eJ.Q...g*O....^.{..5:...4.*..A~"O

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\dump_process.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1213880
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.608370550710603
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:PACgkCmLmk9Q9QrKKUboalbsg/oJxEx4Yh0lhSMXll7MSiPlJkdV4K/:4hHkq9yKXoal9/oMxm69JIV4
                                                                                                                                                                                                                                                                                            MD5:36B9397D83C5A7BF33C02D5213BEB1C1
                                                                                                                                                                                                                                                                                            SHA1:792A44D1E5478575E658C304E742E84A13EFF5DA
                                                                                                                                                                                                                                                                                            SHA-256:4246AF29405597481F4D3E6F1E55CF71175E7762E69F97A3470C1253959D768A
                                                                                                                                                                                                                                                                                            SHA-512:5FBA613D021921A603D3462EB50AC767AF867CF3F706132A461A82EEC481309862AC868076F3E9515DA0034110782DE500B27114FCB57B7BBD637B7332D232B9
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......=...y..y..y.....u...........m...2.{....k....s.....p.......p.\.{..y..z.....v..y.....m..$..m..x..m.0.x..y.X.{..m..x..Richy..........................PE..d...D&.e.........."....$............`..........@..........................................`.................................................d........p..`Y..........H\..p)..........$...........................(.......@.......................@....................text............................... ..`.rdata..............................@..@.data........ ...`..................@....pdata...............`..............@..@.didat..P....P......................@..._RDATA..\....`......................@..@.rsrc...`Y...p...Z..................@..@.reloc...............F..............@..B........................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\f5f4d95f-8007-4f23-b0bf-1e0596f9ae86

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:LZMA compressed data, non-streamed, size 1213880
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):472983
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999621173128121
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:12288:fWLMK7hju1ymAJzWSJwy011gDa2iyxqlOlnz15rxoK:fI7hjqHAJDqaDa9ygyXrGK
                                                                                                                                                                                                                                                                                            MD5:A0607769CC8720C43EAF7B05A0212C50
                                                                                                                                                                                                                                                                                            SHA1:2FBF305069A1AC8065F99401EFE013B044B952A9
                                                                                                                                                                                                                                                                                            SHA-256:6E494A03E0D6FDC4EB175E1EF55CB4E27858D745C63C67E1E55354128C229345
                                                                                                                                                                                                                                                                                            SHA-512:CDA1DF39EE6CD6BF40B255B11DCB29CBA6C2FFB0485BE7CD511D508AE880E286C7E9E769DA15DD29E99C8403B9C5F09811F3B6B31FC15B262B8A30B7D633DB2F
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:]..@..........&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...ar.u....\.n.K...n0.w..T........~8%.....s...(.2.....HP..../..Y...B..J....x....C.....}...g].#y..G.@!..8u.].o..{..h...S.#....6q......2o.YTf.m.f......!.Kp...`p...6P!...P.Q ...7..6..=.)d.aEs.N...6.6.V..i.S......r..:...#v.#.....T. ,..kv]zFo...Y.beZ4..\DU..n]C.,...c......B#.....1...P|.C...Fl.....[.:. ..+....+b..a.OV....vb.w'..g'].e..[..n.p..>w.H)IT.W.)...n....nQ....^.....i........>E.~....,...2TrI?r.@..g].`.U..R......R...N.x#h......r.R..{.w..F....wsR.O.x..Q[.A}.](..I8.}.Hn..r~._....K..(..F.m..o...@J.C...W<...a.z..T......S;;.br..qu..8>.0.]l.....6.'~..S.N...vU~..:.G........y.gc5F....nq......_.1...q.sz...=.3.W6X.C..pZ.W. u%..Pc.fie{.....t..F9..t...F~a"..N...q......IG[.."u96&..;.N....=N.....p._...Z..Q......|....<.J.*.Vj...K.~..lqp..Ah.6A...ir...lr.....V.....Z.oE.8$~......m3....#q5.g..t.....H.g.{?~...j..R....%...R.|u{!z..A..u..........1P.c...e.WZ.H

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7344064
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.475073805528636
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:98304:zzhxeOfs3SHwHF8TjntexRl4mVUuvPa4Wg:vhxpfs3SVPnte54wUub/
                                                                                                                                                                                                                                                                                            MD5:A87978C382EABC0165DB0C7EDC5797B2
                                                                                                                                                                                                                                                                                            SHA1:2D145E3C71549A378DD9ECACBB99FA5F0AD2565F
                                                                                                                                                                                                                                                                                            SHA-256:7794CF36A6228135BEF6581458EEB15D420159596FE2F0EA6296CBB2971089FD
                                                                                                                                                                                                                                                                                            SHA-512:1D1E1212A3BE1A7DC4FB508DAD20A2502217DF2CFBBB8B5AF672E85EF68AAE740C9FAC2095A6082A993127FE210D0635ADA72B2E90D98ABF306C7CA9AC3D5CB4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........d`.............ow..j....{.......{.......{.......{......ow......ow......&k......&k.......}.......p...............p......ow......~p......ow...............z..P....z.......z...............z......Rich............................PE..d..._&.e.........."....$..L...#.......)........@..............................p.....)#p...`......................................... Mb......Nb.|....Po.......l.....H.o.x)...`p.`.....X.......................X.(.....P.@.............L......Jb......................text...<.L.......L................. ..`.rdata..D.....L.......L.............@..@.data....x....b......|b.............@....pdata........l......Bk.............@..@.didat..p....0o......\n.............@..._RDATA..\....@o......^n.............@..@.rsrc........Po......`n.............@..@.reloc..`....`p......bo.............@..B................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus_mod.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15296
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.94926345429301
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:vNPw/U+88IYiifmJdOAM+o/8E9VF0NyO7t:0U+MYiiIOAMxkE2t
                                                                                                                                                                                                                                                                                            MD5:D44D74A4762092D60D8890F17EC9923E
                                                                                                                                                                                                                                                                                            SHA1:85D3279721F2F88790FDAA3C57E73170C64E2B51
                                                                                                                                                                                                                                                                                            SHA-256:ED051B68024077E7B870548A54887574ECFEFA3B18159FC2AB8B96EE6BB895A2
                                                                                                                                                                                                                                                                                            SHA-512:34B483ED52FEB579A069242FC1A9A3027E44A7310498EB9E30430B38DC50D31F2DE00FE057C57B4E52D5954161874853B130097E9110E684F553A979519BE843
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e..!..!..!.....$..!..'..5.. ..5.. ..5.*. ..5.. ..Rich!..........................PE..L....%.e...........!...$..................... ...............................P.......6....@E........................ !..\....#..<....0..............H...x)...@..(.... ............................................... .. ............................text...e........................... ..`.rdata....... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus_ui.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11592120
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.579092922372079
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:196608:jJ9aK4TOtq7qJwlsADfPSo5nagrqNO0L:V9Pbq7qJwls0PBagrqNOc
                                                                                                                                                                                                                                                                                            MD5:0DC17CA800AEA2358E0A565D7FB38299
                                                                                                                                                                                                                                                                                            SHA1:634F5963D0B49B10CE584E122E2E879328FAC8D1
                                                                                                                                                                                                                                                                                            SHA-256:AC47C136E574DA442AD0961667930A5076C3082F98E0EDCB8FBD732D51E3B6CD
                                                                                                                                                                                                                                                                                            SHA-512:5853CFB68C74CF473916F8F19CFDA0DC0299D0F10DCF47A8BC9E022C3F936D9FA8204CE258DD5E7C0F0361E16882C06EE4229199EE927B8DC68C7CB547EC8B15
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........'.._F.._F.._F...4...F...8q.VF...8..KF...8...F...8..SF...4..@F...4...F...:...F...:...F..V>..]F.._F..YF...3..\F...3..^F...(..]F...(..OF...4..jF.._F...E..K9...F..K9..^F..K9s.^F.._F..]F..K9..^F..Rich_F..........PE..d....&.e.........."....$..}...]..... ..........@.............................p..........`.................................................t...................L...H...p)......................................(...`...@............ }.x............................text.....}.......}................. ..`.rdata..p.".. }..."...}.............@..@.data.....3.....n.................@....pdata..L............8..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\product-def.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1272872
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3949942288945785
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12288:1FBLzSYiQizFv2okIuzNrGmmaeAjfde0hfHge:1FBtd8vTuzNrGvofU0hfAe
                                                                                                                                                                                                                                                                                            MD5:ABF68F41FD38238488C9984783581B8B
                                                                                                                                                                                                                                                                                            SHA1:F4283041B4A747A2A696D162466335AC59274B7A
                                                                                                                                                                                                                                                                                            SHA-256:1DE662D6A41687462BC259FB9E3BA374EDF79947739CE997D3E9DF297CE6392D
                                                                                                                                                                                                                                                                                            SHA-512:7CCECD2F9B501DAA96F70CC2378C115EAC0E3CD85559B9B25038E374416B9555D526B5B55194808B654132C759B6E874D8D7710F567D6291D20765D2CFCEBFEF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\product-info.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9649
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.275866628060874
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:KXjXXliDZwBmNvpgGm8I6AERUc97Qlv1i+FKqJe1oGA0Ny8RzQ2gWwKsVijk:KXb180mNv+GPAj5KCe1xbNyW3kijk
                                                                                                                                                                                                                                                                                            MD5:C19FCBF02140B9AF1A3BA40B3C8586CD
                                                                                                                                                                                                                                                                                            SHA1:B6580C396DFDC265F0A5EADE38BCEFE052538635
                                                                                                                                                                                                                                                                                            SHA-256:FFCC9BB534F4C1DBED3A01008CFA4B0EEA83741CC67010FC518135C0CA397EAF
                                                                                                                                                                                                                                                                                            SHA-512:9801181AE3CE4D47AB8D4218ED64AAD473574F4DC580EE6494BBCA1E4A91975F4F7101DF02F561690135D9642BD95C25278222FB7B670F1BC0042FE0DC82F466
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>23.10.8563.1247</version>..<build-time>1697532238</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>4c3e1cdb48f03e9cd05318adadcef0545af250b36b9dbe5c9839985baeb05e0d</sha-256>....<timestamp>1697532136</timestamp>....<size>6571456</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>7794cf36a6228135bef6581458eeb15d420159596fe2f0ea6296cbb2971089fd</sha-256>....<timestamp>1697532137</timestamp>....<size>7344064</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\setupui.cont

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):312724
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.999459609867886
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:6144:EV41wbKO2TLKSLAhJnwDlQIRBsUAjYCUozoM2B1NEOWZKpJtqZTQLLRVLc7SryyR:EVW+KOovEhJCsUAkffLNExKpOT0s7LEn
                                                                                                                                                                                                                                                                                            MD5:053FF55435136DAEBD2F6FAA12FE1831
                                                                                                                                                                                                                                                                                            SHA1:815113C56692EB0819E19BE9A72FA57B3A6BFF3F
                                                                                                                                                                                                                                                                                            SHA-256:F376E9AF363D39E60246C7DCE9C8C9ACCB7DA5DC8D23E54861778C278E60C0D2
                                                                                                                                                                                                                                                                                            SHA-512:0352E13FECE37EA1B326CE6FE1E2556D5E239950372E42D57A4BE509A8F680F19EA720753DD40F904638835E12CF4B75D15145D18BD64015DC5D481BCAD7F2D4
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.7zXZ...i".6..!.....#..,.q...].0...?..Lm.K%. .6.X.....L.@#.....n.....=...+..^......XmT"....o..i..^wp.Tp..........uH.u....1W...jZ.`.(C.....J.uu..$....T...0]d.....HAa.!._/.b.....{|.L...W..3Sq..h.T..@N...A.;..J^XS.....;7....+.).C..Y.Uw.[T.w_(-.i.4...r?Y=qR.;.....>.......aDi1..g....6.@.H..0.Y U>.......[m&.N.~0.ns\.......+..{.L...r..Z!..'.t3.k....-w.1.!.~..'.f~......u/[*@.h....X. .j6.....2.b....@.Aj1.8...,.Ofz.b...Aq..e.o.=]..`z!..Y..jQ9.]........TboT.^..[r...........(.O..'.`UG..:"......5......-.'..e.}^.FI..%Y4-.|.._...BlEV.5.f...3.M8*.g...#.=;........7..\K.t.s.".>>.......M..=[(....U....&l..P.....+.".P..R...A....y(\.S<O)j...eb8.UH...D........a...e..A.L..O...vF.dD>..WR.l....%....X.P....C....;...c...k.r.....O.y..;.;..6e\o.F]..#.4D)....a.>..M.N...:...+.Nn.{i..A......Z.._(..Y..Iy:.&.M$.k==..*.N3...q.7.]...l_...R.B...;.A#......V..7../..0.S.)b..z@C...}...B?...@..88...rk.Q#....E..rf.u}..%.".UX.ZzHxx...F.A'?t/*........5...y...|PIWC.Gh..k<.~..t...o(.5j.V

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\ecoo.edat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.422577995321604
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                                                                                                            MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                                                                                                            SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                                                                                                            SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                                                                                                            SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1910
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.367711159162567
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cEDn8Zf4888pbcn1+eDJayRWN1lVRb2lEkNM:H8J881cnYUIysvVZ2FNM
                                                                                                                                                                                                                                                                                            MD5:25BA0FB17E44C5E9B7BE9A83FA002584
                                                                                                                                                                                                                                                                                            SHA1:53AF434056AF382AC627F1AABE10166584345E6F
                                                                                                                                                                                                                                                                                            SHA-256:C32966F3266E5F0843D0F97FB3D7AF285A3B088F67387B20F026428427A0158B
                                                                                                                                                                                                                                                                                            SHA-512:1DB72DDCACAE522AC7B9F41ADF314AC0B8EBE6FE4553F9751CC4CA456B35269C781C271208AC0F1CD8F11C5FCDBED45BC59DC031AC41E4092F633364BC87EE8D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>.<icarus-info xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">..<file-list>...<file>....<alias>sfx-info.xml</alias>....<sha-256>6cbcad3e334a2fcf3d27277f31d7851af2150f0501f2eb5d42e05bf7a76c82e1</sha-256>....<offset>1422406</offset>....<size>722</size>....<timestamp>1697546854</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av\edition.edat</alias>....<sha-256>e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb</sha-256>....<offset>1423205</offset>....<size>2</size>....<timestamp>1697546854</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av\config.def.edat</alias>....<sha-256>ce0f73cea417942afe49f0f902d85ec18ac16a7ed5d3ae758ae825ffb0f7c152</sha-256>....<offset>1423287</offset>....<size>7052</size>....<timestamp>1697546646</timestamp>....<flags>1</flags>...</file>..</file-list>..<file-mapping-sfx>...<handle>26c</handle>...<size>1441080</size>..</file-mapping-sfx>..<sfx-cmd>/silent /ws /psh:92pTtVrLghU

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1441080
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.827132320938308
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:XHiwCKmgQjoYRhooooE3IMjRIOpMIIWY1i5uh0lhSMXlhrc4e4R0VQ:XbCvo2ooooE3HkIIWY1C7V9e4aVQ
                                                                                                                                                                                                                                                                                            MD5:3817B172EA2CEF28D73F746A40F3B275
                                                                                                                                                                                                                                                                                            SHA1:947D370B83F6A7B610D71FD160BAD8DC20945AD6
                                                                                                                                                                                                                                                                                            SHA-256:C9AA60DE460979031467C0C33B4EB2D93AD822280CAAE17A39F23AC8699E8DF0
                                                                                                                                                                                                                                                                                            SHA-512:BAD56A45B06D43C02CBFBB257517BD4AD6CDE5E189B91C0BEC569600FF3EB5F2D99B67E08D52B033A4E7EDD9AF5C5D3F0DAFB286133CDAB4F24D5CD2DB374FF2
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........&"..GLE.GLE.GLE<5OD.GLE<5IDQGLEK9.E.GLEK9HD.GLEK9OD.GLEK9ID.GLE<5HD.GLEu)HD.GLE.?.E.GLE.2ID.GLE.GLE.GLE<5KD.GLE<5MD.GLE.GME@FLE.8EDyGLE.8LD.GLE.8.E.GLE.G.E.GLE.8ND.GLERich.GLE................PE..L....&.e...............$.....j......p.............@.......................... .......*....@..............................................r..............p)...`........................................@...............p...,........................text...z........................... ..`.rdata..............................@..@.data...p...........................@....didat..T...........................@....rsrc....r.......t..................@..@.reloc......`......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\asw.4df19368a3ff7b8d\ecoo.edat

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.422577995321604
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                                                                                                            MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                                                                                                            SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                                                                                                            SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                                                                                                            SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\nso9067.tmp

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3659567
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.400113174339978
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24576:HoVUUoniTTIpCDHYzVYfL00+3JGqlxCsKEjzOE:dUSiv0CD4hF0QssKEjaE
                                                                                                                                                                                                                                                                                            MD5:D280811549F71BC02FCBA3917526CEC1
                                                                                                                                                                                                                                                                                            SHA1:15AE615BEE877B86679495F51B5DDB6C356A50D7
                                                                                                                                                                                                                                                                                            SHA-256:389F0127F008AD843A077A3796010B6B40800C1EE7E1F3D1F343133165538366
                                                                                                                                                                                                                                                                                            SHA-512:9FE7760368FA917F5360E3574CACFAE7EE1080F3C3D9AB74548E4615D9E5C4F3B55E253F90A5587373CD224ABF303A428E3A1D8A76BD564A26AD44A23C8A565C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview: .#.....,.......................@.........#.!.....#.........................U...i.......................z.......2...........................................................................................................................................................................G...J...............................................................................................................................................................=.......................................................................................................................C.......j.......T.......................................j.......k...q...s.......T.......................................................................................................................).......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\nsv94CD.tmp\System.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11776
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.6557532861400945
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
                                                                                                                                                                                                                                                                                            MD5:0FF2D70CFDC8095EA99CA2DABBEC3CD7
                                                                                                                                                                                                                                                                                            SHA1:10C51496D37CECD0E8A503A5A9BB2329D9B38116
                                                                                                                                                                                                                                                                                            SHA-256:982C5FB7ADA7D8C9BC3E419D1C35DA6F05BC5DD845940C179AF3A33D00A36A8B
                                                                                                                                                                                                                                                                                            SHA-512:CB5FC0B3194F469B833C2C9ABF493FCEC5251E8609881B7F5E095B9BD09ED468168E95DDA0BA415A7D8D6B7F0DEE735467C0ED8E52B223EB5359986891BA6E2E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L....z.W...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\nsv94CD.tmp\nsArray.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6656
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.182754987468525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mUODeqedh6EHFRA5sX7d7KnnpOKxX22v:2qqedh6EHFRksp7KpFX
                                                                                                                                                                                                                                                                                            MD5:82D49C227928741F6F09C5CEA3BDE9F1
                                                                                                                                                                                                                                                                                            SHA1:B0904368A5E94026D0CA5760D4577236F796051D
                                                                                                                                                                                                                                                                                            SHA-256:8BC5E75BBFA5A8F10526AEC2AF441153B2883D6D288726ED8F7C9AF12A1EE02B
                                                                                                                                                                                                                                                                                            SHA-512:D4F588E3613886E3DAB58330CD69CE7F24C39BE2C4854CC8EDFCEF98E1324926FCDE0D79DF1A8FDF5E2BF9327B17F22A9FA1396568C0ACE4E46D4F548FDC7530
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%)y.aH..aH..aH..h0..dH..aH..jH..h0..`H..z..cH..z..`H..z..`H..z..`H..RichaH..........................PE..L.....iO...........!.............p..0.....................................................@.........................$.......X...........X..........................................................................................................UPX0.....p..............................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                                                                                                                                                                            C:\Windows\Temp\nsv94CD.tmp\nsExec.dll

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6656
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.140229856656103
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:J7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkN738:HbGgGPzxeX6D8ZyGgmkN
                                                                                                                                                                                                                                                                                            MD5:01E76FE9D2033606A48D4816BD9C2D9D
                                                                                                                                                                                                                                                                                            SHA1:E46D8A9ED4D5DA220C81BAF5F1FDB94708E9ABA2
                                                                                                                                                                                                                                                                                            SHA-256:EE052FD5141BF769B841846170AABF0D7C2BB922C74C623C3F109344534F7A70
                                                                                                                                                                                                                                                                                            SHA-512:62EF7095D1BF53354C20329C2CE8546C277AA0E791839C8A24108A01F9483A953979259E0AD04DBCAB966444EE7CDD340F8C9557BC8F98E9400794F2751DC7E0
                                                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....z.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1735

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (39773)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):39774
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.461521204649972
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:9ldsHoLrtoe0ZIshDQhnwwBXER5lRLL8el8MJhFdd2urDyqKygOz6gOtwlN:LkpE9XsLL84Xd2u5KygMOalN
                                                                                                                                                                                                                                                                                            MD5:707588097CAA9D1F92FCB4B0E5A6A02E
                                                                                                                                                                                                                                                                                            SHA1:62065A591AC9CC3CB0ADE623114C35FD711CB23E
                                                                                                                                                                                                                                                                                            SHA-256:0814CEB83311CA54FA848A9A31915D46A05013536D38AA50ABEBB7CF223EDF57
                                                                                                                                                                                                                                                                                            SHA-512:146366C90620985AB805E7E5E3B4E8B4D7A1C8445B391B38C2FBD5B7DDFC6BCD013004EE24DF6A5D4D4F651E5518DEBA9DEF6B2052EC6C55680B595A69F3BB8A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl_page_level_ads.js
                                                                                                                                                                                                                                                                                            Preview:window.googletag&&typeof googletag._gpt_js_load_2_=='function'&&googletag._gpt_js_load_2_(function(_,_m){var GO=function(a){if(!FO.test(a))return null;a=Number(a);return isNaN(a)?null:a},HO=function(a,b){return a&&a.source?a.source===b||a.source.parent===b:!1},IO=function(a){a=_.dg(a);return.05>Math.abs(a-1)},KO=function(a){var b={bottom:"auto",clear:"none",display:"inline","float":"none",height:"auto",left:"auto",margin:0,"margin-bottom":0,"margin-left":0,"margin-right":"0","margin-top":0,"max-height":"none","max-width":"none",opacity:1,overflow:"visible",padding:0,"padding-bottom":0,"padding-left":0,"padding-right":0,"padding-top":0,position:"static",right:"auto",top:"auto","vertical-align":"baseline",visibility:"visible",width:"auto","z-index":"auto"};_.$u(_.y(Object,"keys").call(Object,b),function(c){var d=a.style[_.Ly(c)];("undefined"!==typeof d?d:a.style[_.Jz(a,c)])||_.Kz(a,c,b[c])});JO(a)},MO=function(a,b,c,d){return LO(a,"fullscreen",d.wa(952,function(e,f){if(f.source===b){if(!

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1738

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7792
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957547694501328
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:4oslhI+LOsFiIK7fIyrjdZhwQQS3xsgyexmZfMAH5nmH:4o4hLKv7f1ZhwQQS3x3BAMAH5nG
                                                                                                                                                                                                                                                                                            MD5:95F1A035553233A5E180029B1B0F65F5
                                                                                                                                                                                                                                                                                            SHA1:25BE78FB490100F24F7578025D0C41D02B9DFFD7
                                                                                                                                                                                                                                                                                            SHA-256:3D7A1FA753173819BAC6B5082C05C8EBAB468511C9CD13515A237A272B64C4F1
                                                                                                                                                                                                                                                                                            SHA-512:072617A15CC6F41F8212C0C09C399B2A25B7FFE65277F6F336CBF843E617DF4287EFDCACB597D814238BDF9533C1CD75B92434B295A5290EF6876ABDDE35F35D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..].T.W.~4.....G.c.'.d4.13.NP...$.$...\0.....! ...FAei.F.......f.Ev.....~..~P..T/"...Y..TW.z..{......RZ!..\Q<.X..P...Tz..[..(}.....r.P..[.JoW..~F..I..tx#..`~.M^C...?..WZ.K.R...P.<..`. M.HCQW...SC..W...K..+...WCE..y.J5L..*.....jA|uE...A..k-Y.J.l..$kd...g.!..R% ..r...)#,P....g.!.a .j).Z.?.x...|...UC6..g.R.A..5..=..$B..H....B..0..`Pf....R,.0..q... $.q\..8.c.&...xQ..6... ..=....&Fx..e[)|@..*.G.@Y..W_.S$.L./...".{].p..g)..TI..P,......}..v....;;.......t}.q.Bx...[m..UV.m.fgg..;........`..ij..*}...j'j.'...zzz`D......#.a./.X.!....3f..@.f........&..z..~Ev*.022..`ff6JV._Y1..}}}...G..D"....;....d.6......_.....V..R..*...$~....p...Q.FF.X,....B....d.....R..~...BH.k5.iy.v.;h,H......055.....6.4WVUV?........YAa..U...s..1d4!....o..6.M..z..1.,.g.....m.c`....Ej...v..z...H........Rx.X,:^<.O+..`!5..c.|4.c.Cn'^H........R.......U..D...............R).....5.K...27T......*

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1740

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11027
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977399822217327
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:0zUV8dI8d3ardOvelygrYbShDM5n3ceVaWHhK04DxhOw3Hmivq4C:0zUEzd3as6kmhQ3cekYkxhb3G8hC
                                                                                                                                                                                                                                                                                            MD5:C165DCBD210C0857ACA011610228D365
                                                                                                                                                                                                                                                                                            SHA1:3C72AF7EE26588332A5F342279EC0A482E7816B6
                                                                                                                                                                                                                                                                                            SHA-256:28632D192AE969D2F2F3B0CA91CF65E26953138278D8254C665C0FE639FD5E99
                                                                                                                                                                                                                                                                                            SHA-512:7267639858BDF55BAFEC6ADABD2E3D171BB2A6F98B42C522050C9DC3BAE14120DB144570E5898287E3050DC84ECCD327AD7FA8687BF2BCA8732286AAA292A5CD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..*.IDATx..}.X....p..W.I....E....bG..;QP...n..^Q.cLl.Qc..wE.+..............>....;..ggfggg.....T*.....*.B.P*.P.......^\.u...?.|..r.~.d.uM...T....'.WdRI.....e%C..f.[.~._..q...g/.....nK.V*.....H...........eK..L._.n.q..G..].Un.(......90L....,...sE...q.nT.%pa.:.8.#Gcs_.....UKVn<t..[..75.P....J...a.>.Lr.B.'`z..../6...\i....Vz<k=cG6.....%..xb......\....Z....g....[...x..EA.........-.(...%...t.o>.j...56.q.m...l.......K_....sE]h.t..".A<d4.!e..C_.i .2.y....g.X.n.ICGO..;....)..L.^!..A.....W.N..qH\.....,......./...)..h.`.<..Z..G...y..{3M.8.....j...}...L.]R./......D0].~....]B2X...o.z......G.j..8..iH.%r.<tr)...BO:|.R.#3o}.;.[sM.}"2jf/{..).M.|?x....K.&....m........O.m ..<9".:...'[....j.qPDm...$.=...\....q..>...K7P....;...E..qa.....l...;r.<..&.."*H..I..8....>....=tL.I..'_...y..G..#,..GO..._...A.......EC.p.>...yp.^..h..y...Qa..t...". .$...T.$J.=...5G..W........o....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1741

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):17634
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9857227868732465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:tIe3PyyM8I1+QDTh0HYSz0p315Ka4cMLKOag:CQM8e+Q+4Sg14adeag
                                                                                                                                                                                                                                                                                            MD5:5F660AF0519228BA44838AB9388CCC96
                                                                                                                                                                                                                                                                                            SHA1:E141A15215ED0A5722941CE278C85560BFA9494C
                                                                                                                                                                                                                                                                                            SHA-256:EEB19C3A098D5B42AA42ADE1FB8326455AF2C755577349D4B13447427B595F91
                                                                                                                                                                                                                                                                                            SHA-512:B600EE4C530D0EAE705B007559D8B1CECF8223679180DAA1C6AEAED9467E960A770CA2F92F15044AF2B2C444205419C908A797DEB8CAC6DB4E55F8AFD4E6FB69
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/retro-brawl-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.D..WEBPVP8L.D../c...M8h#.Tw.q.....!......(.....r...l.}.Z).)aB..1p..Fg7@...a.....m$I.....8.L..m..D..))..i..N.sL8.....8Nm.U...%X...`......q...`4....R. ...z.d....i.....6jT.i.h.S.E...m#.Aw......HZD..p.@....Q...P'.4^qs~........g[$f..<%0.3c..<........10.V......5..P..cl....3.\.@o.5o.e....u+nE...$(.+".......m.AN.....C....]YWb.BI8~....R...r...u..M..]...oJ....u..G...,....m<.m...6^3....U..JUf 3...].s....x..H..[.....Al..y.ef..y.g=.6p.......x.,Kj..33"<..J.l[..1a-.Q.5r.....;....;.;..b..cff...s.......Zk......Q$I.$#......af..,3.......23336s1&DF.......i.!K..).$I2..H...a8....g.;33.nAfF...$I.d.%..U5.Z.wd7c.y..n`..X.@....4.k...km..6..jK.H....p.3.....ix..b.F........m..$.$...n....x.K.q(p.F.v.|oxw../.M.... .X<..x.6..Qt@....m...N.H.z..!..D~.....q.w8.g.j.zM.%8..=~...l.)..z...c.0G%Q....;K.i.Vv*i..(...G.^.........>:.i.)..k...L>...$...`~q.7...x.b?.ow...q:.....n.~..a..COD(.........l.TcR.V.(....!...A.8.[`..?....H....>Q...+{.'.thKf.f,..R..e...6....T.Mf....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1743

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9417
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964736630002873
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qyN4YBJQrz0iGlvInjh24UDYQ50/pJorD4G4c1UcRtloDwF:qySYMP0iGlvInj15r/perD4fcRtJF
                                                                                                                                                                                                                                                                                            MD5:3017653826B1D5CA16EDF9C9869466DC
                                                                                                                                                                                                                                                                                            SHA1:CA38B9F905DF5391B10C27E72DD8AD4ECCE3618C
                                                                                                                                                                                                                                                                                            SHA-256:CABD818BD8F701AFDA9A08607D5FE2EE702A84062F19A3D1EEBB9CA50777E0EB
                                                                                                                                                                                                                                                                                            SHA-512:78CB5C1FC059DD16442CDD74559973902E00E536A7E695ECEA46A1180F95FBE4E51FAE8538869E6FA6B29E8A3AAB90B8EE27CDF77A4722B31F0A6E14BDDC9971
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..$TIDATx..}w.U..Zk.s.C.BG. ...Q1.1..5..4..S...K..%j.%.... j,.".5bCD..}(..m......;w....!..>..L...}.g..j. 3..x13"23.03!._..W*.....\W......fWSsU.....).n.x^...-.!.o(\Z...+.....K.F....'lY....hfDD..Y..Ea........&..NU..|.{.?.m}.b....T..7.....7...u.+.f.GB....9|.1#FN.<xPQQ.p.r.1.(.1._..`.......%...........n.H&AJ!.%.".H....u#2...R.. ...3z.q.>h.....Dc...ffA....X.5.Z3.Q.u.U/o.l...6nhmiE..Y. .FH...9.CwN....F..Qi....n.(~..O:..9c.L.0.(;"J......2K..JkK....;*..^.....w....PH...60..6."DA.(..d.p.._.?....6\..J.".%..L`.."...X.U;w....K.7l...B....>`F.r..h}.u.R....<..Kf.6t..c".._.V.<.,..%..]..kV..B.l;kq.$L..."f<O)5....C....SJ........,c:8g.....a..u....m..W..)d...<D.YR...O.h.Q.9.m._!Y....hfA.....g.~....m!..{.~F..@3{JI..'N..3G..+....=...#YF...5,Z....>SQ_....n...*\L.......3.v.aH.u.'..d.../..$.p.....W^F@).1..y}...(..W.8.sN..v....zrw;...?.8{4....Y.m......Z.~4..|`=].zLBJ..gM;..9.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1745

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4688
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.937629484887233
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:hCr9GwwBkgr1iQRbcpBng8NehRpWriQhUzNYT3lgqA74MDJutU:hW9WugE5ngG6RYriEUBYDU7BstU
                                                                                                                                                                                                                                                                                            MD5:EAAFFACBD7D51EC97B9181A4115C7671
                                                                                                                                                                                                                                                                                            SHA1:D6070FBB93CF68D45D4B7F834994C9AADD2A942E
                                                                                                                                                                                                                                                                                            SHA-256:F12452882C86BFC13F554A01C0E6FF4F35574D22C306DC92DD2D1CC50C5CCCFA
                                                                                                                                                                                                                                                                                            SHA-512:754637E7494C0930E0590240640B59314A1F134FF21060D732212232563F70433CCE709AD9B748464FF7BA2766740CFBCC4D606EA3825D7D76F01FB29CEFB854
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/iptv-smarters-pro-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFH...WEBPVP8L<.../c...Ua}...I..l.s.9.s.9.s.9.s.9..0...9.S.#.G.'..e..TZdu...#..P..6..hu$...p...[.&..FG.dt&.Uip......vDg.Q....Tj..y.54...Q1{.Qi.F.NhU...XM...Y...2*Y.K*.N.V...v...;0..U.4............../....=j.I[ZV..zd...'...;..3/........*..F..F2q...Y..l.^.t....@.(g..........4.=.m..m;.v......j._.....D.d.;F..:...j..ZE...G.9.y.lH0.gA..3dt.....S.GW.....]...x-.....~G"........acQSm....../../.........._...o...G.s N6.I<..U.5..a...^."$......Y.......o>@..*+..i..X........o.9..e.<..,T.b..........i.-....H1@d.....<.%qZ.`.pGq..._.dKT...:...`..h....@./.$?..p....P..C..A.....H...C..'w......y6.w[j..'?..7..?oo....0Nc.5.;.5..|...C.h.y.......D..u.S&?.Q_.....B..C....X.j...""....R.7...".Ou_.b|.:.......f......w1...I....FS9...G.R..X.../...j...d.X.c....d.i ..a.......C.Rk.....%RV;.U.....c........T.n..E..;....S...\..........-..e.*....+....Z.(._H..wKtX....D.u .u.....@.l+...f.......*~.7....$.sz[...N.+.c..Yd.k.....TO.A..1.U....j.s.:n.C....q...4....;.!N..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1747

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16154
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.017137604833741
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:fXvOTpRpEjD1Y31SWwsm22mZf6GeYLx4+Af1f2u/WHy6Q:f2TpR2Y1ltHZBvx4XfLWHzQ
                                                                                                                                                                                                                                                                                            MD5:4D28F2F3EA2755A3EADE9D1A1D0878B6
                                                                                                                                                                                                                                                                                            SHA1:BFC100313E7C8A73F3B6C3C283B4E6D429A2A785
                                                                                                                                                                                                                                                                                            SHA-256:FAC5EE21162F48F2D6DCFE40673240030EE8BE0ABD5DDD24254C0B299AA1D88E
                                                                                                                                                                                                                                                                                            SHA-512:F06FC1362E0882B2E1331BFF301A60C8F18628E4D15C8993AE1631B2DFA0A9520952EB2DA4AE3D848143AB25010905ABA813D466C5A2D8B9339975AEDF03F8DE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"sodar_query_id":"-6o7ZY2AE_CrjvQP8oW42Ag","injector_basename":"sodar2","bg_hash_basename":"mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc","bg_binary":"TYV4dvjkIg39FelX5YLf6t37ElxWZqSjBEQ9m3UUOj20Ev0uyExZDE/5FXuQIQ88kbwe4SsWFjXradHrdRkgK/tM5v39Kf0GulUm5y5FWumWNmjHxjm+NCjhanjVH9s9fzHhZr6e1/iplfGUKyqbh+FhOrJ+IP7Whbg1LnrL2hntXYMOanUOWp9ZiwhOO2bKxxg/sCvGl8mYIx0YETum1WM6zE0jS8gwuvCZdUWH6MBlGAzDjzo/UGbvF+1x69LYPr5kGmOMxI+BTdcUz9FxC0prrCZrskbLrKlud1WoF+fhXDlP99UcWyURY+Z87tLBm0xtk1OTTWypacRnaGwL/Skk88Wh0BJ7QKSztUvTvMKwaG8uc0zPFEyxyXH3fRQXUI/Y/J57j3T2qzJ6AL/Aloes6ASr+ctlcXyZcB7FgeT8Fe9nlU9SwreV68Eh6K4U3abtYGbTHsUH/0HwUgRujeQe+bJyoxR9XapY6kmkDnNU/KywzjkskPY42zEajjh2zQ1WHTXFOGkaFO5X5AGhQpfr9ZfkuOLfNyvDbyh7mZh7n7E/unHp8YrcD9iWPehsB3A5A9cTMJsN27ORJCckuiJpEL4SEttFvkNinRlo6yJADmGg4PyeSK6Dtq/wyiwF7qrTaJvvAnT4ET1Wh1hhuZ0XKKTQRlt0rFSuUicieZcgHLLirSdaZf3qvmk/WZgq5bUlNw2iCvgsByUQDSW9cyClszgfZSKb1/ywKbQVGpxkm6ytL0T2cOPc7IJZI5w2CxPgYbw7uEQdHzceKVeisfiU9Otbtu6O80XsR1fOW8yPWb6SSj9UJCR/riCIAQ2RhhcL0K/vNDAHWJz2W

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1748

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.071861532420611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YTX/6ABZH9/MC6ABZxJzqIgTH2ILLg6M5CA5EfMJJJv4+TzKUUaXWkYkWnt39jrj:YbvBoCvBdqZ7McGTHV9zaalgD
                                                                                                                                                                                                                                                                                            MD5:23C7C9601FCEF4D3B7A0156F978F548B
                                                                                                                                                                                                                                                                                            SHA1:59A47FE9EDD6026B0B468628EB3F96B05A010F1C
                                                                                                                                                                                                                                                                                            SHA-256:EB2697B60C526A1D4980E0874700E7C2B4F43BB9292770F71BB4BB972506E415
                                                                                                                                                                                                                                                                                            SHA-512:3D250E9A223259A23F0EBF4FBB20DB3FDE955FDF80A64B9C7278290C60EC2560EBF665764D4E35515F9E69E1CBA2F4E21FA7504505CF3AC8D3A380201A284F6D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"visitor_recording":0, "visitor_recording_unmask":0,"time_difference":"1800","counter_image":"data:image\/gif;base64,R0lGODlhAQABAJH\/AP\/\/\/wAAAMDAwAAAACH5BAEAAAIALAAAAAABAAEAAAICVAEAOw=="}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1750

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):23674
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.97710176666318
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:YNZfbwz2TnTAsMiTXRvu+iKoUPWI8u7VZJer1E/g8JwNcvhgiQqVzT6:qpbBnOqXROiMO/wSvhgiq
                                                                                                                                                                                                                                                                                            MD5:96761B75B516653CB482694B134642A4
                                                                                                                                                                                                                                                                                            SHA1:3C482EB575BA4CE35AB76F2567EA14BCEF5E60A1
                                                                                                                                                                                                                                                                                            SHA-256:7C3AD1119093B87AA1C2BA65BB335B6E14C2C6C21DE884A653611E3E348BF51E
                                                                                                                                                                                                                                                                                            SHA-512:9630CCDA48784776D4538F0F1D0F115A257CD6825B6153CE3E6DE2529E50CB04BE5061A9BDCE901089E61397800A07ACC6A8542A3F223BC345A1A5768EDC4E44
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........6...................................................................A..z...8H.8HP(.0..m.:...Y...1."..f7CF'..B5....6...3....\....E..i.E.c{\.h.M........SL..4...v2Q11......u.._=9&..j..]b/+U...*o..c;Q... ....`..P.Q ....B.h0p6.(.hPI.}..F.v].a.2.E1Me.i......R.bN....t..}S.\.6....,c..R...'.-..R.K..,...2.h...n.M.....q.g...(.5..#..A.%.I3#..Q4. ....A.p ...........f..Ir..e%..d.@..8.i......>.;NR...9u.....[{.L].SX"....f........Y..k..<.V....I...@....Jz8s9...9..Y..j...7.a..jMD.. 0..F...h...../Z.sAh..@.%LR......1..P.RQ6.Zf.'..>.:f..4.D..Th_...E.L.....K..m..o...1Y~.:.n.s..<...s..h...H.iKI."..`.....d.M.<M....f...L.&..w)..5.x..B.)L...#0.*......!.K.:..[...&.R.+*....h.......U!#_?.ky.V..y..z.d.{.+/`..]3.:9......f.m2.2.m.......x...6`...TI..`..X..O..k.u.z.........F.......k....!..+.S...7..WG.c\.c..W..s_..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1752

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16898
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.954143577415124
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:bSVfu8S/6iqTe+oN1Pgx6d+MlfAfHNSeFn8EU5MX:GVG8S/n8vo2ujlfAfHNp8EU5y
                                                                                                                                                                                                                                                                                            MD5:C21BD2DB3590EF443649BA280620D2A2
                                                                                                                                                                                                                                                                                            SHA1:E47CEB6500AF189628BEE593F1036E90B5B88825
                                                                                                                                                                                                                                                                                            SHA-256:8C55022F5ED5FAF256D26C0D314C81FF0244E290D3A553420468CE126631AFF5
                                                                                                                                                                                                                                                                                            SHA-512:8F68B80229DEBD97E1B29694B6E34705CE363235ACA96AFEDC70C853E9864850BE47D943F3929A735E5A1EA822F7E32EB2E5A5E7C21564128FD1D79AD8F19743
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..A.IDATx..w.e.y...s../t...9 ..r"..R$H....,k.D......Z...,....L..HQ.JZ...$(.. .....8y.3.....{.9......g@.vkw.....7.../.....~.KAQQ.....P.u..........d.{..E@...A@..R.|.-...T....>...W}...g.....#(.?..T.]d.......~.7a..,,}.{..F....E..o.........c../3.W.....1|.>(\f.....W[................z.S.....r.yz ]..*...V...k"P...G.....T...ye.ar..^........6)...4K....&...@A.~.........R.R.........!qM....2.|.}/...\.......&5.....G....Z.a..e.p.i!.(=P@]?H......T..o...=.....W...A./[&._d.J...T..... ..\~.....U.zC_.[Hi._........*q.T...w8Z...[...[..WF....@.L.....T.Z.T.tM7F..:u..AP..Q..F........ ...X...K...U.|G...2?3...E.u?.kj..A.^...@.*....r_S...........>.{.Z..TP.r.|....X...\..z-..9;.t..?$2..V.@k..k...\<)..*..^;.6...SadV.....!.z.#...#.W.QQ.u..F..G...|$"....")((...W...2.........j.].....L..S;..UQ..L@..{qRP.D$D..^..]...UE.@...G.s..qm...k..K...(P..E@U\.?..H"Q4..!......P.Q...6..>U.1.2"...R.v..UG.Y..!

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1754

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (19986), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):19986
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.253227111919225
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:XrqR6Q0npafIm4rKi/BwEXN1w29mItq0W5i6G:Q70nBrKuB0Uqti6G
                                                                                                                                                                                                                                                                                            MD5:DD1D068FDB5FE90B6C05A5B3940E088C
                                                                                                                                                                                                                                                                                            SHA1:0D96F9DF8772633A9DF4C81CF323A4EF8998BA59
                                                                                                                                                                                                                                                                                            SHA-256:6153D13804862B0FC1C016CF1129F34CB7C6185F2CF4BF1A3A862EECDAB50101
                                                                                                                                                                                                                                                                                            SHA-512:7AEA051A8C2195A2EA5EC3D6438F2A4A4052085B370CF4728B056EDC58D1F7A70C3F1F85AFE82959184869F707C2AC02A964B8D9166122E74EBC423E0A47FA30
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
                                                                                                                                                                                                                                                                                            Preview:!function(){var e={343:function(e){"use strict";for(var t=[],n=0;n<256;++n)t[n]=(n+256).toString(16).substr(1);e.exports=function(e,n){var r=n||0,i=t;return[i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],"-",i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]],i[e[r++]]].join("")}},944:function(e){"use strict";var t="undefined"!=typeof crypto&&crypto.getRandomValues&&crypto.getRandomValues.bind(crypto)||"undefined"!=typeof msCrypto&&"function"==typeof window.msCrypto.getRandomValues&&msCrypto.getRandomValues.bind(msCrypto);if(t){var n=new Uint8Array(16);e.exports=function(){return t(n),n}}else{var r=new Array(16);e.exports=function(){for(var e,t=0;t<16;t++)0==(3&t)&&(e=4294967296*Math.random()),r[t]=e>>>((3&t)<<3)&255;return r}}},508:function(e,t,n){"use strict";var r=n(944),i=n(343);e.exports=function(e,t,n){var o=t&&n||0;"string"==typeof e&&(t="binary"===e?new Array(16):null,e=null);var a=(e=e||{}).random||(e.rng||r)();if(

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1756

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4412
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.929420876470746
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:dQiC8g9SoUIN+SHoqL3Wstg6hQ2bnCnGeoDLfH/lpO/H8rcpj9PXu5O:eia9TU4+0Ntq6h5zCGe6LfH/lIUrEj9D
                                                                                                                                                                                                                                                                                            MD5:7EC0CC641C71ABE06D1C822199D57ED5
                                                                                                                                                                                                                                                                                            SHA1:FD8729EF0D6CBB118070626E20784C647B19B29A
                                                                                                                                                                                                                                                                                            SHA-256:507EDD4BEDB8E780A7EC80E5FBC69A02D079583BEBE41C2A9F062BE1E7787468
                                                                                                                                                                                                                                                                                            SHA-512:C96FFB679F1ADBB18085D87FD084332FE93303C96034C70A07DE39BEE32333B7092FCC38D56BB8CF1831C3F6C30243EDDA1ADA7346F9B3BA211CFC22C48BDD03
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/intesa-sanpaolo-mobile-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF4...WEBPVP8L(.../c...U....d).z}......}f......Lp.....m......s.h"...-..U..TO.C...8d.. %..F@d.r..:8d......k..-.p....]3..4.p;;XG.!.....l.F[.{H.z5"......U."th...f+!.9..J...h....MF....$..07[.........w_...F..{....4.."\'. .`.I...au.)..c.3.m.. .`.h..k.6.m...m....O.@.0?.0.....0..k...O?.l[.W..K..B........FCG(D.%D....Ff.o.......~...v..b.g.I..0..0.C..$.Q......pHj:....G.....n..L\..V......Z..?...K...........\.5..........l.J!U...!,.`...D....(.[.a.....(..h..9.P.o....h....hS..Ow.G:c....`...0..." .R.......%h.$.i.%.&M...$.Uz.../A.....2......k.D@.kR.U.$...o.A.k.C=...%.*.G.....$!.*Q...G.. .9..H....`a.Y.'*....5x{.xNP..tQ.Q\..[9...).>?M.......1..1.cN...i....4...P..;G...ka.T...D......A;..0.F;..."*+....S'..._J.(].....,...u......&..<.dw......D.8..D@ .$..r..~..v*.<..s.V%...A2....a.i.m..<.K..5..2..]l3y... .C ...5/.l$z....o.S...go.~[.....{..2..C.....O....m....m5.)6.V"(B$.]5Z'mI..D$.$j%Me..`......4.v......[....!4....[.....b...T.:]..M(0.|r...U.....+.q>..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1758

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NkZCQUVBNjcxRDkzMDVDMA==
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1759

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.959488331235293
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:6nV3Q+eHojparE5RzwUBC8n2N2c05KcO6032SU0xuTQ/YXf2113btzYSzYcUX:6nV3Z1jpEyRznTKcOUSinvehYSS
                                                                                                                                                                                                                                                                                            MD5:6F05BD2B6C05CDD768EF718B8438C495
                                                                                                                                                                                                                                                                                            SHA1:C211F3D98E591236463639B38DD2395B7F7E3B95
                                                                                                                                                                                                                                                                                            SHA-256:7DB7DC308FE6382D07F502CCE32D8E00BA6B4BBB5ABE6310B6036F28924E13C9
                                                                                                                                                                                                                                                                                            SHA-512:4C952E634A0632060B60B6B8C5C83FE65456D77EB73D003A67C9C942739FA1CAE1F8533AB3BBAE4E6A8DCEC64FA6C3D5A1F300A3BCBCFFAB3C07194D1FD7FC52
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/taptap-android-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF:...WEBPVP8L-.../c...M8h.I....[....b.....^..Z..Z...N.mc.o...".rd.em....F...Q....m}?Z.m.I...T.J.c.{'.....4...............*...n...S>.P..*.!.........M....!...K .@..@.o.........R....Dt.U6."..)..gQQ`."i....w.4.,..:.... ........!.......%.k.....yYu/7......A.q....S.......O..z.Y...*..D^..l.".v~..nw...`...>.03.af.L.3>n..j..f.H..|.3.JK.Xa...ZJ)bNj..t ..[#.V.7[V....6.A...*.L.5..0M:@..C..~....B.m..2...3+....m.m.K.(d.2"...-I.%I.m...C...V_.c....Hv.=K....At...f........+{..Fa.:.....@.!.......2..B.'......zU.. G..cyzF....X.l.Vz.....0>...|a s...m.@.......1... ND..I.D.f..?...p..-Y|.=.!mG@...-. .C.DI.i..%..>.o.0G....I.hDgF..BX.d....3.br..8.R......d.T]6.!.,...t......e.K(...2u.....;..=.}.q.u...]..vK,..AI4.e.;j.;.g...j{0.."....-\......P.P..k......x....5.x..e....H........7..\.C.X.......V.a...*` ..5L.t......6..1v.#...)..;@..T....>7W.2.D.L.h[...y..0....y....{..l....3...Q..#...s...:1y..............0s.Dg.KR..q....zT.![fG2.H<.S.....@...2.0/...681....h.^'y.X<

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1761

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17595
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972097415200727
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:pFce+DfhV/4f85a6vnqA3Li4cL9EHdMfNKRk0:H2P/pFc4Eo+ND0
                                                                                                                                                                                                                                                                                            MD5:6B3E050C41FCB5788E715763F97E2D40
                                                                                                                                                                                                                                                                                            SHA1:B74A8AE144FD1873B53702EC01FFFCFBB1C5005F
                                                                                                                                                                                                                                                                                            SHA-256:8426FD91EF7F38AA310259F57775E91F5D2D4136E4E7FB5CC5D1FC2687DF2892
                                                                                                                                                                                                                                                                                            SHA-512:6F859BCC648F2C7DA46707ACF0C862DADF1E7D3C8F7D2A2453875C6D47F42C9BE5CC487BEAF5465E6D9D1BB66C54493CECF7A7DFF525008F3B1D52D985043827
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..DFIDATx..i.\.u...}.5...3@. H..@..%J....eI.,+.h..-.;..{-'.n;.IgXIw.qb.l....c..4p.H.....1.$...o...{....[..HII..P..U........\..?..v.]...p...y.L`U#b.}.Q..;G.....(M.Z..v.9..;2s..p&`G. U. .L.h.DE...l.(q.p)........$*03...""0p..`b..'.#3.....b..MUD....C.....S,.....A....LD..(.&"Q:....i...` .....IPVBT.39.2.......;..'>e...\s.CU..TY.B...B& #..73..X..2..p....53...H..dL.LF$d.r.d.......!F.Q%....I.R..G..Td......S...X.V3..96*.FUU3vD.<3.R.#..Sa%.'.1+..8.x.........8.H=..J&@T..1...,..........T...e....z....Lb4...(...X..,..$*.3.XUc.0.D&d0S0H./....I.43.g.r.T9S4..#26!2g...b(jXY^....,+.\...!....%njjz....t{fff....z..I.(..*..c#..dDbp...l2".`V.....2.i.<..H....H...,w:++._._X.u;E^.*..1'.....$..k.V.Qo...&2.;G....."..\....y.$.w.13...Df.."".L.T-vWz..s....N.....s..K.K.A...y......V.95U.mz...c..w.{..\..:#1.a.A..F/L...03...t'...T....h.V`0V...D3.....WN.:}..Sg.t:.n....D%.$i.&.$m....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1763

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12807
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972446739749784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:w9tUN/3GYOif/qal7d2h0UJ1S8RyvCFGtFIQDIvXJ:w9tUNz7f/qa72nEtFIfJ
                                                                                                                                                                                                                                                                                            MD5:44B5D13ED58CCA46C39900EDC42F0750
                                                                                                                                                                                                                                                                                            SHA1:BB6524367EB1780E5252AECF1014692F80D07A5D
                                                                                                                                                                                                                                                                                            SHA-256:249FA6029CAD032E934A24C3A98714B6B2765C881EE923C2F75E9B6651385487
                                                                                                                                                                                                                                                                                            SHA-512:7A8CE6F98F4A8AB76167B6D5C7F902892C639BDF79F0CFF5EA57B0746326995B90C2267FEE12D17E1835982E182BE31129B85F5AE9E753D2BE5FCF6BA8A53B18
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..1.IDATx..{.'.U...}N..q..}[-..%.....h[..BH~.e..6..``.b`.....$d..3a.`.BB.q....1.[1...@.8..&.8..m......q...~Uu...sNU........K.]...:u......w.....|q..$..d^.../....].5}..@h..I..0...?..{..E.%..$!.......B>HZ..`.4..C>..i.{............G..5..%/.v...d.0.U..)?..Y.Y?..3...!".....B.V...8G2......;.....2>.t...Y...... |.1"b...:...f1.T_...".i...y......_.../?..~B........G....&...b.jU.H..B...B......I......k....\}.....Zv......m....".PDc.......j].Uu....?...;....'.[.....R.f..........[..9......B...I.;J.X.....J{$....z.m.(..+iU....*.z8.....if1...w..~.B..%}....z.J..._.}.?.w"........jW^.e......<@HF-".Eh4B$..x...x...O9x0.X..).M...E.... D......t. ./.F.LOD@2FQ..8..:......h1......}..{..CU..T."N..TL....#.e/a...J....`:....s....y..v.>..2..]y0F..{......V`....`.G...S.1FI...Sq.......fJ.0.f.h.M-....Ko~...x....rv.Lu.H......-{..8....f}.M.mw...IR..S.0.hvC..U.#...v....`FFu..?M.........ZU.f...(

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1764

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9653
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.919748117440208
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:SikLy/cAj7+NsMotkCBE5m8ga65yaFUO2FLvrfqGOtij4PwE5O:SiF/F6JotkCx8ga64aFU1fq1tjwEE
                                                                                                                                                                                                                                                                                            MD5:80445F2BAA040C26994A25B8AE3E4C05
                                                                                                                                                                                                                                                                                            SHA1:984A5908A2EF1814FCB063E1BE098EA459B238D6
                                                                                                                                                                                                                                                                                            SHA-256:12ABA82EFA1AB6A4D20D7620AD55DAD4CF9AFE15F180D067ADA57DCF74B04361
                                                                                                                                                                                                                                                                                            SHA-512:2839606EA910D1616FAD3E9E1D93645E45931306E33F098B949F631F9466A25B572458C67A2496504C0DA40BCDA82AD8C69637E72C2A62F916427B61FD344CD1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..%@IDATx.....w~......=.9.X.K.d.f:.x..x..^..$.A. ...Ev...*.E....$. .;...b..Z..H.d..^u.\......H...RS-R~.d..,.X".bt....9....4.n..y.~.....0...a#cp c!.........0........0.XJ..h.h....vr~.&..].6..zC.~P.//.AP(.d.16.....c..U....mJ...._..g....|o.x...k].|.._..+...?..2.;..A....d...w...6 ....'.......5]y.N.,../....'...oO..7..........`..A`.....U...@.a...<.....:Y.....npS2....=O..;...{.......C. .AX`....@`$6.3.....a9I@.D......./.NN.G..,.-c2..]2b}-.........R..........@<f0........g.|..b..46......9~ok.*55....B..0)[....?g}. .....`a..@ ....@|NB..... .E....H.......z...8.. ...... `bo..k...o|.].F..,R$2.d0....`0...H..F.K........WmH.......+..En(..SvP........|4....Z......`@<f.1...2B.@X......B"...$.<z....|2.D..@<$.$..g~z|..7.2...2.....a.!..OcpBB.....M.... .].B......z...!..llc....lu.......(.L.Qd..<b6..+.$..X...$l..6...k?.s..{.D)...;...$.:..u.p.....<..........qA ...!....@.x...l....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1766

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuNg4mPAZ5iJAu50-h5KWrVgpPX4B-QPYPKM9u-6pQ_Iaas537vhOKUgUZXYbtqLEMipzGByjdFSlFHHft8YolhQY9aptqv0VpGBDRy&sig=Cg0ArKJSzFCHQ8cE3eBEEAE&id=lidar2&mcvt=1016&p=98,43,348,1023&mtos=0,1016,1016,1016,1016&tos=0,1016,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&vu=1&app=0&itpl=20&adk=135233075&rs=4&la=1&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=v&rst=1698409201456&rpt=3130&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0"
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1767

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10462
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972670918564868
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:D68a3bccPQNyy4H2zD9er2Qk4GI+4n6hd0fIdZU3:ZaUa2zD9eKl4S4n6/CIg3
                                                                                                                                                                                                                                                                                            MD5:3CFC08EED85F8DAE1D7B26788302D3CE
                                                                                                                                                                                                                                                                                            SHA1:48CB3A5FBFF3864153360175D164907AD3899EBF
                                                                                                                                                                                                                                                                                            SHA-256:C398A1D12D1F10E137A682A8A2B138E57F4CD8944BCF57139CA693EF1DFB9936
                                                                                                                                                                                                                                                                                            SHA-512:5B8FFE3DA108580E37B29D15C5153209C5681DFF7F949E997FBDED65167E3BF2975E19E4B33D8D18FD586625895210CC4667B367699E0022D2FE835666630BBE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..(iIDATx..}i.e.U.......7...Z-[...K......66.0.....$TQ...@*...$....R.!.)6...$.-.b.5X..BC.....7.w.=g.V~.}.=...^.d...t....{.9{.5|.[k.C*.W.../..]..*....7._.t"........."@..!"k...}#+R...AU.a.%!l.k..U.... ......K....(TA.......S6.0.6.b"....|wa.g..^.j.oW....%e...?z.C....'.^Y\. .TC.FrV.L.D...=.K....#..........iV...ac...?......<.v.@..k...L....@.....~f...........^{...<&.$.h.Q.n...O...'.\...3QQ....k....6...'...7....H.sjX;...0vr..wBt.`"_.])..j.?....^U.W._#..z..s..3.8........([j.L'...n~.......J.]...B.;.$_.. ...BX...(.d.1./..........:..5.,..*...W..G...O....!......g......wI[...L;...5.....]...HCA.V.......GN.[\..f.?...w.......l..E.%..1...G>s.iL.B..........tW!...Q..#~.A..Q..?l..............V.^K.\TT._b...@D..%..E..Z.~.-..?:.. .....y..n{...A.p.....}.m...eP...tn..p.B...B......LL....4..I.">.....|...E..Q.?T.W.*T. ".... ..>....... !H.t}x...'.W.>.to...Qu...Rz..r...tG.d..\..~

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1768

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (5657)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6162
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.599076700545423
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Sb04pPhtmpvftu/PvJ/CMMKJ8UotoqzpfLEj:s0i5fPJ6FEPkIj
                                                                                                                                                                                                                                                                                            MD5:6AAAF8E11A32FD37FB419E3A4CE9696C
                                                                                                                                                                                                                                                                                            SHA1:1FD88F2EE4DE5422E0C344DEBEFE3F2B5ABB2592
                                                                                                                                                                                                                                                                                            SHA-256:468959E93F9B4E6F07C6A8F8D0E93D8FCB37D76A8615A93EC153F5842247BA99
                                                                                                                                                                                                                                                                                            SHA-512:748B27BDB7C7FA082D7BE6C69F56DC33302105784391320A5CF960531C594097BC406FD3F4690E4CF74F4016F4D56804A4296E9BD885562EB66699E1318F7000
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://0c67c5932ebd9e761b8c1cb2313653a5.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8">. <title>SafeFrame Container</title>. <script>.(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var f=this||self,h=function(a){return a};var n=function(a,b){this.h=a===l&&b||"";this.g=m},p=function(a){return a instanceof n&&a.constructor===n&&a.g===m?a.h:"type_error:Const"},m={},l={};var r=void 0;/*.. SPDX-License-Identifier: Apache-2.0.*/.var t,aa=function(){if(void 0===t){var a=null,b=f.trustedTypes;if(b&&b.createPolicy){try{a=b.createPolicy("goog#html",{createHTML:h,createScript:h,createScriptURL:h})}catch(c){f.console&&f.console.error(c.message)}t=a}else t=a}return t};var ca=function(a){this.g=ba===ba?a:""};ca.prototype.toString=function(){return this.g+""};var ba={},da=function(a){var b=aa();a=b?b.createScriptURL(a):a;return new ca(a)};var ea={},u=function(a,b){this.g=b===ea?a:""};u.prototype.toString=function(){return this.g.toString()};var ha=function(){var a=v,b={messa

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1769

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6112
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.945572073899934
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:nVScMAGMZ20aS+ZAVcE4co8AXwnJ9WAxJLbMObK1HuT2oTc7libj+OaARrWJYQmg:V9MAGK2kXqcY26Azo5OAmaoCuQmc52lG
                                                                                                                                                                                                                                                                                            MD5:2C9292680EFB0713E9A0FB365D47DD16
                                                                                                                                                                                                                                                                                            SHA1:00C52FD5AEFB352DE3212F2C3F7F2E1068F84003
                                                                                                                                                                                                                                                                                            SHA-256:6E0269F4177CDC35123393291F6D2964EB8C5B22D01CD816E258648460FEBEC2
                                                                                                                                                                                                                                                                                            SHA-512:20C24C0CD6B9141971452BC8FEA902759EB6964153803B6B4E5644024E5B318D7B8CBFB26F152D636C097AA5D142C4BE6A45E945478F26EB5307F20E1E14BE5A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/pdfedit-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M(j.H..7...".?.|..T.. .d..+.....9B.....F......D0<....d;Q.1....$..(..ZYWH.6.u.....@?..CU.'.....q}.6pa.N......\....... .!...D.....T..T.~....."..c.O!.l(Q.f.f.3..B..B...6.r....mS$....E....13.333.Z...U^}X%f,3.d.H..Dw.r37R......L.2.6...m[.H...~.Or(....3.`...Q.].......333Sb.m....mm.=.4......Yr...7l..#76"L.D...dq..23G.....>....Ir.>.dh..?P..Z..G.....{... 8.....J.......`...@3..t........o.|*..SJ.U...z.@..e.%..9_.D.....sYt.......krx+.....{.P.l.S...s...g.....].^..a...........=.<....s...X....B`.I...xv@.~9a.Q.90.)..?.+o.a{...Ox..u....<{..{.q.e../......Sw...".f.*|..uP....1.K......l......fy....(Bl.&.d.R.C............."4Q......M..Cd.8D.@...Q..B...C......"..uh.Pj...!iQ..+.z=8~B...J.B..z......f.....;3.V.;u.....p..... .T6.'.....!n...t.IJ..".T...E)$.H.8...Z.....#^_.&.A-.j........J.!G..h../.E..|4..........N....4..9.......t{.G..,.......&7.=D...P.....H.<.....q.ya..3=3....Y>.'.....|p.kd.EeG.q..r.....S.@Oz...i.y..........~..{&.....S..T..A).7.s

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1770

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1771

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8278
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.965448747260539
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:gHqZQuB7gsHj9B4YDmIKX//9oYblKYEnOVHSLyAY0eEx5CDb:gKZQY7x5bu/l5blKY4g3Renqb
                                                                                                                                                                                                                                                                                            MD5:2217190101490AA218E76C0423D26751
                                                                                                                                                                                                                                                                                            SHA1:DC0D36A726F86C00438144E39B7F0C71C1590AD7
                                                                                                                                                                                                                                                                                            SHA-256:FA4473DA2F483EB709AF0E15E456DF462F7E07A6BC8ED45B3A43B2E7159AB490
                                                                                                                                                                                                                                                                                            SHA-512:7F8A9300C16100449211B4DC8AC0373BFB655532B1C6AE369B51163DC96C54F4A55BE24AA92847B325511A13F676F62069801BF719026DFC4A75D7E8CEB375BF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}k.eey..~..s.........".A@h.DiPA.1..8...2SVR.#5...$.gR5..IR..gb.J..*F.....D.A..AQ0t...};}..{........[k.s..Z.N...o..<..^.|..q.#.@DHR)" .@......o..z..$..@.......$..k.+]x.?F....U...9......J.._......hI. .FA. .........p..I!..#..,...p.....%...?L..........\R.j5AR......t...\Y....X.%.P%...$.+I1k....S.#...F.........H..K.2I..Bz.jI*\g..?.o.+.T}..t.+."{.......P.M.`^.".p......XC... kI..h....K..%..M.Dk%J"....x.T!..dK...d..#S"X4.*...#.....k...8...G.(.Z...N..dG-.2Q.."h...:x..J..H'...).\p..s...).N%W..=Z.....G..DIE.G...W...$+....[...U..k.x_c$.W....#1.xo......... S.P1...V.I.mI%.:......L.>....b..1..m.`...6....S@JaY..O.l.2.2..EC..I!*..1.v4.2..RK..E.<w.jP....$a....=...TB...,...TDB..q...:.o..C...Os.........%._..Fm.pz...G...Q...p.k.\t.AR0.%...E..ZF...@z_.]^.j..XI./..Z......c.>LD...Q..+..T.1I.S.c..Y..S.B..]..|...;a...".:.........."...x.@.>.$|.....X}....k..!.s.....#.B.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1772

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvtZcQGutsxKE_66uW85VwArqTqsB02IvInex03TA1s4e6rnWujciVcrtOkfoYDKoB6aemAxPmeHrMf_O31xF4izHI111A2F_w9RkbE&sig=Cg0ArKJSzD2wSZ6TzfsYEAE&id=lidar2&mcvt=1009&p=753,23,853,993&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=47427054&rs=4&la=0&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=v&rst=1698409233750&rpt=529&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0"
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1773

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9889835948335506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUkxl7/lHh/:slf/
                                                                                                                                                                                                                                                                                            MD5:B4491705564909DA7F9EAF749DBBFBB1
                                                                                                                                                                                                                                                                                            SHA1:279315D507855C6A4351E1E2C2F39DD9CD2FCCD8
                                                                                                                                                                                                                                                                                            SHA-256:4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
                                                                                                                                                                                                                                                                                            SHA-512:B8D82D64EC656C63570B82215564929ADAD167E61643FD72283B94F3E448EF8AB0AD42202F3537A0DA89960BBDC69498608FC6EC89502C6C338B6226C8BF5E14
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1774

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9033
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943502828959969
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:DmtCtv7/CFon3YRv4DHaP+2veL/aTvFSDMXNZoT1BynDE6D726rbD:D6CtjaFf922veTWdSYQTQA6D7prbD
                                                                                                                                                                                                                                                                                            MD5:0F8C7AC0665D430BA099DD68A1438609
                                                                                                                                                                                                                                                                                            SHA1:B31979EBD809A0ED30FF60CF484D585228F5B703
                                                                                                                                                                                                                                                                                            SHA-256:56D73ACA1A6A65EFD07717BDF7A225D62784377F0C2E9C32C38F0AF68F325E77
                                                                                                                                                                                                                                                                                            SHA-512:837D27445706A303DFB1DC13DCBEFACFF9D1C2630E7F3EAD51D82A146241E468753632D6C6EAB8D2929A9A47739ABEBFBCD02A0CEFEF524F0093F0B52115D731
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..".IDATx..|..\U.......z...t..Y..*.Q.... ...D..q.....#.BX..J...D...*j..............U...9....KuWg.......4......o.}..4M.4M.4M.4M.4M.4M.4M....;.......=...\.Y..~..F&o..i...hZ..P.!I.A`.....0..a.AH..(."I..`..."..P.. H.e. l6..b.q...<.k...*.#(....$k.*..A.(. ..*.H4.L..b.?...N.d .p.......\....t:\N'...c. MQ.....Q...=.. .. .$.(.0.K...qlJ...x ..lll......_a..e..t:388..'.....X<.+...\..... ... (...P.Q.5.^'..VUU...TTT......P(..z....n.Fc###.d2.L...Hdtt4.N.s,..*...S....H...$I..v.'h..H"X^..l6.q8........(..K.....E...D.P...t4..D..D..WQ.UU....|...,+.H.a.._^.EQd.`M..........:.f............d2...x,....q.B.#t.`.6...i.`..[0....A0.04M._.A$.....2x'I...,.&..B!..DS...i.D2..E..|..4..h..n.1..].PU.E..0.E].....z<.`..t..!....y...d..q...[.n.$..fa....8s....jZ'..1U..}.....c..A0A.6.>......a}b$If2.x<N.....i8...0..(.C.....d2...r9Q.UU.e.5..`Y...I.6..n.._#...Yz.AIJg....z.....H..o. .K..(I..q.l6..d........<.v

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1775

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):210580
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.470536325169631
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Wq27nItFVerLt1hgpeKo4joS2k4OawyiVrMg6i/i:WFDUALt1ipeKo4UiJs
                                                                                                                                                                                                                                                                                            MD5:86A37C359B238F8C198EF0452886AFD3
                                                                                                                                                                                                                                                                                            SHA1:C0DF761A37144B866DC8E6F4736248832B5377D6
                                                                                                                                                                                                                                                                                            SHA-256:63492DCF8FA2FB817340D17D053ADEF3FAD08E3E6A851749221C62DD632C6AAE
                                                                                                                                                                                                                                                                                            SHA-512:C55D0B7029F76A4B5F9811AA4753DBDAC43756B52C637A2C28B18A026D679A405B64C763838629C3A2A13362A49E8DDD952588F94F211D9585614F9E80CD6B70
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://spn-v1.revampcdn.com/publishers/downloadit.js?modern=1
                                                                                                                                                                                                                                                                                            Preview:(()=>{"use strict";var e,t={2131:e=>{function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}e.exports=function(){for(var e,n,r="__tcfapiLocator",o=[],i=window,s=i;s;){try{if(s.frames[r]){e=s;break}}catch(e){}if(s===i.top)break;s=i.parent}e||(function e(){var t=i.document,n=!!i.frames[r];if(!n)if(t.body){var o=t.createElement("iframe");o.style.cssText="display:none",o.name=r,t.body.appendChild(o)}else setTimeout(e,5);return!n}(),i.__tcfapi=function(){for(var e=arguments.length,t=new Array(e),r=0;r<e;r++)t[r]=arguments[r];if(!t.length)return o;"setGdprApplies"===t[0]?t.length>3&&2===parseInt(t[1],10)&&"boolean"==typeof t[3]&&(n=t[3],"function"==typeof t[2]&&t[2]("set",!0)):"ping"===t[0]?"function"==typeof t[2]&&t[2]({gdprApplies:n,cmpLoaded:!1,cmpStatus:"stub"}):o.push(t)},i.addEventListener("message",(function(e){va

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1777

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):192
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.071861532420611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YTX/6ABZH9/MC6ABZxJzqIgTH2ILLg6M5CA5EfMJJJv4+TzKUUaXWkYkWnt39jrj:YbvBoCvBdqZ7McGTHV9zaalgD
                                                                                                                                                                                                                                                                                            MD5:23C7C9601FCEF4D3B7A0156F978F548B
                                                                                                                                                                                                                                                                                            SHA1:59A47FE9EDD6026B0B468628EB3F96B05A010F1C
                                                                                                                                                                                                                                                                                            SHA-256:EB2697B60C526A1D4980E0874700E7C2B4F43BB9292770F71BB4BB972506E415
                                                                                                                                                                                                                                                                                            SHA-512:3D250E9A223259A23F0EBF4FBB20DB3FDE955FDF80A64B9C7278290C60EC2560EBF665764D4E35515F9E69E1CBA2F4E21FA7504505CF3AC8D3A380201A284F6D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://c.statcounter.com/t.php?sc_project=2246434&u1=4C97E359749D4F42A9F94ECFCAAE3E85&java=1&security=5cda6ea8&sc_snum=1&sess=de22c1&p=0&pv=10&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//download.it/%3Ftyp%3D1&t=App%2C%20giochi%20e%20film%20gratis%20-%20Download.it&invisible=1&sc_rum_e_s=8908&sc_rum_e_e=8922&sc_rum_f_s=0&sc_rum_f_e=8904&get_config=true
                                                                                                                                                                                                                                                                                            Preview:{"visitor_recording":0, "visitor_recording_unmask":0,"time_difference":"1800","counter_image":"data:image\/gif;base64,R0lGODlhAQABAJH\/AP\/\/\/wAAAMDAwAAAACH5BAEAAAIALAAAAAABAAEAAAICVAEAOw=="}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1779

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7405), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7405
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.790193106954802
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:2zoQKCuL5/YjNdbBE8tJfyQnY0c6w0RaD4:2zoQKCuL5Wf962ch080
                                                                                                                                                                                                                                                                                            MD5:8716AE8F7E962D1A2B276C7DA8A65832
                                                                                                                                                                                                                                                                                            SHA1:EF318DC7E178A1BAF062ADEBA78B9F726432BCF3
                                                                                                                                                                                                                                                                                            SHA-256:157E2C775966B4AF8AAE5A0228E6C48DCA7719FC0254687504517D0EBBB76E21
                                                                                                                                                                                                                                                                                            SHA-512:8645DFD72DB751EAC7C43808EA2C4428DA85B9672BCEC72AC556834D107CD530D7DAC99870B178BB5EE83EF336857C1D85461D2FC3011FF14C85567838D9A237
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://download.it/cdn-cgi/challenge-platform/h/g/scripts/jsd/c359bc3d/main.js
                                                                                                                                                                                                                                                                                            Preview:window._cf_chl_opt={cFPWv:'g'};~function(R,g,h,i,j,w){R=b,function(d,e,Q,f,y){for(Q=b,f=d();!![];)try{if(y=-parseInt(Q(404))/1*(-parseInt(Q(313))/2)+-parseInt(Q(368))/3*(-parseInt(Q(392))/4)+-parseInt(Q(320))/5*(parseInt(Q(307))/6)+parseInt(Q(400))/7+-parseInt(Q(383))/8*(parseInt(Q(363))/9)+-parseInt(Q(367))/10+-parseInt(Q(370))/11*(-parseInt(Q(382))/12),y===e)break;else f.push(f.shift())}catch(z){f.push(f.shift())}}(a,818008),g=this||self,h=g[R(375)],i={},i[R(305)]='o',i[R(395)]='s',i[R(399)]='u',i[R(314)]='z',i[R(341)]='n',i[R(310)]='I',i[R(338)]='b',j=i,g[R(401)]=function(d,f,y,z,W,B,C,D,E,F,G){if(W=R,f===null||f===void 0)return z;for(B=m(f),d[W(378)][W(369)]&&(B=B[W(360)](d[W(378)][W(369)](f))),B=d[W(386)][W(353)]&&d[W(389)]?d[W(386)][W(353)](new d[(W(389))](B)):function(H,X,I){for(X=W,H[X(379)](),I=0;I<H[X(359)];H[I]===H[I+1]?H[X(326)](I+1,1):I+=1);return H}(B),C='nAsAaAb'.split('A'),C=C[W(304)][W(361)](C),D=0;D<B[W(359)];E=B[D],F=l(d,f,E),C(F)?(G=F==='s'&&!d[W(334)](f[E]),W(390)=

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1780

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13109
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.940318825066472
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:1fmPHVYBzqAw8+8kJqXFHT6RDJ95xJjKYyCT+FINrgxSk9niCLtnQwXSwVr:1f0oGaz4DJtJjhwFINrgVhtQwtVr
                                                                                                                                                                                                                                                                                            MD5:E9D73BA6F131260AF16F4403F2EB5D4D
                                                                                                                                                                                                                                                                                            SHA1:3F1D11F3A996F5013D8D17EB8D4B3C6381A1E34B
                                                                                                                                                                                                                                                                                            SHA-256:E449922455FF0CBE7A152B17F8A4DAB02C555C8FC1307D7B49557519FCEFDDAA
                                                                                                                                                                                                                                                                                            SHA-512:087667C15E1EEDAB04426065CE18DD9117C8F735FF49957D601A8AA3A635097967F7171BF2C098729C606B46872CD8C1E4F71FF9ECF434DA9AB620854DC5F8A3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..2.IDATx......y......=.]C....f7I.....B..)...9....a.W.,@N......$'J...d9.DK.)k .dS=wUWu.{.{..}.s...f..%....m~..ia......C.yL."....$.).Y........mI....A..%..r.B.B.... ,..').S.....)0........#B....A.BH"......a..al....N.#J....lK....4.-.-......`.S.......@.l..#.4.....;..........W...6..(d.BX.....!.S.......a.R.s.k..v...|.....~..........@....+_.G....m..Z..$...!0`.....IH.XH...f.. .eY...a.........w..g.....w....E..0..2.`u..S...........9.NX.tQ......X....c..`I....1...,...q.A.........I.).,..1|........k..~...9..I.h....RU ...7.q{........9F...@....8...@.%c.W..w#$..}3...<0.T.E.]=._..?.?_.....@.......@H..(.ef...;...k......+.ZOmu.U..A...h...HQ.@..)..a$.2..,d.#B.B....!."."..........P....[..J..(.4...a(-...?x...A..+..[.]......H 0..R.%......1....2...xJ.......B.s:Yy.......zp.....9..Gl...I.[(P!..L......o.?|......s..s\[....$$..[.Z.a..-.Y.B<b.'.x.G.x..$...e......7v?..Oqf....Xr..Hx.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1781

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20317
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.951765052210209
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ZCuDp9gW9Ex9WqiVxTAVAP0b3IuKa1yxP8oLcuk7nshGKvKwwcNMrYggx:Z5DbQcxTIXlQbLcuxwcNVgi
                                                                                                                                                                                                                                                                                            MD5:704957ADE568C8A2B5EC42541775596E
                                                                                                                                                                                                                                                                                            SHA1:1E52A5B80315348506E3B151FAEC8E1F972F19B1
                                                                                                                                                                                                                                                                                            SHA-256:BADADDB47577B3E6830C59DCC06283658B8D098A42D0174D2AAB8B7A1AA23A43
                                                                                                                                                                                                                                                                                            SHA-512:FEA141ABBE1209076314711627FDDAFDA2E6E0D1B6863B2D265E558E26EA54AC57244709F39696E536C813040523FE693A6EC5D949D66FE225777C30E5C76833
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..N.IDATx..y.m.q..f..}g.....z+.{.. @....2)YR...e.'<.g"&:..3.....vD;.m.....25.(.DQ&EQ.A.X.<,.....~.o.?.....Q.Uu.s.|_./...<.... "3.Q..h4.t..o.y....`0....Z...DDDJ)D..(...A..D....sZ...,...f...:.B."...D....Q..O.`.N.D.....F...1i.(..8...T.EDT.@..J. . .8....Y...6J.XG".e.........v..n..1.l......5...KD...\......}.{/....7. I.cL.$DT.H.6V.$Z..`..v.,....V.5..G.!)UU.......p0....i>.M...r..P@>.=...............9u.......~........6:....AD@......9.|.EJ+WV.l....h.B@...s...Gc.#K}..>..p...h....?..o..o...i.$I...8....I.DQ..b.z.._.8...2....{gcwg...[....o.)f.*. G.s~*.....?4.. ..... .....Zw:...~..'.x...?......{..D.........B.Z."..HE..f3 ........,.|..s..u...2.Y.Df>.z"...v...........uY..i....e.1Fk].R...j.iZ.....,cf......K..^.x..|V.i.!h....G'Q_F.a. ......F.8Zm..D...RJ...s"r../...?..?....1eYX["..(.B..{aQZgi..I...........d8....6..'.|ruu5...H.S..X.._}.............,..GQ.n.[...YkG..l6C.n..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1782

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8038
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.910146202472024
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:uajoc8uPHW2QCsnxt7JT8+C4mO8H0J37ZM/mEJw7JRf:ua0NH3dC4mFH0JZymEJSf
                                                                                                                                                                                                                                                                                            MD5:DF0590204A40D334A6DBE3DD300F4548
                                                                                                                                                                                                                                                                                            SHA1:7A0489BB3280726C91686DF4E48B861CD99E851A
                                                                                                                                                                                                                                                                                            SHA-256:58F86A2A4C025967457FB4C42E21DFFAAFF7C0B217115D1AB10E925D5696D7E0
                                                                                                                                                                                                                                                                                            SHA-512:71A324895ACC0CD47368746BD817187230C539B3EEED704CDD73220347C21123D78352EC546A56CDBA0411D9B8F134C74913B55E7BD3F7E26C3D752DF93BDBE9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/mac-notepad-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF^...WEBPVP8LR.../c...M8l.6. .........3D.....$j}.g..kF2..j..t.Z}.-......6.#....$U...a.(.$E._...v...$.m$IQ.g.`...'.@.6./y.O.'.W.....T/0....#5-.5}!..=5.E...T7553...p?...H...L"#.....l....:..js....m#Iu.....@DL@F.;.$AG&..A...e.r...#I.Kvp133s.....>..f...td...o...:b..1..d.V-I.....1a..Z.....w. ..s..........]4y..}..j...m#..$........;..$I.$)R.....l....... ).$...YDd$73.<1..;33.TB.....?..$.$..E.#...~.o.n.D..$I..j..3.s.......0.-[.X..`a!.. ...!.FB#..L:k.#..3....m6..@..._.B#.......y&z.@..8..t...o...9........|..t.y..n(..`r<.L.g......b....E...'%M...."L.(........{.#..[b@...#...'..0@..A......#...L...^2.....@..s...YG...Rx... .i..Ld......0.3...o.W.....8.Y....A.LB......_.......I.%.%....9...xf.F..*.`.....L..`.P.5. 1...(<......".. .......2...S.F'.h...x.D.....bD........g.$.E.H.5..W.7..93..`g.8oib.....(.t.....',.g..X.....-...Kvxn1<..\..4o....p?.@....v:f...........,..822....j6B.....C6.B..Y??......c.!.u. .....0.....x...|i......|.......1.^.5.....\.6a...Bx...q..l.4..-.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1783

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDE3ODQ3MjQzMDQ4NjcwNTkxMDQxNw%3D%3D&google_push=AXcoOmS2x5LEv7B1uc1bwlwt-X1vsr1VivM4_0hii3efv6zGKCY4YQFmELEAl0UgedCE5wnvdlC0QEw1Dnl885qqBDwYSEDFZhg
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1784

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7306
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.474727169635241
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lM1oT57UaViKxYv+fHCX8fdwWmnGJcmTdh:xFgaViaCsf6pnGJcmhh
                                                                                                                                                                                                                                                                                            MD5:0B7AEF6A4E1E9F2688C14B95F37EC837
                                                                                                                                                                                                                                                                                            SHA1:298A3907815FF39CBE7E5B23586558BDA092902A
                                                                                                                                                                                                                                                                                            SHA-256:87DC286C6979BD56C0B0AFB2C1801065ACB7F2A26E6C6FAD02FE034B40C9D677
                                                                                                                                                                                                                                                                                            SHA-512:0D2913408AAE248295F41D66FDC5BDACA2BAE2441BF475CFE465518EEE5C5F251E366C4FB54C7F52171553B28EC0F7E540FB609229CDB340C607D6C4DEADB5AE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx.....-jC..............2.....h....:.N..6+.....@!Q4......x...........{..s...=..v..[...j[Umq....-...T[....:.l.l..m.mK.Ue...v.Ykw.k..m.1nUa...^.f.....z.?.~...O....g...?..}./..'..}}?..u..W.T........@b.....B. .@........l..F....|~.....o.....w..>........h.0..........a........`...............l.....n.}.>=..._.......[.......Cq.k..T............P. A.((4.$..aw.$A......h3l3.9.>.......>.qo..z...NC.P.l........$.eAJ...P......7D..s..........l.@.:3'.....y.......o.Su........-.,....P#.f@.... 5,`1.m..&h........@P.S..cG..v..u_.....P..0.....3.2B...0km..f.... .C.i..5.m.&.6iVUcvwi.....x...XZ..^=.].X[.\..`.Y.s....@1.Z3 `Y...Z...t..t....@. .....Y.S.^bE..$..Z...m..l.`....[2.)....#...2...!.d.........ll...-+..r!...$6...3...6.2.......h..``...l.........6b.....B:..sY...3.Vm.@.......H.0a. .. ... ... .@....T...XK...uQ....j[.m.%UAE.@..j#..mJ9.-.V.."v..!.\....e.....R.n........h

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1785

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9176
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970220101372775
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:VA92IcJrAWysjlPKg3XgR7tpNq210yMuoH:w2LJrAWlPKN7lyyMZ
                                                                                                                                                                                                                                                                                            MD5:142ED5C2079703418AB9109166198B9A
                                                                                                                                                                                                                                                                                            SHA1:BEBF40E3E81C11BBB4E2702489BE24960BBEE0FF
                                                                                                                                                                                                                                                                                            SHA-256:B428FD1CC7ACBE925E7962A3F11632F42FCB5425DA84E76180A054055CC850D2
                                                                                                                                                                                                                                                                                            SHA-512:A1685C776307CABA705CC25E5727F3FE80DDB119D685233251DE15EB12F4B31FE40798F8C03385BD854F77F3B33E50C7A5557139336FEDCD52CB6B293BBB3601
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..#cIDATx..}y.%U...qN.vWWw..4[......;".(....n..fp\F..F.y.....DA...`P.......*C.....{...9'3oUuu7....K..W7+.q"......^xl._0...z.X/...c.`......^0....O|(./.k3-E.m.....K....n..sg.iO)-"z....[.[..~U}..E....-....[..[p+.....y...yv.z.....O..*...d........Q........|2V...`....]....B.....A...;3.B........w..Z.|.Z...-L.......>..DY.....q.+`I..<SL.....nN.J!....0...WN.#v..l.aR.Z$..@e4..~../...S.:....73z...fy..D..D@..O.b.........z$.B.6....*.P.jx.."w.3Lq}.TAD.10.}n...JD.J.E.p...P......r....u.U.H`....O..).1..1p^........g.....C......J`M.E^....V...H5..`....[..........2..c..Rh.........H.d.<.~..7o...a)_.....~..^..1T......{V.rR.d......%.t..0.cd=.`_.&..c........!...2T.el....*...7..l... ........w.....\[.V...A^K."..d.....HHv..EyP..ia.C.S #.7......9."....J....3V7K.. a.sc.&.*..*@."f6..%QH0.R.;... ......}pFT.........KS&.^6..W/..!.g..(.T:.!..p..K..X.Z...T/.zr...N...=...r.H..%Bo

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1786

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65324)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):127616
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.074372300728969
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:C7pIJNT4kyEIA1pDEBi8INcuSErOY/uKFq3SYiLENM6HN263:C72a4GMq3SYiLENM6HN263
                                                                                                                                                                                                                                                                                            MD5:4A06316BF34E208892E55E080848AAEE
                                                                                                                                                                                                                                                                                            SHA1:069AE98189B1A33C3EAA923CD8A8EBEDB89C8C37
                                                                                                                                                                                                                                                                                            SHA-256:E3400E3EA6C68192EAD1F3ED3B73ED718742596E653370E25DCBF279DFA4E8AD
                                                                                                                                                                                                                                                                                            SHA-512:DD7BD1828B73D5D29620805F11AEB2A79C23FD5681F43AA51C1212D78F4829E3D5CE3454131384ED743518456BB70D1343FF66B36063655793CC6BA23687A552
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/css/bootstrap.min.css?v=2
                                                                                                                                                                                                                                                                                            Preview:/*!. * Bootstrap v4.4.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1788

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11068
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.89000662153038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:4sSokgQGGSRXdbILGUfuMNrIIsJeUMVhjfSL6ZLNyqHGDAQZxjMNZ2G/VcHiATuI:lSzSRN8yUVrWMVhKeEqUO2GqRu5DcyY
                                                                                                                                                                                                                                                                                            MD5:0470DABB162011AA9B2861983301EF39
                                                                                                                                                                                                                                                                                            SHA1:F17A1B262C4F244DA27FD3FEA070A14BBDD80CBD
                                                                                                                                                                                                                                                                                            SHA-256:A2FC770895191CB47AA748222513ED545014EEE613CFB1D241DC47DF3B08DF0C
                                                                                                                                                                                                                                                                                            SHA-512:6B50D2B5A17413DCB76BB4E63AD16D24CA33BF1EAD88AAB360EDE00C7493D8504180D56D173F23AE1DFD32B882E98D7B31E89530B8DDEF4509A37939B8BBF9F2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/flappy-golf-2-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF4+..WEBPVP8L(+../c........M..M....v...........=.m...S......o.....u_..n.6s........."...kW...........I.......^0.$IJ....g.W...1xP.6..r.0.!.=r....k.(...<:..........0...7...D...0.&...HD G..s..1D...+od..1.....H.qg.Y.!....:..oTC2......P...?%r.C..jj......'O..*f. .../".W...../..E(...6..?..{.D.....B.)...T.`.mN*.k..c.jI..:.}.bffff.....@U.J-...... %3.....-.{..E.<K...m[.QJ........y..f..?`....<....0y..c.1{o..R".om.m..S..x33..*..uF...l.v`K......Q].Vo9&..m.$m..u..="22..utU5..>m.m..h.m..a[.j..R..o.z..l...m..z.d27.9p13......./.X......8....$....Mk....p..y..;.........m_6N...{.9b.$F..HRd....3..3.U...1..x.X....!..]..}.....}...f....Z....s....z...K.l""...........`L9........r}'w..N.&.... ..).Y..O.>2Z.....@,..".@D(......7..~...w..$1N..EA..D. U"".`vn\....*.....@`.."@.L...u.w......Z....(..A.....02..$F.=.}.Wgn...V... .....E...<......A.ilH.IS..........T.T..R.}.c}h./G.U.;4....;H...4..]...$.F....Ts......%.......%.DI"u.{...L3...v.........J..u|...P...(..@..C

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1790

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):160
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.15458805244323
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:U3yGqItEsRGD0twQyGnyaDgeDQggp6ngQjMHIGfYjP69LBgpRf:U3yGqIt7DtwjGnyac8gUMbfYO1gpl
                                                                                                                                                                                                                                                                                            MD5:DCBD642F259C6F45EC1A2BDFA9286BF7
                                                                                                                                                                                                                                                                                            SHA1:C9320D9138BB29677C40884737B4C99F5AAFB645
                                                                                                                                                                                                                                                                                            SHA-256:33949E102D222316480736A4E8121FF411F2ADC3D05BBE2D41B033BA294B2D7F
                                                                                                                                                                                                                                                                                            SHA-512:EED46146EF4EAC9550194584E0D1A6A9C920DB1A81C496072161C1B4177699CE319D9321A210C221CCC73756B1F94E6C3E9512B4E15746DAFF75DC8D4069E334
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://rules.quantcount.com/rules-p-NckurUNbznaCm.js
                                                                                                                                                                                                                                                                                            Preview:/*. Quantcast measurement tag. Copyright (c) 2008-2022, Quantcast Corp..*/.'use strict';(function(a,b,c){__qc("rules",[a])})("p-NckurUNbznaCm",window,document);

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1791

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):153156
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.313184589772049
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:PpbrUzacicmSKzO9R0cFMX/kC7dCqGjHlUHNaVcZRxRBA04VKsuntF0dTGgQ18u5:Wza1ke70eNaVGAvkF2kl
                                                                                                                                                                                                                                                                                            MD5:2630B3D7AD4A41FAC67742216E506D83
                                                                                                                                                                                                                                                                                            SHA1:DDA36227690CB7C9EC74DE3667DD595D59FB8EEC
                                                                                                                                                                                                                                                                                            SHA-256:CD5EB76033D96219A0C4FE45FB0DF10202E1FEBCB4D086FB1305F1B3304A6B1A
                                                                                                                                                                                                                                                                                            SHA-512:DF4BBC981FDD148A6EC0E97CBCCB16B66C9054EB144A6055EAC76A2B34FEFE071617E6AA00338A7D2C990ED7D521BA1FB95D086C20B4A37BB95C0820C9B9124D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.datadoghq-browser-agent.com/datadog-rum-v4.js
                                                                                                                                                                                                                                                                                            Preview:!function(){"use strict";var t={log:"log",debug:"debug",info:"info",warn:"warn",error:"error"},e=console,n={};Object.keys(t).forEach((function(t){n[t]=e[t]}));var r="Datadog Browser SDK:",i={debug:n.debug.bind(e,r),log:n.log.bind(e,r),info:n.info.bind(e,r),warn:n.warn.bind(e,r),error:n.error.bind(e,r)};function o(t,e){return function(){for(var n=[],r=0;r<arguments.length;r++)n[r]=arguments[r];try{return t.apply(void 0,n)}catch(t){i.error(e,t)}}}var a,s=function(t,e,n){if(n||2===arguments.length)for(var r,i=0,o=e.length;i<o;i++)!r&&i in e||(r||(r=Array.prototype.slice.call(e,0,i)),r[i]=e[i]);return t.concat(r||Array.prototype.slice.call(e))},u=!1;function c(t){u=t}function l(t){return function(){return d(t,this,arguments)}}function d(t,e,n){try{return t.apply(e,n)}catch(t){if(f(t),a)try{a(t)}catch(t){f(t)}}}function f(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];u&&i.error.apply(i,s(["[MONITOR]"],t,!1))}function p(t,e){return-1!==t.indexOf(e)}function v(t){if(Array.from)r

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1793

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2310
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.297015910664458
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:cnOEaV/JOEaVdRVc+oDOEaVWN0oAnOxMaV/JOxMaVdRVc+oDOxMaVWN0oD:cnOEa3OEa9Vc+oDOEaMNcnOxMa3OxMaG
                                                                                                                                                                                                                                                                                            MD5:2B63CD96A1B830EAD309E7054E930658
                                                                                                                                                                                                                                                                                            SHA1:8290234B198C9AF1AD77C45D11F1DBD186A34334
                                                                                                                                                                                                                                                                                            SHA-256:38E42A9A323FD44FE86F0DFE5F7695590E6D4E4B3C016E30031DBBAE5171DF33
                                                                                                                                                                                                                                                                                            SHA-512:41F7859CFBC9D9A1150FBCEC276421804891A9857848DA069B7C273CD615F3C15C3ABF39688FA4A9DB6559FE016E081CF74495C7157B443E780C42137516E6D0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://fonts.googleapis.com/css?family=Dosis:400,600&display=swap"
                                                                                                                                                                                                                                                                                            Preview:/* vietnamese */.@font-face {. font-family: 'Dosis';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzlnC_W6EQ.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./* latin-ext */.@font-face {. font-family: 'Dosis';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzlmC_W6EQ.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Dosis';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1794

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12872
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96021268619456
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:FLppudpdqWE9OwNxn5sC6wjxdwk6BYgDhNoa4ONsmGCJZ7+Y64MEXdUZ/O9N:tp+ptiZsCrVdwNYgDg0GCfS4zNCm/
                                                                                                                                                                                                                                                                                            MD5:0F596BFEF65BE038EC40D0BD774E2218
                                                                                                                                                                                                                                                                                            SHA1:9DAD19EF9976DD076BB820BD4C2AD9976B3118F3
                                                                                                                                                                                                                                                                                            SHA-256:99A58B50D87D0F72231A3BCD3071A25065939BBA47EBF6B4CA8CDABF57E03B74
                                                                                                                                                                                                                                                                                            SHA-512:00EB9FD72DB13AD3D4487F35B13F5D8E8C83E01144570BC04C2EAB0D471F926F95CA32C3BAC7C8A39967FA41AC7C5F016F8C5261675C9BB3B1272BE7EA92D13C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..1.IDATx..}g.\.q.u.7]...~.C.I.....E...V...~..~.BbP...;...h[].<{.F..41........Bw../o..'oQc..p.1.Rj.A.7^qOB...7^z......C...o.{....,I.<.1.R..jz.K/.../......z....[...........7....,....,..,..8N.......\k.y^.R..pc.].E...Pg!...Y..+...?.>.H-.F.....,/r%U.di..]...Z.....Z+{.E1...,n..9.....1.k.s........_..J.f3.....k...R...PJ..J).q....TJ...z..n......-.......a..e..G..h........q..].i.^..[..F.........}....Q..l.v.4.,.k..5...R...=.K...r..OeML.J9..\.-.JI..EA.Y....9+.b:...s....._c.W.6^..q...v..y._5.>p}...8#.b6.W_....X.eGGG'''.Z....1.Lx...<..Q._....Y..^.6P..q..O.q.J.....F.ZS...I..R.y..GxgB$Ib..B.E.....|~||..*.J..<."k.....<.Y..M&......m.h.%c......xnh;\ x..;./..k...PJ].%.$i.6%.......J)..S.T\.UJaTB..y^..............1f.X.!.4M.$...y./.....<.j.Y..!.....u{.S...K).{....R2.0..5_?mn.|...q.8..}...........iQ..(.q......................,+...?{.,I...H.Q.v....(]....].W.K.q]..7.<..}.-.n..~Q@.%

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1795

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3378
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.94173308913584
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:jZrsQRm47R+jG8UfLEQKuE0doKihUcXeXwC:TocRL8UfgQKtKTcOXwC
                                                                                                                                                                                                                                                                                            MD5:B00CC83F16E52E6302ED20A3D2451894
                                                                                                                                                                                                                                                                                            SHA1:1A9CC10DFF8C93DA29ED6B6961458B4A375740C8
                                                                                                                                                                                                                                                                                            SHA-256:B6565925B2A5971A84EB22D895015104F78A77FA4CA305866BC02571C4CC2FBD
                                                                                                                                                                                                                                                                                            SHA-512:FF6B34AB290BE50D9C15E85785C785E80D507F0D64CBB4CFFA7D2AC65DDEE3F8689966A5CE9B1FBBFEEAF642EE997E304E525FA337A68BF8AC22ADA014CC439F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/microsoft-powerpoint-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF*...WEBPVP8L..../c...M0h....>..}e....._C.......X.'....M.M...5.`....|..m$IN.D.....3Q.?.....$......'..m$I....-'..&.L.........H@^.R.....I..B..H!...:......7..Wtk..Fo. q.u....<;...o.,......g8.*...ARQ`G.<.W.W....".../.l....v..eff.Cz.._..32.).......3.,.4T.K]...^........8...}.........mf.FGc}M...u.gv..Q.'4DGT...g.yt%.. ).....C13..rF....Bo=.a..2.r$I.$..{1..h...v...D..!P=.w........C.'HD.H<.'.."....G.f..D..F...CY.i.|.D.'........b.P.De.n..-.9....;6...8|;..,..\.M.....O.Y...X.K.@on..)''..yO4.\...+u.........]..Nn.n(...I@D1....~r..c.G...o[-.e..W5.X........k7......9+......l>..{...[...?Q....e...d...j...#..O.S.m#....6..;.P....I*.|..@.8.....&.......uT.&5......TW.&(...s...P....m.I.".....W.\.zg..W.F........m...l{x..5......&.P.B.>I.i.n.f$....4.f..u..B...v,....x.. .....{...3)B.Z...._T.\.eO.)Z.K..H.:O.b_..0N6..H..j..#.??.....P .0.V.M.YeC..pP.r+...FU.TbB..].vb.w>.x.0...W.....K.._RD%`Z.s.]/.V+.%1k$.....>.6........$b.4.].;....i.fp.Z.,.n,n..c....[z..W..V.@v{.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1797

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (416), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):416
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.865117647678812
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:20uhQxidQTYVIUO83Z1nYxtQ/R16Rp3P2Nn:2PhQxidMYVRJ1YI/n6An
                                                                                                                                                                                                                                                                                            MD5:A8911B3362BF5935C0B8942FF31E21D8
                                                                                                                                                                                                                                                                                            SHA1:D1BF600CFB85EA668868C3FCE3CBEA54F6D80855
                                                                                                                                                                                                                                                                                            SHA-256:EC47E6472651559CA723A66EF956E8B17527D80EDC59644BE04633ABF4516786
                                                                                                                                                                                                                                                                                            SHA-512:A95ACECA86AD4DE49687A5B08A2B35CFB0A8C0761CDE58D08809E89F293F5AA698AABBAF6031CF78944596A4B0DECAD3F6C3E95309673D8CA617C7ADD5D06268
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/js/search-header.js?v=1695907987063
                                                                                                                                                                                                                                                                                            Preview:(function(b){function d(a,b){b.stopPropagation();b.preventDefault();a=a.val();1>a.trim().length||(a=encodeURIComponent(a),c=c.replace("search_placehodler",a),window.location.href=c)}var c;b.sheader=function(a,e,f,g){c=g;b(a).each(function(){var a=b(this);a.find(e).keydown(function(a){13==a.which&&d(b(a.currentTarget),a)});a.find(f).click(function(a){d(b(b(a.currentTarget).data("inputselector")),a)})})}})(jQuery);

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1798

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11753
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972801201850515
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qD6QJxl1339GN5kRiE/TfFhL3cgWIVLdw32DiR3piYM3FCpdzLaBI6RcSp3o37rr:qD6ID33FYAj3WIVOGDi7ir3FCpRLb4JK
                                                                                                                                                                                                                                                                                            MD5:C8803CEF274836957BEBB23E53C1DD84
                                                                                                                                                                                                                                                                                            SHA1:5F37D65F2593FDFC2D37DCE6633399AC209538C3
                                                                                                                                                                                                                                                                                            SHA-256:4B16E804BABA0CC6271897BF82A4495A7A7276964CFEB121551CFBBB13F9399F
                                                                                                                                                                                                                                                                                            SHA-512:28FB0D02E2544F0CDE2AEE4DB79F2CB726523153432DF09FECA40BC822E70495CFFF850C7484B6A24CC7849CAAB192BDE378178BDFE8DE8AEF3D284EBB35FAB4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..-tIDATx..}i.$.u^..:....>... ..H,...H".YTX.hJ...#HK..v......b8..;d;..d."A..."A.)P. ..op.. ......v....<.Y.....gvA..........W/.....L.R..y\.A.4...z.Xo..................@......;............5p.C.x....u..eD.{j..s.0l..5p.*9..u......,.-H.t.s..c.R..c.F.$x.)......2.#......k.i...1..fM.........B.qlY.....B...i.....3....eY.....8x..=~^....g.F)UJ.....jr...~lcc.u]J.Hr0..Wa..j.N....+.J.T..J).(..^.+.l.V.9'....Z......l.ZE....AP...8.....R...m.F{..n.[.T...S..A9.=~...W..:.C...0.R.q.n..hD.U.X.,...+...8...f...m.I8.B......i..<..\._t..8..c.R..l.......F..ns..n.....I.iKy...q..j6.B....(.#.aA....B[+....^..R....~...{.Bloo..4..yx..n..n.!..T.G..9.R79..p.EqD@..u]t7BH>.......m.1f.f.E.N.s..l..N.?.y...N.....~@.........72..x...i....0...i..(...a..RJs........}|.RJ.0&&&...;B.J)c.G>11..C.J).0.,....8.|.....Fa._.....coo.u.0.1D....a.Q..j.(9...&..?]z.3.....F.!..s....a.....8..........m......r.nvvv0+....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1800

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8646
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.82591434636054
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:PFOVSHgIvuBDzNtI2gWq+0LaEHwqjiOwIiHiviXRlRE5N/A7v7uR4:d4SHgauBVtI2ureEHnGOI7v7ua
                                                                                                                                                                                                                                                                                            MD5:923FBAE61245079717232AB1C5709D18
                                                                                                                                                                                                                                                                                            SHA1:9BBF4F8079135797A1E96B9F0FA03AC7086CD19D
                                                                                                                                                                                                                                                                                            SHA-256:6DAA98A3ADC2C54B547E864CB8B4CF52FC1834893C75F33C2EF28499F8009873
                                                                                                                                                                                                                                                                                            SHA-512:36AC082697559BEC22266E33A6F542AF6FA6BC057CC5A6C388BC80670E4FFEC4F068C8B86EA4386AEABA60DA6953C7E1B0173F69D43B5E48E9A87DB03711B2F0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://cdn-guide.download.it/cdn-cgi/image/width=576,quality=85/2022/11/come-funziona-gmail.jpg"
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........7...................................................................../..................................................................................................#".........................e.Y.>!.L.Yz/$.k6N..[.td.yv.2u6wq_....]X...^....z..F.~. ....................s.C.|.s.Z.o|....@.]j..:...\..>..:^.........................%Td......o...[...-X......iF.24.../h..cP.;o9.}..w.!.[.~.Z.t^W.>e..-s....Gp.................,o...Z.....~5.=...wY^...y..?K.8Z..........K.T..8.....j..>F.x..hz...s.....)...b5.0................0..v....^..6.........78d<G.MG.k....r...>...|....@..t[.{...t..e.>v..K..../t...~kJ.Y.....W.y/n.].................'M8Y./..}..+M.zo.;A.ou.........1~.....}J.S...M[q........V.|..<....t.r....L8Wv...(lz.!.E................!..........^../..].t.w.....]...\..z..x....^.>.....X.#C.z.5.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1801

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15259
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.973682020388709
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:pW1+buJqxCE5Nu1/YuOMbNfNNfCMkEesJw:NuoYFYubbP8/EesW
                                                                                                                                                                                                                                                                                            MD5:EAD6D91C34585909FCF4F725BA726EB5
                                                                                                                                                                                                                                                                                            SHA1:21296AB924D4E235E1211D0C537D22AD2855E5CD
                                                                                                                                                                                                                                                                                            SHA-256:9EFA2ED0A06D4D37E36E285A0E29F67F5C5F3CD31DAB8765249C963D9802DD55
                                                                                                                                                                                                                                                                                            SHA-512:AF91452A3A350D4ED41D22F300303B1D08FF2075AB4669159E932B3EEBBBD79641CA7867578EFF8017784595C9E394E476247D9B70BFADAADFAF16E867CA60AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..;&IDATx..i.].u%6.Z{.s...:..{..).#%.jl..}.2.j$..{~@~A.H~D.@2.%#.U...c.\V.U%..."E.b.. ....6..{.|.....,...5.].f...5.\.t..W...0..."......;IZ2..W0@...'h.....c.8<.........K..........A..$.w...[...?.Y.o.'.{x@.`........|..~...;..no\.n]..UT.3... .....We.Ld....t..N.......%..;..\....FN......t(\.wW..f..m`....tr......w.....l.&.RB>:<....o....m1H.....|...38......rH......iu..~y2?L......f!L..6P..R9......!...s|...`..@...p..N..1`.....v....>..(.{).w.;.v...<8.V..~.....I...wf...K~...=r....}k]X9....T>.....80Z2.P.........2...M]5...R...$O.......|.i.Z.R;..xv.F.t..$..m...X.D0..0LA.<}..H.Q@...ZhD...EZ..o..~....A.:Fg...:.$.3.......s...w..w.....t..$#..Nq_...q.,.1O....]..[j......wUm:.C.Y.$9Yl4.T5..j.].!.y.l..\....D...q...*<.4.{..R..C.!8.... Hwo.[O{.. us..<.]..o.?...4:=5L..%...-.A$..cT..=.4o.................`..C..x0g. ...}..g.f.*..vw............>5..24....77......;.s..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1803

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9166
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.95616991875281
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:XGSBxPCkW4r677jijGLveiYwxLU704sKAMx3Ay2utAU6hp/7POS137:xBx6Ld7qGveiYwVV4sFYEjp/7Z137
                                                                                                                                                                                                                                                                                            MD5:9BCBE5DFB93034FE338F2C2E6D2667B5
                                                                                                                                                                                                                                                                                            SHA1:AA4B4768B4E3D18D64C59C7A914E86BB4BFD29C4
                                                                                                                                                                                                                                                                                            SHA-256:0A6D461A0FE5520D10CC76D975C12519A1165D25A8E3DC322D0022A9B228A56B
                                                                                                                                                                                                                                                                                            SHA-512:F91981115CF99DF14C0326DCF1C5E32AD82228C8CB6725C018E59B3EAF1951E216BE97AF8BABC4E3ECE8EAF0C3C8E069F90A03A67D1B90D88965A86D94499F0D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..#YIDATx..}y.dg..9...uky.^..z}.m..;.ch.`.H.......h4#.Pd..)R"...!..@.D..!%X....<&#.`.x..6m..6xiw.......wN..n-..V.z..C....[.;....\...p.#b..D.......#G.<...O>..k......E.....[....7...k`e...t../.8>fq..M..-VJ.J.....s.=7.|................s^..f.."ZYYy....o>.....HDD.O.Q...?6b.o.L......w.}...n......:....V..)..y.}.k.>..1Fk.N.....\.r..^......Q.....F..C....?...LOO[k.R...7.e.@.G.y....g.0..k-3;...Xc..X.....1.B..P(|.....>.o.>.4"."..lYi..C.}.s...ja.v.3W..$V.N..?..vWv.....Ddcc.......o.>._..+ ...?...>..v.].T.$....<..8+..(6.|.v_.'...4M.........0..W.233..........#.>....J..q....{......o..A...+99.....W.<.33s.X..3..T*w.~.".".Q.x._<....OMM9../P..<....o@.'.....q...y...;.."..N.tjj.......5........?...0.....oK.'_<.J...hvu.P...3#....7..o.Y.....z(..b.8.J.Jg.#...e...}..0.......@..@...Q.QD....a....?>r.>z...O?..r^F..lK...+Q(W...4...Y..& .%.A.@.@@A@.z..Z..G..G..m6...9.0..&...Q....r..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1804

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4686
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.780853505458436
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:nmR56dK5Hw61rFbqfrthCMs6cJa432gbsV/OiZy8IoAm9:mR5BHw61Zwho60FsOiZy89
                                                                                                                                                                                                                                                                                            MD5:8849FDCBDF01479261F73FFA8BE1852F
                                                                                                                                                                                                                                                                                            SHA1:22A005CA09AEB189DC3322D9B378B88D32449F4C
                                                                                                                                                                                                                                                                                            SHA-256:EC62CA908D91020AB90E23EBBFF4B79B0B72624E9EEAFEBB3C0992579825CB06
                                                                                                                                                                                                                                                                                            SHA-512:CB778827D7B9C13CC88CA6B39BD7A9D532388F87FE1ACD1CCB6DD8C2901C1B3BB607E45D692586994260CAFEEA4D87A861270E6B9F0F45F9411CDDB596143600
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/carbon-copy-cloner-ccc-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFF...WEBPVP8L:.../c...M0h..2.=...w.....V.&..4..Y.H.5.(j.%F.`.Q..."................8l.@.m.*<......S......X..p.hH....8.I..."..S.A.C.".tD.([.&....m....U..#...!....x]....'f..3C.cf.X...PwW.....F.f4...(D.$I..b.`....tO.d.%I..:_f ...'Z....`..d....@......2.r..7........E....0 ....F...F.................#.. .*.....4.........4..F.......o......C.gd.6..Q0....a.&... zN.2A.0`...0A.f~..xk.SgB L.1FT..(.X#..J.'.t..6~......L...x1cN.*Nq..f......b...300P(t..Ie....?.@f.s,p.....y.O`...0`.......;...q.......<'x*.....0f?........D>0Of...1.L.<.|......Da........B..0.-......'y*..<..>...;...:;..n....]q.....c....4<....P...x.?.........0C}...x.IT.L.tLGb.%`.........\.*..\a.8.HL...S...$.....1c .@b....D<.a\,..V..T.*"..U.d...!.......@......c.].....].,..jR.uT.>.H..b...@B.....T......Qq....#.9..V!..;G.1....T.......&...@`L`.b2.....IL...D.L. @......".%...*`..B`...E.W...,0,.).....MH.#..:e.".&0.........X.DT,..h.9F....h..b:..j...d`L.b..@`.1.'.....N.0C...8..K,.i..@0P.9.&c....,.T..X..M...f9..h.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1806

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9389
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974490661582072
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:/n9/l4xfDtvLa5GngcvMFDWIOsif0T96YMbMVQf6WLYvPRw8AwutX4gaA5APm0:/9t6hDaMgnFDWfsuGNmt6WLYHRUwuS9N
                                                                                                                                                                                                                                                                                            MD5:560B6D61123F06D9E8FFAA3A813E6DAA
                                                                                                                                                                                                                                                                                            SHA1:16FC37BCC44E519FBAABB4CF3FC8D02688CCF934
                                                                                                                                                                                                                                                                                            SHA-256:8188B05FF243AECEF2C700C58BC16E9DCBBC701290F48F258F1469D554A62F5E
                                                                                                                                                                                                                                                                                            SHA-512:99B504CF7DDCC897B235D30A14DD79F5122D042955F369E8CC3467BE7D8916DBD2607C8AC10B90F5E38AE8F5D6BE5CB44A5AE0FC87C06117316AF425384B0D6B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..$8IDATx..}.x.U...M.e.;3...H.".(U.........|..A....;..).HI... ...!..J............4@..y..f.vf.y.9.9...n..!.jl..T.I...[a .N..`..C.|.N.E..N..d.:...+...?<.~.5.B.@..,."`..aO.g..X.".+.g.......aY.d2...v.0.L.V.........S..I.'..O&.+....*b.)...O.l.C0.>......r.Ru....m<:.T.....m.\Z.M..l..NEU.SI.5.............p...#..].~..O?.4..=....8x...}.....M.........A...... 1z....}|......`...P...Tm..O.ekh..2.L...X........wwwQ....i.....6....a'v..i.t*:..u._l.M1......l.L......Y..OB.T*.H.@.%.!...X,..E.....$..D".>8.......n.J..iP...8...d.-....F.eY....m...w.Xt..w.h..Z.i|.yp>...+.S#x..[.,.P&..l6.@}}.._|>t.`..x.....'.....M....Se.......A.eY....---_|......q..R.....C".I%".T$...!.r?r..!.I.......?.].C.X7.ru.\.0..R... E..*,4L.4....\&.H....H....C,...+.%..L&&.`.t.|.D.........K.....[W.X......d2.....G........3s...d......O..?...dE.....\...l.i..}..Ri.\\<..L*.J1d.H...0...T.$...`...(**.9b..;.L.%GB.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1807

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):33
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.55954563450997
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YJH/FCFX/9EyqY:YJ/WEyqY
                                                                                                                                                                                                                                                                                            MD5:4C8E06928785BE8A1FB12A3F0CC8388D
                                                                                                                                                                                                                                                                                            SHA1:AE3878FCDE246180192183F455A9E497DE3DA8E3
                                                                                                                                                                                                                                                                                            SHA-256:BE477C762F702ED686A14C60BEB208A16319DD35514D36432E6CD1B2A4263D9D
                                                                                                                                                                                                                                                                                            SHA-512:C57B5A3BF1A8C53733325D88D3FAE57C984456AE2BB0E77908AA71D69AE07A29EAABCD18196CF0244610F718558388DCFCB5CED2EC0B0AB6CDA8FF4385D5620E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://lb.eu-1-id5-sync.com/lb/v1
                                                                                                                                                                                                                                                                                            Preview:{"lb":"7+zecZBCPlyzA2Z6nxrqsw=="}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1809

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):166339
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.7526991781472
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:1UymJUJri6fBp3zxw48e4GMyOIXCJuHugfqtsh7ozja5HazrGug:11WUZx3OIdugi2hUwGg
                                                                                                                                                                                                                                                                                            MD5:2379D3553E102A8569CD8B9EB1F9835B
                                                                                                                                                                                                                                                                                            SHA1:B0B58FD2C11660876727A82DD72CADB22198FB04
                                                                                                                                                                                                                                                                                            SHA-256:DBC2129C336AB24BB2D7D034C52BBE3E6EAC3974A3768123686BAE1B7EEF6EDA
                                                                                                                                                                                                                                                                                            SHA-512:385F6480226305099B071E5BDFA5CC8BF29439E99A853C3D2024163BE0463C0114452A4EE79A7AA3D3D7D89093590BF48F7444D1292D0F8334EE8CC335430C13
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Second_Refresh":["html",0,0,null,1,250,980,0,1,null,null,1,1,null,[138327306593],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CLT5q7mbloIDFZhDcgodRVUCnQ",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"5",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20067;&gt;8&amp;&gt;`dopb/%&lt;1732261!=|vqc)!7201061?&#39;9efotm(&amp;20723;&gt;:&amp;&gt;`dopb~&quot;]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var q=this||self;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1812

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1814

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5771
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.567559413357578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:emfPJjqUcK1ozVNg3jhp9+dxfJ2zVBwa3DHhRboc61aWL1k0RguoNAT3yR:9FqUqzVNgTdecB1rhuclWLwuoNATe
                                                                                                                                                                                                                                                                                            MD5:BB94D1B5CDACAD862D1CE68EB1E71D3F
                                                                                                                                                                                                                                                                                            SHA1:A27FA1FBBC31F416A8CF9E4349C73D496C6EACEB
                                                                                                                                                                                                                                                                                            SHA-256:4A409DE6220135EFE2A8A3BF7CADB079A2357C1D19A7CF66BFF0CB2049EBEAF8
                                                                                                                                                                                                                                                                                            SHA-512:A09627BC370D037F52CAB22B9306372A6E812D0C59A5B7E28F97A5EED51D43BDDB84E82D0CBB30DBC41C7A8067F3716A22CF86934B39843A2F70C0A1FF09D8E6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://cdn-guide.download.it/cdn-cgi/image/width=576,quality=85/2022/11/come-usare-aruba-pec.jpg"
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........5..........................................................................................................................................................................................................................|..w8`$.......................1l.......9;h.vDV.cR|...e+...\...w......................{<vd.h'g...Ueq......>hxY.-I..R..<9.e...........{|J..H....................v.....s^b..{V.2..;./2SH....h...*...kv...2........:.........................I.y..S.z...-.;..c...uj"..>J1.Yb]..-..............................u..y.P.t.w........u..F.......-....n.Gh.........................Y.g.|....k.........................S.WC.. ........................H..l....,..Q.+...8.>\N..m...c>..k.......NK.t.c.~.*z.....................I{f_f.}...s3...U..c-.L.>...Y..J;?{r.bV'6....@............................................

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1815

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (21914)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):57513
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.07702711242518
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:Xugq120spmYjfsSqxHowWtsSvURPQH0vE6YxkDda3x1KxuCYOjF4kN:egZ0AOSyRPy+0Oh
                                                                                                                                                                                                                                                                                            MD5:0A54E842E3E395E6B9FCF6893283A105
                                                                                                                                                                                                                                                                                            SHA1:E96D27E9C036DB495B6FE00CFC8A0371D7AADD74
                                                                                                                                                                                                                                                                                            SHA-256:472C7748607B5B76986BB54FFE3FE79EA954F61705AABD2A0FA80D13B2EEE46B
                                                                                                                                                                                                                                                                                            SHA-512:700F20720B5827E258A947BE8F625797A2778DB6A670C41F3DED093A64060DEB1C77ECEA5F0C209DE0F39E239DDE4F0F70EEC4B535BA8C0ECBE01871D37497A0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms/static/js/flickity.pkgd.min.js
                                                                                                                                                                                                                                                                                            Preview:/*!. * Flickity PACKAGED v2.2.2. * Touch, responsive, flickable carousels. *. * Licensed GPLv3 for open source use. * or Flickity Commercial License for commercial use. *. * https://flickity.metafizzy.co. * Copyright 2015-2021 Metafizzy. */.(function(e,i){if(typeof define=="function"&&define.amd){define("jquery-bridget/jquery-bridget",["jquery"],function(t){return i(e,t)})}else if(typeof module=="object"&&module.exports){module.exports=i(e,require("jquery"))}else{e.jQueryBridget=i(e,e.jQuery)}})(window,function t(e,r){"use strict";var o=Array.prototype.slice;var i=e.console;var u=typeof i=="undefined"?function(){}:function(t){i.error(t)};function n(h,s,c){c=c||r||e.jQuery;if(!c){return}if(!s.prototype.option){s.prototype.option=function(t){if(!c.isPlainObject(t)){return}this.options=c.extend(true,this.options,t)}}c.fn[h]=function(t){if(typeof t=="string"){var e=o.call(arguments,1);return i(this,t,e)}n(this,t);return this};function i(t,r,o){var a;var l="$()."+h+'("'+r+'")';t.each(functi

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1817

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7613
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.952350864667237
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:r7G5rqxC2O06jKH7vLBKuctS8PX0HRLiqHy5MivOYyObk:rq5rc7vLBKVnPklikimabk
                                                                                                                                                                                                                                                                                            MD5:5B71C0CEBB2ECBDF17D1AE5B415BCFD6
                                                                                                                                                                                                                                                                                            SHA1:E42FEFB264F4D43BE7284B519378DE66AAAD9D2E
                                                                                                                                                                                                                                                                                            SHA-256:A831FCCB2060A0791BA09C08EB7E09F46DE0326A513AB0216AEF97AC9074447D
                                                                                                                                                                                                                                                                                            SHA-512:CBDEE6FBD309933D78146D5F7846260220CAF5C273FA941B19774A236670D9702BE2ECB94A9F9DD338A8B442EBBF187A4D89849C539560BA8A98BAD8CEE9EF9A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...HIDATx..}{.\Yy....so?..kVZi%..6...q.8.k...I.+q..@*...$.*..q.c..8)."I91.].q*...v. $)..4...]..+.J#i4...|_.8..=.#.F..........|...;...|....f "fz..;..........t'....a0.if$.,>..../,^$H....@..~..k.....=.&..5S3....5........z...,.|....._~p..|.$.B1..k.U.W...B......u...........&FI.3"....a..A.......~...G.x..+...x*...I......j."...0.$..n..Dx...}..#..A. ..;U5J.D.!u......>..9i.GR....FYawI..W!..$.g...M......v.\.....N........h4Z..:...k....w..A........4.]Yg..B......E..%%=..\7.%......G....../.."WM....k...O.M.R5.........2.*..-..).$.X.YX%K.un)..N...{..Y.Q..4...G......G.0.H...A.g..K1..yQ.....y...q..R.(..m5..^.7_..x..<..b...l......^.&.i03.,.f0..f.).w...]._.....Z......wsI.3..=....L..._.......h..?&D....7. ..F%.].Yu..\...BF......=.....=u1....E./-...Z.m*....`.3kQ..2...K*...J....".!:kj..#._}n.......g...m{W..I.UI.:I......Y.;.k}.bff..PD.I..O>..s......K...f..3Z.nUL..;".\..D...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1818

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5776
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.925802405249894
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:8CMcirQQ6t9Qufs6QZ5UYa6Q2Rn3JQowDFl5xfYp0eAW3U+Q3kUP28WWqYvNo3:locVt9w6QJaoklfDeAWE+8RWqg
                                                                                                                                                                                                                                                                                            MD5:E14056074BBDCDA952ABD760AF8D15F6
                                                                                                                                                                                                                                                                                            SHA1:898F8A2DD224E54CACB27E51DE936522F1040782
                                                                                                                                                                                                                                                                                            SHA-256:BD8C33C73412A416A6A93ADCD4474F98A77C82057DD334D85C13EEB66206899F
                                                                                                                                                                                                                                                                                            SHA-512:9E6CC0428E957BE44776A313CD712B2FAFAFECC3FFED6504BC7B20AB3CB21C02EBE992E5709AE47038EA00F0B53758A5AF65D4B0E15F3C03ECCCF0F49E7F8469
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/wine-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L{.../c...M8h#......?...".?..#Z\...9..]B....u [.~.v....wi7......O..x.L.`.I...._.J....<>..Gn.9. n..3..i..$I.........%>..O...'\.9e.D.b.e.H..T..q...&.,rZV..%.....mY..0....W6%!..e. ..$...r{...M6I..3|.2.U....T..d.&.R.....a....C!"&@.q....b.I.O..E....xS.Xk..6..~?....,{f6.T...[.....-l.9:)K.....wC.~k.Vm...Kmc,f..........u2..J..H.#I2...N..5...J.m.n.u........mF......a..$I.$EjY......f.t.a..r@_......P.m.m..........j0k[e.Y#.m=_.hcaV..m.i$...$Y..j...W..{z=.f....,.=.$Iv.....`...O*@)q.(..9t.o..tgD..S..L...i.....;.7....V...Wc..K..B............ZVY.......2...``..P....6(...}...;..<.K..6(...S......!.PV1.@.3.Es6y-.Fx..! .2[r..F&`..X.j....J.&.zs...d"#.!lMR. ..G..sY.(....*F..(0x.T....<A.P.E.....U....%.....4.i.D6.>...Z...s?.F.b....&..$DO....2..yFC.f.....b1d.F).......@...pa.L.....@h..p"... ...A...5...t:..Z.v\Q...$F.0...#\...g....".t...".@.#E)..Y..8uL.P. ...1..`.... .....S....2S...Q...../..+..l.7S.0.J.a.v...$...1..r...~........w...T/.J....S..&.q

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1819

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):894
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.594651440372845
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:qJQxhA9FU1i7mNkJXed7doEhSTcvilNc5AlxY:qYhA1m570kilNc5AlG
                                                                                                                                                                                                                                                                                            MD5:041B4DD3BFA1658C5FCF50EFD1EFE239
                                                                                                                                                                                                                                                                                            SHA1:10F26FDE6C6C12B5605C653666C55F3CB01BE01D
                                                                                                                                                                                                                                                                                            SHA-256:2D5E7929C137274CAFD733B9F1122D2D940CDF71858C493A7786DB8DFEED4B30
                                                                                                                                                                                                                                                                                            SHA-512:3414C50C9769765A032A088CB7AB118AC8C59AD1FC1E605C498BC9B55F37739BE990FD8503218AAC0C6C7D89C8D3C98F7002A92C8697BA86CFE2F0BFE2FB65AA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...@...@.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...WPLTE.................{T.?..<..=..^1.x............s.K..A..>.......lB.D..c...k......T....IDATX...v. ...Z.*.Bm.}..\P@..e...t....I.YY..A..V...{.gr..6.....(].%g.)^m-.i$..y...V......@`....a....U..z. ....}eY....#.](V.,.....W.,....e]m./.`.I9..o.....Y..k....:_3n>.[{.{..^....x\uF.;....g..1..f..0{.@d.f.F.d.........e..b.dtR3......E.....%h_....N..!.@......$.q p...J...#9.3.H&...@..N' .#M`A.1.F.@.'.......+.. .$..`.c4....p..b.{.............%..Q2..B...w:..~Oq9.}"...W.<........c.QW.i.t...........Li....'5.,..O.h./..Q.$.)nu|.B..V.k3I...k...g....J..q.....u.....'./@n...n.t....Z..W_!..{.A....v.~B.F.(.......D.:.c....q.Js.M.2...z )...n.du....z.t..(.#...2i.G4..~8...0..y.y.....8.{..\......?...S.)..:#._.......p...Y.....FgO6.Z.....,$f."..o,.7..3..x...K..W<..b....aG:Oz.....IEND.B`.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1820

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22151
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970069258106336
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:KGSAe9dycwtf9c3hqU7x5ep0L5aZBzZVaJ7OVgO7O1pNDd4Rm+zhF:KGSAebwSqUdQZBzZVy7OVgO7O3NDd4RR
                                                                                                                                                                                                                                                                                            MD5:68FA337B9F72CF92F1BC4237C8B65D19
                                                                                                                                                                                                                                                                                            SHA1:15F369040CEF5B8A2BC53704DA7473F7AEE46C12
                                                                                                                                                                                                                                                                                            SHA-256:F129887AE0B4E23103199854B5095240D14E794494CC30423F3EFCDFE2E93C73
                                                                                                                                                                                                                                                                                            SHA-512:DDF6A18623AF1FCF80497D2151A65CE4620EA40E39755BB1C3DE1ED15116150EA7D2A3018118BB04C334CCADC1A8EA8C8014871720C283D411C99CCC3F36BD6A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..V.IDATx.m.g.m.q..ffU-......M.....h...G...(.N.%.B...h..7.)...(^h^.Cq4.G..$.....a.t7...{s..f..*...A*b.XgG..;.......B/.....$ ......."i%.H.(......o.^...Y.:;9..x.HZ0Q..hU......U.....,<9w.....).Uj.&.2.|.}....E........`@.d./Rz(I<.'..... A...j....\..PD.......d.eu...@...!.b...'....Kp.!..x..X|!..4*.J.H@...#...........@f!...,..t._.........j..p....x..........Y..C`.!(.....&.WO,.,.s.|.VJ#z`.-..2....................Q.d.....(.L..<.G....s$.....(..n..io..KW.....z.d.{hf,.......4i.a... ...G6B.A...".........+...y.{.n\^.`.."e4...Q..&...........kp.N..8...tu..wX.bf...>;..M...J.......s..^.....H.B..C .xP.q....g....z#.3....w1.KS../..c9.(...B.....Fq"....~M..$z.....@t....@..j......p.N...(..*z.{#../....z....L"..I..H..%....jR...*.5....H-.l.U......j,.{.N..H...Y+..H..S......@!.. .....z.B.F ......7..9...}.Z.$..t}.>?...."..kr..$H....".......s;.._....O.`....X%.D...@D...hU.."...HH.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1821

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12606
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96973610128864
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:G9SlcQwysccOm/9XlDu/sV2EIpse8EvTtevX9HqeAm6EfiUXggsXW0Py7AxwlpT:uaZscc99XlDu/Ns0LtoX+gKl5NpxwbT
                                                                                                                                                                                                                                                                                            MD5:CD064740BE2E54EA7D3930DA14136539
                                                                                                                                                                                                                                                                                            SHA1:9375345A72E299B7CC97F62CAD2D0EDCFBC9BDD8
                                                                                                                                                                                                                                                                                            SHA-256:7647EBB74000399884246D42BC695BD83F8BA677426C6B88FC15D4C04A980756
                                                                                                                                                                                                                                                                                            SHA-512:8261DFDC42CB143BD7E7A124D9DBA2CDA7FA3A915BEBEC81E7770276E6FA11EC80E738B3E2816A60AEF515B9C698ED8DE8113B8327E767D6C7D2A84AD6D86333
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..0.IDATx..y.egu.....s.7W..gJ...I...d..8..:...v.mb....v.^m<.N.N.:...au...`/L......`..HHH..JU.yP.o...s.....;....j.z..}..........}.f...@S=.....>wv...!.I/..........@R...z.AWUI.0.......|...........Z?U..f..O...0..OX..<,~K'^..k...,....A......T..'..,<.7..........^DL....N...o..U.D.....R....F...1.j4.M\..L./>....+S.L..6.mk..X.].Kv..~p....s.....A...c...+..... ` !Y.).q.~Su. aji/......@...?i...ZW5u..p:.qfF"|.......0.#.6..-..g...!.($.q....~`.(0..@..q.....c.Yu3(...j...........(..Y..x~)d.$|H.q2>[...wE.d.hq..v..#.V!\6kK5..4...G..M~..l.68..;.......n....!7..qa....P.n8(4.Hq..R.9D....:.I...Zg.".. ....2...Ea}.C...._..e._.@..p#.2......[-X..f.L!.K.<[.'/..K/....6..zS....[......t..C...."..B.q..[........Hq.........Y[m.......c.6G;.n....d.0......._..ye\.H...:\..@.4...B.I..(h>/....3.8....?...:i"........)$M=..f..(ReLV.(.j.?+ .^.....q[.5.o.b..A.B.:(....... .....EV...K5XiF..K5...b..g..A.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1822

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15523
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971859449277462
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:xiFRI2hdPzZykjsG9LdpLsuckkt21WBkX:xiFRI2L9ys/L3cBt2C6
                                                                                                                                                                                                                                                                                            MD5:D3F609FFF23947AAFFC84F93B3F0ABFB
                                                                                                                                                                                                                                                                                            SHA1:FA9DD52CB77BBD94978407AEE210062C13D8E8A5
                                                                                                                                                                                                                                                                                            SHA-256:A5B5AB43D7196051825E79229C8D696CAA57793E10BB89F174D4BB79E8472A3C
                                                                                                                                                                                                                                                                                            SHA-512:EAB349773ED2EAFD4AE3868594F0CCE7A9210B444523D2B9D22E03579EEDBBE0DF3E7D5C16C683D4DD7C7E8058E2E54F304D7A7959BD9E93F9E33D9CD4993400
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..<.IDATx..y.e.u..;.|..t..u..g....`.H.K@...QT$S.c..%....J.+..J.RqlE.%.b*t..(."..$H..Ab_g..`........|.9........[....=..w...}.whk..z......Y.D ..1..c.C......F.....b8B.P..U[....U ....:...a...0oZ@S......`.@.a.2......|..D....nx....V/3#"3.u.....G..J.&....d"..l03...o.0....|....`."..............18"..`...La._.....\w...^.1....T...#v,.GB.....4...?...0..;&&...0...&0...,L..00.@d.f.1......F.2f....T....,Wz.....BV.3..<vi{.a.OD....._..V...3.@f..1.)S+? E.#..`"L0...U.0.....#.b...`.....+$.y#..8...o .<~.~d...jz}...v`.[....7...<.^....N.`d.U!.......b.....3.A@...f.O[.B.@. ..4a8.....f.f.,,fZ.......@ o.bq\..5..A.0+..`L.2^......U..n~........A....#D......4.B...2.!.v.....#..@LL.D.%2R...B."g...)13.....L..E.:x....."##Z.;.1......zc..q#".....[$x......AE.0!U.#.E.....?..k..H4.Q"..Y....D-"H.JYc..1...!.V.+.@....2.d... a.x.}C..%8...Fv...Ov. ...7..:...p.YLP.A.D.,.."....A\B.2%..3..'."&B..'.8.....s...S..b....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1824

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7478
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.949713132803118
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yrfbj6DC0KQYjk7os67GuckVfe1r8eYcvkQpTVr40+gC:Yfb+DCxQYjA67MkpE8ilb+V
                                                                                                                                                                                                                                                                                            MD5:7F7C3E807940B8ACFE06B41CB35E1169
                                                                                                                                                                                                                                                                                            SHA1:B524B0A51E885C33EB10A37CDC017433CB6C02C9
                                                                                                                                                                                                                                                                                            SHA-256:CE78CC6DB6BACF4B0B970E3B0E7FF39C737E92B8419F1E543D2741695F1E4798
                                                                                                                                                                                                                                                                                            SHA-512:6F5F6954A4B7B7DF2BF2D83E4042BE2FD28433C30B4F435393E4AEC3DB327CC9EF5F38A2C9D6054D956DDDFC0AE8BF16F0A897B386E5A565EB6B963EB774FC0D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/procreate-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L".../c...M0....}.....".?....!O.."s ....!RI.MTU..Q..?.!...w....{B..u$.J.8.G.'E...vkCp..........Q..._..K..0.$IQ..........W..2fx....!.5.....h...9..z...]!.v......~..%..v...4...Xu.bcG+..h...#.g....?....]_....+.?.G.....rqV.@."......CQ.r..O...m.0I.........4.....bZ.LU.U..RY..+..m.l.*..9m.3..ff.Ef.[.....0ly..q`f.......d...-....$I.........m....O^..%[......(^..../.dm...W..0n..]AG.m..m.....>....6@9.m.m.....wsG......Z....H.#IR..&3.....{.7..p..n.)Z..,.|...M....wGDf..g...o.......m/.w.X|..m.......]....om...M..-.RZm.s.k.m.w...`....mM.9.pgU)~.mS$.......<".(;.....m\....m..Bi.Cb..1)".../.`....X...m~...9...4@...' ....0F.....Flc.`..p./..<.{....#D.........w.;.....p>....c....7.....tLD..>.'....S.......e..7..A^...1..1=N.W|.....:..*...@;..7.y....0...../.:......i`..#.l1..........Gl...8.!.B..Y,.:....-.........K.`:.v.b..+;..XjF.O..Y.'.q..}....<....S.c....5b.Xc...R.j(....l........+$.2z.c...h....J.E....PUu...?o.}...._.........8C.........a.a9..2.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1825

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3979
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.934890489712718
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:6+6bzpdQelf0eD8LF4ikjZTFdhyxfPAGehgsr+rZ+6p:2bdBicm/XYpo
                                                                                                                                                                                                                                                                                            MD5:42A12F31D26C2AC5AB875FF6B679311C
                                                                                                                                                                                                                                                                                            SHA1:30E869CFB042E71A927C6247EF0A1365B1399A01
                                                                                                                                                                                                                                                                                            SHA-256:C5EE25B2E79C4A54EC49296AC1929CD264B13B2EF4E4F85DD0C0E2E8D278B329
                                                                                                                                                                                                                                                                                            SHA-512:4A19884FA825AD64D873FC1512C8DF8606F492C2D41347E97367FC60C5EFA3351548C37530DCBD5828AA6274BF2E1C61741D39742C6762C42F0875B610BEBCCF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..W........l..[B.oB....@HP..NY.U.Sq..[..VeZ.sv.muvk..K;k.[.V..k..:..^.....%. ..1t..q5....;.7.....{.....@.+>!..8...7V..........],....X ,.v.@X ,....&.....z.?~.;v.@NN...8..*.zX....n...hD.....P(...Ghh(~.l...9...N.....}"..65a.....J.C$,,..V..w.~.....7......../...D"..Rt:..m...a..d.......P.....H$.@ .A...o..h..]c.$77.......K.P.UX.~...C.....}..x......3`...c........F.....P^R.ns7.d.....2..R%.HTH..b.DE.<./Qa...LI(f...%U..X..q.....b..,..`..`......!.z..+E.(..../..$.r....<..."0#m...:....a........G.r.s.75..."..........z-V....G..b!5kK.,......2L.in...}...F.7..5.a.r..B......w.@..#.cd...4L..:./..".......t..h...=......`..`[..]e.......)..\.c0@.d"..8.{{.jjj.3....../..E..v?...c@/...k`...^...@h.&.....$L...Q]UEkg....b.......%..0.v.S0}p.f...2Z ../!!4..mF.N.:.c~!.~..;...sR.'...w....z.Y c.._."!fG..r.B....p...hK.L._z...._.29...Z#Sb.P4:.t........`Y..:K+..[X&'...C...N..`......Y90.od

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1826

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:exported SGML document, ASCII text, with very long lines (41451), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):41451
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.396284661968126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:QeJJDCzlLJ1kiV5z5Nj6HVdMWuvyziOdCtZvf+ZD/UMd5Q+MX:NJ4FNu1dMWuvyziOdzzUMd5Q+MX
                                                                                                                                                                                                                                                                                            MD5:3F8FAA5CC5D9B321939884C5394B0150
                                                                                                                                                                                                                                                                                            SHA1:AB4E7514EA3998F215C0BA9E049547852E4E4F74
                                                                                                                                                                                                                                                                                            SHA-256:9B6A7CA7428363767B92F9CF0EBC6DC31C5228022E2D2CB5016C0D9493021D1C
                                                                                                                                                                                                                                                                                            SHA-512:48BEC69740678BA2503D288F72209E9088A8E514977947A31F08FB8192D5B59DE81C20CE19FC9B5D0404DEE7D0BF87DF72239229DBE8496E7591AD5574078445
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.statcounter.com/counter/counter.js
                                                                                                                                                                                                                                                                                            Preview:var _statcounter=function(B){var N=!1;function se(p,Y){for(var C=0;C<Y.length;C++)if(Y[C]==p)return!0;return!1}function xe(p){return se(p,[12225189,11548023,11878871,12214659,981359,9560334,6709687,9879613,4124138,204609,10776808,11601825])}function ke(p){return se(p,[12908464])}function Ve(p){return se(p,[12893815,3696903])}try{var p=function(e,n){Y()?document.writeln(e):V.insertAdjacentHTML("afterend",e)},Y=function(e){return e==="invisible"?!1:V===!1||!V.insertAdjacentHTML},C=function(e){return se(e,[4344864,4124138,204609])||e>on},Pt=function(e){return se(e,[204609,4124138])},Jt=function(e){var n=!0;try{if(typeof JSON=="object"&&JSON&&typeof JSON.stringify=="function"&&typeof JSON.parse=="function"&&"sessionStorage"in window&&"withCredentials"in new XMLHttpRequest||(n=!1),O("sc_project_config_"+e)===1&&O("sc_project_time_difference_"+e)!==null&&(n=!1),O("sc_block_project_config_"+e)!==null&&(n=!1),n){var t=P("sc_project_config_"+e,-1);t?Ce="good":Ce="bad";var r=O("sc_project_config

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1828

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2946
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.930869215224874
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:HtSflQ5C4lq0C2B2b9JpTI2yGbEL3Ic0+1M2zBNKtOlnlUVsS:gJ4Q0C2YjoGbELYc0+3zmwlnlS
                                                                                                                                                                                                                                                                                            MD5:66197249B94D56B6C1D2146840AD01A2
                                                                                                                                                                                                                                                                                            SHA1:70BF02EB2E8CA5437998CE8EF2B9E94ACD25D11F
                                                                                                                                                                                                                                                                                            SHA-256:460E99C8D5A870550542520677EFD92CCEF5CDE48FD4547FF72462001DC2FC01
                                                                                                                                                                                                                                                                                            SHA-512:92EDA2AAD232410EAECCAE01714A405332FAF84149616D176431BBFEB9324978702DA9BA498AF1735E765FEC2C72BD0912EF68E44E1961712161BBA262522B2E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/wps-office-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFz...WEBPVP8Ln.../c...UY.....a.{...{...{...{...{.....9..4n....C.1...}....,..5..0;t;,s.(/..1..$4y..vG.N.6L...^......LO.....3a.........6......=.....C....y`.i.u`...ta..6=W8... !s.....X.....L.a&.X...5...c... ..@0.m;.m.m.m.f...m..?.'M.!.m.H.p.|..0.....\.<\......4..d.le.5o7..E.|Z.#B@.Q.....*..........[%...lAF."Z.|..xH.a.pj..p'..i.|.a+...e...6..!..iT..,.qHy6.NZ..4/#.Z..j.....).A....U...*...........9..K%.6....!..m.3A$..[..^.U.......okf..!k....V.Z...C.........)_...^.m.y.U..yu.*...R....}1...... ^..{K...5[..Om..+.j....V..>.........(..S...i(ahOfe...L4.1.f...X2..(e..%.....r.~.l..-..Y.t..M.....x....^3..9n......7Y...;Y..[..'.=.9.S5n...>z..zS.22.-..........._J...@.z:%.=.B..z..@D8.u....;.....@.Q.ZD...+.F./l.......p.A.n..].N..z/...58..u6...%s.....?./...E~[.)5............j-HQ*U.-.-l.^..$z;.8R.....s../.F..b.v........X&qv".....N.f....2....$Xx>e...[......8H.9.+g.....p...OZ..%v........C8A2.t.K|..W(.-....b.o....0..*..dJ.I&.....5s..W.I..X.OD..$..%R...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1829

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1223
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.399744129234879
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:Y/ppLgOky5Mx+DUMXHanz/7xeSPf5OtZtI0IUYSCWSVM6iRR:YBJdkCDSFe+uaESMX
                                                                                                                                                                                                                                                                                            MD5:17B337B09A30B4F05D6DD9284D76B32A
                                                                                                                                                                                                                                                                                            SHA1:BDD31328C405FF487E077820E493CA22ADB9B4F4
                                                                                                                                                                                                                                                                                            SHA-256:3A9CA050B0C380CF7D8EA40971A072E4FC946C0DEEA3EEDE9C3508606D3FF711
                                                                                                                                                                                                                                                                                            SHA-512:B00987D72D76C5032A602C563490AF9B8EB997030711471E6330D6DF2F84E87A956944CA623B7C921783ED8A36D35EED24365E453CEBECB9E0D5AC4CB5874706
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2771134679225523&correlator=2691749080199354&eid=31078663%2C31078665%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&gdpr=0&trt=2&iu_parts=5302%3A22764537101%2CTD-desktop%2Cdownloadit%2Cdownloadit-it-defaultpage%2CATF_OOP_Interstitial&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&ists=1&fas=8&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1698409199963&lmt=1698409199&adxs=-9&adys=-9&biw=1017&bih=853&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLFtdLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMTcuMC41OTM4LjEzMiJdLFsiTm90O0E9QnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjExNy4wLjU5MzguMTMyIl1dLDBd&url=https%3A%2F%2Fdownload.it%2F%3Ftyp%3D1&vis=1&psz=0x-1&msz=0x-1&fws=1026&ohw=0&ga_vid=512993721.1698409199&ga_sid=1698409200&ga_hid=875367689&ga_fc=true&td=1&topics=9&tps=9&htps=10&a3p=EhsKDGlkNS1zeW5jLmNvbRje8c6ItzFIAFICCGQ.&nt=1&psd=WzE1LFsyLFtbIi81MzAyLDIyNzY0NTM3MTAxL1RELWRlc2t0b3AvZG93bmxvYWRpdC9kb3dubG9hZGl0LWl0LWRlZmF1bHRwYWdlL0FURl9PT1BfSW50ZXJzdGl0aWFsIixbW11dXV1dXQ..&dlt=1698409195971&idt=3318&prev_scp=pos%3Dtop%26countryCluster%3DA1%26td-slot%3Dgpt-interstitial%26hvi%3Dfalse%26type%3DOOP_Display_Interstitial&cust_params=medium%3Dorganic%26campaign%3D%26source%3Dnone%26medium_campaign%3Dorganic%26medium_source%3Dorganic-none%26compliant%3D1%26ad_session_id%3Dfd5d701d-d802-4e13-930a-7924ce8c2702%26pv%3D1%26ab_upr%3D6%26segments%3D%26personalized%3D1&adks=1180878096&frm=20
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_OOP_Interstitial":["html",0,0,null,0,0,0,1,0,null,null,null,null,[["ID=b175ee1eb15aad70:T=1698409201:RT=1698409201:S=ALNI_Mbgh4Mws5JTTuvvrBbPThC-DTUJ2Q",1732105201,"/","download.it",1],["UID=00000d9cefe9d864:T=1698409201:RT=1698409201:S=ALNI_MaU6a46U4789BfBjxaS2659hxCdEA",1732105201,"/","download.it",2]],null,null,null,null,null,null,null,null,null,null,null,0,null,null,null,null,null,null,"AOrYGskQ9mYbxSQ6VAgm0Xw9Odaa0O5EMPOElfjJwHzCQ1Q2","CPSClambloIDFfpLRwEdsNkOxw",null,null,null,null,null,null,null,null,null,null,null,null,null,[null,null,null,null,"ca-pub-4515672822323741",8,null,null,null,null,0,0,[["i-fvs","true"],["stop_word","ad choices;adchoices;advertise;cart;checkout;conditions;contact;copyright;desktop;disclaimer;faq;help;log in;log off;log on;log out;login;logoff;logon;logout;member;menu;policy;privacy;register;registration;setting;sign in;sign out;sign up;signin;signout;signup;site map;terms;top;install"],["qid"

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1830

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65297)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):95282
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.912464084997809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:aBCBMi2fLf+Ef7BTDUMREkJZlCRvC1/+mxUqBiBN:OfLf+9
                                                                                                                                                                                                                                                                                            MD5:766244A6EA3ECB9C1D502E2C03E088CB
                                                                                                                                                                                                                                                                                            SHA1:F4B638B73F95EA6E1937B5CE5792918F9EBD39C4
                                                                                                                                                                                                                                                                                            SHA-256:73E0BCEE3BA93B5A2D0F5239BB2C55EBC5A648B0AAB48A0D95C1CB5EDCCB093D
                                                                                                                                                                                                                                                                                            SHA-512:72CC3431AE285C202077F7789D3729A04A33E2762FBE7936D5AF1503687677384F02F8DB5082BA577B22EFF83F1DE87076E9EAA96D7C4700892A90FBACBEBB5E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/css/hover-min.css
                                                                                                                                                                                                                                                                                            Preview:/*!. * Hover.css (http://ianlunn.github.io/Hover/). * Version: 2.3.1. * Author: Ian Lunn @IanLunn. * Author URL: http://ianlunn.co.uk/. * Github: https://github.com/IanLunn/Hover.. * Hover.css Copyright Ian Lunn 2017. Generated with Sass.. */.hvr-grow{display:inline-block;vertical-align:middle;-webkit-transform:perspective(1px) translateZ(0);transform:perspective(1px) translateZ(0);box-shadow:0 0 1px rgba(0,0,0,0);-webkit-transition-duration:.3s;transition-duration:.3s;-webkit-transition-property:transform;transition-property:transform}.hvr-grow:active,.hvr-grow:focus,.hvr-grow:hover{-webkit-transform:scale(1.1);transform:scale(1.1)}.hvr-shrink{display:inline-block;vertical-align:middle;-webkit-transform:perspective(1px) translateZ(0);transform:perspective(1px) translateZ(0);box-shadow:0 0 1px rgba(0,0,0,0);-webkit-transition-duration:.3s;transition-duration:.3s;-webkit-transition-property:transform;transition-property:transform}.hvr-shrink:active,.hvr-shrink:focus,.hvr-shrink:hover{-w

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1832

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10140
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.976262385586934
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:xLsCZibGqlPq3LAmzRfYney2Zk8xkNx9jqNkgcyf2Q7fvYXc8eE:aCZiiqlPWsmzRfYd222Wl6kgrH7HYXPf
                                                                                                                                                                                                                                                                                            MD5:F4A5CAB36DA3189583D1C3C6241B4AF0
                                                                                                                                                                                                                                                                                            SHA1:79FC411F132BF46D30A4D18778919B936DF0D5CE
                                                                                                                                                                                                                                                                                            SHA-256:9AF9B6139520121D3ABFD0366B7F278AC8AC24239668848FA79940F4791C6FB5
                                                                                                                                                                                                                                                                                            SHA-512:BCA7389498D5F72842E24DE75787061D62D62112DDC828DF47C0FF14324FC41F732A81A80EF9A11BC6D656CC73B4FDD469B865C83459FB04FAB3C1B438C5CC9E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/live-sports-hd-tv-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.'..WEBPVP8L.'../c...M8...,.?}../.......6.M..._..:.Zc.l....."..4{..6v..V.D.$$)z.>[..m[U.Pq....8....$E..>....2...\..*3.. ..@.,..`_......E... D....w....v..U..g!.;. rv...5o....`...]....m.......Hd........... ...8.7.A...Ubc96h.A@=t.2.I..s.g......r.1".........@..... `!....=."b....10\0...]....m...C.kfffff...#.v.X...U....!.3.t`:.9szk...f.{..5..f....Jz.j6h.j?3[.cf...m.m...~..+..G...T.....t$.vm+Y...b...<e....l..v..]k.9G: Y..R[d...6.MaffffffffNC.eff......w...=.....j......0X...jN..N..g:.09...x...$......HUuW.V.v..m.m.~.G.....Y{wl...*.2"....m.$m...qFDFeuu./..c.n..m.9...=z...m.}=....8.=& .<.`...{..{....57..ti...d1..[...;.~;.._.n8..........ey..=..k.............Ml.g...v.....W.^.5..0W70..$<&.0#. ....4...lo.kw.......z..,@Z.$Swx$..<."."mU2R*....#.4..wx..3...{....?....tc`xrR.l...3pH.XE.p.....fc.q..r3.Q..u.K^a..hw..iH.sb`.wp...d....9...m....%f...V..nJwK..$..J..C.p.%...Z..u.......\c&'!..R.5.....D.@;....7......@].u.%U[..f..j..p....{.ze.U.*."...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1834

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6259
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.618574840765371
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:/K5TAtgQp3lS9383Xay86IYl130gDam2G:/uTQgY3g4blt0ji
                                                                                                                                                                                                                                                                                            MD5:C2B2A9132AA89708A697ECFBEC9AE65D
                                                                                                                                                                                                                                                                                            SHA1:B1BB24D8FE8FF73CE43C6CED5B4AA714538805DA
                                                                                                                                                                                                                                                                                            SHA-256:C1D5F7621CD90C3AB5D0310C0ACB6ACB039862528CDD8F77C7CCB8867A16DC1C
                                                                                                                                                                                                                                                                                            SHA-512:FA36C011C1A1C6EF271857FC2CF1ABCE851102E979DE083788613B0F1144F37C58216E9880315CAF0D784A628C9E0BFCA612564266431A586F3A305AE600A479
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........4...................................................................(............................................................................................................................................................y.b.. .b...V..........3..c.L...sd.............b..<..WP......2.;?@p.........3.....m....m.....~L..Z.....%;!..^dn.7 $.N.u.|..2.?\f.`.m....,^..{Y.-.sa.{..6.&..yz........n....-...#.y^....<........D.....{o[.o..:.qQv%QY&.....b..*>{....."...X.6.-~kT/.".k] .;.y...k.........Y6u=p.g...............z........E..+..m...~..}.WP.l.......|.G.2...........DbQ..u.hk\n[.7UzEW.zp..f.T.y.;r......wh..6me..^....].$...{._6Z...Z{.ca>t..I6.2.I.:.DU.....m.k...JKc..c...x.8..k..wt_^...kRu..;.Qv..f.....N..^W...HG.........!.N..$..........=.W.8.h..^.C........G..%.....{...|...l.s.....{[Z..,..U".U"

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1835

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.292508224289396
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUmExltxlSle:JAle
                                                                                                                                                                                                                                                                                            MD5:55FADE2068E7503EAE8D7DDF5EB6BD09
                                                                                                                                                                                                                                                                                            SHA1:317496A096D6C86486A71D4521994BCD171A6BB3
                                                                                                                                                                                                                                                                                            SHA-256:E586A84D8523747F42E510D78E141015B6424CF67D612854E892A7BCEDC8EC9E
                                                                                                                                                                                                                                                                                            SHA-512:A9ADB9FEEA4BC14B9C34ED17CD30F8CB36DC686E9F69A292FE65BEBC195BE4714391FD98EC7B67BFD363FBBB6089C41A0B7CAB5130B50B461748E668CAC75621
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGhHD-_NAwxACZg5XX9NFM0&google_cver=1&google_push=AXcoOmTW1D4O8nP3a-U-h8MNeE-Zk1Th7NMpTT8855_npY69t0Ef5Q98-kIuiIdfyaUHSMOX2_zTWbgqV7sBK7DvZOmBze4vv-eRNw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTW1D4O8nP3a-U-h8MNeE-Zk1Th7NMpTT8855_npY69t0Ef5Q98-kIuiIdfyaUHSMOX2_zTWbgqV7sBK7DvZOmBze4vv-eRNw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,........@..D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1837

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17240
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9843474298820345
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:b1vHvBH+SlHGf29O9UADw+Ufq+DG26UcwpRIqp2R:RHvBeSdI9UADw+Uf16AZ2R
                                                                                                                                                                                                                                                                                            MD5:39976100F056715674BF571B6E007F1B
                                                                                                                                                                                                                                                                                            SHA1:50760D81CEA8768D6FE567DDD12296D69C45FCB9
                                                                                                                                                                                                                                                                                            SHA-256:4C1B3E15CA00C403FF43A66756DDB1583B3CD1191137AB769D019B4A8A05A25E
                                                                                                                                                                                                                                                                                            SHA-512:1A1B3D50F9D977497666F839BFB9A6EFC7F8A8FDDC0024DEA7015AB5BA348AD346D6F8CD4F074DF14BFAAC1418D004183EBC77957655AEEC23279E63F69BA387
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..B.IDATx..}.T......b.-..i.$..Dc.1.&vE...{U.P,`C.A..w... ...m..:.S..-..Eb.}..s...73.3..{..>..=...3T(.~*...`0.~|>..J...P(n....B./.Bq..........v/..&xf.....4..s&.9..8.....B.T.B.Q.Vg.0\.....(P.E0.C..... .. ...j..........N.C....>....g.!-.........H$.M.<.?....a.\...a.......1.......A.r9...u..=..+*..=zTTPP ?v...q....G.S......G....._WU).......^....}0 ........Z..$. .......N..B!R.Bq..T.........rq!-........ @8..U2..B2..T0j.J.'....Z..n..y...g.......R.x.x.x.x...hjj.!...5...t...P).(.J.WT(..9..i.y....cP....x..4.g)).q.......a.WCs..i....33H;..m:}....B.px<.F............j...i....X,..R.v#."..7..a...A]p.X`..@...5;".?+#C39-...........$.bf......w..v....b)4....aD....6....h4..1X..T..*.J..D.{C.\&C.J%..pK;....ZO/.@ ......W..",,...B...p&..C............ET.4..=>"B.iz....4lh|<F....wp.}.......}[.`0.`...8.A0.\..y<-.LV..O._T.?|.(.PQ.hOQ. ..1~..Bn..c..EE...E..'O...;&..:)x..A...|.N.R......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1838

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3872
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9050433160603975
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:MmiLBfww8LM9ZKAqfskctJmwoCylLobWkfNHWz:0fV8LM4sfPcGWCNHWz
                                                                                                                                                                                                                                                                                            MD5:CCB78F540F1DE1AF0E3C5301C67EFB70
                                                                                                                                                                                                                                                                                            SHA1:7271338666430AC635388EFB29582C1AA4FE4813
                                                                                                                                                                                                                                                                                            SHA-256:064898E8D2E994E23B1F95D43F8DC4536B24A1B1398E053123DF8F719B17EF4C
                                                                                                                                                                                                                                                                                            SHA-512:E8D260251D9BA0B9E4A7C058F793030B59B41CE407865DBBF9A7491F55CC4F836C7CD87C4BA672BA9F0DE2AB23F8A55A79F8D4E04B2311EAD00B2A83EC8BF9F4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..\[.\WV......._.8v|If2.L. ...h..D^@B.e`$.4...../H<...<.H.F.........`.....L....v..n..U.u;{...}Nu....vU\6..J..s.......GHb.v.t.....X..&`M...5.`.....X..&`M..@0.k$+..E.\......d.....!).......t.w......HaV"B.`.L.....P...K..2$.A.....k.......`D%..*O....I...m>.n."D.^?w..^...*J...R....;.u.../.'Y........X"b...]....V...)....k.?.p.....'3@....aZV.....:...!B`L....Uj.7.y3Qw..h.<+Z..j..a.Aa...$..t..A...........!....i.~wiM....!gcN..vI..kY.........I!=Y....b...H..}RD......Amn...>......U..(v*8.."|...}.k`P.B.@..m.b.V..bm.}`.y#....^...@R.$.e....ja2R.x.+..}..Wot..p..!.J..6.w..t.)H.f..iJSX.\.&..]:#.XKP987...*..e..5.)...k....u0g.C..=$..R..`..U.m.2...i%.-..i."........*"....9l....Tnl.?8..zaz....%N...*..,Fv..X.P..&P.e.......So,]Oj..j..Uj..4DZ=..7vw..v@...+..j.gF.H.4...8.."4..X....IR..V."..AT.B+.m."....J2;.DET...,.....e..) .............2WJ..BKFD..$.%.......6M^.$.D@hV1qA.3...Q./Q...a.my

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1839

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7711)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):242986
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.583642779522983
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:mahaU0lduI6+ZUyuweZlNbRtMy9/8aWeuoX51efmBZkUyRCuizakyr:zYu/+ZUyOLFWaWeuoXPgmBSUSCuiW
                                                                                                                                                                                                                                                                                            MD5:18E58693DC02B93D7E0A64335FE6CB9F
                                                                                                                                                                                                                                                                                            SHA1:EC3FCDC23C29DC4E57E3886E3B81337AF4357E95
                                                                                                                                                                                                                                                                                            SHA-256:8DC19990FA4B910D69937806D6D6FA8EDDA7D7D95339C5FD3A634A24CC2CD20E
                                                                                                                                                                                                                                                                                            SHA-512:C7C8F3AEE73E5B250B9E8489AC143E21D3D2890CF5F0BF92D3F80FFA43535190210C3ABC86D7A4BD084DC09E14904D5F49B5DFD1AE97F8826B66A3E156DBFCC3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.googletagmanager.com/gtag/js?id=G-XYHRS06G1C&l=dataLayer&cx=c
                                                                                                                                                                                                                                                                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":2,"function":"__c","vtp_value":2},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":2,"function":"__c","vtp_value":2},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":13,"vtp_value":true,"tag_id":16},{"function":"__ogt_referral_exclusion","priority":13,"vtp_includeConditions":["list","forumer\\.it"],"tag_id":18},{"function":"__ogt_session_timeout","priority":13,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":19},{"function":"__ogt_1p_data_v2","priority":13,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":20},{"function

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1842

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8485
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.944923215854487
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Xxnl90njlYZ+VG4QHa9lQSC8EoBVkKwE4b1vtXT38hg:Bl+njm+VpPbxhbrkKwH1lXD8a
                                                                                                                                                                                                                                                                                            MD5:EF64F7321352068B4C88EDAAD67C5679
                                                                                                                                                                                                                                                                                            SHA1:202B0C1A2EDF4CDBC6CD7FBDC4307A8E27EAB667
                                                                                                                                                                                                                                                                                            SHA-256:69A5B8121D01E998AD61F7D4E5E18407217F3C201F8EBBC72643EDC9D6B559DE
                                                                                                                                                                                                                                                                                            SHA-512:A999A299DBBD0188BA45F3D218ED527A1F7BBC8185421B9CB73EA8EAB6F044FA6F26F7C29018437C8F4CD61071C2847CDA23E06D11433E13872F8BB1E53532B5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.. .IDATx..|...u..k.........Lr.L4r.$.. Hd.....H.......|....$H. ..Kq..r`..$+.,.V..X.....p...M6...^.w....K.=3.X.t. ^W.w.......nA.58...c.....X..:6....ul.cc....X...hnDJul.#n.~....~.Z.(..#.....Z.w.....].#nR{........4.THKr..TC7...AL.`n.....A$D.$...u=..G.T...q.@d..........g.-E...n.9R..kr.I.q.....y.M.w.O..i"..K.X^... .yQ.t.DV..@.9...5..E..[4......3.k.vic..M.,.`L..J)hMC0....h.@...Z.s...9."".J..,.}.........?]];..y..+....|^...?...0..|p.O8.}.}.....U..(...@+..eP_.@S.....%%c.....H..1....#...^..:!......3.......i.,b../..>8#`y..Jkt....~..E..=S....R.s..Q5?.7Z;....*..6.ey)%...B].U........{...J+-d.....Y.0..2.....H.D1VZK)!.Z#........q!...9T)%.*.N...r.0.J)..ctn...s'.!-].......P...3.j..J*.!.@;..Eao]i.}...+.4@.....f..) .s.PJj..F..sP.0..X...<((.t.u(.@.m.@V$.."...i8.k.)...$N'...u^d1.U..a......I.RJ(e..H.2.....RR.iJ..|_).&...a...B.y!......z..x....}...0.4...4Q,.F..A.Q.......j.%...<.....QE

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1843

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11223
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.95699233070646
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Ouu1287p3MQ8ziN7Qh8vro4iwO+Ywvh6x/asY5QAFur918+qHABJcZqCCQ3e:Ou2T7p3X8OCUmwOHTx/aeryEsqxQ3e
                                                                                                                                                                                                                                                                                            MD5:0879B0B73B0DFBC1A43D677577CF168B
                                                                                                                                                                                                                                                                                            SHA1:FA2B91BEBBA503EED2F068A03B030B6DF5F8C76A
                                                                                                                                                                                                                                                                                            SHA-256:46AC162199C23135F7E0519D2E4C923B23556916600FD2989C8EDBC553263EA1
                                                                                                                                                                                                                                                                                            SHA-512:A496B4B6382C522D6FAA259D6BEEF4FCB5DDB140657568930A62EB15ED90E9C1C1E26F79521D761E03A25E2AF6412956B68B0143423144AE3E07E8A67F937246
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..+bIDATx..}y.fWq_w.s...uf..hf4.]h.HB.. ...e.)..&N.Bl.....q...*&N...Pv...1...^0....M $...6F.....y...tw..s.....ZP*y.....s........7~.. b.$...!...QA.p.c...~.}....../....GU.....BH..a..ED......]....5....Q...Q.1..."..((.@w=.....@U.PD.9Gd...b}.............0!.......(...:r...c.$.Q.`a.d."t.!."..".......V...k..UEE.G$..Dp...s......PTD..U@...w......-......T...~D5F.PG..!"md...G..Y..UT..|.Zr.?P.{..R.jEL"..,.,@T9Bl....5..>Kk.f.E$2...s...u"{.Z...UN.NQDDDUY........[..8;B.q..]O......?....VU... ..$..=?-{..*...U.v......:E@@5...F..l.D.d.F...[.O"...(.1".'..u...E.......0.........;.U@...Y.pH..+...0.".Yv.I....@XB.@......A^.EX]I..3..'GD..b..m$.......GDV..r\[.+.....*.E......Q.s..WOWS.0.,....*......D..\T.vp...R^.ZX...@...U.;......m.TU..... ........G...?.,<.zl./.:(.. 9..M....jvso....].;......M....e.p@.....=..(,...T.;"@\.9....y.F.......q...*..:.8<...G..>..`....#t....]U...0e.9

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1844

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3480
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.908674597302232
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Xeo0+8pAAWi/gGWOlq3fJO2PqP0zfXmNKXIbEi7Hg1nsTKekahhgm:ukYxcOl0zqaXmNjEgHensOGhgm
                                                                                                                                                                                                                                                                                            MD5:938944F979C166E9057CC99CDD35FF4A
                                                                                                                                                                                                                                                                                            SHA1:0AB00D4C91B39BC9DB9C758981CCB1D0D8D4AB39
                                                                                                                                                                                                                                                                                            SHA-256:DA8A8B949A0988325254DD6B65754A1F426FF073FB5A4F87CA51E72C6194F31E
                                                                                                                                                                                                                                                                                            SHA-512:C03AD4E318F68A3911F234659522EBDF8419F12DF1DF45D2CB5A257EEC443B3F9F22C856562F9C5EAEAA8CB68D797106D4795137BB03B41227EA0A87FF04AB34
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...#IDATx..]m.\.U~...;3;....!..ICcZ.)".jH..P...Q."RP.?..\DU.......F..-...RH...B%.eW......;M0!...$M......y.........wm...s..;.}..<.9..R..ca.......5.k.....X...`....5.k.........`..:.F...I").!....S}5A.+...R..MP..u.W.Q..%...`.de.d...wb..r:.-..Y..X....l...Ib...eu........=..{+....t..V.[.n)/..........olx.$..n.Y... ...{.SO|eF.a.KK.H..Z1.(....W...>2To|b...sX).U]....#/...xx.ll...me.,df...".C../..{....~:x...T1..y..].p).T.....$(..*.V.7V"...=..Rd...}.+....%.B.Z.......3.....X....l..[...d{P. ....R:..l.....O.<%..h~&.&Q....J.@i%. .R.@20...Hf6...#.t.?*.......H.'.V.V..3-.X.=.m{q..}....'....f.....g{-K...Z.O.V..F.Z...N$..T<.Ku...1......w^........j!..#...,..~../v......l.i,.j.djtI1z....K......K....v.=...af6....t...K.....T[.$...n!.=.Ec155{...h.q.=..c.E-..F..1..:..P.fb..93I..4.Pe.j{..x.h...Q...G..N..J.....:...{.H.@-5)`..E.....4cg....cV.......!........0...2..C..+VF..P.t.>Q9....,....;H

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1845

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1846

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12651
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9762700759593255
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:v8k8I0PGGY+4dec/pzEdFKPQgRAcQZsUgsPBPPTXcASudsX5ECheJbyNt56/lGag:kPDY+Dc/LAc/yBHTXq7aCm2O7SvFT
                                                                                                                                                                                                                                                                                            MD5:B7075D3C03AE207949F32DE5C35AD260
                                                                                                                                                                                                                                                                                            SHA1:F258E28A35A65857DFE5EAF736AB9D8D38CB65F5
                                                                                                                                                                                                                                                                                            SHA-256:0EE253F814B2AC39BD07ED314222EFCF279999A68AAEAD46507EE3DC4DD5C5A7
                                                                                                                                                                                                                                                                                            SHA-512:42AE3E51ABA9AC9D4EEF5866759D4526B170BD7E2B505E0A94B5AF8CDFFD6720A398E7F2E7E87D81BAF29A63D71FE234C58D5985A8DA569F974A05639F15B35A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..0.IDATx..Y.e.u...>..7dfMYCWuU.........@b"A."8.R.DJv8."C6.........,..6MR....A..g..A.h.....P].C.]c.o.....q.{.Y..n..)............Z{?.../...!.$..o....... `.o..."d.HJ....._.a.'6Bw..7.....#..x..^....u.$$.(.R....X.R.3..9V....s.....32VwE.V@.4.=I..W......k.]..[.7.{ff.,.....k.....v...<.....o....C.%D...|.X..z...?.c.K.a....^.Ww...DPo......9..R'....d.....b.V\!4{.N.0..x...-v..;/."e $.......Q.NV..s....S...Y.....8.:/...x.n..,T.T.,.c...9H..EI....!...`,u.m[9..o.Dh..>?t. ...N.8.A..]F2G.5..H..:.........k{..b._.J.h].....!.Yp..L>.m....M.!.h4..s....*Z...A..9..(...9$.7.........I..b.-.#.y.....F...\m..B...z.......d..c.1..)yJ9K.I.|y......f...../.^JV'X......b[..nN...e,a[.RL.n.I*..].$3ks...ts....w...(n....=.{zu..... .2D...\K..9~em..z...?sqt.....0X.1. .....P..T.T...w1..L#_~.[C.f-.)....h29.P.c.D..i....V+..q.{.......?08.o...&.}U/.|ee...8M&Y...B`.......=r.....c{.(.F....m<...g7.v

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1848

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQsflgSNppvdSIy7Kv04QJ4Bi2boiuzrrbRex-Gmyq20JtCUNxllF-wrtMYj0iuGjuRIulMN1Zgfd03ca8W7dXsvOEA7JUKyg&google_hm=eS1KODZYQ1oxRTJwR1dYRVQ5eHUzQUtabHVxSE1oeGsuQX5B
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1849

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2542
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.816513791854903
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:jPt8J9N42D0ILxTiQT0OXgsf6UHvCQvOheJKLTzvf9g6JOu+Ivh+:jPuN4kpLxxwDsfHPCOHKLTzvf9gmJ+
                                                                                                                                                                                                                                                                                            MD5:36463A343164DD054D294B94FF0D9D2E
                                                                                                                                                                                                                                                                                            SHA1:8006B057DB4C9492289BFDE713A4069E5A188855
                                                                                                                                                                                                                                                                                            SHA-256:FD67B7649A44B90B206687AF3641F21CE0199D70C3ED9AD864E971EF93DD0AED
                                                                                                                                                                                                                                                                                            SHA-512:EFF2C024F3A3DAE557ACE8E452C878F3C938C067AD9ABE51358D7B2F552FF910BE05CAF390669880456ADC1F949BCB5991103FCA82BFF9D9FB550F417018F499
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/microsoft-excel-2016-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M0j.I.....Ox.E.........\..z.kk/.'.+..Q.$u<..Q$I.r..E._..`....HR..=.Q...m$I.....=gB.I|. ....[e.....9.0...9.5..}$..~..8...3w..t..wy...Ff........N$..x..p/.;.!.....q..w...k.*.m...0sZ......)..X..Z?0.%..........FoE0.7[.M.)..m......%.v...k.....a.......df....oI.,I.l.I<........... p.....M..s!A.).;A;a......L.....a....;...2;......m....@B.~.~..W..,.....v.\}...G..^..0s.F.W..g......N........./.........\ .G.....W......0.f....x...\.....~....|%..... V....:Z........f..P0wt..iv.V...... .a_...0L..AA..... ..z4M..16..D..0..;.#.O.nU=..N.B3......9?U........N........g..`...a...e..-bF1....B.G.....~xo80...K.2.p.........)*.0..lOxP...~u....K.......tZY..+...BQ5.BA...E5....n..x.a;...?.6...5....6.....IT..AU.".T.TeJ....@X..;.i0S...$...."....bT......U.g....bh..e.......(.>.......j.*.b4lul...P.`.......k.Z....P...^\.Z....Y.C.W....j/..e...>}.y..C..~....p...'w../.V..g...h...D.B?.N./3... L...e..=?..1?....}..}..~_{|_.....u.u.y...[.Z@.L(.l....f..Y.?./f.*...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1851

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4224
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8651398980188265
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:XKXTqXZcaKvCwEE+5LGhpGfpsp4xupZnBQMFRPcRIfiwqoBNeGi:JZZwEj5LG3Gf5xcn60SIfi5SNeN
                                                                                                                                                                                                                                                                                            MD5:391FF1EAA7DFD7CFB0322678C187CFCA
                                                                                                                                                                                                                                                                                            SHA1:1B931B97FD8C6AE2EC6DE8A90FFCEEBE32F30C9B
                                                                                                                                                                                                                                                                                            SHA-256:879AB766673C92E5E8EF953380991D117C5570E32E2B89A579CA6CB6929C5261
                                                                                                                                                                                                                                                                                            SHA-512:D60D42649418A7B1A4F7F8C6C8DCEA097AEAE387353598AA5F2225FF15F62373B04D3859D09CF8F4D4FFEB16D3A595A96EC62A00F352642826C83584008E8872
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/joystick-and-gamepad-tester-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFx...WEBPVP8Ll.../c...M0n.6...A...N..".?...I.lp4i.....S....&.%.E...%)(...\..m........UfdD|,.i$.........3....Wl.IRT...x.[..O..'..........W..~..9s..x.o..A..x..?..(.n.........N/..../c..o.P...O1....@.Q-TOO....m...{......<...6...s...M.Z.s.s.m..G..1SeVl......d....{.1zp.Zw.}...6.$I.y....G..]a..i.m..o.M.H...h&.X...X."K...}....s.ik^.k.....m3.....Q....m.m.....,{.l[.m.<...3.......{..G.P.$..DT...s..P..C.H.9pl.;c.`...60nflb.d....a....8f..... ....>.M...H..*.Cl*$..%v.+..........L(.........5"....*Y.4..o..=...St.%.=..T..Sl..`G..0..;....FM.v..1;F.Pd...^}H ..%...%F.@e.....R.....H.=&..L.r......5k..9^.7 ..k...f..A..f.....L. ..F..)k..3.$3..R..K...v. -.1...vb.A.`..C.I..6.............h.$ib..Ub.B...]($.g. .....HmU!y.}..@%.-\.4..67B..nBX.6.`F.kn..zk0T.bL'&... .n]..g}.a..`.]...1..4...p.._d..c.$L..I.....K].QP(l0V.X..N..`.0.F.....8....__.G.@..1D...Sz.kU.....N...2.d.IN.........B .1..z.Q........_...@...z(^...<......=..t`jR...j.. .@S...ho/....-F.7". ..c1.M........

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1852

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):163754
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.729883537788518
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:+UymJ2ri6fBixw48e4GMyOIXCJuHugfqtsh7ozja5HaEug:+1W8yx3OIdugi2hUwmg
                                                                                                                                                                                                                                                                                            MD5:B660C93F91B49976A7A07944AB9EC6F3
                                                                                                                                                                                                                                                                                            SHA1:F766D9CABBCD908EBCE08592E20C582042AD0CCF
                                                                                                                                                                                                                                                                                            SHA-256:F26AD2989C32A033CF9D66EF36C8BB002F312FBBD6248279493C457F00F27888
                                                                                                                                                                                                                                                                                            SHA-512:68B7B06F8E97494A052AEFCD56A5353DEC5AD27B886B9B8EB86EBAB0D6C312D46595AAD7BF3A796D00671253AE9391A5207414BAD658A8FECE02E71563D7DCDA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2771134679225523&correlator=591596152630722&eid=31078663%2C31078665%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&gdpr=0&trt=2&iu_parts=5302%3A22764537101%2CTD-desktop%2Cdownloadit%2Cdownloadit-it-defaultpage%2CATF_Leaderboard_Sticky&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=970x100%7C970x90%7C750x100%7C728x90%7C500x90%7C468x90%7C468x60&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1698409200016&lmt=1698409200&adxs=24&adys=1737&biw=1017&bih=853&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLFtdLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMTcuMC41OTM4LjEzMiJdLFsiTm90O0E9QnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjExNy4wLjU5MzguMTMyIl1dLDBd&url=https%3A%2F%2Fdownload.it%2F%3Ftyp%3D1&vis=1&psz=970x-1&msz=970x-1&fws=1536&ohw=0&ga_vid=512993721.1698409199&ga_sid=1698409200&ga_hid=875367689&ga_fc=true&td=1&topics=9&tps=9&htps=10&a3p=EhsKDGlkNS1zeW5jLmNvbRje8c6ItzFIAFICCGQ.&nt=1&psd=WzE1LFsyLFtbIi81MzAyLDIyNzY0NTM3MTAxL1RELWRlc2t0b3AvZG93bmxvYWRpdC9kb3dubG9hZGl0LWl0LWRlZmF1bHRwYWdlL0FURl9MZWFkZXJib2FyZF9TdGlja3kiLFtbXV1dXV1d&dlt=1698409195971&idt=3318&prev_scp=pos%3Dtop%26countryCluster%3DA1%26td-slot%3Dcustom-stickylb%26hvi%3Dfalse%26type%3Dbottom_sticky_leaderboard&cust_params=medium%3Dorganic%26campaign%3D%26source%3Dnone%26medium_campaign%3Dorganic%26medium_source%3Dorganic-none%26compliant%3D1%26ad_session_id%3Dfd5d701d-d802-4e13-930a-7924ce8c2702%26pv%3D1%26ab_upr%3D6%26segments%3D%26personalized%3D1&adks=1791997687&frm=20
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Sticky":["html",0,0,null,1,100,970,0,1,null,null,1,1,[["ID=3808daf8eeffcb04:T=1698409201:RT=1698409201:S=ALNI_MaZOavVE3ku2TL6HsmW0jNqICV-ew",1732105201,"/","download.it",1],["UID=00000d9cefa49a1b:T=1698409201:RT=1698409201:S=ALNI_MbrSz4z_12um3q9qpN_OIUXtt7Bfw",1732105201,"/","download.it",2]],[138327306428],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CLjRmambloIDFR9IRwEdbJcLxw",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"2",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1855

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16089
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.961392496527707
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:dc3ZdhEmTO5IEppdP20G5pjyg/aTKQRg0W4h2QoEhQG3j:dcJdhE9TCcg/ORg22Q3tj
                                                                                                                                                                                                                                                                                            MD5:8667FA4D1478DA6C4FC58BDB4F6CF934
                                                                                                                                                                                                                                                                                            SHA1:C70EDB578C536148D3EFBD7FCD0041AE62CF8676
                                                                                                                                                                                                                                                                                            SHA-256:39ACB468B9FB8929071B940DA6758F27FF53604EF725BB96F9F0C202F4A05283
                                                                                                                                                                                                                                                                                            SHA-512:A2B247B9F1700B9AAB3610DA5C07809EB0EC05690FD4F509E418DAB2644CB6EA2714B5E5532CF1257A4E748EA9762B68D0D900A09FE90E91D83319683D54549C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..>dIDATx..W.m.u&6.s....'.ss.\..LE.I..EQ..DJ-.%.$C........6..6..........F..(R.).*V..p.n.P7....i.....>.(...5._....Y{.....c..}.U.~...6...~`......... ...X..#.{x..\..l,....?.X.}Akn@.7....B....?.%.?...}|..$~.?.~&.w?.../..7....p...G.]...._..Y.....w.w{.....#......s...1. .0."&%D..T..T$%.A.(..*"...=..w......D.qBk.0.>.... P)2n...3.(....".....""! .*...|_....o.<...%.... .!.Da.m+...)....D..*.....f.5..)[&..|J)..SLI@..8...y.\. .w. .+.6.Z.""...JHY.....'I1......dc.u.!..Q..JR..w.. ..{......- ...A..4M.<.c."R.....SJm.......O...".....cT.$....t@DT;...|......lV5i>...o.<SEU.@..F.....Y.1.5.X...IE.p.em.c...c.1}?Si].Y..t.!..DE..Dt:.h._U3c.1VU...Du~#.....-K"RU"r.!.3.s.x.-...b.1F.........s$.......y.5......j..&..........|hT.~..O...K.9A.`.."...W...d.X........b5m{.>.i.TD.I...6.5y.z0..Y..*......7..jh..A.......y.mc.A......*j..11...u...q5iE..Cd..4!".......D5)(.n.D.!d.a&.Dd...L5f......4.V.$2}..S.qgk..Y.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1857

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14246
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977469481864643
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Y7T0CqqEi6TWWu4xN+BDorXH9XBRViCIFw5xB7P5gT:YcCqriSWXQN+BD0dJGFczBe
                                                                                                                                                                                                                                                                                            MD5:76AD754D4E6DC9A6397B5EDF0F99DA06
                                                                                                                                                                                                                                                                                            SHA1:1FAFAE266925E740E49AD04A73A0E430A1044D3F
                                                                                                                                                                                                                                                                                            SHA-256:568D19DDFB315B3B4642734D6B3FCF507DDE9EA204678F5296AA86956597CACE
                                                                                                                                                                                                                                                                                            SHA-512:356798E925D7E4B0E81667E8C362D62C140EC1312F88FFB6543BA09B10B46FC4238590BBB5D2FE71C718E04AA43DBA4704671311EB0A24FCCAD117EF6AA30C56
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..71IDATx..w.]Wy..]k.S.L/.e$...Z........RB.......nn ...J.yI.I....JLs....%.d.d[..>j#Mog.9.....{.:g..pn>...|F3.g.]..S~..y.0.p.....k.1.I!6...6..H...1`.8...*.x......LO$f(....n.....m.{ .Z..!D`.0.....(C.1&%.N..R...'.G.C.z=.....x'....=.b.6.6..B.+..%....1..J3W...."!.(..m..,.....M@...........)...1.>..b/.......+oi.I.X..`[.....-9.<.|%Ve.L.r..%...(.|Sk~.*......:u..9.1.)0. D|..T....x.P.XS....(=....{.{...|.x1.......,U.bM?.+G3........N).!x.....L.b....5.y.....'.. @.oP......\.!...h.Wl.........!O......b..!..DJA..F..C..J.2B......@Xu.:j...1..........AN.H..0.o..h..o.(\c..*.M...?.:g.c..qS./...0|.\...lW.W....Os..}......V..1<"...G.@x..>...u..r.............".&.LUP..5.VT.rL.CT....wm!......E.^d4.n[\.J....?....].B..{.S..i.-...y.k."......E.'.\.....!.0.u.L.n....z+.:.W~V......5.]...i.bu.7./...']0.9.....1...S<./......!...0...d<.%{QTU....*m......._....Y..g.+......H.ltm4....?.......m3

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1858

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9466
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956199775217202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:LBWCAf5oRiPQ3g5k9N3D2sfn8EgGwYSePfdAUiXk8w9baAy:LAlWiP2g5cNr8Ebqk8w9baAy
                                                                                                                                                                                                                                                                                            MD5:1B3AB106FA0E3F800519FD4685F9A071
                                                                                                                                                                                                                                                                                            SHA1:DA33C77C82D69DD9997093E367CA5D0DAF182CFF
                                                                                                                                                                                                                                                                                            SHA-256:1385BD8779EB0EE2FE8FBEB3CE6E3DA07DA5488F70BF3D2DA9A81EE4EEF81F14
                                                                                                                                                                                                                                                                                            SHA-512:1B4E38A3A3EE5BB0AC180F685F7D13A6EB76743B225B6E60A6F160BB2CD645A604D73EF4FE0AFA08F92EDCB2F57A4D07735BFC02A13A8A3F38784F2FB62288E2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..$.IDATx..}..]uu.g....{.{I^HBH..HL......"VFZ,...Z...Dm;J-.........A....AEQ..e.8JU....K...BB...<^................a:ge.us.=.........(:.NUUf...... ..X3..7..f..73"...q..qz............Y.f....X...9.yc...#33s..###...<.s.;.e.9.YU.A.={...mo.7o.o..o...;...^.pc.n.3.B...l..eY&"..n.w..i.-[.8..>...-.{...*3.9....x..?..7..!.,.......vo../...W]u..._|..W...%z....9.c.....!Q.s..0......4.9....Iv...$%.x*..W...../...5k.|.c.{.>..O.x."..O..+:..3...`j.s..F..\..C..S.V..f.K/...s.}.{...7...o>..E$}....3E...03..O.....O...f....N.q....B.......h.>..Y..N..x.......~......O...g.N.....G.uI.&...O~rH%.,.'.x..%9:......l6C.......G......k...o....._..ImP.yf...1....%.Nx.j.....!........m..v..2s...q.=.Q..;.@..5)....54.A.P..S......w.C...T...U.).1^v.e+V...[.[...A..K...n..qOf&"..e.).ef....+...e...g..........O~..._.r...%...!..+m......=.yK.=....P......u[.~ .T..S..}..y..#...J...y....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1859

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.292508224289396
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUmExltxlSle:JAle
                                                                                                                                                                                                                                                                                            MD5:55FADE2068E7503EAE8D7DDF5EB6BD09
                                                                                                                                                                                                                                                                                            SHA1:317496A096D6C86486A71D4521994BCD171A6BB3
                                                                                                                                                                                                                                                                                            SHA-256:E586A84D8523747F42E510D78E141015B6424CF67D612854E892A7BCEDC8EC9E
                                                                                                                                                                                                                                                                                            SHA-512:A9ADB9FEEA4BC14B9C34ED17CD30F8CB36DC686E9F69A292FE65BEBC195BE4714391FD98EC7B67BFD363FBBB6089C41A0B7CAB5130B50B461748E668CAC75621
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,........@..D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1860

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 180x265, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):15905
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971874127947901
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qdnLRt5ozYrvHYphF0FuAWChi2ZgoNl0Qusm9usrDfYYr2pSeeoxnAxnc5B1rGpx:w5oUrvmhRAWVo3j7uNk1SeeXx4BhjCum
                                                                                                                                                                                                                                                                                            MD5:D2D64E345409F5405CADB0A600AEC857
                                                                                                                                                                                                                                                                                            SHA1:F142579D64E1D3DC766093E0C2C4477127EE9105
                                                                                                                                                                                                                                                                                            SHA-256:13C963A4C10C76EE0BB223C61980DD2034801804CC0FF1E64375F906BF51CC4B
                                                                                                                                                                                                                                                                                            SHA-512:0B307ABCA906A32D01476905136C6F8E15B081063398E69133427B912B91A52B88773B551E60B7826C085DB788F4E3EDDD285163127359A576D975D8DDFC7F6B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms//movie/382705/images/poster-w180.jpg
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}..........."..........5....................................................................9^...'......:..m..q.%....F..a......Tt%9wY.n.Gt..qF.S(.xW....>..m...ZYnm..q....s.?.G.2..R...q..i..V8.".....S.%0..r...:....... .|x.g.;.~.w8..N.....k.8.X.]P......!...?.(...r\_.I.}F<.#.....p.A...P.....8.m.....o.a.~..P3..B:^.5...G..A.j.,..D..Z.....].....$..Z....ZR...Z.X......(....1.2..e...=..BI..K.6..?`.D..2......).'....@L.....Y9H.....S.wZ..S.1..z...._..k7......A...GI+..o.K9{[.1w[Yq.N.I]@.3.......4...H[.....J.]f4I.M.....K>8..kw.}........S{....I[.~B..*.W>8LG8@&D..L...q.....W.S..~.-....N.[.c..I.B,..6.[3i...0..J....`...~xpr..h..3\1...C...ZX..W..........V.$..v.|.....C7...(^...3.x.Q.......... b_F...}..v]..gt.iZ.v...u....=...X.%%2.Q{<C..+.5.F.T...$,@.bEa......kA.u.....3.s...@)..78.>.\.,...../*..=.W....xL......V.f...>5...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1861

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3337)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):191959
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.398003233519583
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:3I2Qb6ctm26Y1PmnXYc7bIndiXVXt7kxqBFbEi8x:429b2MIPdiFXt7kxqBF4
                                                                                                                                                                                                                                                                                            MD5:027A726404A7016EC89D1E1DB84A2C33
                                                                                                                                                                                                                                                                                            SHA1:EFC566F2C53BDC7B499A3D91599B8B7684119968
                                                                                                                                                                                                                                                                                            SHA-256:4E155284926BA010442D774FD493FF925A0256BD427F54596B1244791A3FA170
                                                                                                                                                                                                                                                                                            SHA-512:D58BA74848E1366F044BAB8FD3AF1647F73473F1C62CE916C4815FA555BC9F2B9EFC7692B3AE47924CBCA2A534C21EB83FF07CA6E9EB7094EAA7F82C90384E66
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
                                                                                                                                                                                                                                                                                            Preview:(function(){var m,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),n=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.n("Symbol",function(a){if(a)return a;var b=function(f,g){this.cg=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.cg};var c="jscomp_symbol_"+(1E9*Math.random()>>>0)+"_",d=0,e=function(f){if(this instanceof e

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1864

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12508
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.983050527000825
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:G4Bxx9OxahTd3NNfaWoO3B01X5w4BYsil3hyu+Fb:GszOEv3TiWoWB0Es/h
                                                                                                                                                                                                                                                                                            MD5:422C6AF87A74F8EA087533E28C4E0217
                                                                                                                                                                                                                                                                                            SHA1:F15136719924535227CDB4645A541A9BF9F43E27
                                                                                                                                                                                                                                                                                            SHA-256:0FCDF305D4DA499390760B0CD4E2FD21587C36D3844E40A9B9BAAE6CA85F921D
                                                                                                                                                                                                                                                                                            SHA-512:8CFDFC9492E150BEAFCF7AAAF1271BEC9A40572773CB9B799897C5528EC9C31F8C3C6C7FC90DDED7BF9D0B134F16CA3B0AC9D2356BC658B43EB4C42B8BEA17F3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/wineskin-winery-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.0..WEBPVP8L.0../c...5...m..?..2...`o6.l/...J.P..G1....._f.3..^=>..........r`.;.....^....dV.y...t...2..38=.x...&#.....CnpM.p.&w.k...c.u.2N!...V.O.Y6.s6.[.......w...u.3>..7q...M..........(\C.m.#U.m.m.\...5.m....l.NR..F.$IRd.>.._.....m.G.n<.m..[p/....29r~.T5.y.1.......v.y.m.1..4d.2....03....l.z.mh.n.....>.,..i.I].I.-->.+L.f.p.W}+...>..x.A+..9v8>E..*..,..a..P...N+Gf..9_..w}.e.N+.:..s.Hs..:..`.3>...e8NV.m..4....f..D.=.Ec7...&v....$v.)}f......{......^..wISa..-@.$I.$! ".!........e..En.).Z...<......z.S...^.. .'..VT|.Z.X....A!.0..|......x.....[..o.e';.+.........../<X%..V<.$..D."..Ot*<qQ<u.WtQ<..G.QD<....p..mq..k~.......V..}...........a_....C}...o../..8....c.hO...=..+.lO/.c.-..8vo.C...O.m..........G..].;.v>.....u=..'.a)WX}w..Upj.z.."...~.=.o....{Q$.....U{...B......*..x.l..c..6.X.~.........:l......^.x..'YH...Zx.F2.....+{v....MV.&S..3..!.!.=%"...~.g....}..8.o <D.}DE.OC<*.'v.K#....DX.....?..Y...ZH....8g...]..;.9.=VDBd/.......A.<....`.3.R.M..N..w.7..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1865

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5906
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956059756993403
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:vXcLQ1ALMeB9zxl0wHUkcpDQwO7Y7BmyJkCqfM6ZET5WWs87ECN/Y/B5TDSc+nV:vXD1SfldHUM/c7Bmy2Cq0iEVWWsaECBz
                                                                                                                                                                                                                                                                                            MD5:08FF75BD3A31C04413BA9A127F507630
                                                                                                                                                                                                                                                                                            SHA1:ABDEB5C19CBCB4F48EB77F03ECF68A2AF576F631
                                                                                                                                                                                                                                                                                            SHA-256:901E24E16A6A743C177B543D26521E193740E862911EB3D2551F22DA112FCE4B
                                                                                                                                                                                                                                                                                            SHA-512:F98E333BF79A981267E6FF6A356702F3A91421BFA69EF26A3F361221D46408BFE5E342FEF9F730F28A558C8ABF544784D992BBDB581061606307B1A630F27E82
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/teamviewer-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.....m#9R6s.....!... .s>...R.._$.s.EZK.q...R..,).{.`........,.dw...w...]e.~N...Fd.~...8..."IR..O.p....,...H......8&.g..(.....x....#tW........R&..!.h.VDdD[..|,.....[.+.I..M...#V<.W..+.#...|..8<^.....Wt.?...h<.V..Fl...?[.[.c...U(6..Up.W.....mM+.h.._\...6"...".......H..=........B*...?.$.y..g......w..V.{.G.K)(.a!....s.=o..Y3f......U..;=.|.Pyi......a.?.|...L6...s.G.G.y/.3i..K............C.....J`..C.`....b...%zCK.g....T....0t....M@)x......N...;**..F!W...AQ.7.$..l.32...a.gjV.+>....cff..j.....-y.l[.-I....'.HS..D.-.P..."$0.....PA!.@...T.hy..o......~.l.B>.dG..HW...:............SG`.7.n_...........(.4$"3.l.....;..2j@C..7.t..+j6.......52 ........+4..E.G...Y..fFg.SmB..ck..D.M3.....N.DEEEE....TTT.QQQQDEEE...ETTT.QQQQDEEE..#tf+......Q7}-.:.M.RA.TTTPQQAEEE.PQ.ZE.PQQQAE.PQQQAEEE......n..~w.\1.=..Y,.R1r.N.s9.v.N.`...........yG.3.\..E..N.a.....N#...z.9N[..f.EKe...(.\.. *s...7|..FE..z3..b.. .P!U....NEA.:3*s..(..\..n...{K.S..|./....@..n..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1867

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65451)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):88145
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.291106244832159
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
                                                                                                                                                                                                                                                                                            MD5:220AFD743D9E9643852E31A135A9F3AE
                                                                                                                                                                                                                                                                                            SHA1:88523924351BAC0B5D560FE0C5781E2556E7693D
                                                                                                                                                                                                                                                                                            SHA-256:0925E8AD7BD971391A8B1E98BE8E87A6971919EB5B60C196485941C3C1DF089A
                                                                                                                                                                                                                                                                                            SHA-512:6E722FCE1E8553BE592B1A741972C7F5B7B0CDAFCE230E9D2D587D20283482881C96660682E4095A5F14DF45A96EC193A9B222030C53B1B7BBE8312B2EAE440D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/js/jquery-3.4.1.min.js
                                                                                                                                                                                                                                                                                            Preview:/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1869

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12312
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956819009644385
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:i2/qaYmIigCxpXmEIHwh5g8ZZm54fWCfWyBvhCvDlGNQJtLZvfE4iN7bDYmixsbj:i+hMiIcg8Xm54bWQvhCLlGNUpfVKbtZx
                                                                                                                                                                                                                                                                                            MD5:C3CA3CDA97925B700E9DA0977E8869AD
                                                                                                                                                                                                                                                                                            SHA1:946584EDF25F06DDA7E72D2C11ED2805A8650D56
                                                                                                                                                                                                                                                                                            SHA-256:9F2AE8CFD8FF828D67BF7D7D7B640CA69A9BFB1940AA6090777D6D2344A451FB
                                                                                                                                                                                                                                                                                            SHA-512:A63CEEAC293364355328DE247AB2FBFA82467A73A7480C799631DBC3C94ACCB5C9CA52CAC0EEC97E4874F5B6AD2543592C247FE4FDEFECA316D793B25C5596DF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<../.IDATx..w.\./^u..s.LO..F..%........X.18...[.........k.mp\..l..,..l...Y....(K3....s.~....i$....y...|.4.{o.[...Uu...'..;.I....Ia...Ia...........@f...o..O..ypS&..j..Ny.P.......G].J..`.E..`"#..@@.X1..@"..-...R./x.w.K.lH8...........%.8B..wY...be.KBT..f..4...7......D.K:m......y..9..j).......XR.2.. 0.?S....l....'#.8.....%l..v..)gCj.?n.l.....7.~...S}`.;...._....zT..o.....U.SA...d..0..El..A.O..2..@b.[OOz...D6`T"K.=%.b..\.W..c.L%R.....R..{.gOm3..n-.#.@Oyx.."...@(f...............1.h.2%.&....gr.M...J..M..=....g...$8..2!FZ.DbF$KHC.B.6.1>}_.-.U...0....... ...@..X.q|&....{...Y ."B.AJ.L.%....+.....Q......`_...@..,$.Jl..e>a........(...yA3..0...........d.i.).->.v3...;.._ ...@...P@..!$r....,!,i!.=.....G..d.?[..../.pM.G..=.IH.`...Jw..bM$.h.%0.+@n..A@C..K..E.|.20..)#lH...y....'....0.k{.~...A. .H.3..C..o?...?.TV....".P ..(3..@.T~.c.......].V.5s...@....@.H..@....!..b...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1870

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14752
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.923806723732759
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:iF2TAWZW91GXzFobQHQeJeBwWpyN5BpkKDIp:U2MWAGXzF2Q9JipE5YqIp
                                                                                                                                                                                                                                                                                            MD5:7713ECE51F15C17488E2D1CCA2516D78
                                                                                                                                                                                                                                                                                            SHA1:5073635A2CFE7EC4DC2B6ED962CEDB5EE2673EF9
                                                                                                                                                                                                                                                                                            SHA-256:B7FCF293068B988A487EACA9D255D186390242AE70CCFF44DD9E95F6FE1B4872
                                                                                                                                                                                                                                                                                            SHA-512:51FB6B7A536A9BE9E746A9CF1098F4382EB6CCEE25F007262807981624EAF9A41EE77C3FED0570AC92EEBCEA5F4DE54EA9F65C2CC97F5241E925DA1652E4F478
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..9+IDATx...Y...y...y....9Tef.=.G.1..I..eI.i..r...>./........)..r(.. LP . .h...P=Vw.s.;....>........m~-...H.,.$...Jd......%).L.....D..vB.....D.....F".....H..IF.....H6....`.Ha......m>...1.b..#..0$&$,..F$'..$...D..I<b.B`....d#!. ..2....>!0.9...$.0'$.. ..B|......,..D.+..@.$$.v......[..m...`....... .....X..`'......t.OHE`R.2..A..9!.3T.3..)B ...a#..`)..$.6tdJ@H-.L..t4.....7..N.Mc.z..j^.Pc}m8.9..(....EY.yaD..........-dc$...l. 0.".S.6.. l...AB...1`.rX..A...V..|.........7....]].}.jZ..Vc[.l..{.K..F-....0.<qas{..?...S...8....9?=. ....l$,l!.8....!..A.A|....2...FaC.4...2......Ct".Qg.X...w?.....~x...{....6.R...k...66.6f..0,J).a;.4......x..{ou<......|...O]....{....".7...R.P`!c.cH.....$.....d._. 0Nc...A.A.Q.&$..r..c..~.......|p...-6N]z....Noo.Z.6J....H!...`l.eo..d.....................v..._y...<.}z.......#F....A`..BF. ~=...2'..-.%...$.+A....p....g...............=...sg.N...R..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1872

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11037
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.899465800253791
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:NMLE/7qec0pwhWqbLm6/I4Mp9RZkCYd5w2xuZ+OZ95P0YUKo9To786OLhMUE5DN:NMLk77clfH5gp/Yd53xa+OZUGlwxMVD
                                                                                                                                                                                                                                                                                            MD5:24A05B6DB5F12B4C0FA7E60AEF710D49
                                                                                                                                                                                                                                                                                            SHA1:D303C5BFDA075B1B56E3EFCDE16ED4ABB462DB81
                                                                                                                                                                                                                                                                                            SHA-256:66777E5E7D27D820AE6E0C66308720A7E6915CF6B6C6C0872A03A68680984209
                                                                                                                                                                                                                                                                                            SHA-512:B2B9EA23497E5121A2B53E849C50C146C4C27A4ABBBEE9887ECF46FFCC1533C43E6E0B9B8035BE32E7A12C7AFF1A924C41BC57DA9DC7EA6F39D4AA7FBB1F7D7F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..*.IDATx...Y...y....~.w..w...s..'Q..8..8..8.a.9.A.|.|.|...... 0l.1..mH.h...f..fO.5..z....].f7.j.>.u..OI...jb.1@C@.6.IK.H@.."....1 ....."..........R../!.X....<%.../'.r.T.S...?.p.....e.j..%.! $.A..g,.Jr.....;*'B....r"....Z@..:IU.Ah.I.I...!"O-.......r1......`."A..(n....CD.._A.@H...O........=..T..@NT@....L.~.$@..t._.x..u......._.%R...<. `.pc.W......................~)./....U@..&...I.......mS.'..........x..w.~1Q...L..1B.............J.{2G...@<.ST.P.....(RB.,!.(..".$@.....!.t..t...;.!...v........o.....o...W..>=M..R@...I.........v..X..V...@.$%..!.Z...r...j...52.@N.tx.CH.t.$@n..&$sv.N.7.nv.1........{........8.C8.$.<....6..4..N4... ..p..X.........l..M...-..l.I..:B:....H...iB.9{&!...l&.....q8.....{.;.J...O....C`.!....eo,R..Q.DR..*. P......NH.-@Z....#.!.4$.NHB...B.9;!....3.!...1. ....z;.m.(J...<%O-<.!PU...s6[.#.jAn..5.."$.j......Iu.I.$.H.L.M..n I..f.4..I..>....4L..9.t.X)..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1873

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):163640
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.728731753139324
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:+UymJHri6fB9xw48e4GMyOIXCJuHugfqtsh7ozja5HaXug:+1WLVx3OIdugi2hUwXg
                                                                                                                                                                                                                                                                                            MD5:46DD83C3517744A7C991DB9BCFBC7F4C
                                                                                                                                                                                                                                                                                            SHA1:48C2DAA9F1D1E10CB760FB60091F4CA285DB6009
                                                                                                                                                                                                                                                                                            SHA-256:1EE53D6EF6229E4B75073BDAA656F4532697B40BECC523DBAF44E22D92271039
                                                                                                                                                                                                                                                                                            SHA-512:4F649C3CCD66DC7EE4B956DF2AAFC143066CCD20C746C3E9EE185C7E4F6B551A8F9836A4D7787C207E35EC1720046DC6367AF4BE7EBDA9AC6B95BFBD762F1649
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2771134679225523&correlator=2251202694396480&eid=31078663%2C31078665%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&gdpr=0&trt=2&iu_parts=5302%3A22764537101%2CTD-desktop%2Cdownloadit%2Cdownloadit-it-defaultpage%2CATF_Leaderboard_Second&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=980x250%7C970x250%7C970x170%7C790x250%7C750x200%7C750x100%7C728x250%7C728x170%7C500x250&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1698409200048&lmt=1698409200&adxs=44&adys=98&biw=1017&bih=853&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLFtdLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMTcuMC41OTM4LjEzMiJdLFsiTm90O0E9QnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjExNy4wLjU5MzguMTMyIl1dLDBd&url=https%3A%2F%2Fdownload.it%2F%3Ftyp%3D1&vis=1&psz=930x0&msz=930x0&fws=1024&ohw=0&ga_vid=512993721.1698409199&ga_sid=1698409200&ga_hid=875367689&ga_fc=true&td=1&topics=9&tps=9&htps=10&a3p=EhsKDGlkNS1zeW5jLmNvbRje8c6ItzFIAFICCGQ.&nt=1&psd=WzE1LFsyLFtbIi81MzAyLDIyNzY0NTM3MTAxL1RELWRlc2t0b3AvZG93bmxvYWRpdC9kb3dubG9hZGl0LWl0LWRlZmF1bHRwYWdlL0FURl9MZWFkZXJib2FyZF9TZWNvbmQiLFtbXV1dXV1d&dlt=1698409195971&idt=3318&prev_scp=pos%3Dtop%26countryCluster%3DA1%26td-slot%3Dtd-topbanner-2%26hvi%3Dfalse%26type%3Dtop_display_leaderboard&cust_params=medium%3Dorganic%26campaign%3D%26source%3Dnone%26medium_campaign%3Dorganic%26medium_source%3Dorganic-none%26compliant%3D1%26ad_session_id%3Dfd5d701d-d802-4e13-930a-7924ce8c2702%26pv%3D1%26ab_upr%3D6%26segments%3D%26personalized%3D1&adks=135233075&frm=20
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Second":["html",0,0,null,1,250,980,0,1,null,null,1,1,[["ID=f3aa488e92bf77bb:T=1698409201:RT=1698409201:S=ALNI_MZFecWufxJfBW_wH_vjPEzi7uapDw",1732105201,"/","download.it",1],["UID=00000d9cef7eaf64:T=1698409201:RT=1698409201:S=ALNI_MbKuVWw-1dpcOI7oaL0R8VxTcU6UQ",1732105201,"/","download.it",2]],[138327306428],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CPfMm6mbloIDFXNaRwEdxSMByA",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"3",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1875

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10344
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964602086074864
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:4REsprHfWIO9GnDmW+5TqxF8GOhAol7o141Ephwjz6nnB+rwI0qI6B:4RE4rCsDmx2xF8GAAQ7nWzc6nwrZ6c
                                                                                                                                                                                                                                                                                            MD5:DB042F8A04018679F660809F8392CDBE
                                                                                                                                                                                                                                                                                            SHA1:8F10776F7F27AEDED050C9F5A0B18348C816E380
                                                                                                                                                                                                                                                                                            SHA-256:AEC430A67995D955F40E3C8B22D10483E3F50F1872A69266F46482E9F6F75F93
                                                                                                                                                                                                                                                                                            SHA-512:233DE46E4E3515257A664CC437659F86AF4DF341CE014AD531F961618B0C56D9A6A349F4D41B5D4CF8538E7372C709084F811EF00A5E75A8081F29DCF32D9340
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/purble-place-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF`(..WEBPVP8LS(../c...M@.$IR.].T..............W.De^U@t..:.Wu...D......m.>..5..Tk.6...n.Hr$....B8..1_...b.8.2...$)R.=.....&....$G..I........9.r,3.n.......]h....@Z.38K..l[.f..9...<$.{X,[....l\T.k..e=...u2.kO....0^.5X...Y....|....).Z...@GfBq...k..t}[T....7.:.R...c)..}.=.e.....g...eKOHb...,.....d...C.l..F..,..."./..I..l...H.J..4....$.....C..../U.A.*[w.X.Y..b..6.....#I.$I-{..u..N..TDd..i...m.IT....w.k.m....O^...6R..=......$.Vm.-.R..>....f.q.v.w.......{k....=....$.m.."K.O..?..`........J.y.$I.m..<..X...Ud.gx(p.F..3>...M..m.vFdf.J.-.L.W_.x33..)..."........n.j[..gF<LK c.mK.$I.>.QU#....jf....?23...1."...LI..Y.&G.$..."b..Uus.p..0.ZV.........Z../1r..H.....m.0..z........}!...1..........N...I@%...t.....F.0.Y................@.!.y.....h...d...e.f.eA....V.!hB..........P..%7..@xM&...5...Ls....f.J..PB........@M..}xZ-.. He...dj..C.D...\....IQ...)..pR..v:{..YP.4..I.7....H...\!.............V.............+.t.6.h@3.@......L..Y........Q#..$.@&"KS.q^..od../....I..z.(....wF.P..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1876

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11796
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964120198838809
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lcNN2oQ6pTG86ffDb7BydKGOtqBpZDZW7VpdVTjA/y3CG:m2oQQTG8oIdzqSM7VpddsWCG
                                                                                                                                                                                                                                                                                            MD5:B7977113A747DCA3D9CE9822208029E2
                                                                                                                                                                                                                                                                                            SHA1:81AD4F47D0C9888E07CD1FC49B134ED54A660BDC
                                                                                                                                                                                                                                                                                            SHA-256:555D2137A9139F2C069661FD19FE3B06225FE8FA77E45486D2903606BB2B21EE
                                                                                                                                                                                                                                                                                            SHA-512:4850F2F1B0B10CACC7E6D3B482EF812EED7ED12C27B8786386BB90A35FD54E947B4DA89A0F8897DC6779046FA4E83F04087A00721E4D66DEBBB3A8ED60ED7D8D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/audacity-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L.-../c......$I...a6....!.....n.mG,..W..k.z...'.G.n..E?Y]..:.W..cf..>..uog<.E..../..r$...[bff).....`...V...G.m..x~.^.~d3..o....q"I..........K.G.S...5.c8....L.L.2...M..w<5#..2./.B...d3.W.%..8...........o2. .......B.{.....S.{.....w.TL..y../xb....U...w<.o..w......v..........@S....K.....h....I.e....9R.".....$.H.*.*..*...WIDD....m.Aq.......1.U...p.P......MR.*7.n....N9.....l.....FLff.......),.S>R....s....i...d.{.(G.d.V<..._..B.Vw.;..%Ir$.-.....3.0..o..uWUf...CI.Y..d.......m.d.z..HU.1..e.vk......s.m.i..i..1YJE.........$.d.D.<..D.....u"0.Z(....{...U.n......$.... ...t.......rf.. .....RH$..{C.#I..l....m;m......R6..Z.m........j..\.......i...n$.@....k....-..$Ir$IR53w.HP.........`......2#..4............. ...B.............iHx..B.....B...@.N1..hlg.M..!K$....E.9....R.5.@.J...........J.%"....s..`,....n\. ....Q...JRI@)%.dR. .d.....u...Y....>gk.......DAb.......A......h.t](...$....y.^.'._q..\...+.5..\.o.q.#.I..VI.....!...... ...%)H.......m

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1878

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15341
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971129212037208
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:8IpOor1FNSYECT32V8O1rDkUIklycvsaQvBaI8D/ZpaUkAtSR1+1Z:82Oor1CJCT32z1rXNIcv5LDehHvo
                                                                                                                                                                                                                                                                                            MD5:84C0E73767A41945E08D5C3AD6FD98E0
                                                                                                                                                                                                                                                                                            SHA1:4D8956C54DBC3949A1CEB5931B6F9D61A18B3C57
                                                                                                                                                                                                                                                                                            SHA-256:9960B1A9C56A55C3E935B55B5B984872EC9B57C2A35B1B29842BB3227E60C7EB
                                                                                                                                                                                                                                                                                            SHA-512:0A1308898D0B3A4E14880DA8437101E3631818026AC37168A53AEBDFF4D361BF9B574003B0745E59A15A39EBFB5A7E616DADD562440336C245EEEB769357B780
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..;xIDATx....%.q&...T.}.s.{.3..0.....@..)."eI.fH.E=6.............?m..........J.$R.AR$@..... ....=...:'.......!.q..znWW..'../......DL..~.@..."r,U)...xT...W....4#"n_B "i...IDd$D.&....0..A."&...w.}...t.c.}.A.....f~.....`.f.[9......t..z..yQ..Q..$.g..'.q.A`b.t!....ia..L..AM......._z............w..0..-..}.i.>.-...b.....11h..i.@......'c.Gb.}.s".......T.`.9a):.=....O>....O.fy.R'.I.).1...KZ&._.....L$..j...WU..[.^x.....C...;u......^...LaF.......2...L..Y.......b0.a...dh.cz.....A..c.cdf....}...T.......w..t.?.......'N.!.AKf+..q..f.0.>G....B`5u"f.C]........U...'.=w....y5.y...rR...gV..O.....1.qzJ.;'<c+w.bc..s..V{#.x.....ey..@.....}..W^y..W/....W........Y...>'.....I.E 0.b.E.}..p`......:z....?r...N.....l.j.5.x....g$.qZ..#Y.....k."._dY.a.\.["#2b....... 333%.I'.Y.<...g.x8|....>................?..;.N.sIgl...5@.j..GP...../.z.>...z....{of....."..$.q.j....v..4......S.,`

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1879

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5196
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9564435690823565
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:lbUjIV5jVlkIW0TdE0yPMfa2eh2VTp/sOPLhfpcEUfH:lg65jHW0TdE0byhSpxfpcH
                                                                                                                                                                                                                                                                                            MD5:7A8506B7B8D735C830B4196015C1A889
                                                                                                                                                                                                                                                                                            SHA1:1EC17B84B25F0E036DA3C8181BD26FC8B20C685D
                                                                                                                                                                                                                                                                                            SHA-256:57E5BBEBF000DEE883DB72589BF683D91387D5D9C49E92C50799234DB88EA779
                                                                                                                                                                                                                                                                                            SHA-512:E804577B64B2ED83BC64D31261834A37D624B0E57F66CFEE630287256B05ABA566E43253F8892D1E77CCD2E4C9351376B5378A86CEBD1A3CEE188256809C9D84
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/nitro-pdf-reader-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFD...WEBPVP8L7.../c...U..........1.DU.......V..,...z.EJ..hz.l.?.V ....F...%<.A..........".*..n...p.....k.........2...m....#J..<.m..b..C....%[..\...I..$7......-.F.mm..r..q.wwwwwwwwwwwww.25.k.^.:..eg......2......E.j!9.....'...h.d.....a..C4.@.{...jU.....{.;p".S...pNUg+.%.... ...L...Z.Etr..........._.d.}.'....-.....5...:B.)..%&t'n..?.O<a.l......$..c...m.ms.FUXN..w_.. .......{.. A.......m.G....mS....U.F.G>u.Y...s}4.Wb*)..y%!..n...db.>........-.>.|...;.@....:.5 .^M...`j.UP.".D..n.B.|>\~z.4..V.:.J....C..L:..y1..*..........J........].O..K.....-.H.V.]P...|r..1.r...K...t.....%O.,....f".1E.e-G..3v7.q..,.....+...U...I.......=.Y4O.+qN......`..r..j.......0..\....0v..g.?.....R4..iw..gA.o,2..H[..%..."$.\..~..x.{.p..+u.,.$....(o.".......6.F..!....j,....J.V...B.$.K..2m..%`....+........wL....=.Y...o.^....C.aOT....(.x.M...M.y.DQ.....Bl...`.4Y.:N.<@g...k...-..v9s...N....`H..9|......Pc...P/.n..{5...>..(....d......S...Z...Hl..r.*.l.C[h...%...P...s.0K.p`A.l.'...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1881

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6051
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957816603605018
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:H0N15s+4XCNSdJdSzCFQNHmdammXTwDSpCfIi3lmVFxxgUAYqaqx:GC+4XC4bdSztS5mMIiAd+x
                                                                                                                                                                                                                                                                                            MD5:FCB61F2776D6E3CC46ABEE8F709D9C3C
                                                                                                                                                                                                                                                                                            SHA1:9119DE69FC6E2896B0F63943581758D1B7B23CC2
                                                                                                                                                                                                                                                                                            SHA-256:15E1505588F6721B1753A219D45C1F4C9CF437C20AE0572CF0D7A0285F20EAAD
                                                                                                                                                                                                                                                                                            SHA-512:FBB5E0E2BDD5D76407C74B3F37DFCB8067ECC00283F7BDB16D7548F0C774E44D2DBCE300715E7C33FB3E6EF7624BB1BCD3F212973ACFABC24FCDFD140CA58909
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx...\.....hg..D.....8.{..F.]......&..*.*.....)j..bC....{.....;...(..{...>z....|.7o.......H$...EB.H...6...*.............I.C..y2.H.(H....y..!f..V.3......+..y...o .X..../..).~A(......Z..s...l......=&0`.X2.,.>'.l9}....h.>Kvc...>E.<A+. .!...".0,.U...*.....u..-.e....ly..\..}V....].A.......,...$l.5..`.... ........m.>K.;.b.g..U.....xo.F...W.....c.OCR.../.Q....o.e^..g.k.................4.>K.y....G!..t$UR[`.n.J..lY2...c.@F......`.nQR[.....Nj.9*...!~.....9D.[...wxa...N.5.X.[@R..J.e...X..aa1..2...F\.......K{U)..Q..)=&A...Yt......y..FQP.P..TlF(.At..H,.)...x.,.T].!..:.y$.%.S{.ob3B../..}d~U.J.CM..G7..P....U..M......J....f^cH..*..a..G.^..V...We.`..7.Kf+..c...yt#..U.`^..*hy.(.3.D..D..S..F..=......?..7,....^Oa1.-[.(.'.."R..>.8.v.......~)9...D........rs.....`...4..`..l/`1/Y..w.]..HL.=&..>KV...8.....i....5...`..?.Ba5..o.6.e.^..$`.%......L?..9Dm:......vw...5

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1882

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):14892
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.979612382703188
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:7SjMQjVOB+HmgyM7FtmMsTSLF3n0iJqLZDLdQxBhVH3QCBL:7u3Vg+HbtmMseB3BJmDLSxBhVH31
                                                                                                                                                                                                                                                                                            MD5:6CCAE1D6759A086EF24C6B41E529456F
                                                                                                                                                                                                                                                                                            SHA1:4D9DDD9741B4F5F1E47348E118C2BAE99C290E22
                                                                                                                                                                                                                                                                                            SHA-256:498A6E4B44FAEE7E46284BDF994A7F8D53CC137FE89427B9D6671093837FB8D2
                                                                                                                                                                                                                                                                                            SHA-512:565FC18756C90DB5527E462D4E7D8EFD3ABF7D1D87A47C376501A7CEFF47639218F4C76A2F4ACAEC13381A76D15DC1B705D28AA0225CFDF7944A66B9996165EF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/construction-simulator-3-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF$:..WEBPVP8L.:../c...M8h.I.Tu.U....r....l[6v..k....6~.i9.x.?.E....qn...@..L.)..\E^ ..(].m$IQ..?BfFkuq@Rl.R|..q...b....@.Y....H......<;....5.B.C.,)).....dE...dH...8.......m............G?n..e1.b6L...v.y{nu.s..$.N.Y.8...L..P...l.....A...X.....-@..dEH.....a.-.P...... ..bR.8...hl..$B.G..`.."...A.I....BDL....C.K.....-0r.h.z.......k;.m...Z{#.~8..Q...xG..<...8.s....cT3`.a...$.$...<.j.O._Z_...~..7.d.l.v..6.... ........B.#...>.5{0p.HQ..wC.O..m..F....-+.8..<....3.3.{.{..;....v.N...,.*.l..m.VJ9.Rjm.a1....A.,......0k..D.......9y.m[ud..t..!...%s..+.Vh...03..._..Xi.(.1.....iH..[..m..F..=.K.......9...K.....6.1.0....3....#,Y...n..$.$..X."...~....e....H.U.m+"K.},&e...0.Zk.9{o.d._..LR......C.b(xGV!P.U........T...@.9...........d..6.zvs^fU.$.W..7.....mk.Y.6.{nYZR.^......_X...0...[...N9.k_A.8N"@......\:.h1,)@....I.c......l.......v...v.s..I..a..Kp..b...3.q........M.(.)........E....2...!.....r..0@ .....1...D....u.;..=~@....rX.....|.t.I&.]...^q.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1884

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):33
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.55954563450997
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YJH/ISwo0CxqYjn:YJ/I00vYj
                                                                                                                                                                                                                                                                                            MD5:DBFFC8E76A05BEA2F1FCA3FA2EB124FB
                                                                                                                                                                                                                                                                                            SHA1:9BF35F69A5FD87CC290F1E44D655D97F19D38FD8
                                                                                                                                                                                                                                                                                            SHA-256:B376BCF32D893AA752A3503841A925DFCB2DF53AE4FAFFD6A3964EF96A25CB55
                                                                                                                                                                                                                                                                                            SHA-512:8B6FBEA48A9D1421A56339F8AA70D87AF8219CAD7CD9135964C452AF9E34ADA7E8D06F9CB8AD88F7A0EA9CA7695DEDEE9FDF3338BCA7E227AE93F39BE9B04772
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"lb":"juwUMQ2IFnbFrC53pgLVhw=="}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1885

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7041
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.961167441014542
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:6Cnv1oIyHbKgA2ZMe87rXEGW7zhkaOWwf8Sr2wxLGCKqfeu:6CntZyHbJA2PCrXs7z5O7fbiSaCK0
                                                                                                                                                                                                                                                                                            MD5:FFD1263E56882D27FB092DDF76A946D5
                                                                                                                                                                                                                                                                                            SHA1:2C7350AE1E5FDD84DEB40CCF8BD3E0E7FE2EFF41
                                                                                                                                                                                                                                                                                            SHA-256:6A60EA68293F0F9B73B96729C2CD0DC5277C721CEEEBD22E4C44BE87042C483D
                                                                                                                                                                                                                                                                                            SHA-512:8D54F21323A5552E744BC3EF0C424C5FDC36963BF802B30022D48132FAD6234E4B2861CDE008D0FB4EBC622F2310A778971F3E03D52636949385436FA5591A04
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}.S.Y.....j_.s.f...$(.*......_.5`DW1.*&.......ED.;OO....Ww.8 ..a...nYS...>....O.......~[...I.h..../...o3.o.b........E0.eYVF.,.S...N[......$."d2.8..[A....x..j[...!....,..X.M~...U`X.J.MD.<.....F.._ui..-.y Z...%.r.....F./.%.J{.P.o.....P..<..?....*......7...^Q.e.`1v..=fy..0..r.../d.opw.Z..).. ..,.I>...=..r.O...d.......&.-...c....... ..."\.o...C!S.}[MzJ..,.S...E..4^...<.].H$j.......v.r...'?...UVb.Y...e...M....7..&*.mH...Y.v..!.g.t.||.Z..m..D]..Q...x.^H.T....(*...(..U.M........=bq9~<..?nus?j..Rw..YF.ypa.3.....Zod.?..i....%..As...y..o$n>^....d^?c#f`.....Y.J..}.n..<........|.c.....YH.&.^..,b.v.....v............]...U.9.&B.,..?....K....4.N.6.....8..-/I..........[..Z..2.,+,..x..."G..[.....w`a_..$..w2$.eQ..!.~..U...._.J.c=..z!..Z....E..2..3..BRC...w`=.....]...U..1...dY.8n..4....d.............7M.B.&.W..u...~#bY..<u.,....kRt.......:...NJ.#..+.......h..d'X..\.o..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1887

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2099)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3944
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.203166106601473
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:TWZ69kcUTC++OIutJxtomlGDWtVAguGUO:TjuPTCpOIutlomllupO
                                                                                                                                                                                                                                                                                            MD5:7E183D0A9E2117A418F3F4622C083F9D
                                                                                                                                                                                                                                                                                            SHA1:66B85D44116D2B3BDAC621384E940D4FDE5BD14D
                                                                                                                                                                                                                                                                                            SHA-256:872DD2215897ECBF5F90259A1E8BB9AEFED872F6D475B6CF7D88E747FE641F7A
                                                                                                                                                                                                                                                                                            SHA-512:6A49C6737E3BDE3E44651EEA7FF2DD154399081B3E91B7F919FC022CE63D444E43D2D2D3C1283930B8629D271BDF8B358636180AD041696BAAC5707E25183812
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms/static/js/mow-new.js?v=1695907987063
                                                                                                                                                                                                                                                                                            Preview:(function($){function loadCarousels(){if(!$('body').flickity)return;$('.services-carousel').flickity({wrapAround:false,freeScroll:false,groupCells:true,cellAlign:'left',pageDots:false,cellSelector:'.services-carousel-cell'});$('.cast-carousel').flickity({wrapAround:false,freeScroll:false,cellAlign:'left',pageDots:false,cellSelector:'.cast-carousel-cell'});$('.carousel').flickity({wrapAround:false,freeScroll:false,groupCells:true,bgLazyLoad:5,cellAlign:'left',pageDots:false,on:{ready:function(){$('.dit-home-slider-more-elements').css('display','block');}}});if(!isMobileOrTablet()){$('.carousel-cell').mouseenter(function(el){$(this).children('.im-carousel-cell-info').fadeIn();}).mouseleave(function(el){$(this).children('.im-carousel-cell-info').fadeOut();});}else{$('.carousel-cell .im-carousel-cell-info').show();}.$('.hidden-crew-tile').css('width',$('.cast-carousel-cell').css('width'));}.function isMobileOrTablet(){let useragent=navigator.userAgent||navigator.vendor||window.opera;return

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1888

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstVFQ2gLx4ZnK2vZhEwOhLcmOrXzuZj1KnqdL_1FjbA4OPt8I6U38THt8IZryW1rod4COwT7Y8B6fvhAeB8zXf7FVeV27zV5VqbyKL_&sig=Cg0ArKJSzAJVuVbJbyQIEAE&id=lidar2&mcvt=1004&p=753,23,853,993&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1791997687&rs=4&la=0&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=v&rst=1698409201325&rpt=3271&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0"
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1890

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):734
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.6681955542392
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:wPkzIPI67jqKbun/edJKpAeAwKZFPYIfYVExHOtOrWECGxBrJMzhI40yb3XhrTgS:w8Sj7Un2dJKpSlBYoYVmgiWrGrezhTL3
                                                                                                                                                                                                                                                                                            MD5:94F1D11D3BF119C6303B6C4857EAACC0
                                                                                                                                                                                                                                                                                            SHA1:31FCEE85E016CB0875B99047106FDC9BF63F1B45
                                                                                                                                                                                                                                                                                            SHA-256:270CFEB5DF4C9C74C16B6ADD6CCB87930ED9CAB89AFCA0A91E6DB0B9EC3139C3
                                                                                                                                                                                                                                                                                            SHA-512:712293A99944A9FD8C48F0156047BE5A09AE1D249EDA9738172DDF6F491E7875755E1DDB087A0A8F5FB25BCE77A44F1CF45955A1F5978E107772A19D49D33164
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/microsoft-office-2019-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../?......$...g....m......(l.H...{f.o...5....@...2P.D5.H.VQ+.......~KE...D.b..t...0B....4M@.G........C.d5l.<[O@... ...rH.OW....^u5......x.w..^.;I.~...~X.....}.dX..."_...4R........e./r..c/..|...O#.oT......>..R:=f.b...t(_.=.A!_........+.......-~.....u.j._ ..9_).T...... ....yK.Y....@!Xs.V.p<...w.:......?...N..X.E.c...~.."..7....\.b.........{..."..mIBcz.DKz.D....-A..(.]..S...);.O%..I ........ND..A..'..y. .*Z.|..3..+.#..Iy..........!/7..G..9)...M.g...5i....R.f..:5Tl>J..c..@.D.>r.ePR.w...&.y.z.TG........k[p8..k..}@..|9.5..^...Rp..m...c...'.4..S..._!....H..3..nJ.. .W.....T..........2..5}..H....f....t.B..].O..r..........)oH.....GX.R*t..Lt....r.^s.ow..wB.6....op.}*4..B.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1891

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):13362
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980703488955891
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:VhRXP78gTKPL7obLKupISb1XaGk8Sfszz:VhRT8gwL76LRpIS+8Skzz
                                                                                                                                                                                                                                                                                            MD5:B813FFE26871DB4240079C4B4AC9026C
                                                                                                                                                                                                                                                                                            SHA1:D7B37F878B1F561259E72FD8273E1C496225E7EC
                                                                                                                                                                                                                                                                                            SHA-256:F7D853CCEDA346303A017661E0425AD6DA0306CCD2AA3555263539E0C59B436D
                                                                                                                                                                                                                                                                                            SHA-512:A8FC8ED32010E473E7A84454B565C3E75CA919A4E1EA817B196A5877EAF33FE0B0708937A33639CA5A1198D73F961437B6C45742EF3876AB0666502AF381FE41
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/minecraft-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF*4..WEBPVP8L.4../c...M0l.6.d ......!...@.<...M..*.....*.mr.j[_.i[k>N...g..,{.33.,x:.@.8.O.J..p....$\.D._....y8.&`I...J.ap..e....7.6..4'J.......$UdY.O..C....O.E....&.I...q8...Egc5..A.Lh.t.$#v...P..A.L......P.\...Rf.B.W.....Gs..b........d,.M.....PVM,|................R.._P......"Y..'..p|..=\X...V...m.:.Y.!"&`.`w..FO....B.V.....y`[..U.7..m[u.u....:r..'w.:..3SdG.OwU.+..w..$I.m./|.....5F..tz.$[.-I............................^H*U|..m..I...C.u#.PFfVe....m.K\..!.k.m..3.r%#C7..#L.m+.$......U5..(.vM..&P.a.Q...[5.fvRU...]K..6.$.....U5n......iO~?._p'7..r2S!..Cd..I.$.~.%....H..c2..S...l.l...+ff....t7R..I..$.l....>.9..bH...d.Ad...q.=k4.m..mIRk}..E..C.`...QaU....fT....{..s...&8.;.......%...%..T.7...H.......&?@....z`...[HPO...)..sc=9..1.#&.ek'2B..G..X..\.E...E$ " ,....&.......q.q..z.2...a.......*`...T3 G..8..h.P......N(.... 9D....`2...I~......\..s.9....U?.8.v ....T*=.~......9A.......0..^@.P....65.uFH.....$.bRRx....~.<...W.y.cI.8........N.._......o.~.IE

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1893

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12530
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9757969142430785
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Hz1jQuKfucFAcv83zl2DfEPvJsLH++AkRc7xgTcTW1xCSR82Fb0Gmldz9U6+FEYo:HlccR5PGLHYPWxfR821gldGBuYc48V
                                                                                                                                                                                                                                                                                            MD5:41882B5A291D538C3C667D711D0A9E26
                                                                                                                                                                                                                                                                                            SHA1:21F481D3DFFC00880C7AF3DD93B407E54218D1A7
                                                                                                                                                                                                                                                                                            SHA-256:B8A4A7CFD650C0F9F1D4D35B9132C3B368917836C09FBD439953EDE5665B0B68
                                                                                                                                                                                                                                                                                            SHA-512:0D12E2474A6EEE6B5A708DB39522F2FE6ADAF8123CEFED94C185CAE91F2A26065B9D50D2FB4DCE0EED9F4FE8C78975BF4426F91C620A7669435F57CC9D4F2A0B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..0}IDATx.}w..gu.s..~.L..43*V...*...l...MI.J.l..KBB.&..l....IX`.l.$$.d..C1.....`c..E6.eYe4..hz..{.s...kwf$.......r.w..|.>.9..U~).@-/T.......C.'....M.O7.f..~.e......{..4...Qq..G..T(y.....jz..Z.|".]<63:47t.6tx..d}j&....N..E1......@.ORg.z...4.....`.Pz+.!X.g`=b..A.K.q..S..P.._*,".?........j......}yla$f..wL....t....*.."=|....Q.ZP....U.AbK.'rt...(r..BA".....E...:%./0..l....4.lP.(.R:5?...S.....'g....Ls...R y..;..g4.D.T..doH..XU.~."R(.........I.]UY..hP..ke..x*...$..&*Q8...5..9D...&...z.........3... 6d....<...WV.....E.,p.$..U.a". ....0..y...@A..D~..T.iU.D@..9=Zz...D..Dj_..3../........|w.../-..oM.....`fG.m.3...V.a+.S.$L.BAaEa.;.H....T.27.($T..T.H.uM.E[.J.....;......`.*.....'G.}.....vx.XCk.&.DxZ.R.RI.E...%.j.D.d..P6..xq.$*6b/.j.. 5...)`...'....b?...(...Qj.)o.>bQa...|..^.L....'.:r..#.4.......>I.....G..2C....4.. ........J..PXK"$...JJ.D$..j5.~@U%...%..Sx..K"5...VX..wC

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1894

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5437
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.896373139777783
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:jwS1Wr7nCrX0z6/k3jrYkqCUZsiSd6etKA9tEyXEXzU7A9CZ/3JLSuaZtINcZ+:J1WnCL0W/kTrYkqCBltJ9NEjRQlSdZtM
                                                                                                                                                                                                                                                                                            MD5:EC10E1B7347F30C92AED0EFFF4245F52
                                                                                                                                                                                                                                                                                            SHA1:5D33A741758AE1066C6254960D73A56CE9CC9DAF
                                                                                                                                                                                                                                                                                            SHA-256:E529253E4950750C4C0369BED461C6770AE29322BEAB05EDADF657DF932DD501
                                                                                                                                                                                                                                                                                            SHA-512:B351D523601C0629A6A60E20E28D9DE303FDCE21D4BE553184408B1BB50CC1A67670A74D1098323C641759608983754931B4D80FA3470013D8A2A4270E4D2797
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx...k...y...u?......{...{|.8.#..H......*$...R"B...HHP.P%.A*.. A....Qi..*A ..5..6..ZJ.D4.C.8.c.....}...=3..=........6....[Z.oi........[Z.oi........[Z.oi........Z..2.....6H2.f.y...%V&..1......$^S.%.f.$nCeO.d...)....k...*BJ.FB.UT...LJ;._{..'...7.8UB.!.....{...?t....B....HS.GO.~.....S.(..5#.E../......?..;...`.K..)qYf.R~...~..i..$.k*.......c?.7...M.@by.=&0..|...3.l.k.X......sg/.L...0.PKA2;.kE.....E.m.^...l.:!q.es{.W.%..].W..e.....D.f...Pe...........Ud.$Cb.`nK....<.."K.;PjoL...H.d........J.....zl....(....f. VU....F`......d.....9.....N4P.I9...F..Ls+.....urt...q........|.....+.....X..,.\-.-PJ./.."L.h.Y[..H....F9..a.b.....@.|>.+.0.UT..X..mK....a....0..As^J`....].Z...B..I....k_.... .0.H#a..[.J....r=.$llw...`i.;..E......TJ.....%.V..H..@.@ a....B.Hs..B`VT......f.....o>...`.e.+...o.R..".R..R......m.u... .@TI...!!.....$lB....T.zlK:?...........J.*.q...G6.....5..a8.9

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1895

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12658
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.954645747745527
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:e6SB/suA8B6gIdEydSiZEf76a81eAKvmgE1:e9/88B6yxf7y1eCga
                                                                                                                                                                                                                                                                                            MD5:81E508B7CC45CDD56CB8218582CCCD5B
                                                                                                                                                                                                                                                                                            SHA1:77D1F35CF656BCAC1401FC6ECCD804AAAB6E59CB
                                                                                                                                                                                                                                                                                            SHA-256:5CEDE5F70D1AFD573641AA97E4E5DA25F23B85F7B1990D9865DE9FA9FC1639DA
                                                                                                                                                                                                                                                                                            SHA-512:AD1E3DB3682792AE2645EFE257C8F1C64652CBDCA9FDFC2952859F25E8B5CB943C2AC1C43718F71713C4CFA4298065583EBA0F92CB399FC4BB89084730282E8C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/free-garry-s-mod-gmod-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFj1..WEBPVP8L^1../c...M8h#.........DD.'..w....V(.U[8...|5U7.KZ..g...K|.,..l...m;....`.V......[e.$E.......itj......m....m#)..-I...y..nc.V.....b"{..w......U..I..+...,..J/.V}.>..............;..~..`.^g$.H.xWJ..8`..w.!.....oH.....m.b.....<.5.h_Hr....U`..$.%E..Z..P..8.j..U..TO9...T|...q~.k.Rk!;I.>x....K....n..E\.k2?..Z...,...........Z...l....6...P./1...U.PS'....d_...m.0...;."b.<3.dSy..Q....%2..u.r6.&&.]I...9....G..h..P.H+(1.....4....Zk].:e...w..c..g.&..m[.m.b...1.0H|.;.#...#....Qb.0...;.$K.m..Q...E.........x..x?.svUe.k8p...M..yZ...,i.H..Kf.......\.......f.....\.....`f.&+..I....m..C.......[4.{...........saQ.....e."I.m......:.Sr~3.1...Y.lY.f.....l...k.".....f........ ....(.... .R..h......`g....U..'(..q?..4..$..&...'...D9.=....#...Gd.....g..1z..}{...~{z..hq..e....;.o......."0...(N.+(D"$..q.D....Z.M.t.{.c......&*.P...<.!...#.$d.gk..`. ....0...@P..C.B@.6..0.#...aJc..p.]...4.,....H...FN)&!....Y.8,A.-.h.im..O.3..`....>.y....j..F.].........a&..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1896

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10122
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.916890410004837
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mo1gR8iPOf33ZSIbAbVD7/IDUP9PMPMFbtvHAudVg94IBkcv1oerutjZw2HB:meiWfMIEVAQPJMPMFbtvHh0zv1oK+
                                                                                                                                                                                                                                                                                            MD5:260ABFEAC5BA0D01F64B5D4FD4F5ECAF
                                                                                                                                                                                                                                                                                            SHA1:1E0183101C412D6E70843FB65CFF02ED76506948
                                                                                                                                                                                                                                                                                            SHA-256:38F2167A9B28FD0D738A187B5040C7C853D7145E0AD613850D46A4B7447236A3
                                                                                                                                                                                                                                                                                            SHA-512:56726C48734CB15A6B73CC1B039625286C5287DF50185883FA7E550AAC30F57696D25F78A887750DBE856EBC38F9E003FBBD52B967052351EF5A888083408535
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/lego-digital-designer-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.'..WEBPVP8Lu'../c...M8l.F....qp..;......m. ..%..?.#..q...i..n...G.5...I.kb(3O.nX....bY.N[@Y...U..L...T..$.Q...,......$9J...!|..b[/7.m...2..q..p.V?^...c.......E..B.I..{..0..3`...MZ..5..,.`@..G.z.....-$.NW..^..?><........._..v..............f.4......BZ*. ......y.|b...4...!....P.8..#h....7.0.......N.....(..P.2='..(....9I..CA.6..........y..H...f.........m.[.j.m..k....V._{[...l.X.....{.....h....#.Vm...l}..[....h.r$I.$I-f.K3.....ty0p$IIp.kd......Mk..}K......#N.......;w.l..N.m....^k.9....e.Vm..Z{.s...>w.effff.CM.?h.5.)f}.....7.9.h.d.m.v.R...\.......I;2.......B..6.....S..CW.!B..a.O#!......7...J.B"H.}P...&.....w\...IE>]...$..#dZ...9$2`"....Q.T.$#Y.."dGl.4... =..I."e.>.H.!Rh..$BF..P.!..*...'%......`!...).)H.i......c).Z$..DD.$"$..(...*..R.Q..R.V....*d....f....$.z#.i.'."-J(W,RQB....4.....id.V ."'.%."..H\....~...G^...{......_m..7....M+.^i...u.R6y#u.GI..v".B..y(.W....u.....D^(..D/!Q.+.W...o..._.-....~L..J......o..........o'*.."..!.,......6..:...@..l.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1897

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4300
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.936460362605017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:f0k+9HHmLU4j5ZpJgQMvXolS4vKYKzhIIZlSa8vFf9yZuTpuk:Mk+9nmo4tZ7gQMviPvKY9a8vFFyZuTN
                                                                                                                                                                                                                                                                                            MD5:C8B504B45E699B4932F6322C9993CE81
                                                                                                                                                                                                                                                                                            SHA1:CF3CF7792DC5CE7822FFDB6742E6213747F1661F
                                                                                                                                                                                                                                                                                            SHA-256:D5E7C3EA1B3288861108FF7D23ABED5B7C82D37101D7A6EAE7D56CB3523525DA
                                                                                                                                                                                                                                                                                            SHA-512:3ABAFCA2CB8543C63EE2FEA6759DF0083B688BD2A5F64C959000CBE22EE4179162DA9882E0ABB586637B957B67406120930153A716FF8463E138A490319D8D54
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/77chat-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.......m..?..2........(X.8A...zq...Cn...i.m.:...Y#I......m.Q.nvfs;ffs....$....=..w...:.$m..w...m........F..G......6).$I2.....*0..x.33....."..'.<'s4.l..z........$m..w>.......?DIR.J`Q.....B1..C....D...D..#..]. ...H^..........JZ.+.U.....(G..-.._qD.l:....uLY8...A(nk........'.5...?)I 3pq...'.\.f/a.O;.t... ...v..K..9e.....Gl.$...UH..Hc_0N-H....z/.{.._......[...v&.....T..Dq.Hb/.........v.q.....z2<.3...I...H.....U.{(.<..........c.....}.j p1c....#..R..4s......C..=.%..'.zV..=..Fe...P@......D.\.RUgu.....K...J...uDj#.;Z.........!>F.k......._`..[.$...L..$qQC.......,.8..Y.U.....J&...^..In...3....QB....B".r.N\R.3..A...... ..V...../......o.QJH.PK.b.,.R.....l5\....%......+.3Y..H.L..C2...&_..Y.b,..S..O..X~.^...M.D%.b.M..*. !p!..Pp..q.n;.GR.*......TH$I@y*..........A.S.1d.5nV.'ZC...7..f"I.BH.~5$...qT..w.gP.b...<i..F..UG.`.>=..hO u...).9.z.d....d..'..N.$.....z..F...Y,..?.../.......<b.z...V...08.`...26-..d%=..+C....>..*..uQ.pnN.!^..x2.q.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1898

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (59729)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):60010
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.251561930322096
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:uoYGDyGi43HVzdR2BmDb7zTNilqtvY1xWiDLYjQVW1/MVOlKvnxFa+B0+:uoFXOCx0wNGaYk+
                                                                                                                                                                                                                                                                                            MD5:61F338F870FCD0FF46362EF109D28533
                                                                                                                                                                                                                                                                                            SHA1:B3C116C65E6F053AAAB45E5619A78EC00271A50F
                                                                                                                                                                                                                                                                                            SHA-256:5AA53525ABC5C5200C70B3F6588388F86076CD699284C23CDA64E92C372A1548
                                                                                                                                                                                                                                                                                            SHA-512:8C2694D03A7721B303959E9FE9D4844129CEAD2B2E806E85E988A04569DA822EC7A0E2EC845D64C312D3E3EC42651810B1336AA542A3E969963B1B2EF65DD444
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/js/bootstrap.min.js
                                                                                                                                                                                                                                                                                            Preview:/*!. * Bootstrap v4.4.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e((t=t||self).bootstrap={},t.jQuery,t.Popper)}(this,function(t,g,u){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function e(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter(function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable})),n.push.apply(n,i)}return n}function l(o){for(var t=1;t<arguments.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1900

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):186893
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.828761801336916
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Jiz365BTG3FnWzCjH5WQ7eK1gIap/M+aeZKrvRVKp+/jomCISlbahRyZR/Pm7:Jiz36bTG3FkCjH5WQ79gIaph+EmC3lGv
                                                                                                                                                                                                                                                                                            MD5:42A14D0AF2FCCD592CAC4F64252D63E6
                                                                                                                                                                                                                                                                                            SHA1:63CFECB01EAC92EC48EF6A92AA6A36BC2F433D58
                                                                                                                                                                                                                                                                                            SHA-256:A009AA335DE3980E93BD41CAABBA6C7420005A88CA96C78F82B695DF22C4D91C
                                                                                                                                                                                                                                                                                            SHA-512:48ADFF18414762DEDCED6DCE54223C36811422D858DE8515943F3171B54F81CF5B8B0C416A9E1D65E017DEF70790F426A834E94DB6C59BCC4E580492F30B6C77
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_OOP_Interstitial":["html",0,0,null,0,853,1017,0,1,null,null,1,1,[["ID=ce2bf965d823d99d:T=1698409203:RT=1698409203:S=ALNI_MZniMh5-9gmPFw7wtIkI06MrnSXcg",1732105203,"/","download.it",1],["UID=00000d9cf00d3c99:T=1698409203:RT=1698409203:S=ALNI_MZqGtCCkme9pE1IWVyB8DzylCFmIQ",1732105203,"/","download.it",2]],[138337886745],[5598400973],[13617419],[327760139],null,null,null,null,null,null,null,0,null,null,null,null,null,null,null,"CI3b76mbloIDFaX1yAod9GoBmw",null,null,null,null,null,null,null,null,null,null,null,null,null,[null,null,null,null,"ca-pub-8132844949421936",8,null,null,null,null,1017,853,[["i-fvs","true"],["stop_word","scegli tu;scelta di annunci;pubblicizza;carrello;check-out;condizioni;contatto;copyright;desktop;disclaimer;faq;guida;accesso;disconnessione;accedi;esci;login;logoff;collegamento;scollegamento;membro;menu;norme;privacy;registro;registrazione;impostazione;sign in;collegati;scollegati;connettiti;disconnettiti

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1902

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12248
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.961218356526697
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Y74ZH/IEByqZvp+unhieQgsZzNxfa91kiOH551d+Gt7QUDFJPBC3Mkt92C:ffryLuhWfZnSc5DqCFD+MkqC
                                                                                                                                                                                                                                                                                            MD5:91C419D8CE31805A98BCE51DD115B24F
                                                                                                                                                                                                                                                                                            SHA1:799762C2817CD42E61492D8FB9778DFE9AB1BA15
                                                                                                                                                                                                                                                                                            SHA-256:931695FBF8E987AD437668BD376E11FE0D971F2B50C60E8E5C51C7D0AC3D1FD4
                                                                                                                                                                                                                                                                                            SHA-512:4FE1D755D68F630C8AEBE3BAA526D5B0D57711AE6E36F9F310104A0EC777A9D1AD686C0464CD1AA438ACF59FC849A742AAF388AF8F01A9751A0A529FA62BB10E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/picasa-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF./..WEBPVP8L./../c...M0l.6...oe....!....... .V.O@....g<.I..1c...T7..&Y..&..6.....({s.F...H..)c......D....&...m.V.+.......D:".H.m.j.2.q..M v..|yu.....s..[.d.Ad%......~2|Y...T...V^.E..........).&.|.h..9|<.a........tT.K..$.h.AY.sy..?.r......s.=/..h...]..d';.. e)-.p.)[w...].........6y^.........N..4n.-v.B(.......aY.d....S..r..K.............f'..` h.61...~..1..$.T....Q..F}...f.u1TP.N..cm.2I.t=.of....b.}z.Jo..$...0......k...m..6.m...{!..!..87......{..$IVm.-.h}.9......=_.k.....M.$.{z_3s..d.,.ffff.u%.H.UWcf...y..{...8)"....w.wl.%I.k.s.s....j.....h}.Uh..9....s..#.j.m.\J........Q.A........m.i3.4..ZK....#..AD,.1..L.../.W...|c9".*. .....9...$V...1.!...Z........X..*-G.X.1.V.....G...)..:....X......;)..;j.G......gF.Q..c..yY.J..U...<.e....&..M...P.n^P..3.k.\O.XFH..)I3y.JB.2.1........t...D..Q.U~.;........."d!+.:.......TN.G..ee1b.4..%...;...>d....'...)....&..u$.6hJ...x..XeRO.F..z..g.....n.^Ge.......hi.9.T..c.{..2......o......5:....`.c.y;..2.RPgu

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1903

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4347
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943703965397194
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Sgwrh2j9RTSBGVonKVxg3dWzxdpUNtXe1fCKhmLFHDb:SgwQqMYKVa8zxdpUNE1fCZ3
                                                                                                                                                                                                                                                                                            MD5:92F69C3D4B9D633A1B48768CD3C86904
                                                                                                                                                                                                                                                                                            SHA1:94445C56EA032DE438FD9E75B42A6DA24BD45E86
                                                                                                                                                                                                                                                                                            SHA-256:D12AD668BB5C5752CC0EA3896C7D2691DFA4021BA3278673C538B803D96D959C
                                                                                                                                                                                                                                                                                            SHA-512:3DEC377CCBA0027D8148B233EBF62F43BC06C95B190E61260F04C86959E4EFE64C5F4581A7C11E9F22A989F8CBE9D7E5147461E2287726FC459569A5435506A4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..].w.U...2B...$.@@..A.... 8H.EE..e..!..L.dP...6...u....$.,..l........]k..^UWWW...G.>u...z.~..W...R......KQhZ:|(....=.....TP.a..Q... ..PA.T..g%.6K..)4.(JJ.AQ.....K.JEJ...TJ...6..L.H.<(.G.....qs ..E.h...T..L.(l.H..4..hx.2...T*%..0.SPi..~E.fB'.Q...(...O..Z..I2..J.dJI&.uk..r.wSU...%J9.X...M._.FI&u.J).&Y...|r.2..Q. ............cT4.B...e..c....h..k...>Z.E.A.L._...|..5..)......z..:H...@.....l.@..+W..:PT.}.y..x.c..f...+W.7.6oB....9He.UU.J...7.6.....I...e..Q..L...K:|..x..r....t..+.......{}...K.]..Y(.p...V4...k...n...5..j@...-.8..u3....s\.R..r9(.?.................`.%.t...G...., ..D...I.h{T.....&w"..+CA/T..x.|.W..n.i..\B..L...|._....W.^x....n.....zJL.z..WDP.C.....O&^^.X.R...Gc..El....1PS.z..../..(...1.k......M.\....^N4.....5l0...qw...M...u3../%^^.-|..VG.......a\=@*.e...[........^U..^..[I.....FU"2.......[)_..E....z..5.....|]...z.....[..5(.Wn...Q.v...KR.....<......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1904

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11550
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9622697168257766
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:pYTmwOj0GxTNG7sQbeRNE7X0ehBuctyelRXo8PsBaJk7kLbo7xwrrweycwo:pYKwOj0GxTIONE7EGukXo4GeYwrwZcp
                                                                                                                                                                                                                                                                                            MD5:E4312C94EF58AE71C6B547273BFA436A
                                                                                                                                                                                                                                                                                            SHA1:58A52D4A1C108C377D5D5743EC223B55369E1AC7
                                                                                                                                                                                                                                                                                            SHA-256:0D2301DD6C2165415CC4499ADD585E1B383A3DECA3FC493FDB48D50E6313BA10
                                                                                                                                                                                                                                                                                            SHA-512:77C5B32ADF95CB8417528B2522A6A965D5CF3D0F5B488481E3AE78FA9DE2583A68863F8455C286B7560451ECF867536FA57BFFFC4D3595DDA21EF081BCFE1C97
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/open-office-ppc-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.-..WEBPVP8L.-../c...M8l.6. 'm.....CD...h.m......|LK~......[{".....).I...P.;.p....3..nU...rH. ....b/.6n$I..\...k.y..;h.....H..%.h6.....p.&6....H.#.i.$G..Y..?..r7)........!.X\."@ s..:.....#..pt.,t.(W.......+??.DU6 .T.,.S.).....D."iZ...p..BjP.mEDlW ..#..........D.....Do.n...z.W.ISr1....+W..nUj7..4.+W0...k...m^1..uu]]W.n.c..`...-.L...WaS...@.%t..............`(h.I.........X+..J@..T.t0uI--G....A....#.,.XxR.$I.$.g..'..{o....$9.$.<..KK.Bb.6...O...F1..d.m....>.....9.@ .g..~..Y.3f..H.l.m[fQZ._4.E.\t.....Z.<I.$.%ID.k...Z6......RL..m..8..../)....Y...t.....!33CR....A..../I.,I.m..E.=2.........@..G..&...V="#.TE.w$I.m.e..Ym.1.Z.|n.6..C>6+......}......G#..7={.8.".Bi.`...& .......b..X....0..)....6.1!B....%@.U...e..iFq..6.c`.`)..^....%....d........4."...p.H...U..B.a..(..=VH3....3x...q^.@....... p.r.-.Y....D..@.`..!@ ..p.qY.H....(.h...^..fY....'..4.y......A....*KL..pi?yg..o.{w...u.O~.].{.......y.<.J[;....W!Al R....h.7..Pf@l.......)X....FF.$!....f....pF].w..{..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1905

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13878
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.969224556882514
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:4DO7lq+GlaH/i2SEN5+vtl5N5L1ShuiFrHwSEyc+bNV/8NCd9VZj:KOeI/iTEvGl5TMhuKMSCqVN
                                                                                                                                                                                                                                                                                            MD5:2F4A2823D33DB038F48102C01B874ED7
                                                                                                                                                                                                                                                                                            SHA1:33069612FEED2122C9EAC2BB76DD13B7095130FB
                                                                                                                                                                                                                                                                                            SHA-256:40F7EC91C837A160370DA359467AC6B90ED639E57436F35C0CA585E11C2D8FBE
                                                                                                                                                                                                                                                                                            SHA-512:8E98CBB1CAC8DF621AF985AF54C7B62D8FBE6767E97CEC749F7133B7DEED7EA1A087084FDDAFA0D92D9F00A012532122F849748D1732A8B64B600DC18249D061
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..5.IDATx..[.d.&.....q.$3!!......D..R....y.y.n...m...._.a...B[M.L.u.J.*I...."..H......~n....>.....$TI.2+7,...p?...k}.[.Z.C.....P..{./n...H..c..|........|.....F...ny.....?>........J..=......gv1..s.....O....+s...0.+{.......m.5$.Eh]\...c....O.?C..^.H.>.EX..D.. .a8~.c.....6......p|.......b....]Xy..81........7..........t:|...8.dL..Q...{|..S.....aC...V......x..1=.x:../.K..Y......T..9..zG0"h..1.,B.9n........?......x<... .|p( .q.6....W..*F..~....(....,....G?..7.......&.......{?.7..?.+..?..Z J).v{...~.....R..R.x..o}...:.y~.ow..r.#@.......X....a..$.<.4,....R..V?..6V../......>.u.a..{..W..........E.zd.4.,.[U..o>..?..3g...u...AP....X..G.wU.....Y...X.....]..^......7.....~.._..7....y.u1..9c....8.........C/.;.@.V.*N.&..U."k...y|b8.NN<....X.^.._.V..g.....~../~......+.\...u......`....`.w........Ov7.....+......~...F.a.1..e....?@..........?...0...{..W....^..>x...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1907

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5214
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.954361469533039
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:isNYD4DElBTRDb3VHHQfWmbCcQrb7z/x8wquSdrXI+y5S08GZS:isNYDFBT53VnmbYj2wqzrXINOcS
                                                                                                                                                                                                                                                                                            MD5:CE4B4EB63DFF09E22FD3B01D9F64AA10
                                                                                                                                                                                                                                                                                            SHA1:F6FB8B334A6722A3433843CBEFA41F606DF9E5DA
                                                                                                                                                                                                                                                                                            SHA-256:36E8013CA40BF7C40D6AEDA10E3CF5B821BA647DCAF333B603C6A2554D6F5E92
                                                                                                                                                                                                                                                                                            SHA-512:5340041C5279D01EEDAC37348DC22AAC4CA20F18129CD20E0C695529A26F48B959015887CF07BC038443515A9BADF633468E3F894E76943D2ACA49248DA8429E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/mac-os-x-el-capitan-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFV...WEBPVP8LJ.../c.......m..?...ADL@o..)Z.69h....Z.ig......{o8e.TX2..2.\2..e.............*...*..J..6.....a..wu@..Sf...4..../*.V.r..(...l..._e...$.4c.n..2;.w.H..H.\fFu...^yU.;.+..P.. zB ..Lqw..J.......L.qm..g.....Xet..m..V.1N...Ow.(}.....T..V..W.J.U4.^lc........;.......J%.mUm.}.s...%...q......w...r.D..D..`......".]........n.(.c...P.^...&.a.Q)..%..2...E..T..H.....x..<..*CaUv..`....G\@.#3.^.J\...v........N.....Q.5R..8.....n.sju7...n.J.i_..n..M.z......5.X!...H.F..(.j.u .`.bD$...q.4...E@..^U.ZT.%DB..tN.*1.E."...&..yN..[...A..^.2[.....i..&a.@.......fS.....@.g_.G...#....z.(.4.H.b...D.*......k58..oI7`.....vw.^?&.L~x.......#...*..X........./.}..~.e?..6P..A"...+l._<v..H...:?.}...O.><'....P}..........o?..M..Cj&...R.J#|...T.}.....m..M.c.!y..RW...W...M....xR0..n..D..@....7.....]............B:.".....H.x.C.).U....k..P..@Rdp.07.M|~...6Yr/}~/.<..............B..<...>....j{8.*R.. .p...!...B..&I|/.?.=.O}.....~G..G...i..T+Oc....Or..".{.|..*A.r/.Z.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1908

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3550
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.914672275090758
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:sey+zQPlQT5vQLHjGnqcJG2srZjJmKxTyPSrigvqg2d1DvAIqcj/4eWpUietJEb/:HQtDjGnqcJGJ1kqrNNq1UIWeWcRUt
                                                                                                                                                                                                                                                                                            MD5:B7805888D1D6B8129A7B55E1CCEBFA61
                                                                                                                                                                                                                                                                                            SHA1:A22C56251A6D5D83BEA75905F8161D1137F08A11
                                                                                                                                                                                                                                                                                            SHA-256:C5B9E0F9B78EA7A15F2E8D8F16D16BF226E0A676E329A57C0369F8F98B0E55F1
                                                                                                                                                                                                                                                                                            SHA-512:55ED2F13C4635CFBC726CBA72AC024A49941875FDA11335186B6F15F9C616652FB31D4CA25D0286173E74F5EFFFC2B854C349792CEE4163FA90AAEABEB4FB2D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/square-cash-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.....m#9RfF.f.... .....3...$..J`...e.>.DW.H.J...rG[~_8.d.Uf........_...C..$I.{f.....W0q.I.$k..........?.|.hj...a...9..@.!.F..mS.....@)j.x.......^......DS........-...E..&...]m.,...7..s ...e..8.....[....m.v.....8.....mOnc....T....o.m..m.Z..>49&6.mm.m{..m.m.....j..I.k.m.ek}.=...].{.viS.k.....ba.....@..(.Q...j.K..s....9..tpnqx....g.%.a.A..@.G.$f....`./o.....6.T.....M....T..iP8|.dC.>.\..3...U.d\.\^>...^.)T~....*.L aR.T...;.@S........O.......Fr...;x=.E..A@t...s8%..S.t....R.A...b$...._...Y..7l.'.@.+.'.Ph......=aN......7M/W.{.$Qa.#3]E.,0's.......MW...f_..m}..r..c..T0...w.y...(.s:.*M.77.on.|y.h.X.#.0.........^?Of.Cv.Z./...>.....0..B....^s......~.....4...&!.....n...#.nSR.zW.H[..vn.p~...m...^.!.od..vuo........ ........=.\..k...i.|....a..hRkV.....z^K...q~......9.a.0.r..@.#...(.6.ig...!.N$..SdMg...#.%W..:,.....$...W".....#_;....h.6_.^..S...9H........D.@....i.r...9..H...;......o9..P.3......X.,.!W...@.E..h..}u....4Q.}~M5..Q.T

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1910

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, Unicode text, UTF-8 text, with very long lines (12338)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):179013
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.17767639272404
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:6JILD1ItNbN+QxqScJgHCseGXJCm2ynYq88zwPRsjB57MoP54ovQ699COeIHOcAH:6eLD1IjJ+QxqScKHCsbnYqXbQdIuL
                                                                                                                                                                                                                                                                                            MD5:0BAC32863C53D9CC10E2BD64B801AADA
                                                                                                                                                                                                                                                                                            SHA1:E95355021FC73186EA190B60B211E02E604FEEEF
                                                                                                                                                                                                                                                                                            SHA-256:293075A73CC6C2984547EE3120D40417756F28981E334DBC2F6AE2BE7EDB6DA8
                                                                                                                                                                                                                                                                                            SHA-512:11DD537F4205838FC0D36D3C724C3029E12543DEEF08FC3A52FF8AAC53437557AA4E7845F1E261406A2112437F3AB5B6D2C72B3CF81F3101C4B9CDB8F299475A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://download.it/?typ=1
                                                                                                                                                                                                                                                                                            Preview:........ ...<!doctype html>.<html lang="it">.<head>.<title>App, giochi e film gratis - Download.it</title>.<meta name="description" content="Se puoi riprodurlo in streaming o scaricarlo lo puoi trovare qui." />.<link rel="apple-touch-icon" sizes="180x180" href="//cdn.download.it/dit/favicon/apple-touch-icon.png">.<link rel="icon" type="image/png" sizes="32x32" href="//cdn.download.it/dit/favicon/favicon-32x32.png">.<link rel="icon" type="image/png" sizes="16x16" href="//cdn.download.it/dit/favicon/favicon-16x16.png">.<link rel="manifest" href="//cdn.download.it/dit/favicon/site.webmanifest">.<link rel="mask-icon" href="//cdn.download.it/dit/favicon/safari-pinned-tab.svg" color="#5bbad5">.<meta name="msapplication-TileColor" content="#da532c">.<meta name="theme-color" content="#ffffff">.<meta charset="UTF-8">.<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.<meta http-equiv="X-UA-Compatible" content="ie=edge">.<link rel="canonical" href="https://

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1913

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1914

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):48
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8915414066556506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YGKeMfwDpHXAYHf1HJmM+sJiK4:YGKe9t36RLp
                                                                                                                                                                                                                                                                                            MD5:82AFE934CB7D3AC2858D3374014A24FB
                                                                                                                                                                                                                                                                                            SHA1:FA6FBDCE4D72662A4FE391989A35280492FE367A
                                                                                                                                                                                                                                                                                            SHA-256:2A16AC49668DBC041EC09F7B52668E59828413DBC65FE1C8FBD6510E72E52471
                                                                                                                                                                                                                                                                                            SHA-512:7C879D04F27F5A53EA8E89AA45917C56B6816B7F2E044791975A6CAB9D155D9C7E603464FC52984A17C37A600B91859F97935E6160A2C5C7000E7807486970FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"country":"usa","region":"fl","city":"orlando"}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1915

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9889835948335506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUkxl7/lHh/:slf/
                                                                                                                                                                                                                                                                                            MD5:B4491705564909DA7F9EAF749DBBFBB1
                                                                                                                                                                                                                                                                                            SHA1:279315D507855C6A4351E1E2C2F39DD9CD2FCCD8
                                                                                                                                                                                                                                                                                            SHA-256:4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
                                                                                                                                                                                                                                                                                            SHA-512:B8D82D64EC656C63570B82215564929ADAD167E61643FD72283B94F3E448EF8AB0AD42202F3537A0DA89960BBDC69498608FC6EC89502C6C338B6226C8BF5E14
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1916

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11174
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96465707315276
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:6JUJdyqNyl8vg0nHubdOpYeysaYL8FGi584qvmgJYFa2WE/QeDJFUBgDA23dm:eCyqNyy4oHuQWeysdL8MiXiOFaooeDq5
                                                                                                                                                                                                                                                                                            MD5:5325FD7E461CE4F6ACD02973694117DB
                                                                                                                                                                                                                                                                                            SHA1:D1772C3DEDD19523DAEE4D3739552252D30957AB
                                                                                                                                                                                                                                                                                            SHA-256:472AB2DBB6B644208433011C4DA7179081D915DD6301974E8E3391A44310F8C9
                                                                                                                                                                                                                                                                                            SHA-512:6C6A2C0DF13ED8B9F4745D32A5762B00CC076CA03B01F481C30EB5B6C50F6E22033E2E007CDAA3E4224C13424D484981E055D19124E12BF795E7B440E1E80A68
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/kilonotes-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.+..WEBPVP8L.+../c.....m.F...E............$..~N_;7.y.1.W...Hz.l.)..Z6s._....P.}o0..=.4T&>.....Ue}........PC...F..H.'.D?.......$E.=f.[...j..m....xn.7.....==..$....%Zb.._.&.I...*]KM....d.;u...7....]...t.....O|.4.9~.......Q..(....s..qa|....i"M.&.D.0..>g.....&.....V..O....zQ.jhL.M.........w..v".#..|.....w0..0.....m.......CDL@..[.G5..m.m..$j.s.k.F..m..l3).k.l.6m[.Z[.c.9.\<..m..x\...q.;a.l.>.u.=5.{k5..$.Vm.-s/......{......$...DOt....9...Z.$I.$I.E,.j.q.[UA..S.@......"..TE8..m.&I.u]...f.AY....\%1.\ZM..Q.H..:J...1.......9.m.m..\j.s.1...[.M...1{-.$.mK.D.._....I.3.k...^..[.$K.$.B......P..~..m.9...O.|..dI.$Y.........&.....!.D...e+...9..|............1:t8.g.......V[l...Rczz.[..~.~.....{.....{..~}o.~........~.r.s=ns......:.....<....>....._...U..@..5...W.. ...:..........r.>..v{`3.|'3^...A...@..&hR..R..Qw.E..rB+..R....e8....B>.Vwk.=....../..P|#......a..U..5S.]..z...{./o...._GH".]8.....V.....*.j.lU.59.T....Z...UR..FW.B....K...g/nm......O

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1917

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (340), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):340
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.188187168139427
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:Qg+RwlpeXJ9STgRh6vyWEYEPgTMeXK+nJiWj6R/HqmCkrKKfpMC6gTMY3:guIXhh6vdClbWAWj6R/HqmCkPiY3
                                                                                                                                                                                                                                                                                            MD5:FBF25F6951AE143192879C26180131E7
                                                                                                                                                                                                                                                                                            SHA1:2E32FFDEA49508FBD64FE0633136CEA64BCC029F
                                                                                                                                                                                                                                                                                            SHA-256:6C47F3E02450FE4747D36494CE483D7ACA3CFC507F1A1E092029CFC6EB3A5AD8
                                                                                                                                                                                                                                                                                            SHA-512:CA496D81F33D79D7EE18D41854C5CD591843B2FD9705B2AD65FB053A6DA488B22F90EACC1D4AFC03206149F7F00D2CB9C9527A65ECC46C20414E76397485ECC9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/js/flickity-home-fixer.js?v=1695907987063
                                                                                                                                                                                                                                                                                            Preview:window.addEventListener("DOMContentLoaded",function(){var f=0,d=setInterval(function(){var a=992>$(window).width();if(a=a||10<=f++)clearInterval(d);else{for(var a=0,b=$("#home-rank .tab-content"),c=0;c<b.length;c++){var e=$(b[c]);130<=e.height()?e.find(".carousel").data("flickity").reloadCells():a++}a>=b.length&&clearInterval(d)}},100)});

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1918

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12802
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.987097476113791
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lGSkvJOvL4uoK4JF9pOc+YSZFP2bRdYncu3TtE8Qr4uo8fxGZ40mqWZCBIAFDJU2:cOvL4HPylRZFubIZxQ4ZYMXmqWoBt66
                                                                                                                                                                                                                                                                                            MD5:C136FA1AB04B03335D8EDEEA328EFC6C
                                                                                                                                                                                                                                                                                            SHA1:054708498FA5E2AF9B945B34A790E4B2F37D97C4
                                                                                                                                                                                                                                                                                            SHA-256:DA0FA59B06899A74D2006F2F4546445AB8263F83896464CA7671E9DC4ABA8235
                                                                                                                                                                                                                                                                                            SHA-512:1B70FA46ED3A0E5C138EA7A15DC8A412DAFBC33A24DAC84CF926E162C220CAF4B34C1E952952D1EC11ADAFFF87DA51AD5553A42753D8BE551DDA6915E0E52F6B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/perian-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.1..WEBPVP8L.1../c...M0h..2.}...7....../K..~$.@I...h..e<'.w..$.+....v..~.m....-LT..Q>..Y8n$I.b......y..m.$G..I.QC.....[.S,.._.GG.m+.)..*.a..'.;........AGo)Wa./....o...ui0.%...B..".(/....zl..U.!. .C.....`.|Y..m........\i.X.Vkh.O}p..s.Z@\x.....U?-u..0..tz9.m.U.......a.U......8.YH."........-..+.../B.%.R....6..._..[.V%n..q.N.'.E;5.}..|Qr.KL)_.B} (.`.....=.h..a...m....;.....m.*XS...v..t..9..i[.m...b}Q~e........r......w{.N.^...9..n....?..Ga.R.R..F.5..a.b..ZZ.sb-tRZ.cp.....f..).d-.....F.$P.".m..5......X.cj.q.....7....."I..Q.=p.]{n.-f.....".....mk....Wkm.....m[...f.l...=...T[.....F..&.m..e..Vde6G.l....G...6.Qf)..mR$.-..C...H..|W.Z2F...y...n..03....3S...-).l.V.".`...9.K..3|.|c..1..TUD"p.........Opz.....pB.v./........E9,.,.7.b6f.s.F4..8........<I..T.....X.r.A......$9^.9.....I.$I.<..z;5....'.Db.I.$Ed..).m}5].....(A..........|.u!.,+;?...=/q.7.Z..I..@W.m..S7QA...l....Zkd..%...u..]...6..4<.;.h...Q...!.%.<....z...Y..5..Z...}-.6..,@....j.@......b.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1919

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YGKeMfQ24:YGKed24
                                                                                                                                                                                                                                                                                            MD5:055DE8F64447F10ED2C4C7F78E27B7CD
                                                                                                                                                                                                                                                                                            SHA1:BBFCC7FBB135D3893E9BD559E44E069F57DFAB31
                                                                                                                                                                                                                                                                                            SHA-256:30C714BF4216E577686D238B98561D093672CB25BF90BAAB50DD956F75CDA4B3
                                                                                                                                                                                                                                                                                            SHA-512:1A726490120152235BBCE20368630EF20FAC7964BA32F846FAC2C1F1A58EE9722356AD94FA6342685E8CEB5015CE2E944EDD739B901D3D9B0A22A5238118142B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"country":"US"}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1920

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13252
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970882554270055
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CQzvh4owdXCuD0e3AHtWDJdSFVIkw6H+dhPMcwbszLSoP8H7xrl+0iS5SP1/R8:rzZ4oOXCuZIwDJd+zihkkp+9FtkM
                                                                                                                                                                                                                                                                                            MD5:79D09AE82223AED33D3B2EB307EA59E9
                                                                                                                                                                                                                                                                                            SHA1:BD6E7ACB7A3AE01E1935B4E0441F5A33FB285C26
                                                                                                                                                                                                                                                                                            SHA-256:E9B6B3BB287B89B56C3670AA24454596BBE811D056DACC43DDE28B080A7A2EFE
                                                                                                                                                                                                                                                                                            SHA-512:21D3AC2780AEAB244960C351BF527E5A897E265AC4CE1A5CF83B981FF351314594ACA56F86C2742B5F945E6A76C2754F411FE664DD1756E77A02D369159C52F5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..3OIDATx..{.diU'..{....F....^R...(..<.."..cw......6JM+k..J.f..Y.n\.ku.#.`.N..P...*..y5(..6.E.....}.q..o..N.{3.)...X7#....>.....}.$.........(.Rd.6..@@!...(... ...2....@.r...|.B*`.3.&..1.ee..e.tP(.....(.......`....1.k,$.p..n..-g)h.....^}..)....H...P.$....<a.2.P..t.8.....0..i"F..f]..D..].#..D.m......f)Vt....,....IY..m....d...\!..f_.'.b.........W.K.......Gy......+..H....|......U.......V.H....!A...E..E..]....W6..W..d.........v.A.....l......".......d V..e..!BV"5.@E&....)..%....:..t........A..... ...p_8.|>...FH....'X..y`i....0.8.)r.k^iDhc.....}..*I..b....I.`.f.S..iV..I.. P!@....\..........M..P...W.A#..*+.s!..............o...0...'5z.A......@.:|E.2.....@$@)^.@+...*..qv..7>y./...B...+..ZB./k..z...Y............N!l......+:.@.....Jgv.$..W....J.T......;..xH..g.,PQ...+..K..U...-..Av....n&...D...........!hTD...$@.%$...`.P..Wl.....}...[........Y_.hj8HR.Q.'..[.W...k$

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1921

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13917
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.938196999330072
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ATasohpody8N8x+bOl3zdeLb2e1geRPoLTgI2Q2n1nCVDK:CasqpWdNO+CRzUqe142WK
                                                                                                                                                                                                                                                                                            MD5:8FAA76ADD992858090EE0D70952C92F7
                                                                                                                                                                                                                                                                                            SHA1:E3E2173A03BAC5B0C606C0E268A1294B3B8E8066
                                                                                                                                                                                                                                                                                            SHA-256:862167E1FF23AF5C9207162FDEA76A85F59553CE58893BB1F1CE79E7359B229A
                                                                                                                                                                                                                                                                                            SHA-512:FBBC6C9DFD2AC3328D7B3E66E9BCF58EA7F7B8BF03EB93D9AE6AF316DA9E09F4921F1B2594C15FEA3A5A8A7D81BD385E60891F49EFE3C64E307CB7093214C284
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..5.IDATx.d....].......{....g..c.c.06.f. i.DTm...$.*.....Q.V=.Q7RN..'.(.8..M...H.x.=.......y..}_........zE7(....4...,...ov.{..R^....C.x.^...P..S.M.1...;.h.E.&.....;D.0.a&.v....s8..=2+.3....p+...Lw.e.8.Kfe.g..FF.z..z...~..?.?x...d..0i.N.E.KSp...m.1Dlhh....F._8...._...o..6...[..;..F4`a..&..N....Yt...Ab.0t.`..5f..G.1..=.*.].....,32.Yv.Y...V......V`.......O....y..O\......5..he..).NN!. i.HS..9../....._.._<>...;N....w....&..t4i.t@..t..jw...C.,-..M.:t.F'[...f.YXXt1..=.....rVw.%3...H.f...d..q.....v.....o..G.~.".f.3C[{.q.$QE....M......?.......G.X.t.9.Za).0.%..N:.4....L.M............:6tb..^..a.....Yt...92K.f.q...`...9.YXX...gm[.5.~.*......y..g>~.s.;{....F$A.....u(....?..........8=.]2.8....P......!)..C....;......H..P....6....,.06ASd"...4..(e...%...%L7.2....l.\p..O.x..xz......z..d?L..Y.8..2H.V......?.....-g..4.t!V.`G4I.4..@.F*P.....FC ..-.*..T.LgH.....['. .h.P

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1922

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6259
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.618574840765371
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:/K5TAtgQp3lS9383Xay86IYl130gDam2G:/uTQgY3g4blt0ji
                                                                                                                                                                                                                                                                                            MD5:C2B2A9132AA89708A697ECFBEC9AE65D
                                                                                                                                                                                                                                                                                            SHA1:B1BB24D8FE8FF73CE43C6CED5B4AA714538805DA
                                                                                                                                                                                                                                                                                            SHA-256:C1D5F7621CD90C3AB5D0310C0ACB6ACB039862528CDD8F77C7CCB8867A16DC1C
                                                                                                                                                                                                                                                                                            SHA-512:FA36C011C1A1C6EF271857FC2CF1ABCE851102E979DE083788613B0F1144F37C58216E9880315CAF0D784A628C9E0BFCA612564266431A586F3A305AE600A479
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://cdn-guide.download.it/cdn-cgi/image/width=576,quality=85/2022/11/come-leggere-mail-tiscali.jpg"
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........4...................................................................(............................................................................................................................................................y.b.. .b...V..........3..c.L...sd.............b..<..WP......2.;?@p.........3.....m....m.....~L..Z.....%;!..^dn.7 $.N.u.|..2.?\f.`.m....,^..{Y.-.sa.{..6.&..yz........n....-...#.y^....<........D.....{o[.o..:.qQv%QY&.....b..*>{....."...X.6.-~kT/.".k] .;.y...k.........Y6u=p.g...............z........E..+..m...~..}.WP.l.......|.G.2...........DbQ..u.hk\n[.7UzEW.zp..f.T.y.;r......wh..6me..^....].$...{._6Z...Z{.ca>t..I6.2.I.:.DU.....m.k...JKc..c...x.8..k..wt_^...kRu..;.Qv..f.....N..^W...HG.........!.N..$..........=.W.8.h..^.C........G..%.....{...|...l.s.....{[Z..,..U".U"

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1923

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12431
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978511212079476
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vQL+uBX6q2EcGW/CZnGQLiS6Iac/qqZRuJlXdsaPjsoN4t5J4OcJgEJkX:voX3gGZIFlJlrsA4nmO6w
                                                                                                                                                                                                                                                                                            MD5:97EA83DD2D8E269ED678818F40CFB527
                                                                                                                                                                                                                                                                                            SHA1:4807B1F7C279055EEB82DB6836249982D439C3D7
                                                                                                                                                                                                                                                                                            SHA-256:0BABA0F6B73C603101B0D4DAC9C6FC1BA3EC48D0F455E62780DF8B96F633DC7C
                                                                                                                                                                                                                                                                                            SHA-512:8A2EAA7DCFE212C664D18C43CBA73F14C3B3011881A395B8A663E9EE815CC03F1BED19E9B184C659E1E23B5C9B01407D61C3C9B9A9F8A2BBCB6EF707BA124E2F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..0.IDATx...xT...L...wQQT.ZPD..Q. .^..v}.T@zI....{!.N(...{..K'!.H'm.....[{.9sf...r...7...w2s...Yk..Z{G.........g...8.H.|.......x.e@"!.....b..7J.R.8 ..Q.P.d...kj..n\.....)......p...)..E)......\.9}:`..oW.?w..y.-Z8q...{6\.PT}..o.....?(.uMMG._......>X0.Slt...=...&........Gw......l.58......`..&*..55....veN....~...U[./..~..,=?.LyY}S...o.+..5..%.O..:D.LE.v..)Im...A#.}ZZ...f...+.Q. D~.?!.s..uM.7.lU..J[}....V_e.U.......%bP....5...)...,-.n..b\..b.4>..M.u.s..-..s.o..Rn..oT.re....;w._.....-xwN...C.f.\.....Y.3c.Y.....+..nh......%.KJ..u..[)I.A+..[.k;''&.:Ti.q.....K.v.....X.o.=+.....~j.I0...7k>....Z..O...... .Nq1_.,O=.....zm.!.2.....;.R...8\\...ew[-...^+hf.....~.2.VD.C.7^..Yu......IOm.k..Z....:....:.A.6.U:.oj.F...:/.Nm.Lz....Z......".>Z.0f.....E.......4...S..8Dq..'...o/...A'h....H=.g.E.=,.....UW.9vt...... ..Ne4.MF..2.8,A.E^z..A.e..^/0R^&C.......jli5";..n?...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1924

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21494
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.959804879455797
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:JyjobFsUIlxtyAzhw03Gy0jxLNFn5U32yA9BodGwjlU9v4KKOs:s01IlWAzBdkFnKmfSpU9vzs
                                                                                                                                                                                                                                                                                            MD5:DFC1119C18797224C76FEA20833EBFDE
                                                                                                                                                                                                                                                                                            SHA1:8B46071714B90BF8645DC2A69874C8AE134C1343
                                                                                                                                                                                                                                                                                            SHA-256:3BAB7B0BC85EDB0D60FE440B70B9434637F78BE8314A2CD6B142225884DC8D5F
                                                                                                                                                                                                                                                                                            SHA-512:5B6883B3FB2B253BD88CEE89B4B01C426FCBD47D2B33F644A26FF7BDFF9FEFAB41139FBC11EAD4D848C0DB0A80C46A3BD8B7452759F9DE74B86D8D837E994E6A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..S.IDATx.].w...u......tr...7.w_..=..<.!..@. .P..D.4e..xF.MYUS..X...?d.....*{$qhRL`...Hd....o...'../...q...9u.Cu...wX..........& (..Z#.h..i.S...@....G..w....>q......D<"... .......0..... hq..n#R..a.......A...p...P+R.....< (B. .. .$.r}.k)*.L..B....*Y.U..M.5..Xk..H!.D.....q..#.@.$.`......`...A.P~0<...8!...."... ...{...n....M...+..h}a..[...R.Z.."... .........{.@...q...x.k[;.7_|.W&...}...R.h..B`a"..>.....w!...B].......|..RI3.N.0J.jz.[.[......h\6.'N....NU..X..5...p..;Q..$....%.s...,.H.l..v.i.....DDDf.......{/...VN..huw{.....vjma..k_..9..e.]. ......P..@.....(....x2M.._..._..o.7Q.,.....O7..$.L...."$IR.......km][aP.B...*.=*.j..w.pn.....n.].\;8x....~.~ng....R..S.(...I;7....hn.3....R..K.@...(..9.,..@.AD.B...H..jW...^....L..4.;.........a02_m..!...D.........{f.,.....t....7.9....'k.|.......2..m..J).=.'i.].mE....*.u].)..-...M..V4.OwDz....M......g.}.S.vXe...A!. .....O.J;.4..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1925

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1927

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8774
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.901665230823109
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:PiPnim4x1ju1q9eSglcGrLGcsw0uAFZ3VAQq4WpmBP5h7Idnnae:PiIx1yc9eSAv0RXqQqBmBhh7cv
                                                                                                                                                                                                                                                                                            MD5:8C84695242A4DB76F19499C9B17BC844
                                                                                                                                                                                                                                                                                            SHA1:0532C01AC6C93A196D35E424D2309AD303A1E21D
                                                                                                                                                                                                                                                                                            SHA-256:9D41ABF5D629D41705147F7071A54B5F68D39302C8CF0D0AE76F371176BB468B
                                                                                                                                                                                                                                                                                            SHA-512:F8EE74BB16DBEF5391B2E93BFE1F564FD393B3537D6317284D076C3B654898C4E6B6919B9C1664D594D35BC8F4348DE70B9357FEC1F25695C75287CF69D46BD7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/tv-tap-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF>"..WEBPVP8L2"../c...M8.$I........%.....N.]..D.......u....f..Y.._.../3@M....L.nc.V..}..<..J $$...=0.$IQ.*X..N..-...m.F..J..._............%.C....8.x...@..^..x.C .....q.l..ha....!.j..9.Z../.1L/06.^..$1c..80..{#.k.....IB.....n..I..3.Q!.L.OO..........$......H,""b.H.....=D......!Z$.J@.8qh...T9...m*..M^y=....mm.vI..mff.....G`ft..ik...2.NiG..6..>_...2uD.a...A..f0...-.j...R.$.$.E...p.....c.l....t......C.c3..z..).3.$.X....)..x.m..n.r...S.......L.o*h....zk..>W..I.#IR.E..Op..c.<[....m.qI2......ff....6/.}...w.n2C..@Q.mI.y4&.._k.m.mk.....m..m...k]...(.F5.m...l..n.w..m.V-I....XKD.......'.-...]E.............*...T.BF....*.P..P@......P.Ie.).....HWvH...........\.z..]..PB..l......9)...x.....q.....1t.....v.S3....|..... ............;..-v..v..q..M...*.....D<..H..u...:............~<....P9(B8D..E(.E...0%K8T......@..j.......[=....^...E..........F.q~n..1..L.4...*..T.J.Fi9T.....`T3N.O....o.K.u..2=..r.`.......Mm?.j.k..E~{..y..J...%.i.=..U.T...P_+....v...O3...z.........w

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1928

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7670
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971289140671173
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:M1gv1Ev8WA6YEhPf+XxEDcw99kR84qhYhWQr0/3n:Mg1Ev8WA6Yu+hEIYkRYYh/0/3n
                                                                                                                                                                                                                                                                                            MD5:5595D1CD0D001A0F1F21E095A6F19B78
                                                                                                                                                                                                                                                                                            SHA1:64DDD37C0293940566736384DA4D7D774D922246
                                                                                                                                                                                                                                                                                            SHA-256:AA72802E7BC81BB196C5F5077CAA50A619679F49A9E34F775CA8ABF9198B62CD
                                                                                                                                                                                                                                                                                            SHA-512:1887D2184C8550DF360187BEB44CADDAA6C72B2B75359DAC029F56FEAE7349B5F4869B7B3E0F8B027AC90F9474767B14875C58D1325BFA6F3B7883A85AA2A7EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/es-file-explorer-manager-pro-1-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M0h$I...._...".?..M.....|.V....C.AH`.*$S......7.^.U..3....$)....KHme....7........|.y...$2N.y..H.....`i..@g!...........>..Pu.={....A...K.{.<.*..&..N.:.6"".T..{.......q.B.Vi...!@...so.9e.!@.(.4..V.2....w.Os..Q...F..4[i....m...z..3L."m../.$9..YU].....8t..................L.U.....Y..~.q.W..V.Fq..:..~Rj...R.VH.e^.Ji.....R.(..2..Pf..B..ZZ2.....Q...g.U9.m.....$_r-f.b...._...C..B.k.&3...4l....U.m+.Rjk..f....L....[$......[.f..1Fk.....2ruQG....B.Le......O.4S...(.882...e.7atu..#Lq.....~t.n.#..-^.[...,.. :....Ei,......tVwp..4,*.G...G$....v....:<..#ml.C..tIns"pbc.CF.H74...^||.>..+z.uJ@DX.E.."..H...bs........Q^.s....G.-3e.....]..d....U..0 .....c...).Sg...9..y...%t.`.........Jv...96...u/.HmE9.O..R.ncS....J{...T.B.....w.'eH.....S.....DN:.$s...E}1X..S..c.W......6$..g..e..x\...6. 3U....J..P. k...~...>..>h.....'...hH...I9T..=.p.akn.{...|z..8"-.KO..G.&z..z........1Y....I.k.J....6../...DC(..Y.cu.RW.P.T.P?.<...=.wu.U.^...q

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1929

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):18582
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.986056955532681
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Fpby8BCKd9A59nyl/pnsd2V3adgWWO/ZxjH4E92W0FcnKia:/zBn3wBylxDadgWHZxjH4uXA
                                                                                                                                                                                                                                                                                            MD5:4012D7345FAB70928AC330D8B457E26E
                                                                                                                                                                                                                                                                                            SHA1:4F5E7BD1540CB1DB5370F759568B1F26EDE827FF
                                                                                                                                                                                                                                                                                            SHA-256:1C58A37894AB8CD0E04CB78CA080E83093635BFDF0A70C1186D1C64A351A7626
                                                                                                                                                                                                                                                                                            SHA-512:F27021CEAFCF5E796B520744B165DE638D3616B064ABF388E4A112B8F234F08CEF6A7E1865A591C38E8F66A7EFABC2C2956A50BBA465734582E8DE9E1971E19A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/rocket-league-sideswipe-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.H..WEBPVP8L.H../c...M0l.6....H...."...P.LH..W..G.C.#..S...!.<z.#.;...@..._.P......^k.%.............qm.J.._.0.W.(..b..........B.a49........ &..H../.x....C7.e.4CS.?.`...R.S.....nbgq.9;.:*~5..]6..iS..h'.iQd.e.y..AC..|pz'U....4.4#....0.....9...bDLq&.J..d".rs}..}....)."....7.(.P.3.....c..<...... ...t.....^..S'.#.!t...Uj..&*..G.m...o (E..V.k.a...<3...E2....{.D..U.....H}laC.Me.~.T.UZ..`.....;'..T...*..@.m..g..CDL@..).*..M2.6.....3Q...&f{.m.0..A.J./y.$[.m..K...>....1.;.;.Sr...N... 3.Y.c....Z\.<'....$Y.m..<Jm..Xk3.?.\.tqJ.y...VKq.$Y.l...GV.x..9'8..I.....e.0.....m....F`.|...:.l[f......Crfd.c3.W.f..0L.........w1Wred.+H.I..l.Y..mR$.....U53......{..z.\\MX-X.U..X..8fBx8...'m.$I.$...@@"bf.lp..c..........'......*..0.".@..m........j.eIf.c.......x.G......q......2H.7w.......i$I..e...............e.Zf..M/f....g.a...]..,.em..H.m...$c........93.^..b..0c....[.}..>Zut.@.....I.6VF..]........I>....o.7....5.......y....t.../..o.......=..r....'}N.....cbLs`..8.f

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1930

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14146
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974814837428015
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:X7/dqmkV8HICvD8m5+L8Lu+FjCF+lVEUfS/ySYv3QRik:XTRS8HICg3L8y+F2FYEUqKSYvOik
                                                                                                                                                                                                                                                                                            MD5:D4063E146941228472DAD754D85054CE
                                                                                                                                                                                                                                                                                            SHA1:77878713B6643FFD685BC681135DA50FFECBDF30
                                                                                                                                                                                                                                                                                            SHA-256:AF67CB704196C72177CE619E03B722035957ED9F5C40DC201AF6F0428C5FDBCB
                                                                                                                                                                                                                                                                                            SHA-512:7F8DE5E6FF7BB8D565078BAB18EF4542961253BCD079B12FBCA9ABA7EBE9A8F1132B907FCBF1509883974DB7F53ABD56E95CF0BB1485ABECCC0AD980A484ED3E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..6.IDATx..w.-iU..].SU;.xs......l.DB....J.. JzE...GQ...A.w..Q$)...".dI. .I....p.'.XU...QU......y..}...s..{..~k..Z.......... ...A....U.T.T.R.024.P*f...B.h9..l.gk.6.c..^.'....H.^..?...V-..%E...P.#cU...0.3.^`T2...B.&S. ......H.%.x.%.L..6/.g. ...H.R...5-...W#+..G.B..26.a..)".PA.IEC@.S........Dh....TN..@&..f..TW$...}..&vP.E.!,+.u.t....P.!W.9.@n.!.ZR2....bJ.....g...Ev....n.m.u.8.r...CX..N.jUZ2V``....D..3..+.aA..P.`.tT.n....C.u.1.A..J.9.z.%......3f..}.....Y6..r,rR) ..... ......E.(2P..f...iYs'd.E.V............Ef..Z\....%.'....X.}...X..Yp..#:..=........PR.#%...kc,Ft...m..Q..*%..B.E...."...1P.....m.vmg..13..'y}.....a.5..1#G.......E.(.b.P.!2....QD....B.... $..\.sB`d..@Y..........B'....?.Y9.9......I.........=m.+x..;..C.......Q...F.u40A....g.Gi...@....\..=%WJE..U.-OT..4..`e.;.rY.......W.]J.......K.....'.H...$ .*;.B...Jl......F.. `.B.Q.E..+.c.4...M!.....("..b.(.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1931

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):276
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.190816455620734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:TMVBd/i9mc4slzYbNDgtj9fhWR6L4mqZWzCF9xJLmgUhXqI:TMHd6+bNKjz8h9nWZ
                                                                                                                                                                                                                                                                                            MD5:A2AFCE8C63269C7E8A5A3D5C90A88519
                                                                                                                                                                                                                                                                                            SHA1:47CF7B541C27E4D4E3D5AFED9D55B288A923FD98
                                                                                                                                                                                                                                                                                            SHA-256:38AFA88926F69F684E93AC9023338100A57B9424CEDF63F7EE73B1202C98EEAD
                                                                                                                                                                                                                                                                                            SHA-512:3F55865B7FB3B6ED27827BACED720A9E578328A10095E7BDEC07A2BE70FD05ED9EEDD2F76B3EBBA8ADFEBD293CC459DB73D00CE03A0FDD88169BD83D8A34B85E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/images/maglass-white.svg
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="490" height="490" class="svg_maglasss">.<path fill="none" stroke="#fff" stroke-width="36" stroke-linecap="round" d="m280,278a153,153 0 1,0-2,2l170,170m-91-117 110,110-26,26-110-110"/>.</svg>

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1932

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12776
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.978066674677245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:+yxWw0F6wSeFP67SPbDoZmBa7RYA3qIxrhQcIhEnZvu3knnVIXbMI2j2QS8nE8hy:+yfwRtbDOmI1PZrhBIhlk4bj2p2ixk
                                                                                                                                                                                                                                                                                            MD5:B67E16BB96315BE1BC7CA7779F44C034
                                                                                                                                                                                                                                                                                            SHA1:ACFCA15267C616E5B908C65ACB37A92AC204A730
                                                                                                                                                                                                                                                                                            SHA-256:119F6B6E3F4F7128BB5E85F69249BF58826F1835DB257CB7521CBBF5022466EE
                                                                                                                                                                                                                                                                                            SHA-512:BF14EABF08D7E2D186C6B84268F441FC2B4594C1347A874C7623983237EBE7711FC7A8B3FF161ED6547B88492B5C5FA67222DC4DE956D779DA06F3680731C330
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/neo-mame32-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.1..WEBPVP8L.1../c...M0j#.z>...?.. .....Q....4@...}.<...(..#uQ.1..<C$O....m$I.....o..I.".....m...X...;..?.x...$)R.o.>..c.h.....k.y..BP.$.....N0I...c...-P/Q@M.5.q.8AC.h.V/*..p..>.?.S......=.F..'D.z.|.2...n*....SiR.....TK,.....8.........HL.1..1`..9c\D....c.."#..c@}.D... A. .2.A......g...!"& ...}p0vz.U8.(..E..'..H.,I.mK..="..z.@X@,....w.~.0.........w7%....?O.$.-I....}.uN:._.Kk.A...bO.$.-I.....u.:.......}gs0p.HQ...rL....m..m.V.Bk.....Id.`i.....Kef...R....J.$In$..,....#..@E8e..6......s.....g=..d.x7..m.T..._.-nk..........3.@.}0333n..2......s..J..v.Y.eI......I.T.m.="3....L..._....|.:s..Ck...Q.$.m.r......>...L..7....c..ZABD..............x........sr..h......8...B..|3.7NP............H..<..p..h...\5h....[t...w..^Dt^..%m.X..r....+..$.q'.. 6.Zo.s.]....~..g.V.\.P........8.iWb........s.-..~..>....|.kS.5}....h.kO..;.@8....p..t.k.S)...5.P..o6.\c.B..B...........+......]......Z.8lF........&U5M/...\.^..Y.8..p.s......APr..V}.y..k..5m....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1934

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1078
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.240940859118772
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:etFEh9HYflvlNl/AXll1pe/WNN00000000000000000000000000000000000001:QNtY6+lKY6
                                                                                                                                                                                                                                                                                            MD5:4123CE1E1732F202F60292941FF1487D
                                                                                                                                                                                                                                                                                            SHA1:9F12B11BDE582DAE37CE8C160537D919C561C464
                                                                                                                                                                                                                                                                                            SHA-256:D961B08E4321250926DE6F79087594975FE20AD1518DE8F91EB711AF5D1A6EF8
                                                                                                                                                                                                                                                                                            SHA-512:11B24C2E622C408E4774FAE120B719A21A0B2ACFA53230126C35AD6CA57D33D4DE79CBE11D296CFBDE9613CAA03D66B721BD20CF4EE030CF75F5A1FD8A286DA9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
                                                                                                                                                                                                                                                                                            Preview:..............(...&... ..........N...(....... ...............................................................................................................................................................................................................................................................................................(... ...@.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1935

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11678
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.963620158873159
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:SoAlmW03qJK5vNEd6i6Ul3UgPD1YdQFcHg9IIs2SqPDNAi+RoeHZsf21jCpCSY94:SofWjAvOd6i3xPBA20u6oeHZsfGjCxYe
                                                                                                                                                                                                                                                                                            MD5:C5187FDDC310451560B5409B3BEBCC38
                                                                                                                                                                                                                                                                                            SHA1:1A3D9CC3AA090A6DBC8DB7A66230BD141DFF7083
                                                                                                                                                                                                                                                                                            SHA-256:344F7526DBA623467B6E62C8DADFB4D88091428ADAFF5C8A8EF84EB4062CF08F
                                                                                                                                                                                                                                                                                            SHA-512:7E97F0F0E1703C46151BB0EB2572EDC987545BC6DDA3561486E58AA3E2F3F2E4CC7BECADDA1EDA97724D1A0622EAEA650D3E8C2397E8696D614F244CCF74C159
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..-)IDATx..y.].y..}g.......h4...IP.w..,...i....IV.d.Iy...LM...jf\.xb..U...(.$.."..G.(Q.%s.)..u..w.....?^w..f. h).[.......w..w~.r.23.... 0..3C..X..H....S.........D"..u...\Rp?...1.....-.R..+.x.=T.X.R.28.....T..Vr.....!a..4##....... .............@7.........@DdI...."......X...1G.T..+..Y.p...&JR....:....:<446R.n..n...@d.T..G.b.1....".@....7.......?.{....#.#...,.@`&.d...UQ.eN....k+[..d......'+K[.ky?Q..Id.R).+......,..k..]..oO.1...5..JS..<b.....@#..............Z.u...@.<...C .3b..Vf._l]8.v..b7..l_..{...k.|..*.5%.8bg...V.....c.g.j...S.=q.+...O.;8{..=.......r$.....@..q.......O.F..8...". .0..,..<r..|q...;.x...s.-.C%.c.........8.T-"#RU...+.Q~ j.lD..'.R.>....\.Z....b%....WV....#M....%..}.1....6....6Y.i~+......a.p;_... ...V.Z..|.[.nL.....q.Q..h.BY....K'.-.,Qj..Ii...."..a%.V.....~...kF.....p$...2.n..7.....leq$.........C".3" ..h.=.0 ...v.._..M..............Syqq.....qd

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1936

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10766
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.949650183993784
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:iN5s8pOEJfQT4zISKih3goIO44faSW2uvvDCACMYThphO5CpsVEu:iN5zfQT4sS5pgoZ4sFzuXoPhRp4
                                                                                                                                                                                                                                                                                            MD5:2A20B65369B1E56069CCA936B8377FEB
                                                                                                                                                                                                                                                                                            SHA1:0FDC2C6818BD2BB4CE72024EA54B5D65E95FB5F4
                                                                                                                                                                                                                                                                                            SHA-256:06936184763BAEA7FBE9DC74B552BCF35551B39F80728A039D066F28C847C9AF
                                                                                                                                                                                                                                                                                            SHA-512:6FAC958EE60E0939AD59E046BB7DECE6AEF3F46CBF68DD98572B4A4A9379D06999FE3200CA69E4CD8B4C7CE2079ABFCE84D4F70BB5405C407B591029D22CA6AE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/hattrick-organizer-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.*..WEBPVP8L.)../c...M8h#..-].*..?`....,..c..v...}d[h[.y.z.%;..j.....U..P.:P.....GE...OX..#Y0.$IR.W.p..........6rdI:.fc1..'i..$I.......)...eee.W.....WH..'.E....8.. .r. ..k.......8.....".......`.6.)dl,.I. ....G.W.&N.y.CD.l.....ob......L%z.w6....a..#..X...H..O..u.Y.l6......R..Yu.&F.}..x?.cY...7..&... .0..m#(...w.O!"& {.bOewU.....Riz...~(.Xv.xl..m.$k.>.}?.3"....6j.1z.6..m....n.S..m.=l..]fV*"..8ny.l.$.Z.c..m..q0`..v..S>%\:T$....nn..Zs..[.$K.$."bQ....O......`~h.n..~$.Vm...r.m,f^"m..0k;.(..l.:3.=q..[...^...'I.d.$.I.y.j....]....[.$K.$..d..z.....%L(&.r#I.$I4j..x..y.......$*..o.5.m.9...O.b.b`.....F4.Y..#.p..........8..c...e......@.H..2Ac.ZiL.K.s..p...4..........Bi..:c...q?..4.r7.3..Q{..D.........K..5*.Tj..!..z.....j.v..5.{..,.........}.Bg?. ...<.y....H..4*ueL..`*.>.b._LsgB..m<..?|rS.{.vS{.....l.Y.]d...e..`..Pw.....!..1. .Bw...~vr.F..~"..5..........................b.0..=/.A...p...G.P0j.a,.;..n,.....'.?....<m..].t%a.{...#..m.U.WO..]./K....j....(V|

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1937

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10682
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.935438497103202
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Q7eYYb8NfOO/dRK2laEmbEbLWUMs4HQ7xwy8jiGYE5grDbv4mg5dDHilBmRPkg:2erVVZEOUMSwy8hG3wmedDClBckg
                                                                                                                                                                                                                                                                                            MD5:8D5B98D7E831E61377BE82B75951C3BC
                                                                                                                                                                                                                                                                                            SHA1:1B6A54A761F8A6E1EA0FB21512460EFAA4FFD85A
                                                                                                                                                                                                                                                                                            SHA-256:A07DD3EE2B6D64C0A42D778909F0E3806DC323B22B71DF4788D0945974A9568F
                                                                                                                                                                                                                                                                                            SHA-512:DDB35E45B177EC43CF5226E85FDD6C12B92A86905DE2FD28B9D200D42D7A56F4F8ACC62BFCE8D81B5B930897F2174D9504F6972DF9EFC0F96903EA5EB9C901BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/octagon-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.)..WEBPVP8L.)../c...M8l.F. ;./J..........sw...N..;..&.N`..!jwg..jvc4.n....K..H.Rg..;..8.V....y.....>..".V]u........3.g0.I.$G....F$ZC.Q'^.._...=...$.V..2$...........'.D.rG...... ....-.........Z.W.6.....m.B..#A,N~.M-..0..8.:.!.......v..@...gD<...-..W..h@c..FQ...W.h4........g.F....h....c{.3.L.........>._o(..V........z..[;Y{?{C...}d...8f.=+.}..b=.~..=........7....Ec+..CA.6R\.......PQ.i....2vS.T6B'U...S........b...iUx.._'.....f6...<H......p....p.;:..tw..]J*w...}....&9.J.m...>.}...........rz...[.$K.$.BR....W..T.5]8&.sm.mK.UJ.c..ac3.L...F...eQ&g.{..[qF.<G...m[)..Z.}33..ch....0.5.[...Z,.6N...Z./I...mKD="+..x}.....f....9@f......M.$......{Dd..f.C.!....c..Id..4..QB....GaFd....J...m7m......RFa...>l...!..1c0.d..m....SJ...m.k.J...Zo...3K...e^.._.WhY.....oX..Y..e.Y......Vk.1....X..C.......E..R..M.8..j...f.,......m..f..PB..+%...(..LP....P.BMT.K...+....R............X,.@0...J...h.->....G...B@K.E...D..*..Pl..P.[....xq..H.h.P..PPZ..X...!...%..HL...2.....I#@.)

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1938

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (2020)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12817
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.34459161517544
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Gq6KPV24ZKs86O/DfVcOfFmI46coWCTGdhFKdbsWkzY:GkxI603wI46xWSGdhUr
                                                                                                                                                                                                                                                                                            MD5:1D3D22DF067F5219073F9C0FABB74FDD
                                                                                                                                                                                                                                                                                            SHA1:D5C226022639323D93946DF3571404116041E588
                                                                                                                                                                                                                                                                                            SHA-256:55A119C0394F901A8A297E109C17B5E5402689708B999AB10691C16179F32A4A
                                                                                                                                                                                                                                                                                            SHA-512:0B6B13B576E8CC05BD85B275631879875A5DBCB70FD78E6C93B259317ED6FD5D886F37D0CC6E099C3D3A8B66FEA2A4C2C631EB5548C1AB2CD7CB5FA4D41EA769
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<meta charset=utf-8><script>.(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,d){if(a==Array.prototype||a==Object.prototype)return a;a[b]=d.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var d=a[b];if(d&&d.Math==Math)return d}throw Error("Cannot find global object");}var r=aa(this),u="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),v={},w={};function x(a,b){var d=w[b];if(null==d)return a[b];d=a[d];return void 0!==d?d:a[b]}.function y(a,b,d){if(b)a:{var e=a.split(".");a=1===e.length;var g=e[0],k;!a&&g in v?k=v:k=r;for(g=0;g<e.length-1;g++){var c=e[g];if(!(c in k))break a;k=k[c]}e=e[

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1939

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MWU0MWI1MjctMjljMi00MjlkLWIxMzMtYzQ5ZTFiZmQ2OGVk&google_gid=CAESEPF3d9xZfVypCrxmEPizT-U&google_cver=1&google_push=AXcoOmS5aB2hnJvKACKV_J7HhvA8AKjx1fWhJ1VVZ7VuAXct56vSbYY_tUPFBb1OQn-Og7_VQhZV3GmAjphen52LgBoJ3LUrJ--N
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1940

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):28131
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980542867743361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:nvkTQURr1MKCSC2tHorXMLGn0jWdR+Nk6QfZQposeM:nM/CSC2EXMLGkW1LM
                                                                                                                                                                                                                                                                                            MD5:880BCBCA23489FFAF037A76F019D18C0
                                                                                                                                                                                                                                                                                            SHA1:F6214982065C790AE58C18C08C9C70BA16C5E55F
                                                                                                                                                                                                                                                                                            SHA-256:68C1E5972AC259EF459715DD9DFE1257100C8C092864733BBBBD87782F6FEC27
                                                                                                                                                                                                                                                                                            SHA-512:10EDE6E890615005E7F49DD58032A032E16F3505709CCDB294BD352913882BA5376BA634CC5CD2ACE1680CBC5D3E8DEDED55C7454EA1C7261340C44515C593E6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........7............................................................................w.z.3U..F'..{_.y.v.l...X.^D.N..IT.@... . .6..#.U...Z.e....|..w...U.f..HT..8X.V..e]gY....M%.._...o..........)2..?O...^^.A.."DN.|..1....yq.J>.P.c......hIW....]V.!...x}........R[..f..s.h&/_..-..N...4.[.........-).....;.#=.;o..h.H.0.....(..c./>..........3.w.h..S=...........C.v...._@.r..s....KO.....:"J....(^S_.....v....M[5W<.v..Gd.i|..s....(.S%5i......E.X.u.a..5..N..3KC.........kw.iw..X.r...^..~.9.V.......n._;A.9..GM...~.6t/.Zw>...hb.M...........+...F...y.._e.{...2.{.X.>y...K.e.)r.|.p..N.%~..A.r^.".....7..oS...pJ..7.2..z.q..P.k...11...1....b.5.N0...<...O..Z...e...i.V.U..q+y..^T$....}.....j{......~_.WJGn|..^..4.Q.......C.....ch*lA.4.......1.Q....|e^M....w...z[...(x.}.iI#.... .{C.9w.t>7...d../.....5@B.@.9E.=;..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1942

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6934
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.681131233732453
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:YiTkzqaY48OG9sSzzoHU2q1peNzL9373azkr1bRMAp7:NTk2aY48OGVfZperztr1Jp7
                                                                                                                                                                                                                                                                                            MD5:66BAB587C36510C3BE29A74D2E6E8379
                                                                                                                                                                                                                                                                                            SHA1:AA8495FE2A74654AAC51C29D7E70B7E975B0BBB4
                                                                                                                                                                                                                                                                                            SHA-256:1B5AE4E349612EB2CC5C13475645C4CD237EBA67BA8CF2D2B71A343AEDCE860F
                                                                                                                                                                                                                                                                                            SHA-512:93992E6CD31C9CAE38DDAE62B8400E2B7C3B111DCAFD35055F32A6666E6F612D2766F307B697A0894C770FE71A86DE1874B301AF3017518ED27BB0E409ED8AC2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/tlauncher-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c......$5.#...............V.{:.~.I.....RJ.]..}..O.....P=.. G..H..z...o../.<..q.I......_h0'....[...]e.d....e......rF@.c........*..J...............D.....9..T].#.....+......"..(.C.A..H....T.!...l..,...8Z....o=....J.=..')..E...[*..U....s.....c.i.$..xr.*f.....m.H....=."b....!.>...K+td.V.1...%33C....h.S.2f.9b......<...m.....>...3.jJ.,....P.1...33z.,.>.{.^.#Ir$I..`1..?#...a.g..2,&..$.mK..|...t.C...Z.j1..$Y.$I. k].....y.0!..$......//....>o.....k\\.z,.=...[.bA..9...T....V.[{..J7k9..Y.....5.Z.L/.9u>{.b..........O.......{....{.....?..K.....3..../.4...F`S...@..........1...9...{Lg.._.y....[.....n};.#D....7.@+.S.(f..P.b....Bl....L..._gW..6gm/..YW.E...M..=H..H..../-.m.W.%..0L,..#...1@U.fO.W..d.9c..T.s,.I...I.mJPfL.G}C.,.qi8.......*x.`*...UF`.X.....1.J..........n....F.`..c#.uJ....0.... ..3b..`(.A& ..Q..(.Q....`..`4c..,..Y..S..%f..`.a.... ...kJ.P..C......;..G..M....f..F&.f .7.7.P....0..O....U...H.l..)1.Xe...q.C..T... .O......G.$..G.<Z7.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1943

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):164295
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.383513264476802
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:pcVtxZBWu5wTYjCpEGDpcyPnzto3Tc4QvynBPeQ8+Gw:pyPBOYjCpEGDpcMzto3Tc4QvOBPX8+Gw
                                                                                                                                                                                                                                                                                            MD5:4B88D387C2991238E604E9C5B2ED98D1
                                                                                                                                                                                                                                                                                            SHA1:6AC9BD1A1F9170F40A0B1BBEA9A02338493E2E04
                                                                                                                                                                                                                                                                                            SHA-256:9B4DAC8A1F6D37770ABBADC2D1EDF6284CD10CE46F1CD8AEA9DC2A9D076BBED0
                                                                                                                                                                                                                                                                                            SHA-512:C73E037406FBC2C9F440BC1F18382AFFACA9E4388E046698D1F0D1CB7432B845E387BCF3498F2C9EB8CDA805391BC517434690463322FE3C1FEBDEF41AA03179
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cmp.quantcast.com/tcfv2/cmp2.js?referer=download.it
                                                                                                                                                                                                                                                                                            Preview:!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!==typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"===typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="/",n(n.s=130)}([function(e,t,n){e.exports=n(61)},,,,,function(e,t,n){"use strict";var r=n(34),o=Obj

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1947

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):13098
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96686275297152
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:NFXNqvDCuUho9ivZdKu5439MpWvqOuXPodwmMz6IxtOblGoxVy/cDtS3T:NL+DNFWZFpWyBZz6I6blh/yOSj
                                                                                                                                                                                                                                                                                            MD5:08B5E6C2A8668E39E12B7A600B2D4761
                                                                                                                                                                                                                                                                                            SHA1:DEC9F069A005DB3753CD306D3C7A8F060D7597F8
                                                                                                                                                                                                                                                                                            SHA-256:258DC2FCE0D4CD0D4E724FF34E581216C323D24255A9FD9058BC4AB9D789EEAB
                                                                                                                                                                                                                                                                                            SHA-512:370F2E3A202F15329B19DCAEF953DD967E307983091544BE6462191992A6808AE06CED7DE0B21B4004AED22B93E18DFD91800DEB806C11EABF590941D60076FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/ultimate-custom-night-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF"3..WEBPVP8L.3../c...M@h#I.T...]F..<.".......|.6<.H.s.ns.5...tw+..].M.(...QQ/../.0...M.....i......$...q.H.DL.A.{...5.:...I.U.......ax.Dnl.V.......A.I......?.. ..KBIc...[...<.XP.@(.....i.0.M.F.#....>@Q...... .(g.=..?C....<.G......h.[.DM9Y...n.-..M.Q.1...He...Jo66sD...FQ>..M>.i........0......M<....CDL@..BBRJ."Q...U._.S.?...3...R..o.vl......<....i.L.1.Lm.m.m.}.....p....<....@I.$I....XD.b....I~Y..j."L..[.$K.$.".Qs..J.....y...W}..g..~..pwU..?.m..m..Z{.c.>.........O.....%.`@.%.c.yV..H...m[.J.k.f..v....Ye.9{.%I.$I.-$...c...|..{.....1.vm.Vm..c.%.pww.(d|......I..2..y.r..k.9Gp.G..m.m[.R....9<..m...../...m...l....[k..Z.m.m.u..H.O3.1&.n..........(bC..%..-mG...Z....H(...`lT.....+.B..-.c..e|.......|.................V.!..iW9.tp.L.....(4..p..R.,L....z.w.....m... ....U1/!dL#.7....Lx.P.....UJD*....\1..q7il..s.R......iVV.<.4y..Qh..Vb6... ..X4..C.......67.H.V...Q..0*EK....s,[4..0R...di......CQ....\J.tuBs...l........I^H...v..z.c..qG...$...\.I3&.QN)H...A#

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1948

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3913
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.920323796885375
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:ms2lMD2GJJ6YV5zuqFCDW8uwPwWhVDfDZv+z8Xj736:ms2mDbDVJ3FUKQThVL1v+4f36
                                                                                                                                                                                                                                                                                            MD5:12C6440D42F5F4C67349CFFD23F9C502
                                                                                                                                                                                                                                                                                            SHA1:411318E298085008D4F2F6F157BD42FEBCD9DDC2
                                                                                                                                                                                                                                                                                            SHA-256:5BDDABDE56BBAA1BB38FDB427008080D7166C6F3726DD1AFF6A50B5C5FC09B81
                                                                                                                                                                                                                                                                                            SHA-512:9EB741DCA70C6DA04A155E7EA9E9BD0A1466380903E8388962DBDA274107A1AF8989EBD283E8833F545ED898A825EB3144AF5800728D83776F003F59D29C9FAB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..]k...u>....ew..5.lc.l../$4!....(\Z)*...$VS...m.T...UK.JU..MEQ+R.-%$JK.IJ1-X8` ..\.p.........<..~..!..!...h.}.{..........]2.`.....X...`...@0.k.....X...`. ....w}E......3..X..@.D.D.N7..}...@.P......@.M.7m?...3..q..No.w.)fS}..g..Z. .h..L....s...g....t..=wtu.Xl.A... .1......G......AgV.CZ*........Q.u..,..C..z.K..L|R.v.,...z...O}..L.*..h.T...P..C..:...6.?..9o.u....&{..""zq...GG.s...^6c.....A...wp...$).c:I...:`D+.O.6.O....`#$..P'B.w......O=....i^...9.S[9@.3x..y'R.}..'..W.....5(.{Zm.T.....U........g........).p.Fx..... &.c.d."..A.....(...C...HO.]......9^.Y.H..R.f5w.W.Q!..I:{..[V].....~w.P.,X./......s.Pc....T..v.P*....C.&m..8{..$%....@...._......yQ$..z.j...N\.z.S..@dJ....z.6......1..7$.....)V.X.qw."r,.f'w..Z[V^Y.....%8.39.........3E2.|........&03Y*.9..V..0Tfa.:.7=...L....._.uy.^=V.*..R.(...q.{.1H.y...2......3.Z.=.{-X.63=.L.]D..J./....Y......Vgg.S....&

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1949

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3434
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.886700633944543
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:wbSVZN58QbOsABmqm5fdP6KDMwPItVMAYgoODqyKMThXqTlCZ/G7W4iTM8DD2+G6:wkj55bOtJKDdAtVMAYgAcTIlA/Gtp+G6
                                                                                                                                                                                                                                                                                            MD5:1AA447EB167F166965640322DCD7BE76
                                                                                                                                                                                                                                                                                            SHA1:78352B3D16652A87FF6D1456C6924FC2CB4550C5
                                                                                                                                                                                                                                                                                            SHA-256:9DCD84E560A038245900EB7E9D57B7752A0E25AAF03421D3FA8EA6A04507E1E9
                                                                                                                                                                                                                                                                                            SHA-512:94403401C0107D5C63B36EFCF676373BE59F41D906BFB4E1F7C176DBEBD79EE8433CCD463FF0284F8ACEB6B94AD01D6FCDF3DA4C8917726FD7571B3181E67FD5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/microsoft-outlook-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFb...WEBPVP8LU.../c...M0h$IQz..z...G........6`'!.....F/5......-bt..@...W......dc._.B/...{..i$.Z..)....?.....t..R..p..+".....K.......;. .N}.O..lt.;.....E...X..<v.....M..V.bz.a.p_CT4x........`]..v.%.Zhc.8...r....t..:....]u{Uu.?(...z.^..a.m....{.Cpd133333.F}D.j2..Y.......@.z...d]w...,I.j.m.Em}.b^..rk...u..S.......Vkx.$Y.mI..d.s..M...NM..Z.....{..-1....,..oV=Z.......#..H..10....9W.S.....>.}.?...X...........jN.:@.{......._..zz......y.......j......O_....f.......|h..........4.....H....L...KI..@..J.#...c........S.\b....a*I%.....EC."g....j.=..4.A..{..3,..-....!....'.X.........S....L}2.K.;@q&._....c@...w....:(:(...3..k;`......i.O..U....X...7A..K....PX..x.u..-.......1.M.%V........B.u.q.e.......M.....\.gd.....|..Y..v..vi....$.RE,a..Y.j.e-.@....H...]..=.-..5...`.....v....JH..\.....*.B.._8.W...l*T....~Vw..x.\..(.*......D.2U...v...M..=...q..tk.,lw............Z%....z...l(1.......A.\.\...``%YU...l....x...q.....K.1.4..B!.,..i.r..y..."..q_.".I

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1950

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZjkyNzE5OGQtNWJhMi00OGU4LWIyYzgtOTQ3ZWE2MGM4MTc5&google_gid=CAESEPF3d9xZfVypCrxmEPizT-U&google_cver=1&google_push=AXcoOmRlx_uIZPUK9Lo_fA9swdyxKJR2UoyOItm8WY5l_iT9BnHCkPjbCaTCP4HmlTLPp4-bvXcAGdE37pVtcaMTB2_XetMUJFI
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1952

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6266
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.901574509189394
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:0z+LZpGR3p8kNnE0LvGajsLSHJxNElatAUAd:C+dp6ZLvGaI+nWtzd
                                                                                                                                                                                                                                                                                            MD5:DF4B7C08BFDCA2E1142F2E41EE86BC5B
                                                                                                                                                                                                                                                                                            SHA1:C01E73D6121E7A2FAC99F6DB7D60D4159A3BD70A
                                                                                                                                                                                                                                                                                            SHA-256:6366E653F0B96387D971EE41683084AEE9F09343279B307A6443580F0594A53C
                                                                                                                                                                                                                                                                                            SHA-512:915A76EE761E20895B651152D6D38E7328CBD3F5C49B64C7F47AEE72E424A852CC15FF9FA61C80A0BFB9D3A5999FC4AB77EF1DB8906360329042070645E44EB5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/pages-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFr...WEBPVP8Le.../c.....m.6..._.n........#.......Z<lW=........&...A..]...I.p......8...YR..%..,...m....#........E...D..Hy...._..x...d...........$./.........3,.@.^.....L...`........V.....ic. :...D-.. h#...~..j%Q".@7 ...J.......[..s}......@....O@b..E\o@....$..,mo;..Jj..E[..?.j..CA.6R...v.....v..R.0*DG.=.3.f..E.%I.$I.-$s..^....~.tS~....|.'.$Y.$....G...s....tc.m..m......).l....iG.i....I.5.l.z..d.....y.>.......Eff...'37........Q.5.$).$..l.c....z^......m.9I..|..(...=g..Y.vN......Y......oL.....a.|%>1.$...f&..1..|....1.).....A.......N..(4.<.. .....vLv.n......Gb....7.mq..,.A..@wBt.5.@...........V.7..o.s.}..\ML.v....&b..zx.s.;n..m......|..{.o.. .....D...o....+....S}.1.MT0.!.......X1.....m.{.c^yU.q... .....k..?.._.......H......"..`.G..A...f..J.1?s/.^.W.E.[....~.....V^..XH.c@@ 4........ .A......h.F{._..?......m.~.........Y.9t.!....B.0.7.~.F......h.S.j.........:~.....`.$ .......~.Qg]L.2.5... !.I.L.:1...M......_....U.PY..@.mO.....KUMTm..Tw....ss

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1953

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2343)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):52916
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.51283890397623
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:oHzaMKHBCwsZtisP5XqYofL+qviHOlTjdNoVJDe6VyKaqgYUD0ZTTE8yVfZsk:caMKH125hYiM8O9dNoVJ3N48yVL
                                                                                                                                                                                                                                                                                            MD5:575B5480531DA4D14E7453E2016FE0BC
                                                                                                                                                                                                                                                                                            SHA1:E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
                                                                                                                                                                                                                                                                                            SHA-256:DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
                                                                                                                                                                                                                                                                                            SHA-512:174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.google-analytics.com/analytics.js
                                                                                                                                                                                                                                                                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var n=this||self,p=function(a,b){a=a.split(".");var c=n;a[0]in c||"undefined"==typeof c.execScript||c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r||u();v=v||q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING||[];w.TAGGING[a]=!0};var ba=Array.isArray,c

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1956

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12230
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96302328100292
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vPMcbUZkqChqEnIN9DmE5NSHLn4CjHqr9nL3FApaRAWMVZzajxWzEU7UNgCTaosz:vky8kqQnINFHcHLn4wHqV3malMVZWjxk
                                                                                                                                                                                                                                                                                            MD5:A8913FD4C28A169F9448953C64511545
                                                                                                                                                                                                                                                                                            SHA1:7E9E26626874C5EB55525463F5EA92C94A2D5FA6
                                                                                                                                                                                                                                                                                            SHA-256:A8C32D305699488E68C06489F1EA136A899E599FC7CE7D0975B06263614A545A
                                                                                                                                                                                                                                                                                            SHA-512:90AEDDA7BFAA66D6325E94678E3CDB2937A960B9D393AD508F0C4D69634573FB1D1B3E6D59B292C3438A35C87E34695221D10718E1825CA6F408466264316C39
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/install-disk-creator-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF./..WEBPVP8L./../c...M8l.F.........!...L.....y......v....~.....~.&........O2.j............[.q...Um.2.....OC...wJ..m[U.p.......3..?.m..H.$9......8...w[."I...J.Ko.....jh.j.....Xw.(..L..x...O.9..._...Q).yzT.].*.3.......G3..!..`.^ ..I.0........Di. .@R.@(.........(..AhYw.....f......O...&5.m"...:6...l..Jc_6.'`../.[.k<.=.%.`........V....)4....0..m...Y.:.........*...6z..v..j.G.R....97.E.o...I.m..._D....3'33.y5..|pf.,L.vwC.......K.d.m.2.(..........D-.dm..`f.c..{k.D..m...m.}..="3..d....._3.......y..l...U5$}.....fo(L..nO.[.j.m..K.},......i..j..6..d.%I...<.....fa]......w$.m..k.c...K.E./f.{.^S(r.H.0.`...#I..6.(.....0U.....Hl.I.$*..{....$9.$...w...c`aWz8p.I.....{....{...9. ....$...J..*o.U#n)"..E..z...r}:..Q....]....|_..}....B.+.l..1b.1.I ..Oa' dn.O.....K...d.u..../..>y...f..D... ...@...Cr.%...:7r!.......D.$.("A ..%..'.RZB.*9....N.??.....5f.......'.....&.R./.D.r.......0@.d..w.........C....H.F.|..tu6.! ..H.0.....A.......$......h.8#;.....(1.8.{

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1957

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0950611313667666
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                                                                                                                                                                                                                                                                                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                                                                                                                                                                                                                                                                                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                                                                                                                                                                                                                                                                                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                                                                                                                                                                                                                                                                                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........L..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1958

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1960

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11086
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.923273316383555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:nR/62xw+ecZtLn6dszKxtEohwUE+K6HIDp3RoNJOwx9z:qyZUyzjaoDHKcwxp
                                                                                                                                                                                                                                                                                            MD5:A71AB9925273A8EA3E6C4E465CAAE89E
                                                                                                                                                                                                                                                                                            SHA1:7A6AC4B60D710E417D9A58A0148D35D1E61AFD1E
                                                                                                                                                                                                                                                                                            SHA-256:9E8A96AA7DA6878BB6189572058C2ADCF8C72CE3E41C2DFB80070B0CAAF92E95
                                                                                                                                                                                                                                                                                            SHA-512:8EA6C8DD5EA657F642CC9272659C137B95B75F29DEE6B710CD2647ED4623D7E3BB0229AD4CE34A7811A10E8798AB93B5F15BE77A0AF837AA55BB8427609E3D95
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/bakkesmod-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFF+..WEBPVP8L9+../c...M8h.I....W.?.......x.I..xC......z.r..Zo#@.s..jb...Xh.....2.&._i[.S.$e.(.$E. `...........mU....N.C.......F.$E....Q.(..`....@@..".......xf......$>..<.P..Bx.M(.`l-....@.W..B.x.f...P^.:....V.=,..@....q8~....m....W../.. ...!.>+....$...`O.!.P..T.?.{0D......rs..W....C.0.e].l....O...6O.m..$.V.sm.Quv?.!f>'..Y8.|N.<x.g....ffff6f...f..%".r@..$I.D..].....}K.dI.d[Hj......K_".c..o.g....z<..{..dVV..$.x.m.....o..m{.e..$..d..U.|...I.l.m.R.m...[v|.?S..s..#Ivm+.........N.{.....m.!I.o.8N.2..e.m..m.....x..1.l...Q.RWw.+....8....o.m9.$I......(t.a..7E<a`PUT...l..l..m.V..K....i..%-[..~...N[.4c.s4.PJN1...J8b.X.....D.. .@..JL...b2-.........c,.1..s......`......G.k...PB.H.cp...a............Pa..h...<.`.....D ..@...`b.=6$5..!HRN........x|..W."^.6....."(...P.@.@"...e.v. ...."...(...\...G...]2!.+V:tX.D......N^O...~..GJ:....,5.8*LR......Jh7#..>5.p..c%.....0O.r.}"DV.p.....3v.F^u..HB....Q.....H...E|....bi.'..&.[..0.....1..P.RB B.#...._s....>....$.hP.FJ.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1961

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7274
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964495816691422
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:GwNCbZdkObzugoV3cV3c90UGOXZCHMR7ix:GoCbZdkszy6V3LiZVwx
                                                                                                                                                                                                                                                                                            MD5:81494783CE14A58FEB04A46B96591DA9
                                                                                                                                                                                                                                                                                            SHA1:D46085637219678AF5C01CD5230C14AE3946C2CF
                                                                                                                                                                                                                                                                                            SHA-256:F361D139734802566383493238F89ACCCB901AE56E0E1884C8C873654EBF864C
                                                                                                                                                                                                                                                                                            SHA-512:45563D7C68436A70E106C4FA35400D51612A9C48EE1134DC9EE863C49A3BD9739A5670F673C9B1C905F0D649253A89F8A14F3C790F5C0AAFEA36AB82CAFBE2EE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/microsoft-word-2016-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFb...WEBPVP8LV.../c...M0h...d...?...".?...r..2.mR...t..C...'..ui...l...........$)R.g..o.I.P...Nc.v.5($%lI...r... I.i+.}...g....O..... . ......0d.)S.|.r@..`..LE.o..Oit...N.zB..IMjR.. LXvo=Exl..ojR..L..(....,...........r...u..uYNl..<.......a.dI.jJ.. ... ....o...xCA.6...... "&.n.......{V...]..~.'....VHs...3.Rd@..Vx...h.t..._A.wx...VxxKi^$.t.0..Mz..?.i.t.........#...nJ...9.s.9.<..>.^.....^.s.y.9..%v.`K....\]........kz.....C..O.m.&..h.Y..p.....Y..+.j.mE.Rkk.I..R..\?.....yI.k.VKN.$IR$[f.5....g......V.e........_..........._.A......j.....:o~.x........:..?..{......./....o....:................=....W......q..........Vy-.2.vk..".n.oE..4.6k....#.5.v........p.5Z...K..o6.Ey.H...i...ql.Z......&......F...9O2].%|ZWk....<n.,=_..u'......dNSnp.....f63.$.w.. B.. ...gA.z<7.<'.?.W#l.{C........p2...1......1..Y..$..$a*........h...D..n......2.1#.t.v.n.=..B8F.. ..D<..i.~Q....v.ll.....4O.M.[.]....E.&..t...:.}R5.K..|Iz.)H...t/.`5....E.Hw...t.M.....n...^#R

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1963

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8548
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.850433918014
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:oh6omFXeQaFyBIdwBw6Ms905KNN19iNwJOo89eAs:/omFXeQwyWCBCYWW39rJOo891s
                                                                                                                                                                                                                                                                                            MD5:D78FCCE5FE7150F778A5B13930CAEEF3
                                                                                                                                                                                                                                                                                            SHA1:D864A6A420B7F913FB469E7DE32FC8CFB5770082
                                                                                                                                                                                                                                                                                            SHA-256:42CAF69BAB44A63AFDB218F206DB0A838F518336047DDE0DCC595AC48F8D62FB
                                                                                                                                                                                                                                                                                            SHA-512:C0D62D5E009E6F007894A14C1EAB9FE91D3AD3DD672C16909DFDDF1E7B2DE65567133D55661B74C590F58AF5A3C47C4A39AF76939999ACCEB4ED651ABA05B692
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/gedit-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF\!..WEBPVP8LO!../c...M0....@:....!......}..{....O....;QH.7.:..@...J.h..%.;_.hc6h....A...<iA....#.v..{......N..M.p$.V.X2~...j..r..L.8.$.I.-.^.n..P....|.......u>.,.. ..+.q...;.h<o......@..].......w.K.o.x....AD`..{.<........[.o.......K.B..pa.M...$.....!.(e.P.wE..0..m#.....`.......u.......U.h.;\.....:tOG/....I.d[..Z.>W...8S`f.a"....{~.Y.w/.....I.l.$IB.Oj....'Y.j.}...-....$Qs......!.m#H.r....?.....!I.............Z...m.....m..m.mk.;..1[...x.T/(6..H....S.E=...%I.$I.-$..A...e..#.c..h.H.m[...`..Q\Q..U"...Qd..0.0.4.14..P..y....'3.../...I.mk|.....cfNf.9.0.gU.,.,...O...af....A...m.wIv.....q...G..._'.c.R...l.C..A..fI`@............X.!.$.. .!..I...d..d.!W..1 D....a,.,b...`.........BbN&..)dJ....P.D.F...... D)* @.. .......x....8...g.....{d.Y.MGfP=.r...>....h...c".........b..1...@...]ELG..}....."....-.!..).L]U...Xa..!.s.}..Q...}.L.R....".. #..!..x.M..Z.-...s.9.9..5.GC.......9..&1$0 r..5.0......L8.j.R.....m.@... ...6.=[.^+o..`....eFf7....<D.!-.DD...d.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1964

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsusgJHk12XOjNLxzlt1wAHel3Ujiqubz70Q0oZvhJptVfIESAvRWV6xvyIt0rdPCQnhywn6v1dV72YpDxaVW5XFhx1xc9UG3F1t_Dj9&sig=Cg0ArKJSzIwLgC2FauEiEAE&id=lidar2&mcvt=1001&p=110,43,360,1023&mtos=0,1001,1001,1001,1001&tos=0,1001,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&vu=1&app=0&itpl=20&adk=1334063969&rs=4&la=1&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=v&rst=1698409233779&rpt=1276&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0"
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1965

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4807
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.933811738095023
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:V+NDKCDifLC+zHvh9QT3AMSpVbTNOhE5d4Ai00I7NYt/VUzw6kKZN:VqDnDy5PwT3BSpxTA65eeN60wPKZN
                                                                                                                                                                                                                                                                                            MD5:00A5A1B2C4E1C8FFC4863C0C169A658E
                                                                                                                                                                                                                                                                                            SHA1:4BB1821F77FE907A64672AA1F365E677644EF25B
                                                                                                                                                                                                                                                                                            SHA-256:E4B4F9955CB1BBAD5411BF056172577F906A7AB90653C98810CF1A949E5EA380
                                                                                                                                                                                                                                                                                            SHA-512:B847DAE745285E72E360D09C8C7C4EF31D277D145D42BF84A3A7AEAB6A2D023B04B6B7103C3BFEB6B42CCBC43EE1F86245236430FB5183FB42566B78D0C75413
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...RIDATx..\..Wu?...==....J..J...1..m.....".U.8...$|.!..?...*.BU>$..@Q)..RN.+@.1.1...M..e.,?%...jwg....{~.p.{fV......5]+ikJs...=.w~....hrm.....&`M...5.k.....X..&`M...5.k.....\....m.D...W.I.5.6...|......"&.....JA.Z..o.D ...D....%HS....3.0.....3.....\.._/..o$....Y.$1....e.\J...ym....l..h....."..vn...DT.r].u1F..Z..qCf..51AI..@l..$.O./>..O..Gq..K..+b.....z5.4a"..$.&..Ic./\g.....ff.x..%3..@vE,..wC.L.I..$G..<.X..cf.$.jC.#..1......-.9b&...4!('.e.....A........D"...]...u...MW.7........S.sT!...A.(....R.V_....'.>........d...6y..J..d.zx.....V.3.q7~...........Q....A...s.Z...P...9.Vfb.4M.3..Fw....}.J.....56....|j.._...A...X..W],....6+B...8.6.....7..2c..b<`!..JD..?...OX:..d.oM.|.[..g..~.!M`L..[.?.fw....bvl6.D.&I..{..\...3.c....?...d-..3..V....x.p..+4..(cAJ.Aq......._b.m......*........x.....e.!..R.i..v.....k!.?.x............LX....9..=R"q.../..o...#.U..[..1.,!.c.k.._J

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1967

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1968

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6420
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9576417164754805
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:I6SSPwc/RXwTxm3Oztv9eCse+dPHcPQIZREGFWEk7QmtlP1GK5jJ3uQVY28hmIua:Wu53ON9eCYctk76mTkMVfDrIjSCf
                                                                                                                                                                                                                                                                                            MD5:4EB95B71BC0B3DB1C3F28B4D31B09970
                                                                                                                                                                                                                                                                                            SHA1:51550D65D499D6EA2D6AA79659E6DC81051C6112
                                                                                                                                                                                                                                                                                            SHA-256:8DDAB128AC24E8E64665A55D1472BD767ACAF119D9A3A01CFAB8A3A7BFC88EB5
                                                                                                                                                                                                                                                                                            SHA-512:775413E0C90A69946BF940CF4CB60C8017E6C912A36A8E944B17E27AA2EB1EC9129CA6BBDB022D2F0C463BD371AC89040D538363234BB36936F9B3AC7EACF227
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/yahoo-mail-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.....m$E...=./..CD.'@.].=.;)....8. b..'C....S$.....8.@l.."K. l.]l.m...D..4...9..........$;U[.&!L...?"...r.#+.f..=.M..T.W..R....A.HI. . ....1B... ....~(g. ..\...!.G......)....[.). ...).a.....3...Q......u.g....W...B.b}.IR...^4i.......^I.........+q.k..o..XL5.4..|6.B.Xm.. B.IB.b.S*.8..m.4.a..."b.tJ"....1.0.n.J.F...g.........!....|..@....13..R..Y.:..:...R}.L...V}.\..6."..&..5..Lm.#....sc...I.Lo.df{.7..I.k+.s>z)..>...VZ....$GRf.........|...../.]<.m.m...m.m...gn..$5._..=)..N.Im.4...V.u.s..j.1.Z;7........$).$7............k.U..tl.V.8k...jYu.raX...;.^.U..zw.....8.|!..e..AF!..YX.4 F#+Q..9$..1%....(.b.O.`?..l.E..$.,K.........QLN=..7b.T..&9...sf.\.'.u..Y...Y...2.<...8MP...w...Y..|..3f............zd.5..,.q.:E. ....s...\.,w04.Y3...S.2..z)...yR...].....k...l.-..#.8.:.........."))\.D.q....E.u..MX._.0.U.G.(..-.2..fzC.....J.e..RB.zU...2.[61a.......F.DA..(d"].:..`L....>n...v.e.,..m..C>.R.....t`....L..A..1*..4'..>........2.kX........f.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1970

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2778
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.903628370417734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:oLMIGpImaD5zvTHL/9eS8NWBFVhffx3gXzZRt3cH2k2NnOpo5/xMhfeIjdOMWb4E:oLWwzTr/wS8odhfhgXzvtUSnOpSxMhWx
                                                                                                                                                                                                                                                                                            MD5:48DE1B63E4FF9DBA00523F3707F58980
                                                                                                                                                                                                                                                                                            SHA1:A07D4A2B02B36D8C0C3C01C784A0813F4BD8A9E2
                                                                                                                                                                                                                                                                                            SHA-256:D1171C77D31FC53966D5B66566C169797BBAA0356018A86352274EA5D21AA147
                                                                                                                                                                                                                                                                                            SHA-512:7552D981AD57C908C1AE4A3D56A9BF75A9399B0A7B86A2F450B47687D277739A392F4F0F9333509DBA76A7AA59A9DE88E6371452A7E4D969EED30FF9EB7F9271
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/anydesk-mac-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M0l.6..wV..... .....;.9=./.v..(.$U..<\sO.o.j"I..J$......m$.=..>.."h.6.28.......Th....<..w.H....&...f(h.FJ....{.D..p.*((&R.^H.*....I.........{l..8.}.6n{....m..v..\..._o=.......#I."[......".L.......m#A......W...m....?yuL.mm..I..R.....m..Zga.m..X..WUw)Y..P.$I.$iDfUw.3.._.<M..A.m$A.........`.Og....F...T..x.x..c...`...fS.p.gx.P..`..`<.1...."@..c..!... ...B.qDe..mH..:l!.2.....V...vP.... ...q.p$.*.8O.Z...4......i.|..b..0D6.....`.(X,@^F.(.(."z.@+..8 f../#.....@.1K.?KA6...I.y(xb.....d.V.....im.>0Q..:...a.0.,,A.BI.sI).u....D**H.\Q;q.(.B...S..E..O.tH0*........{_."...x..p....{B....''..P.<3..P*......!..!~}s.....+a/.B.@)..E..W..:.E..p1Z....7}?.....1...(+.....k.(...b....u...,.........x...b.?}..o.]..P.0...._.|.e....v.uK..........=.V...b.7...o./.K8a."...._A..b.....P..pa...M.;..}(|.._..@..@.@X0.@....;.9....A...w.....k"........?Z.?.^..........|.l.)1......e...[.kf..........%Wn.."........X.`.Nzh...d*".D..h..d.0Y..D...>o....s...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1971

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2836)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6177
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.441757647965717
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:tFjRteJS6zpbEOv+vrp+gyOB00WTflDBMLCMDfwpdxo9JM5:beJS6lQOGvrp+gyrf7MLCMDfwpdxo96
                                                                                                                                                                                                                                                                                            MD5:576D46E5128A96CEA637ABC1206EBDEF
                                                                                                                                                                                                                                                                                            SHA1:EC4743D89D56122E6407743F2246DAFEC3B49AC8
                                                                                                                                                                                                                                                                                            SHA-256:0575B7B6BCDCBC8BB7F6AC99500A65DAA1E19721D8081D588F4356DD201B0F56
                                                                                                                                                                                                                                                                                            SHA-512:5BF13B194E64FA308B2731A8CCF0E6443EC34EC021C8EAFD4270F10788FE57666B8C89A507B2BF3AF622CF45E3F817A23C2C3560008F80512C2C22CC851EDE8E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/pagead/js/car.js
                                                                                                                                                                                                                                                                                            Preview:/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var f=this||self,h=function(a,d){function c(){}c.prototype=d.prototype;a.D=d.prototype;a.prototype=new c;a.prototype.constructor=a;a.C=function(b,e,g){for(var y=Array(arguments.length-2),l=2;l<arguments.length;l++)y[l-2]=arguments[l];return d.prototype[e].apply(b,y)}},k=function(a){return a};/* . . SPDX-License-Identifier: Apache-2.0 .*/ .function m(a){return Object.isFrozen(a)&&Object.isFrozen(a.raw)}function n(a){return-1===a.toString().indexOf("`")}const p=n(a=>a``)||n(a=>a`\0`)||n(a=>a`\n`)||n(a=>a`\u0000`),q=m``&&m`\0`&&m`\n`&&m`\u0000`;function r(a,d){if(Error.captureStackTrace)Error.captureStackTrace(this,r);else{const c=Error().stack;c&&(this.stack=c)}a&&(this.message=String(a));void 0!==d&&(this.cause=d)}h(r,Error);r.prototype.name="CustomError";function t(a,d){a=a.split("%s");let c="";const b=a.length-1;for(let e=0;e<b;e++)c+=a[e]+(e<d.length?d[e]:"%s");r.call(this,c+a[b])}h(t,r);t.protot

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1973

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12350
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977371921482251
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Y8D8VHR8DoIEfHEhnMlFRXhV3qLQLaX5nykKGIvO1HnTpddpsE5PQI8+2nnkeTwy:RDKxpZ/lFRXLqLQOJnvNHTbduR+2kewy
                                                                                                                                                                                                                                                                                            MD5:619DAACE6BE31E066EB3057FD8DE356B
                                                                                                                                                                                                                                                                                            SHA1:A829D8121163C8281C89AC056FF5D5A55056E5B5
                                                                                                                                                                                                                                                                                            SHA-256:444B70AEAF412FFE770BC4D1B5B6D4E8FC915F5AD2039F8444B0C23A8934775A
                                                                                                                                                                                                                                                                                            SHA-512:9AB9E1FE08022641DE96080BF5EAF87DD86075F8F46FF3BF04F7ED7857E88B8EC73449B91DD382EA775E95C706008171CC1C09018B2DA16864D0835B9F02094B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<../.IDATx..}y..e......ko.C.I.[`.,.Da..q......E.....q.\PF........FAD......a.....U.{..GU.[.v'l~..}...T.....;.ID...u.:..Ep...@.!...?.0.K.v.-....@.|B..Q....P...i...A........)C)sK......4.@.%p.L"....T.........w...##..B.. .X.K.....U.J.y..H....bI.....U[.M..H._........ae......x..2.\y.... .).AL.).4..XS4V.N.F)KV.....).]">.....\(....WU(D.;....%.... .!O.5.>@.Ur..`,>.. M...r%....4.>...._.Rmb.@0.....j.BI...T.Z..J..W.........6....TAdU,.(..D.j.....9/.(SSL..h"....ZIj..UB...L......r.b[.lY.b../..q..u..Uk.F....]..j..'y...3w*.N.hMNU..".....:0...Sc.P.q..T[".JM.UP.b.....f...' "...b..@D......|.........F....s.#V....f..|.}]<{fa..]...;.b1W.6...jC..j....].@%I2Z..F+]F^.fN..g5.$".."R.s...^....o.......q".....<..G..u....z.?.g..J....."5.&0TG.Z.I%y...S+.J||..UA.T.{...z.sDd...y...y...Y......$.yM...+..|.I.?...a..&N..V...,.!@a(.....Q..k\......R...@..bI...Xk.h..U......g.}.U...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1974

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18771
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977346048069192
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:iEEE/jphrqdlcwAiSzXptLPy2EB4bBQMAealNC32Yt7Max4U:vjpBJiSL1EB4bf9aTAT7Max4U
                                                                                                                                                                                                                                                                                            MD5:C7C48A55DE3FDC6245A2E25D7D2B5E65
                                                                                                                                                                                                                                                                                            SHA1:7CDF72AFBD8D44AD2D8F50D3241D6E6BAE20297F
                                                                                                                                                                                                                                                                                            SHA-256:773D034D79D7C2F774B97A7967D3FC529FE01D8E2B8B17FDA80EE3C952A5A6A9
                                                                                                                                                                                                                                                                                            SHA-512:EA91803B0BC85D86398D3300BDD308B07ACDBF8E0A0166ABD2BBA31E034FEEE6E68EB4901FF1FE91A0666481939980B53C268F7FADBD539464C489E1E072D70D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..H.IDATx.\.i.e.u...3......*..dQ"e..D..m.dK..h.$..v;....b..7.....4..I.Gz@..P.m.'Er...%Q$%."Yd....t.=7.>.Qr......w......}k..60..{.=.^...C.y.1..!.1...VUU+[%...R..<RFE<..:....9..C....a.8..q..ZW.......Bx.......<..a.....#..AHi......`l.Q.L.$.c....?E.;.o..8.#!<r...._...B...0...TU#.x:=>:....#..s.P..3ZK....N.3.p.^..R...p....0..QB...aO......*..$.A/....9.o..p.8..4...!8g.!..F"....b..S......#...]....r.3.9..p(.....!.p).u.#x..y....J0&...._..pX.'m...3..RR...s.:..1...F...........a.~.P......QwN.=).+....A.6M...q.......m)..w......9...#cq..G...#.FQ.1.f4i.t.......>-\..=....6J+..6..[.'..u...I.s...{c]...#......q.L....b.X2...1..i....~]W...L..|.Wee-76n....I8..b.8gI..p^.>.c..V.!...L..IU:o..q....mlnnnn.....M......x.M]r..a.r.|.f;;.l@idl..1B.{.<..E.".Z..2. ....U.U.Xk....G.....RZ.<..zJ.G.y:....a<.P..Fx.H."...&U=.....D..n.V......*.zcc.3..\..u.U.1...:.c...qF.$N...gY:.R.d....#+..N.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1976

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MTA0MjY3NDM1MTc4MjI5NTA0OTM0MA%3D%3D&google_push=AXcoOmRUnZwAE-5eNKl7oAG9oRpa2nmnwiuOpmX3yqaUlJS7pVlXfn1B-ukZISns048TZ0786tDWfIP1EU4aySBCru2-7UTNQCeSBg
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1977

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8474
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.944246524977916
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:nHhsfUYLeydvKzw5y1/PL5fP/rA9Db+rJu+Un6yGDH3BJ2RAC:nHhsfURydv+wytL5fPTsSu+u6y22AC
                                                                                                                                                                                                                                                                                            MD5:638E9EEEFB71498CED29D4EB6846BC19
                                                                                                                                                                                                                                                                                            SHA1:25B1F3E3B6BB6D482EDF8FB7CE5E9B92EC381534
                                                                                                                                                                                                                                                                                            SHA-256:6C87E1637D9ED10D94C028E78280612034B6E34C04A62F04D69D5B1309BBC2D4
                                                                                                                                                                                                                                                                                            SHA-512:F80602F4FA30BC5A3596B4851ADDA3A7E2F01C94C0EBB78B14B2307162CB120CC9A1A5D6FFE16A57CE4FDD2DDFB3D6D07EDA9CE35C592F49E0C409016207EBB3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/vlc-media-player-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.!..WEBPVP8L.!../c...M8h#......?..!...0...*,.p.....t.X...TK.Y.66l......l.....d.6.mU..H...v.s#...W.$)V......._.>f..n#IR...3......a9.?...@.C.5.%$..W.....AJ..8...eHR.@....,.......%@......Re..l...(.8B@.).....rH.)!....a.8....8...q_h.`.(..rXJ.....@...../........Re.t..''0!y....2..pCu3'.P....?.....1.L.s.....NZ'-J.4..4[....N..%I.$I.-d....e..U..`..6....$9.$...S.......9.$Y....=...CDD..NGL.eI.UK..#.....,....Y1..g.vV.<.\I....w....'..mK.$.Z.".`f....9.i....f..d..".{..7m.m..]....u3../.3.L=...-.1..l.z&I..}.GD..c....8lY...(V.a&...f...S.-I.%I.m!..E^./....a.z......'I.U.mK.......)...Q.-.1Fo.c...........w..2.[....9.u.)._.93.FG..4E.....1.1...... ,*.e.E.t.7q..........^P..........C....W.......1o.......<.y.<.zl.%......_...YW+-..S...... ..T...z..y..{.[....Zn..Zo....r.I...V.!.BL..f.@.....Fq....v....{..hp.k........s?eQC...!...1..=-.bLQ.0t..rt.../.......A..U..|......#f.8.....=.........D.v.d..r.8............j..`..........Ru......\d0b2.....:......y..{O..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1978

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):166222
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.75086661793452
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:SUymJB7ri6fBngxw48e4GMyOIXCJuHugfqtsh7ozja5Haq+Bkug:S1WBPLMx3OIdugi2hUw3upg
                                                                                                                                                                                                                                                                                            MD5:788E88CC8A386EF8AB5D4BEF97FFD187
                                                                                                                                                                                                                                                                                            SHA1:9568C899447358CC5BA85683B5C9DB4A8D1F4E9D
                                                                                                                                                                                                                                                                                            SHA-256:305387D146EF267C0E8C2529F9F2050EB2A5C0F58BE4385A0CB05762E56100FD
                                                                                                                                                                                                                                                                                            SHA-512:6A13B349B2DF0C5608EA82801B0FC8CB8C3520367B7C31820C07C0CFD42DA16715F64E7C96F05CB8B1C6533EBB5FF4876BF445E9218C9E4759057CF47D5A05E2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Second":["html",0,0,null,1,250,980,0,1,null,null,1,1,[["ID=3f69f4e3da871203:T=1698409203:RT=1698409203:S=ALNI_MYlMQSmRn-HYvQXZmT0GbLWF0e4Zw",1732105203,"/","download.it",1],["UID=00000d9cefb834c3:T=1698409203:RT=1698409203:S=ALNI_MZQDK_uC2d7g0zH-3LRpOL9UTgIVg",1732105203,"/","download.it",2]],[138327307067],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CLK7l6qbloIDFVBBcgodZ8QLqw",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"3",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1982

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):322
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.674021547526022
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:6v/lhPLUyKRxAKHMZ+bRIOXWpBvhZnadjoeuwD0HwzVl6Imp:6v/7TU1xArZwRIOmvvGdjawDlP6IE
                                                                                                                                                                                                                                                                                            MD5:61F47D513727B9B36280684657177C50
                                                                                                                                                                                                                                                                                            SHA1:9938456A80FFE67D15A840A8F45266608D11BBAE
                                                                                                                                                                                                                                                                                            SHA-256:33DBE029210AF5D40741495D14E03B8AD1AE2E6EF210085DAF0D6F8992F0EE59
                                                                                                                                                                                                                                                                                            SHA-512:C7B064B439E48A6CCB0390ADE5631F6634E0C960F870F245D72E2A901568D5C8E8F485EB3BD1BC549C594E5F1B21A9E863A4B55CD2118A9B4912EFB5E8CEFA7A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR... ... ......s......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx....p.F.E......... <.X..n.x..H,<D.V.Ub..0....14..z....|..{4-L0!J.[H.S..p.*dI.-H..O.T..#..9..c.#..d.d.....T.....=.j....B....Xl}.t..v.1a&dJ.=|..A......W..a-d..;.d...e. ....">l..R.i...A>.'....-.G........IEND.B`.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1983

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7159
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956794835219675
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lyPaja2LL4XInJYO0nGSRWtwvrOhBkFmaCXLnK7Wnz19bm5vzdM:5WOgEdayLRmJRM
                                                                                                                                                                                                                                                                                            MD5:DAF0A1B8058357AE85637E1B7D71C3C3
                                                                                                                                                                                                                                                                                            SHA1:C8B1F818A3B464C14FF5B6F76590A268929D8E4B
                                                                                                                                                                                                                                                                                            SHA-256:0080A21ACD8B156489D63610BF19D306108C778CB5BD25026CD72BF0DE9A8648
                                                                                                                                                                                                                                                                                            SHA-512:5C48715885C91E8EF916314B6A595D3F94EEBFC1B04A009D49F0423C1BF37723BC233A1B4FEE7BDDD21D1AB9E319341A734D44302CA33B5831DBE4DFC3ECFD3D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..\.P.g.o}k....lv..^..j5U.o..6/.J.q..G<.\E.E.A........p* ..(.x."x.r..x"...r..0g......i.....zz..._.....?..(..H.".z9.'..>..XS`M.5...XS`M.5...XS`M.5...XS`M...."..H.x....?.d...E&.....{.'.,....7..Z.F..h..4cccO.....Ot...h7.L4^8.....`..F...........+.......@.oow7w.w.gvww7w_....yzzJ.%.....:999;;;99m.=I..j.$A.f.K..Z`)........!.)...8nNR*...h.H.%....2.L.E................$i4......:xl............!.s5.iz..d4J.K.8EQ.sr...........R(.M..P...s...ap`.~..I....6?|..w.\.....E..-_.l.._.\.c.}FFfOw7@M..X._.s......../."&.~Y....f.x).).o.....E...MNRN.>..>....8p.......q.q;v.X.t.....B...............3>>N..?.d.....C.NB...;v.............Y.f...GGGPB@Q.@..vv....].xq[[+.,I.....(..$......]f...5Y.M.X@..............G.W.....fg7k............F..w.....].....S...h.z=.2.q`....|..={.c..I._V.....y.QQQN....gPx..[..l....0.......c3..f.....;{.......^.3.]..9s.......J..&.exxx.}.X.O.^V..ZY...+<<B..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1984

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4150
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.909610988995955
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:9sEYdlnpBdlUStGKNoWFeLQmWMm5J7+Yb/jPBnSBiw3S1y4:WEOnLUHWYLQmW3h+Ybln6i0w
                                                                                                                                                                                                                                                                                            MD5:9CEB32AA139F796849389CA177FEE591
                                                                                                                                                                                                                                                                                            SHA1:D1B4BA636370BF6F9E6AEEEE8F5C6B09587A02F1
                                                                                                                                                                                                                                                                                            SHA-256:AD8D76CD622B72D7D8B089059E3B299966071FAAF2D2A9BCFCADEB7F70B3FFA5
                                                                                                                                                                                                                                                                                            SHA-512:1FFBDE290B773AD380A831D13504EBEC4C3E6EB5037485151ABCD93A6787645F9BAD1938E6B16BD3AF513751EE495E9DC0ADCD87746B1413AF7E506EFC45274E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/microsoft-excel-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L!.../c...M0l.6...^.....m........ .......@B.r...-..2!dB....C.o...`.I..F....hm...2`.H...g.~..._......H....92).U..[Q%.................F3.R.].h4.U....z.&<;a\/)..(~NH.w...q.Ra...CC.x!.....3Y.;O...?..1....v.o...}.P....?.]..1....BUdT.....V%...a.l.B.....l......ZZ.sZ.mV`.c.i..OOkii=.......@ *.m.%.m.}.5.Y...F..&..8D.e.6..].g..H.$I...~..........$G....OtMVWc.K@P..h..@.m.4........m.f..F..ld.H.m>.{...:.m[.....9.....P._......"...-..R...{....Hr$.Q...w[.dL..w..#.l....{..{...(....=.|.@..4.'....+...ted.jA.31... !........dY.u...").H.q... @B......jz.X7.MMJ.U.Ho..z..g..@)R.~.........K,.<..0...,....K......[...DQa.[_.c._...e..p.P...r.7.s`.!..#0...../??......$F.,.a_..<..m{..H..$.E..*....}|an.... .i..)...Y9....+.........~...i.)....5.p..@...E.......$.|F...u..C....._.....X.M.....z..<^.btf#.@...S.$....t>....E..t......;P...IW.........c5.....J..4B... ..I.b.J.c..;Ij.....E.r.V.$.z1...bq-Twc.......y.4GV.s....H..JIU....H.L.....*...tO.e..<......../...b.d)D..{I.)I.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1986

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1354
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.7841660939670865
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:NX5iYNWWxZF9PLjXjpj7UlCKk0R+8OHAgDcaFzM6QYahws6hAhnGwi4pMeNbSSTQ:NX5iYNlj1/YLk001Hhf19ahwSDMKbSS8
                                                                                                                                                                                                                                                                                            MD5:912E32DBCDE71C5EAC26CBA154F20185
                                                                                                                                                                                                                                                                                            SHA1:19880824E2CB5B5774B288C95A1CF9065898A7E6
                                                                                                                                                                                                                                                                                            SHA-256:0A1126E739AE969F1FA9C22EDCC0856AEEC911929F7D3782CF9DA65797BD9AB1
                                                                                                                                                                                                                                                                                            SHA-512:201CFAFAA3044321C98B991BF85E470978B20DA6BAB55CAF5A46313885C0E62B038CA8356149923159589A5F5AF2FEB56251EE2133DA3F35325A8C9877D6133F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/free-chess-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFB...WEBPVP8L5.../c....-l..I..?"s..m.m.m...m.m{2..y.*;"./j.8......./\.b.*.y...t.*....3......;....Ok-..r...._T3.7m....L0..KJI7>.......c.KIs}........`..^\..n')......K..b...0.\N...n...v.;.j.1C&..K..o.i...|..b....ys.R..iu.....L....].3.....6....3L.7......K..i... w.).Y........h...r......O.}-.?.M..']|.o-)...h.?..&.2...ZUN...X..O.D=%.`;.S!..jU..}N.Tp..7R.F//.)..[.^)..........S....n...}c5.;..s0L)..\..?..D.d_.Q))n.m.s...|.k.(v....0..{.Z.n."w.....C.*.}.w......*....".&.{k.U..>..k.'5.`..]....^)%M..}.s...u.&.t.....:.^ki.3.......Oe..;.X3..Lg..\.R.......TZ=...G.O..m.&D.{..\a.d.t.a.S...X.z..h...}.6.....)`.m...f...:J=..bc......;.5k.v..=j.Fw94.M.g..MKZ.k^....w......M.F{..1p.wHR..f..(,76..7T...yJ.c|....[J......KY...7....v.K.c./..g.z......,.q.-o.4.L/.4.1].r../....AI5..c....../2..q...TR.>.L..Y...?S.j....q..q.~.Z.L.oP.~.`.&.+jU...q.!...`.R.VO8..cc.......Q......*#./}.Z.M...^x.....f...K..p.c..g..........wQ.....B..`...\E|...b\.....k...O./..m....,S.F..<E.....O.....E....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1988

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):16078
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.018980616849249
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qIDkVCXr2YNJAO5OTkFa2tcW+JKxMb2QWx4ezqigIQ36hMY2lodfH9NentRuKIJE:qck4bwdTkCv6MbM4eVgI8fMaQeEQWXG
                                                                                                                                                                                                                                                                                            MD5:3F57EBC01EB472A4BF9D6CF52D456F02
                                                                                                                                                                                                                                                                                            SHA1:A386079B3109B4F94F4DED2647F9F76231C701B4
                                                                                                                                                                                                                                                                                            SHA-256:63F047FF45B108DD59B27CD0BB3BEE5C093B2536C6ACE2BE3C3B829C26C99573
                                                                                                                                                                                                                                                                                            SHA-512:E7717DC9BE5C3345F2177F56738D816AEDC40EC5F056F069FC730B7BA979D41DE5C04EFBBD267AFE3C8A752042070226C1AEBAB479F36B6EB627CC29D1412259
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310190101&st=env
                                                                                                                                                                                                                                                                                            Preview:{"sodar_query_id":"-qo7Zb6TK4vc6toP2pm--Aw","injector_basename":"sodar2","bg_hash_basename":"mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc","bg_binary":"TYVNw3ZIH/t0NUSpnKVZlGsPQoVYJmaio42foAWgwsvMKL1VqpgDSH42DbeWB1PMQb7CsJMox8XGCZma3hE5Jd1BR/ifApvs1pvHsm3y5371zCP/+jbrGqKpEkZr7D4hAGIsKHWZI3VAevhwSTpp3VjCC6pnp+mzQTX42tSmHy/lOD/I5PD78ArsEC1VJDpVY9npTGbW1AGfHw1SnB+QHY24uzTeEQo93vdZTd/TRCFHdjy3uMYOZxrM+CLBVU/zAM9qH1sCJo88XBeG5mSAxKCovn5Ejmpo6+DTqMsXTLJiBBHYJwGezPi6O2KGDM1one3WdsUega7IDGwq3xeGN3rpZcwY8AsFZD0EpJM8W3qxhKEBt/qdv38AyWRuHuTdR74BrMoxJqfiw/6XX9kxds95tzq3pWnSehRyWkF5NQxuTk3VoUweLGrtsOElUptIHCrm0QYNEWWOyRNoFKxAy8EayUZBWVuxEQaFuNKEYPfoUG4oDQQcvqOGPSZ4vXGugNAlJ/EZtc+R2vKRyiNHkSPMA9+OGva6HrOxoLcaHOgWG/s4DV2LazUVcEpbJ//S1C/r51Lfk4gspZjei5jDYOuUYnKg3gw+BP687qmMgECHxAo1d4iiig3yuHdFMiAx4iHxBSCaA00iNn5EQABdpqLZyCPuJjHnGBy4oTV/zrpXE1oc8NYtLXlaHenEY8lciVaUb9MGzYAHlj7/UfUisOqFsVoHHnRr3DgTnBEHoV6ADIpsad5ehrwoVt097gYBQjS42TpW7Qq1ANkPrGF6uKvrsi7mRvhb5+vdRBPj5r6lTFk+UYlCbGLi8jciusw6jkrYWNehevwV3yPLk

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1989

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):22954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9596514187675735
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:ah7kW2mHcgiGNb+d4iSmH5c/KkuegE+s368sI4kVelb3nNqJSJe+X4PD2CyXqeS+:eYGxeSAkumDe3N5JnobrBeS+
                                                                                                                                                                                                                                                                                            MD5:C256FFF05249A7FE7E20C00A244C3E00
                                                                                                                                                                                                                                                                                            SHA1:6AB2ACAFC2CE1CAA1DBDD3ADF7646C48F22783C6
                                                                                                                                                                                                                                                                                            SHA-256:7F32538207D4A2AB397AD52889B4D6B69DCF16DCE8CF472C1350CEB5208505A2
                                                                                                                                                                                                                                                                                            SHA-512:3E3141D3552D224E01B3E049200AB1F820F14F130EF5DEC3C4CF40C4DB5463DF7FE35B1641D7CF2E477DA77D6EC2030C92E3A8DBBB01EC0EF498F9AA0FF4233F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..Y5IDATx.U.w.m.Y...L+.....S.$.B.J...BH.lc,..n.......}...m....j0....I.T..T....\u.....J3...O.;..{.=.?{.1.s=..y..$.... ......Q...'[..8.f.q..........vrx...dH..P_..9......!.L...#.GoolN.`.....b20........D...g....*...p.L%..$.d.$gQ.).M...Y....h.&g...%.X.v..k.I..Z..+...|..4.N.G.5+..%J.sgd..TJ..p~.[..}....@..(.(.e..a0...G......j..^.q........7n\.}...~..R....j.........\.N...tgo.B..\m7.~.z"...n_..j.....#.. .u,.$..............k*5.+.....,j...7-.bmd.V.l.w.*.D...u.u..&.Ce.c\6,F...4...z:JE;..d...<.j.+j..2...mV.?.u...G.{..G....%..9.........#....?y......oMn..t.r/...Myl!=..o.|VN.sm...*...t....^..k.v.,..&.p/..t.....p.L..%..B.....9.,........r..u.&].>........hq...;..5.E5....*.0i.f...M....3............1t..I:.L......u.w..pf.V.d.h.w..._.......c. p.... .g..K............W..K=..S...N.>...lc.#.Q3.!k..fS.CC2! i.G5.=..pe.......\ne.5...W...........!q..=..r..%.h.d)J

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1990

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):214
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.002317147594002
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:+d1Zwl7KHaQ/HZUGSIX1a0ZS8h+hYIKkhpEIZywap0CF9Y:o1zf/HeGSIX1a0hIvhpEIcwap0C0
                                                                                                                                                                                                                                                                                            MD5:EC40CCE5FCC4EF870B9B37C25A666CCC
                                                                                                                                                                                                                                                                                            SHA1:E7F9E20DBF3B749018560B2C1B99A798F15F8732
                                                                                                                                                                                                                                                                                            SHA-256:874A64C76AE3D1FB76C4E9C9B97A4E1D655FD13DC582EFB01C80E59222DD542D
                                                                                                                                                                                                                                                                                            SHA-512:6213149E22B78FB216E2D5DB90334179367FAC9661F8CF1457F7EF6F5EA946230EB342DC3785171E5E7F10A4F5D085D6BD5A964C9D617F215B12E5A05C4E12CF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/images/burger-32.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../.....t!....m.H......b[....4.6.....D.t...Hb...\.'w......G.J........*.Q.P.+.ey.KsZ..........1..&<....=...GED$.,..j]y.5.......$..5.M].*.o......OBJ...........0h.w#`..f^H....=.G...".....g.|-.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1992

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):276
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.190816455620734
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:TMVBd/i9mc4slzYbNDgtj9fhWR6L4mqZWzCF9xJLmgUhXqI:TMHd6+bNKjz8h9nWZ
                                                                                                                                                                                                                                                                                            MD5:A2AFCE8C63269C7E8A5A3D5C90A88519
                                                                                                                                                                                                                                                                                            SHA1:47CF7B541C27E4D4E3D5AFED9D55B288A923FD98
                                                                                                                                                                                                                                                                                            SHA-256:38AFA88926F69F684E93AC9023338100A57B9424CEDF63F7EE73B1202C98EEAD
                                                                                                                                                                                                                                                                                            SHA-512:3F55865B7FB3B6ED27827BACED720A9E578328A10095E7BDEC07A2BE70FD05ED9EEDD2F76B3EBBA8ADFEBD293CC459DB73D00CE03A0FDD88169BD83D8A34B85E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="490" height="490" class="svg_maglasss">.<path fill="none" stroke="#fff" stroke-width="36" stroke-linecap="round" d="m280,278a153,153 0 1,0-2,2l170,170m-91-117 110,110-26,26-110-110"/>.</svg>

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1993

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 30208, version 1.0
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):30208
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.991864737403972
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:jb+qKtl0nb59Z6T4gtrbF0TMJunOYslPBiR30fvVE+cJ3H0:vD20ONtFYsniRovrcFU
                                                                                                                                                                                                                                                                                            MD5:21EBBD28E8542CF12700A838738E0D70
                                                                                                                                                                                                                                                                                            SHA1:B387FB6E48C8F2822411EECCDDCFF007FE38F867
                                                                                                                                                                                                                                                                                            SHA-256:0DCAC7CABD17A67B5D09D54D506C6ED734516248E9E8552D194B1A5CF16B7722
                                                                                                                                                                                                                                                                                            SHA-512:4A68796FF7F0A58521503AB4FDD55842DC34E2E10027CA6A7FD0C40326F7D8F2BDC8F53448E1B9C109BEF123DDEDD79D86481588DC5777B73CFDA9AD4FE74CF8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2
                                                                                                                                                                                                                                                                                            Preview:wOF2......v...........u...........................y......2?HVAR.*.`?STAT..'*.../j.....d.....z.0..T.6.$..p. ..z......t.5..)...@..>..bl..v7J,*.o.8f.l......?)A...F...`.T..1+-Y.Z..=,.V...6.j.A\.h.."...P..p.+.sS..9*_.Sp)...g.:.aN..W.X.......&....\;.R...K.....=.z..R..|..*.ph....%....y...[~.'...%....;V...[.B..St.}......V.0F..k2....&ed.j.B.B7D..?.....,.h..Ic..W?Q..............o.s.H.Kb..Ab..Z!V.$.....w.;.%TD$U.+.%W..*..N.[.V.B.#..$...Cjo...-...Z.B....#.:...K..<.>;u.:5....up..A.PS.?.._....jV.{M.D.j.....E.$.$.d..C\.Y5.!.N.3.v(7kR.JRV.5..V..>.gp...j..Y..`2$g.2.A+i.F;...9.#....%..I...%)E..Q$$..h.>..F.N..Q'.jt.L._.I..?.....K*...Xf_..D...;....8. .aw.....s..6.......>s2..`L....oo.(m#.*.a...O<.M:............) RQ.2....i aj+le}._.......!H...Cb.$!y..|Y:L..v.E'..{.*.0..p..B..yDe.Z;...N5...}.#..-..."y>.i..u$.."-5.]...#U.*b...X...W.I...H56..}f.....sR.{...%....R...U-....p#.....W....c.C.U..'...!-.J..(..Q......(.S..@i|.....)i.R|.4cL.9..Z..Q....m.+w?.]....<y.=....\..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1996

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6258
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.951351390985654
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:sOYiGBRkXVlICdOTQr+cXESY6SFnxwjKcD:swGBRkXsNW+djnxc
                                                                                                                                                                                                                                                                                            MD5:6D9E498F7C0CB5A615B80B432C18B22F
                                                                                                                                                                                                                                                                                            SHA1:F14757B8E9BB6578D8A2D330D1633BC28BFCE5AA
                                                                                                                                                                                                                                                                                            SHA-256:A0F132F4B3B3C74AC0BF147DD797E40800F2FA5FB9AE1682F575FE8472AB6D6B
                                                                                                                                                                                                                                                                                            SHA-512:F568C5428299AE83656AE6A2DCDC2FC2A719FD3C261CA0D97E1D000DC16C5B384A204FEB81CCCDC6A5E3395CEF832A7317FA947DADCFCF332BC71483FB52E59B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}Y.].y.Z..>w&/E..eQ.5Qi5.k;...#..R4H..H../.C..h.P.!(...A.7..'.........d..lK.@R.EJ.Dq...9g.....sxI.x9..=.8w:.......o..$l>...6!..k..M.6...k..M.6...k..M.6....Q.8\....._..<...W..+.:.@5..u.H".<^a.+.P*.S>0...c.....1...c...*8JW...$.8.J..[.|..'......RT..!%..o.{.c.O_3..C...=7/k...,......f.?...e.^.^mueMBe `.....~..-.x.....W.....v.....I.hl.............s......Y'...D.A..u.......wNL.....e..r.5.(.4.y.P...N...=..c.s[POZ.X].W..U.$.e.A#.-..>t../.9s....r...Rz....`. $)...G..?.|.......?K.{.$.I.M.....E..&...\...S....~...].j..\$..........%......<.x...T5......'.F*..R..f&l1...9...._.5..]...)...K....i,.D...'.O=v.....1?7...}..A.:[.....]...2..-=;.......z.}..-.!..G..R V]..Z."O.4|.K'...k95LU:6X9p.......*.. ..H...J..S./?|r....g...H.K....%..D^...~....vEHhz.#j._Y8|zm.....F...N..H..........GO-.....sjK.r!..^....J.u.]...C.._{.+.kK.2Z..]........Mo.......`eFR(0...$A8YU....3.<

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1997

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5771
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.93256311524083
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:US55Q75x3qvcbISFZJSQqdsTmK6/h5ayCPfWNPwVS0+Jexieir9rVWB6TWFR:T55QdxaUbHFPSQiS6zaZng4VF+0oeYPQ
                                                                                                                                                                                                                                                                                            MD5:8BF53180422D9B4872843D52FC91DE7F
                                                                                                                                                                                                                                                                                            SHA1:E691949B707EC7CE9ECC55AD3EA87AE6F21E0842
                                                                                                                                                                                                                                                                                            SHA-256:0109137E783143FB84CC4044DBBF624FAED1CBDBCB853A266811C2F941FF2971
                                                                                                                                                                                                                                                                                            SHA-512:860667ABD3C342E19A00476C12BDD5ACF5651C0D0E15792823F361197F47930781A2C4C92516D28BD13DB2035398442C478E17F44F5A7157C617FF05BC99F1A2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..]k.eWU.....{o?gz.3...$...AI.Q#..R....e....h..XZ..*-.._PZ......!.(..B.I.D.$..0$..c.{.5.....k-..so...3I.tbfN%......z|.[k.KX}..........9....97::....i_.D..D.Z%..eOD.PU.i.......k.j.......B..V.....&U..+....NMM.y.*C.73U..*.J....w.}..Kd......SZf..k.,..g..DP....G.y........D]Y.S.n..gO.8if"b...B0............kY.Y......vM.j...;$.?dkQ..4u......%...f7d........~..?..O.v..$.s.?ODI..I3.z.{?..x3.....PU...~"....`.k..9....y.....R.]..UFa=....s..i...w...W_}...ja.ja....w.3.b.JsC.."<.L."/.....!$...f..t..e...r]a......;P4CSY_X........J."..z..[..[Y..DB...zQ...t..w..J.Z.U..y..}...o..<.....!h.)......{..l.a.....~..7..j.x"~.......L....^hd.....[....|.A.....(b.7.[.sC...u...l.d...3..\y...\...o.o?.f....s.,`.....C!s3*]...^.zG._y.u..{....ymU0Dd4E.G.k:...6y8........3..........H03U-.blr......O..7.IT.3.+..<?5=....[X...#,..5p......h..../.\zu....A.(&.6.H..:aRv~yi.m?....?..N..I.g..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 1998

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10956
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.941064928711183
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:q1U/7U9poksB8AAKK08NUURZTHFf/Si2aJYOo28dkeBxSYAN+m8Gdr:CkchabAViUflfqhoDnebSYAN+m80
                                                                                                                                                                                                                                                                                            MD5:C8D6B06F2CDA496FA9C62BE62F72CF63
                                                                                                                                                                                                                                                                                            SHA1:A5FF13E6AF1B0A9123763E4CD4CA699B21BE1A81
                                                                                                                                                                                                                                                                                            SHA-256:AFCADCBB2411338BD9519DBE6D3CA9F2D39E8B418666420631C49883B1289545
                                                                                                                                                                                                                                                                                            SHA-512:0238E2944A780A42662AF563F28020ADF79438BA2F3C3C7B078A179D850DC79E4A29BE7E56BBD567FE4C7F664926172CA2083807917B7AF6B04D27A0AA10AF7C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/solitaire-xl-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.*..WEBPVP8L.*../c...M0l.6......._o...O....s.C......h..G.o[qI+4....~[......jE.E..Y.a.,\E..:.....".6.....$....C...qg..b...$...F.._.#w/..w.z.......}.PN.H^.....${..C..I.].q.Nj.....8Ct..1.7F..)b..pV...,.%.zO.n.D...ST..].T.......5Q..2.D1d....D........0f.._5..f....(.r.......l3%..!B......8;&|.b.o......A.{..'w...{T...h..&..?.=...B..\.@8..8D....m.$.Y.`...@..M8..2.L...`.lM.7?7.0.D.......P.k.Vm[..R[.c.......I..5..40.L......7.9g...#w..F...m[.Y[.}...([.-.Vs.[.....!...h...$I.l.$...}^....1.....}m...c.l..gH.......YY.U.^..m.....^.\...sf...twM1#..;.l.v"I...d..U..3f......3fffJ.t..p03I...d[.m.".\J..u....X*0...`9H../f.o.N..s...].kI.d.y... .1.D.I.|&2.*g..+r%I..I.m.m.e....7.#.$&..`.._..ZI.-I.%I.m!.y.{..?s^'#.c....P2....MI,...&.......]....q+.O.O,;w.~.~...B.....uA.....q.8.h;.A.C....X...X.%......p#l.]...@.e.T.g.L....$....L....S@.Z...........A..~4.qk..w......bT.+.G.v.(..=.....ruLPK.cT.:,W..k......}.c^.yi.(-.....j....P...J.Px.......<.yyx......U..v.w....?&..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2000

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10090
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943703508912908
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:7U05l/8QWTtbdmHJ2+KO/iiNwcJoZg8XGTBFGYUDIQ3Iwjx7Q2RM:Akl6ZdmHJ2y/inqBoGFF61W
                                                                                                                                                                                                                                                                                            MD5:DEA7CB97C74B748DEE1815C0260F1D97
                                                                                                                                                                                                                                                                                            SHA1:46B4781BF30E49164EA839D9346821D0FF934919
                                                                                                                                                                                                                                                                                            SHA-256:E9058AE40977C9F7B297206ABB58213255813255993469917EF1B99AB304B706
                                                                                                                                                                                                                                                                                            SHA-512:C7B5DE1D740DD8E5410F8C2F45577FD2B2D988CA9B6FAC00F6C8DD5FE15BF946C41D53D0D47DE3FD99759A7C730D17C3DCCC43756A2F8145243F34A495C05C65
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/autocad-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFb'..WEBPVP8LV'../c...M8l.F.`.......{ED...n....fw.G...F..........s...eKJ..M..N5.?...............n#I...$....JD.....p.H...V.....9.#a..4..G.$ER..e#....|..0..../k.......d#..D......`z$..`..m.#.K..`G.'!.......2e.k.bZZ=...?/ c0....u9............J..X.."..>O.....;.!..R...O>!.F#.H$?.+..G.<%3mAf.....&...y5z.$.......E..L..`8...v .......3.O."?...m.).....D...5.A..E.F..X.....h......#.H.].J..............35......*....Ir$I.5sL..N.{N.+. I.$I......_.w..E..$.$.......{...S.(./p.m Q....%.m#H.....pn....mU.m...>..LL.9.Z......y...1.. 33.bf...0Ir.$3.l..jh.o.$I.j.m..R....63................<..s.5f..[..}K.dI.d[D,f....S}XgFD&.|V.~f....*..........p.#..T`UL`...p......#Fx........ ..DKd.v.7.V.....#.R...J...............9|6.l....&p........xPb...!....#M..F.A.].....Z%..b.G.a &5.pz0...M.....`.d.........At....~....A..-^....0....t.I....@ak.9y.aIX.(Vc.N...7.F...A.O}mh.......k.8..8...20..|.JFt.FJ.,...S................4m....... .../WFT.@o."..}..v.C..).P....E..... A......4..+..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2001

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9856
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971005583601277
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lc/DTPqu+Fi9CGCOwGJPHPcVHEp+O9kzMY4CDBSzXdHdZZxHr6LmiSbqQv4:m/DTy/oQhOrPMEZkUCIXdLwmlbS
                                                                                                                                                                                                                                                                                            MD5:80A96794C890CCC1A6972ADC135D5D5F
                                                                                                                                                                                                                                                                                            SHA1:B9F90A8D4DB2D78A68E427757AE5EC133A570BB7
                                                                                                                                                                                                                                                                                            SHA-256:C21784E366BFB57550199A3996600F6331E29B5E0C297F63AC0D17BA1CA66EB5
                                                                                                                                                                                                                                                                                            SHA-512:F486C90195D55B2D945BCF907CE4EA08A2D85439E97DCA541F45190D7F0DFCA0099F21A3D7B90533708126205DE29C23397A5661B569FBF4D23A5F602B973CDB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..&.IDATx...TS.....z;.{...>..vp....u_o...Z.:bU..l+......)!.d`v.E.Pd.!.$@.0C !...@HB..:g'...ZE.}....p...9.|....A..|..h.G.....}.w...O.....H$...B.phh.`0. .]...?)@......_..........}...w..Pkt:.....].PR&.I.P..........pFFF.z...HSS...aaa..q...Z..'...d.....H...J..\DA.s.^...m..sl.k....x=?....&.)##.@...s.V.......Z........B..d2.e^.|A..P......H..L.P.........Z..V..W....LMI.2..K..K..3.>.$RnnnQQa.@0n...SaYdA..$'%...L&..=....F}}ttd...7.|.}......e..,,q.(:*..d=Z....`F.p....W..VB..8j.9......2...6......-...~p}@&sqv..}..|.._{.".=kR ..._.H?..\Q^....u..r.n.h4@I.F.N......R.....d....w.9,..t.....!::*9).........@....iT....S...n........~...Oml,1!!2.7.\.....................UJ.L*..%..d..`T..h4..A..U....{%...D.P........Q.O....]rrRPP...Mg..R.....f??...hxh.W"...H...^..W.+...e.2.T.'..I.. P.....S...7k...S...].........w.,.Ji...o..I.==...U.E...{.@..;q.X.P.i.E.>......IQ..#h1......}..7.uu.e|V..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2003

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6836
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.885042984594257
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:oBsD7mlXgtjVIYMQ0qoOkbUEBLEKotffqGUqI9xp:oBpXgtBInbUqEHVUpZ
                                                                                                                                                                                                                                                                                            MD5:6F85B12C9702EA61129CE46707C13996
                                                                                                                                                                                                                                                                                            SHA1:4E6DF0BA43CAB98060C0520A46DE7FB0EC3E8937
                                                                                                                                                                                                                                                                                            SHA-256:63A9A92F2754D7CD462E7F965D42C0DC0466E4E95BA80F7884D97C7738163AAF
                                                                                                                                                                                                                                                                                            SHA-512:465C02D1866461D5BC0655E0BE65B7EBB7D209AA46471A8610BEC14E0598CBBC12F8CC939BF449F266BD452E14152A2F9E66552F7ED2EA683F00365BEF5A99A9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/desmume-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M8l.F.`.'...d....O.D.......P..v..Z.).?...Ca..2..t.G...&dw.#.nYY..$[.......sw....H.U....~p. .hX.F.F.._..+a.K.'...q..!`+.o.F......qaC,`...C....%S.^s..7dJ..xDB.AMMXK.G...s.|.?\|.....7.../.dv..G..o.....5}3.....(d h.6I...v.BDL.(...,.t.5..7_D..........@N.............'..@\.Uv..UZ..d.-.?.?.. "&..m..m.>...Z..}..m[..Z.m.u.m.;.5G...o...m..J....,1.$E.<......q:c.0.m..-.1..E..^.....SVJ9+....m.~.6..6#V|...?.$I.$I.............y..y.e.)..$.d.D.<".....;..?.o..`...w.......T.y._cD&.R...../L+Z0b.X....;s.......6.....$#.......e.w.....o.4..M......_Xt..@.1...8.U.2.3...)+)..&.T......`.........S......Y...dy...0.c.1...&j.@.9.X.........!..w..A...F..Z...'.."*.`..+3.:L.)...`H...3.|..2...._....u.A#G.`D..H@b01.YB......)`p...{.PH.G...... ...Y..R....A.."!.0.1A.f.F.?..V..#..`D..~.i.@b..D...>a2..........._.....Ha.Y..0....a6..t....7.......X..+.. . .o....`&......8....W.uaX...9]?O. .........#VC..(..1...rb..L..<i....7W.........\.%t....$..r..M..6.....2"F.t.N

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2005

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2912
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8970847607749945
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:tV2eNyDuFy9voPAvgHWN4+pAeq7MN4E23gk2/AGdIzcC6zYFqVyfPgCzx0OvYghH:nvFFuvhvg2NjpqREYi/pIzqMfPgCN0OB
                                                                                                                                                                                                                                                                                            MD5:39572B3391275189DA0A70DCF9D43065
                                                                                                                                                                                                                                                                                            SHA1:62540E1656C5D8DEAB20207239669D265EF85BC6
                                                                                                                                                                                                                                                                                            SHA-256:A6B869DE7BC398D17C09F2BE6E4F797ECEFDC8166216C6BB4F4E69BCA07AA1EB
                                                                                                                                                                                                                                                                                            SHA-512:E149DD07C6DBFD10B6883E9C19AD3779D5911F3E338771A7ED6B0059A62FE28D6B1B96540AFC7CC1ED7765EE50BE10FDB8727626FC25DAF18087D1F26D9CC7C8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/microsoft-word-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFX...WEBPVP8LL.../c...M(n.6.....Izl.....o.46......$'A.D...n^g....$9R...+..z.T...=`.IV...Q...Wg..W\.m#I......cf._.....t..28^4`..m.....1.... ..b*.l.e..L..L....v....j..I...*...d._.ag..t.........nx.wy.s.m[.$i...{x$.33..J..!p...-.."...........wOSd...b..k.V.m..>.9.K.l...b..plvi..+fs....}....j.my.Z[......tYR3.^K..0.b.f:D.....K.On.....%.P..@.Y2.c.H.hu...s...o.=*V.(o.a....KN...F{...W~.?.7../.5..|s...N..\..X...._..g._k.....?u.W.<..?."Vo..k.q...yV........Z...c.....57q%...........g2.+,._C.}..........c.@kJ.......v....s..a]......c..v].YX..)].9.b.L.....a...0.`.........a.1.5K.J2.....=..{{.,....t4....)=.O1X."}..1.F.....<.84On...3...eU1`%..>../.;..6`|4.....IU..!.@H...]/{.FR%.....>~...i...).qI......Q..*2.2.k....l.......I...Ik..5n.4...H.,)...W.SC.....R.....59.........Ut.9........WCQ..hY.....%.*.......$..@.p..?..8.y+[..$........bh.....%.*..A......e...~.....XJ...*.T.".Ix...pI....U\L.T&.&....'.../..s../L7........4.;7m.'o[...F.c.B........O....}.z............m7

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2006

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (21224)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):24203
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.349731623672621
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:PLX1wtH+NTv0vDckjUhzU0ZppJeiUGg2TD7eC43YU/Us3ZYNbHG3W5AJdME9oPaV:jKtPQOaG3WFaoPaIK/zn
                                                                                                                                                                                                                                                                                            MD5:F1DFC75C82E12DFE846D5593978E422A
                                                                                                                                                                                                                                                                                            SHA1:12E580A708B09C9A8F4CA7CCBE9DD7DF32EDEE60
                                                                                                                                                                                                                                                                                            SHA-256:08204982C484FAF6890C60557A4E642971F17625DDDDC0559DC0E3CA728AC9E0
                                                                                                                                                                                                                                                                                            SHA-512:623412E6D454104251215E38A0F365F879EC70F77306769F5FA40E144C0EAB43237D1FE13B92031AD5848071A6A8910F01576F079E1A0904F4D8DD8959D922A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
                                                                                                                                                                                                                                                                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},ba=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},ca=ba(this),da=function(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}},ea=function(a){return a.raw=a},fa="function"==typeof Object.assign?Object.assign:function(a,b){for(var c=1;c<arguments.length;c++){var d=arguments[c];if(d)for(var e in d)Object.prototype.hasOwnProperty.call(d,e)&&(a[e]=d[e])}return a};da("Object.assign",f

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2008

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17475
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956983632916116
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:P8z96Qpl6b3nx3X6wdfho5funWGk77hQeggoQ:6plgh3dpnWfJQegJQ
                                                                                                                                                                                                                                                                                            MD5:92BD2D4ABF64AB6B2D5411F931903076
                                                                                                                                                                                                                                                                                            SHA1:ECD4879BE9E8948C2CD02F903346D90550993049
                                                                                                                                                                                                                                                                                            SHA-256:25E50ED2B59A3DEEC6637B34023DC4D3C12A0AF6CA117C17B73B202723E9398A
                                                                                                                                                                                                                                                                                            SHA-512:B9615F3A397C865B552F1D1D2D1CDDB925F2FC1B1E8B10C8DEF508ABB4B7041C267C954EAB9F2ED98954C60C5EEA9FCF1DAAFF0C9783957678C2889C61687E7A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..C.IDATx..w.mir.VU_8......7ofv.3.(..L"@..E."i.lJ...0l.. [..2..@Y.DH.. .b..%..&..s....NNo....7.s.P.?..7o..$P:h.}..~...._..WuPD.?.C..@.'....(... .H xv..... .D....J@#.D....:........<.:..B...f@FMT...(.hB. ..".O.$.>..D.;v%.....}..D..Q.Y.R.Yh..5.9f..........C..J" )..U..k.1Fk.....X..............P.R!....&.T1V.-.;6.\....@...Q..z..'F.. _....K....6EY.eY........"......w.i......."......-..Y.b7.R...Qhj..C.! ..x.A|J0........s.2.y..4.XD)2F'..'`,.r.I........."..Z ....U.s.s8y.O.-x..d~x.."%........|.$IY...t.1N=5S..g....d.x..&I.WF.)......D......z&..g/..zr....Q.z.b....v.Er.dy3s...d:.M._@y<..g=&...D....L....u.$.k.....<.qe-.u....Q]...4O.c3....ke&..;.Q@Z....9.(.w.z...=.cw..7....<.O...M......-|..K....K....|..,Il..UD5R.........=.{.\.<{e.....cq!..E.Lj,..@......P.D.!..!..B.^1.B!%.,...u.7..*X..[`u..5.=.w...uM...X...3..k..E..S.Y.:.7.."."..*I.=.1..*.i).......Go.....z.?.H.Ii........^...*.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2010

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10260
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.955513310145621
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:fhu8o7wzJjA9wzx2U6QItXSwdzbhFTAkUUaVkSMRVAHpQyQIhgkV:5ur7wzJ7x1zI1dhFTAj7iSMRVAHJV
                                                                                                                                                                                                                                                                                            MD5:D10C98D1F2F31D5C7557FA4C9DDDB9B3
                                                                                                                                                                                                                                                                                            SHA1:8A8C8C96B854C3D5BEA8BA3589A403A6D6476653
                                                                                                                                                                                                                                                                                            SHA-256:1AC6DE64D219F5542D6452BF6C6CF5CD826DE5953052C5CB3BE506347762A828
                                                                                                                                                                                                                                                                                            SHA-512:57888041438F986368F550E9397EB847391594863EEC45A28A21F9A90B3B41169E2370F8FE2BE0C6C4A6B8F12CB81E906ED172944B0E283A37223D2CCD6D2BA1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..'.IDATx..}y.]Uu.Zk.s...o.7s .L .I...V@D.2U...U..h....._.jm..~.. E..u(..h.d.0$..$!...$.x.s..k}..s.=....I.?}..s....9{....~..."..x... .?...y....."......">.7..lVv..>........}.)D..6........KX..|.5"....`..;.t"V..-...pS..y^....p5..K..hx..U=.yf!..Wga.o>.U..6 "..#..7n....F.t..0..|.7..=<{x......`.E0..s...v".Hs.'.4/%....%.u.K...6......M....r..{7.q.#....T.)E...!b'.@.)".ED...kmow..K...3O9i...s..UR...jm.~f.^.(.9..F.u:!....V.=M...... .D.5F.A..o..V[....L\).ZF.R..UP...c......;..j...LD..K.M....P."... Q:uf.;w...../^...(/.Q....{........;v..U..6T6.(B.t....c...^$...a.F+R....RN.J.#..GN.......f.G..6B[m..X...h=/O.:..lJ.1.7)...4".."jM.H..Z...9.h.v..y.W.;....R.t.V*)D80:v..<...sd...|.N........TZ9Q!...F#dA.""E...!....!`.4....Q.X..,3..O.`-#..+.3Q/..`>.*...c.UJ.."9eGD..(....* ...7"U....k9.....[.x.......Ys."............((xX*............BN. .+.zJ!..rn}.1")....)DL....".....B..6U...ffk .;.X[.j

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2011

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):210580
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.470536325169631
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:Wq27nItFVerLt1hgpeKo4joS2k4OawyiVrMg6i/i:WFDUALt1ipeKo4UiJs
                                                                                                                                                                                                                                                                                            MD5:86A37C359B238F8C198EF0452886AFD3
                                                                                                                                                                                                                                                                                            SHA1:C0DF761A37144B866DC8E6F4736248832B5377D6
                                                                                                                                                                                                                                                                                            SHA-256:63492DCF8FA2FB817340D17D053ADEF3FAD08E3E6A851749221C62DD632C6AAE
                                                                                                                                                                                                                                                                                            SHA-512:C55D0B7029F76A4B5F9811AA4753DBDAC43756B52C637A2C28B18A026D679A405B64C763838629C3A2A13362A49E8DDD952588F94F211D9585614F9E80CD6B70
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:(()=>{"use strict";var e,t={2131:e=>{function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}e.exports=function(){for(var e,n,r="__tcfapiLocator",o=[],i=window,s=i;s;){try{if(s.frames[r]){e=s;break}}catch(e){}if(s===i.top)break;s=i.parent}e||(function e(){var t=i.document,n=!!i.frames[r];if(!n)if(t.body){var o=t.createElement("iframe");o.style.cssText="display:none",o.name=r,t.body.appendChild(o)}else setTimeout(e,5);return!n}(),i.__tcfapi=function(){for(var e=arguments.length,t=new Array(e),r=0;r<e;r++)t[r]=arguments[r];if(!t.length)return o;"setGdprApplies"===t[0]?t.length>3&&2===parseInt(t[1],10)&&"boolean"==typeof t[3]&&(n=t[3],"function"==typeof t[2]&&t[2]("set",!0)):"ping"===t[0]?"function"==typeof t[2]&&t[2]({gdprApplies:n,cmpLoaded:!1,cmpStatus:"stub"}):o.push(t)},i.addEventListener("message",(function(e){va

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2014

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7332
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.95947106477555
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CpMeqHSF6T/k2NAnKJYtodhYAVdcwu45QXBqakvyDaA+MWrZlBd1l:C136T8iJYOBXCBPkvmaAlklBt
                                                                                                                                                                                                                                                                                            MD5:3E383476AB5A358C8104076D28A9FBF8
                                                                                                                                                                                                                                                                                            SHA1:1DF4DFA63202761A798DCA0E6DB82A852900D143
                                                                                                                                                                                                                                                                                            SHA-256:BAF34051FC717F4E381AE7B405593D0226AB7B3DBF1ABC4E7AB5DCB9B712CCA8
                                                                                                                                                                                                                                                                                            SHA-512:8BCDBADBFEA2FBFEA4D2A14AC211AB36B67FF96136B0DBF9C5A0484B86DAB9AD176976F1614470BE9FD497B6B4F2808D5B71E3C85399C4F84722B46AA74BABB5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/geforce-now-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.....m.F.b.Mn..........g.m$...X.n{-A.9.."..........tJrUD.=.T.3.$...ms.d{_t....t.....Mk.O..........\.UU.w..Sa........s.'+..n"I.d]).t.I.r.p.....O........up]q........p.o%)...;.....0K.~q....y......@...Q..6....j.=..$...!..=nj/..Q(.$.F..=_..A.Br.........Y6.P(6r.h#i.Pb2...NA..F. .....`8.:.`.....u..3..n6.....vn.....X.}.=]....in.:<.O.U....$......".......@w...H2...03_.\33.2.=3..Q.....(K..`.Lw..^H3.3..../.KJ.[g.U.2a.K...=..0MyK.tJ.U.d..z.].s.:..W.\)-.b/..&.Z..5.'...SekkgA~.*.m..m.VJ...........m.. .`.vh.V`....[..%IRl.-s...z..-ff......L..G.*.c..._.R....(ZUB...."v}......?.'...>.4..c...a...-.......}"p.N......_.x.9.......J1.J.i..T;m'YQ..;?.>.i......l}....5.7.R...P.fU...U....>\.....o>...#....R.aiw..6......a...[_....{./~i\_..AMW......V.....V$MI!...C..Jh..C.q.;. `kHtHK......?....3m9..$B.....MT...S.1.)1e..=UIM.R..v..4dn.I....`...$.`zi...6V}{..L&i....N.<..Cr`Lw...K.....F.8T.eQ..A...k-..D.......@J.P..VM-..:Y..y.;7`.Z..iS....:.n.V....._.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2016

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (797)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1994
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.073029267772446
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:3JJfYau7pDTCj/MIpk050KiUMjfrVcxBUMcppi:wauIrMIpky0KK5ckpi
                                                                                                                                                                                                                                                                                            MD5:44A9D35AC0063306CC6841A612D95D31
                                                                                                                                                                                                                                                                                            SHA1:4FFB41D60BC4BA6A526A40A1CB21268B6AD41CF9
                                                                                                                                                                                                                                                                                            SHA-256:835188B45FE5BAC6F41EA7DC15D48148FC99E81F9276ED0E90F3FA5E79900256
                                                                                                                                                                                                                                                                                            SHA-512:5DDFEDB11BCF5C38399CB6314EFF516D341F03157D3E7F4ABFC269523A2532897570B9BFCC205076E3000E3B607B5FFEF9C3B0E326AC5DD02B43932D1EB9F97C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms/static/js/flickity-bg-lazyload.js
                                                                                                                                                                                                                                                                                            Preview:(function(window,factory){if(typeof define=='function'&&define.amd){define(['flickity/js/index','fizzy-ui-utils/utils'],factory);}else if(typeof module=='object'&&module.exports){module.exports=factory(require('flickity'),require('fizzy-ui-utils'));}else{factory(window.Flickity,window.fizzyUIUtils);}}(window,function factory(Flickity,utils){'use strict';Flickity.createMethods.push('_createBgLazyLoad');var proto=Flickity.prototype;proto._createBgLazyLoad=function(){this.on('select',this.bgLazyLoad);};proto.bgLazyLoad=function(){var lazyLoad=this.options.bgLazyLoad;if(!lazyLoad){return;}.var adjCount=typeof lazyLoad=='number'?lazyLoad:0;var cellElems=this.getAdjacentCellElements(adjCount);for(var i=0;i<cellElems.length;i++){var cellElem=cellElems[i];this.bgLazyLoadElem(cellElem);var children=cellElem.querySelectorAll('[data-flickity-bg-lazyload]');for(var j=0;j<children.length;j++){this.bgLazyLoadElem(children[j]);}}};proto.bgLazyLoadElem=function(elem){var attr=elem.getAttribute('data-f

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2017

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4212
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.90150367246126
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:8wkeCG34kGy5q+mzFmI6zs3kOUL+ZrnTS4tAZIKtm2Wd8QQ:8iCGNY+YFx6zUZ5rnTZJfHqQQ
                                                                                                                                                                                                                                                                                            MD5:63D8412E439E1F6C1F283D2777CC5683
                                                                                                                                                                                                                                                                                            SHA1:20D57015DF4C8FA24001841C30D8C76A1147975C
                                                                                                                                                                                                                                                                                            SHA-256:868A8EA19CAB033F970673DF4858EA93EC55490DD47E0F5C00632AB069DE9915
                                                                                                                                                                                                                                                                                            SHA-512:263871D2FEDDE54A4C4810B1F659C2B12E1E6292E36361705633B8B2895213FADB1B909EAF82590754192382429C0FCD6395539D1226F359AE3A0081C44FD748
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/microsoft-outlook-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFl...WEBPVP8L_.../c...M0h$IQz..z.`~.........P.T...&........r.r.<..OP.......Y..$I.R<.-.........$9R.>....o.._N<..ml....?D....9T.n....O.~V|.?./,....[.R,.^.c+e~..p^$.sT.m.E......G...G\....P...K.].....;..X..Y.:....,i."=..@..y?J......S.....8.S.%.).@....;CA.6.....e....s..Y.l+.......v.`...I.\.mK='Zx.i.v.k.KV..*...sp..N..[o-.&7A7.m.V4.AYdC....4....W...$......7..o..{.tL.g..F.m..%G...33.5<..`.#`f.R...).!"di.Y...|W...Uk.$.....?.....L.S.L.S.j....Tbff|...%I..I..GV.8..x......7...VUzL@..]f 0..W(nTX=..R...a.+.P@1.\.4.V.e}.@(.EO#[.R.....~........q`Y..HO^..W.wIi...+.?~.}./...c.Q..Pn...z|...Q`..0..>|?..{.... 0..o...j!b..4..'^.,.j.M4......z.h!...8D.@,...4=.scqjP....j5..s.....@.....y[..`.@b@c..,......*......9.r.#./\....a[.. .R..Z.$.d.0.... .c.v..~..u..!&..$xg_g>n...s#.....3...l.da9Hj..G.."...20....C.p..'.....0.SN.....-..U.P.@q..F.. .=.. 2..P.;..U}.....1.-pp..Wy....Z....".].NQ.O.jK~dE!..x.dL..e..b8.....D..g..o.:.5...bR.<.......}..WHU..,......@....|........>t>

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2019

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2020

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65439)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):145942
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.2437271650195285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:X/HLIam+nnwlK7gweViagwQKnvc3crPJV9oYmdh468vZEc8YdX9JI+:PDnwlK7gP4XDO0+
                                                                                                                                                                                                                                                                                            MD5:8A9AD568D94062C0186983F6AAC0BE50
                                                                                                                                                                                                                                                                                            SHA1:6ADA7BE1D7E465AED305AD492804066E555E855E
                                                                                                                                                                                                                                                                                            SHA-256:0FAB57543F51269755C854C09E1A361E6A3C04AE97B28B483AE00F13DE630E9D
                                                                                                                                                                                                                                                                                            SHA-512:7C98625906E2AA72E3F84FDBD6A3352AA10467A454042BD06FEE71244473D47FCC81DC5012E0FC3E1766B3C273A3F89DB54E59D288D67ABEE7C930AF3A507C1F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.id5-sync.com/api/1.0/esp.js
                                                                                                                                                                                                                                                                                            Preview:/**. * @id5io/id5-api.js. * @version v1.0.47. * @link https://id5.io/. * @license Apache-2.0. */.!function(n){var r={};function i(e){if(r[e])return r[e].exports;var t=r[e]={i:e,l:!1,exports:{}};return n[e].call(t.exports,t,t.exports,i),t.l=!0,t.exports}i.m=n,i.c=r,i.d=function(e,t,n){i.o(e,t)||Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:n})},i.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="",i(i.s=18)}([function(e,t,n){"use strict";function i(e){return(i="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function o(e,t){return(o=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(e,t){return e.__proto__=t,e})(e,t)}function a(n){var r=function(){if("undefined"==typeof Reflect||

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2023

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit grayscale, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1611
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.792925521411799
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:4cEiKswjEQZujhdet0ylUuhCt1xwsImCkBpe3LDRzGv8H14PW0b+hhtxxj3xX:pKIytJUCEAOBp+DRzGv82P1wJ
                                                                                                                                                                                                                                                                                            MD5:E79FFE4C0D858391513D3544D8A82643
                                                                                                                                                                                                                                                                                            SHA1:47C773F9C0CF973ACCD76DD9D92298E91AF35DCF
                                                                                                                                                                                                                                                                                            SHA-256:A11C04679D136CCB1811A4D6A777C7050551A2C0DF40727D934C00DA344C7460
                                                                                                                                                                                                                                                                                            SHA-512:65B4B57E42F29D8E1C35CFAA696BDF92EB026B165E3537271CDCEE66DF8B70753873D2E48C41B89D3C8161F593AE83AE607C935B6ECEF46256A9ECD136D4E794
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....U......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..k.UU.....sF.i..Qs.I..C.T$..%4.@.T.4.........(.....^#F..D..a&.:.!8.S...M:.=g........s....8..._k....`:.^]y..")>....?.4C.-.O`...P2x......d..eTa.4}....zXK..R.P.ADD.Up..<L#.).."".r...X)...I....W./...~P....7.t..1...Zx)....<g..kV...%J(.y.4.Z..:......|..I. !.<...^.#..C..&...G\....\..I..r....%A.Y.e......QpQf>0s?.)H.-..a...u..a...;......a.U...A.3.^........Fq..c.#.....Q.......Y =....O..A..Z.D.....\.9...a.ok.0...-....s(...i...........-v.L....T3...0e1R..Z_...2...vF../A.Gw..9.]....l......z.....<>MQ..Y<#:^..j.}).p1..x...<8-......f.....k!4..)5/4cL.._+!b..x..-..pT=F@B..?...jv2.d.H.WQ.L.aC.((..D..,..R..%Q9..I...../E(...D......aR........usn.U..c....?<.H..d.8.5.C.>TV......iM...M....vq.v.!.n.5..s....Z=.;...b....n-..y)XW.O...m. K.\.mQA.F...l9..`n.t3(..;n....'..Pxq..o.....z..H..cRx..q)\....._|j....0.w5.4.0.C..P...%_...8,&.=..k!....j.^....qq..c...*..(.]..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2025

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10184
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.942560436543751
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:BxydCXaLQgOk6f0/SHVTrIL8/x9jo+ca1qBjlrZ6rz1xToEgGgLY9:+CX8VG1AyxBcaaIz1xTSGgLM
                                                                                                                                                                                                                                                                                            MD5:3A4955129596668BE425392BD478E365
                                                                                                                                                                                                                                                                                            SHA1:105C91AC235C3704ED7A8AE70E8A5192BA30A546
                                                                                                                                                                                                                                                                                            SHA-256:454255259A3AE066F60AAB86303666D7E8514DE1BD4B5D388E4AEBE41DD84FDE
                                                                                                                                                                                                                                                                                            SHA-512:69E0828AD9F91BC20C91292870349A9E1DB32E1148DA450704D21BF14B4AC48B4A3E796743CFD30B1489ADA8814CFBEE6EF0A7FF112F25CB23F2DC177D68EF22
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/aptoide-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.'..WEBPVP8L.'../c.........x.d,...az..........m...;........u'.....}._5.~uE{.H.....'..f._..1....U5...'..;....(.$.....+.w...|G...IR.8n......Eh.Zp........Zx./.CKu....x5......`.<t...D.$`...@.0.C.},...W..{-4.G.....Q...Zdi..y........luD...............I..J.>...F)%PK.Dn].w..BJ].z_X.%F..4b?.7.V7..32?V..6......'.....Uku.D}..0.C....aku.g....v.....tY.dm.K.....`.H../{..........2\.JK.T..Q..D..W.....H.\.mK-.....J.z.8|.:.g...........p.[.$K.$.BR....c?...?k^....S.$.l.........!.?.. .Q$.........dm.o.q..YV.=p....W..=k.Vc.+....O...$.d.D.#"..G.5&........e.pS.$..m..Gf)..^G.......+3..3C..j..dxL..'|u4..`.)...\.3)T4q..a*..N3E...I...1[R.....<>~.B.)...v..r.1....A......6F..x.VZ....(L.Q..~.. ..... .@q.i.j.Y!....H. M..W!.P....6,.[.,..e........{.........Y.X.@.f.^6@?KD..@.K4..-E..hX*d[K....YC..FkR....!..G.r....J.+.(2....8.@.@.... .,P."...#.2.l..p.de$.<9..l...%.k.M..wl..C9......ldTN.=.2.x.Nw.=..u\5..y...v....u.&C...:......n%J.B.".....#.......a.gP....._...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2026

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (7862)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7889
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.3539189175758715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:EIJHXkovHIdcC9vaE6cyxqI1qwLcIRAKEFkNB+xb+25CqqBFPvAxOn:E2kNdcC9J6co91qwLcI6KgkixbdjqBFH
                                                                                                                                                                                                                                                                                            MD5:FD4F902B789F81BAA379B0BA42C21ACD
                                                                                                                                                                                                                                                                                            SHA1:9F5C7F1B6E8151ED8D54C24A297B27177B38EFB0
                                                                                                                                                                                                                                                                                            SHA-256:6E61BE2F374A0122510025578940BAF7EF8DBBCAF3ECC5F5535CFC81BD1CFD39
                                                                                                                                                                                                                                                                                            SHA-512:6D88550E1BDDD52E4BEF156BD800C97147AE7BA30AA0EB0D0B31815250A119D8C5D165A777B7AA195BB70DF2F2DCC159204F6A3E47EF71D24D7861EF58171CF8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/js/lazysizes.min.js
                                                                                                                                                                                                                                                                                            Preview:/*! lazysizes - v5.3.1 */..!function(e){var t=function(u,D,f){"use strict";var k,H;if(function(){var e;var t={lazyClass:"lazyload",loadedClass:"lazyloaded",loadingClass:"lazyloading",preloadClass:"lazypreload",errorClass:"lazyerror",autosizesClass:"lazyautosizes",fastLoadedClass:"ls-is-cached",iframeLoadMode:0,srcAttr:"data-src",srcsetAttr:"data-srcset",sizesAttr:"data-sizes",minSize:40,customMedia:{},init:true,expFactor:1.5,hFac:.8,loadMode:2,loadHidden:true,ricTimeout:0,throttleDelay:125};H=u.lazySizesConfig||u.lazysizesConfig||{};for(e in t){if(!(e in H)){H[e]=t[e]}}}(),!D||!D.getElementsByClassName){return{init:function(){},cfg:H,noSupport:true}}var O=D.documentElement,i=u.HTMLPictureElement,P="addEventListener",$="getAttribute",q=u[P].bind(u),I=u.setTimeout,U=u.requestAnimationFrame||I,o=u.requestIdleCallback,j=/^picture$/i,r=["load","error","lazyincluded","_lazyloaded"],a={},G=Array.prototype.forEach,J=function(e,t){if(!a[t]){a[t]=new RegExp("(\\s|^)"+t+"(\\s|$)")}return a[t].tes

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2028

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuNg4mPAZ5iJAu50-h5KWrVgpPX4B-QPYPKM9u-6pQ_Iaas537vhOKUgUZXYbtqLEMipzGByjdFSlFHHft8YolhQY9aptqv0VpGBDRy&sig=Cg0ArKJSzFCHQ8cE3eBEEAE&id=lidartos&mcvt=27902&p=98,43,348,1023&mtos=0,27902,27902,27902,27902&tos=0,27902,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&vu=1&app=0&itpl=20&adk=135233075&rs=4&la=1&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=b&rst=1698409201456&rpt=3130&isd=0&lsd=0&ec=1&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0"
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2029

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (35529)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):90646
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.560734842537453
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:61M7pe9CbTDS27TMdwvf5UyQLZd6spazu0CpF6nx:ppe92vrUyAZ7F6x
                                                                                                                                                                                                                                                                                            MD5:E4C686EA11223C93EEF8D34744AA9214
                                                                                                                                                                                                                                                                                            SHA1:F16D20F22E05756095AEA9950DC813DBB4D25E5D
                                                                                                                                                                                                                                                                                            SHA-256:4F16E319A98CA58AB38F2DF45B45A5BC555E3C00A744DA376D74FD98ACF640FF
                                                                                                                                                                                                                                                                                            SHA-512:5A67EEC6BA18ED10EB7447369F0BBF4B6C8CC289E86D9CC9FCABAA664B4D4A5A9F815830E909B5505F986824C9ADB20E7FCBFD07C2BA6AA93C13527988D5C461
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/tag/js/gpt.js
                                                                                                                                                                                                                                                                                            Preview:(function(sttc){var window=this;if(window.googletag&&googletag.evalScripts){googletag.evalScripts();}if(window.googletag&&googletag._loaded_)return;var p,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");},ea=da(this),fa="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),t={},ia={},u=function(a,b,c){if(!c||null!=a){c=ia[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]}},v=function(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var e=d[0],f;!a&&e in t?f=t:f=ea;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))brea

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2033

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3954
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.926287913144182
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:lToD9Fqu02+zQEwJySJetiou/PdlZtnFZ+V5Ger5mwU:+7quY+JHotEBZ+fGewF
                                                                                                                                                                                                                                                                                            MD5:463D102C2E3AF82C3DEE392FFD3C53A1
                                                                                                                                                                                                                                                                                            SHA1:66AE16A12DCDE11C88E34E3B8DC05FA46934A3AA
                                                                                                                                                                                                                                                                                            SHA-256:1CDB07169FC995D28B2182EBDDDFB00ED75BBC6C9D4912A8047AA718D3EDE580
                                                                                                                                                                                                                                                                                            SHA-512:BEE8520C6CD8D6CE3EB18B38467D400D3F1D116B79E1052712E8AEC067D6A57F0E2FD6DC064A5263FD49299ADEB5CD6E12F9BBC1078225103EF96234D25BC154
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/curriculum-vitae-europeo-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFj...WEBPVP8L].../c....`.my.[km.......rw_....nu.w........w....8..K.*.....<....2...}.:4.a.w...v.l ..q.....".G.?.I..6..........T.Pe..a.A..T`.&.5+..r|!..K..@p .`A._P.w...K..ionoonlnn......b.P]]0T...A.:!.c<...$!...@O(%.D<.MMS2....zj...B..Nc.&J.....Qu......mG#....!P....g3.v$.@..wP..+.C,C..e.B.....R2.d.h.dI.D.Add[....@0d.S.).....S..).O~.BD.p..d.X.F......:....+.......<..0....pG....Vka.V...))@q.&u..YX..fk.1..$.k...G...?....[... ..s4..1.KL..U.no....?.{.......,dO&.z&O.H...#...!>&VMAh5k.j..<.:_.q..O ..K&.R21.d&f.....).v.Z`MJ"...........?.i..Jkh....$.).L...O.........i.v@,.C.O A.$......bI.&F..Y...^o.SWE8a.......e..?..Bq......F|L`_..Z.Q6z<(J.......$.F.5.......N...*h.'.Kx...-lMR..\.`f..qds4.3..>..<DD^..9.~SC.W.W4...w>..X.<.A4|.=..(.ry....j,....m].b2.B.\.$3x.ff={0........Op......}...|.>.E x;...H..xo.%..w..b......y.^!.....K..4..y4xp..x..0....).....s...m...<...M..9,.;...hn.KrGp%.CX..(..K.O!......L1.).'.d.....`........o.D..P\8.M.W..ky1.......4..R.8N...p.....d.&.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2034

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8474
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.975212901892653
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:IupOraCs+c8XFSr2Kdgh8q7HxpGe4Ydc6i9cFSOc7iHux1+n:9pOraCs5ySrfd3q7HLv26iSE0I+n
                                                                                                                                                                                                                                                                                            MD5:DFE8AC9FABA54E04AAD03CFF60FD2886
                                                                                                                                                                                                                                                                                            SHA1:F3E18B6FB93148E5930AA667B99E9A463353D103
                                                                                                                                                                                                                                                                                            SHA-256:D21873317877FEE9763345C695E1DC2D38F097A6D97C9AC7969A13D6096CD991
                                                                                                                                                                                                                                                                                            SHA-512:DD976856AFADC6D3F19B123069E5DB32842E12AFC43F1F527E0B5A92BFF42249730AB6EDD80F75DF1754EB95BA3CF211205C09C2A8E57F579EC7ED6D6E45E0FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/visual-boy-advance-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.!..WEBPVP8L.!../c...M0.$...Y.....".?..1.C)]t..Z..X...$y...g..6....(..HP.*....nc.V........9.#.....6.mUY.............0p\.V.,3T..q... ..*.s...)....w.7........o'.?Ms...a...._.j.5.E..d....K.....4...U.....B<v.}.......".M .....V.k.j.-f[.j."..%..z...>..m..S..m.m.L..uU9......._.KH..Q.Tk.....@6..D.P..x7....m.)....C....[..T(....YCC..u..q.f.K..?...O.p.6.....Y..P.8....N.i;.....i1.";.>.r6..g:.P....\-..~$e.`..9~p.*..$I.$5...O.....H.$9."j.x...:.......=m."Gr~..*..y.{.v...............06...b.d.9...J...|af.....2sGE..a...eX(c_.m....;....wvt......ef.233...m[.dm.6.:p.qFDFFn_..n.....%....m..{[.F*22O...g..M.m+..K...k.m{}.m.![1........@.c..:*JN1........^/.54..&...+.'...b.h@.$$......$.l7......2|m@.a..@..HcBJ.q....Gy..d..R.S)8x.P*.E...g.8<.,Z.I..g^X. &..#.$......./|.A.yK....f.+.z.H....KR;...}..dx...z....~l4..S... F..'..T.@...?..W~.h.o.`.H..Z. @.f. n...:...... M.u.p.....C.L....~..e.'.N.._.P.d..&q.......fP.4@}J.........4........vy..b+3.AeY....J\..,..tbK...B

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2036

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9965
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96672303597607
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:6ASuD+bOpzEp5mQuanrKSDFEzanLlx1w55k0BtyWgL0a2XR/EUkbVndM:61vOzELmeNFXL31s5jB4b0aYR8jVdM
                                                                                                                                                                                                                                                                                            MD5:CD234879A27D4D07BD49C6FDA03C4246
                                                                                                                                                                                                                                                                                            SHA1:F13A524AE32EBCC2D267B0A1F20CB2336492F2DF
                                                                                                                                                                                                                                                                                            SHA-256:A0768B24C7358BBF498554E3CA0683BC447C4A0F0DD2403AEDCCA394B752A17D
                                                                                                                                                                                                                                                                                            SHA-512:EAB0FBC65B5B6801560BE05E4C617605DADE36F060FDF62FAF04F65688BB758B0DD9ADD207E840902D478569FBA88E537271748AA01B72FC231FFCAAF9C6CF9A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..&xIDATx..}i.eGu.w.9.o...zVwkh..@ $!$.1B..`..$..2..x.....!..'^.ql.`l&A0.......t..nI=...7.w8.j...s....A.....?X...=..W.v}..{...8.9......X..:..9..u..s.......:....,.s(..Y..:..9..u..s.s`....X..0...G.ji...Y}.HU...........x.a.J.....A.a.3L...z..U..$X."?X.@ bU..[..r........Ng[....W.....A.?H...@.&.'.T..;2..~..~......{O.#e..g.;.'9.:.5..wd;>....~....p.w.....Z.j.N....&.0.....w~.........~.&BF.....?. rV......e\....0..B.....e.....7....!.N....5{Vf...v.t..........}../?..[.w....i.0Q1.?.5.6^...wEA.Q....o..............R2.yU.6p...V0.........{...u......!......#C.....#.....\n....Sk:....J.c...Oe].PY..;mB....)..Q...{...G.W...K/......{.q.....UUE......CA{a..........|^__....e.........%...]...........N{2.U..b...Oda.'mlK.S.(x._u..@..N....Wc.x..}...D....y..;..-.]>..[..RL8.s.DU..l...H.....LP..l..`V/..w...Jl'F.G.fG......l.h.{w...o.67.....1A<.p(+.\sxjZ.L.)..W.=h....+..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2037

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8494
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.95881115136536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ihWXAQNURi+ygpiA81MKKDIr8MwFhMAqwX0bbq4Rdhsf/:iYQQNURi9gkvKDISvq1bbq4LI
                                                                                                                                                                                                                                                                                            MD5:E4E405F3F0C0104A4276EDF4109768E7
                                                                                                                                                                                                                                                                                            SHA1:E12CF36B9307FD9AE808EF7F744E5B8B53B5D913
                                                                                                                                                                                                                                                                                            SHA-256:304362F27823C4CB88B7E4BD97F569352716E18C8CB30819BF056EEC18583301
                                                                                                                                                                                                                                                                                            SHA-512:018B11659E15BE42160BCBC27EBF40EAD434EB30D15578F2346C9CA0894D6824A7A8FDBDC8701386168E5A09EBFDDC3BD177A05AFA72F0D7D71F75E998E5C682
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/bluestacks-3-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF&!..WEBPVP8L.!../c.....m.9........".?...*)....u..]).:S.9.n.<..9.9.Df...ml...G....._...;..Q..H.U.?......q[....mU....]v.;T:|.@... T...?....E...?.....;.....}\......ne.ID.l.}=.eO..$."...t+...a..d2...;._.oq+SN..8..i...w`..Wx.9/.Dd[.[.....gyD).G{.x..ID@...~..1.I-..).s.i...7.71...../.r.ve.....unn.Q.M)G.3..@...6`..w.4D..H.q.6....a..^...`...v.m.$.....&..%.bpGp..4".f..........C....)...Yn.r......r.C...........6?W..-m.c.....@........mU...w..Z..rR.....q$I.R...-.7..Xp.......N;.$Iqr....l..`...B.`........?....2333.FK..33(.]....ff..K........o..I&5.}..kW.>......{.."R..G?.......{....NjH..&n.#..T.vH.M.S.SG..2.G.F...j...j`.V...@lZX...@g.v..|..c.9.7.m.)m'...ujw.....mokj...m.$.y...?2".(.m.Xz.m....#..6..m........!I.Fd.....m.......=.:....6.Y=.eWeU:##&.n...$9o.[U=L.bf)....03..-...4U.kt...3O1l..C.e...bu...Lf.b8...<..I.Dq.....L...b@[Ip..-..v.-w..C..w..s/......k.X.Sk.+.@..8S.. .q.*.R....Lf...kS,.....y0..rW&%..I.{.K..P.8...".........r.....k[.c.s...."...~...{M.m.Vz...3

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2039

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9559
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.968359423127337
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:YQ+ktLdUQC6Ftkz8f0sg+nHsh3Jctduk0BH6oYkxoRhM5sQmBXdNm:YZktLiNIfL/nHsT60oc2EK39m
                                                                                                                                                                                                                                                                                            MD5:9B9EC7E4B03DC8F2A25E3414F7A9CF67
                                                                                                                                                                                                                                                                                            SHA1:6556D65745E130452599BC872356BA10C809D139
                                                                                                                                                                                                                                                                                            SHA-256:1201055200D1F514722B7176DCD0F5A1E7B95722474E251BF6313D4674AD3E03
                                                                                                                                                                                                                                                                                            SHA-512:CCBBFBA9374C097618F15656EFE305772E8AF4C39981D59FA6743F3791BAFAA6C7FB8494E5D8A11D1EF6A6B5FD7CB3123E09A20787584FF42245A629943AD918
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..$.IDATx..}y.%Uu...Ug.s....(.6. ..(.<+Q...g^4F.KL..y8.....h.QDE.....I"...M..p..g...z..p.L..n.^r~.w..9u.T.Z.......H..%..[?....i......o....e[.}...!I.(;....+~...u.8.B...rj.?.N.......ag..yJ.(.....p_}.o.....T.}...a~G..3.6.su..1......l.y%..u...m.w..C.......o....3!../w....*W....^Q.y.M..j....CN.%....jZ..._OO..?.d.Q..QRR.Y.}....O.....^..Uo...FD...I.Xs.1[...Q{'4x..=.@. ..].....9...Q...a......*A.....A.E..k...<....!....y..N.....U.]r.vPp!P,)....-3...."....H...04...]..}.......C...7..U..n....l.G.-..;*".?...Ph..-..81N).d....O~z..Q....2.A.U.3j-..P@....] .7|...ud....~... X6.vay{.Zb....8k...Q..g>..Lb@.4..H..|..'~^k.....D...]p}.9..l.>.RI)Zn....Z~.^..k.ELy.G^....Z./.M.,..I.*..g,}.g...Y.......y..;...G4.*ztKS....Q$....*<`TgE<.....z.......X&&.*.`/.k.. ..*.$.L2....T5S...`fx..(.U.0Kz....A;.$#{k..v.....@..L;.....5o.#. B..Y..}J..+.k.; ....tf/.....*{..rp..L...E..(

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2040

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (21084)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):21257
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.218656398361519
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:knMQG5rwVO7dV9nNbRGCB9D45Hkn5vj2xpOxvIAgD75zBi5vISg3gzopL9TidOg3:P5sg7X/jD45eSxpOxvKD73i5vTzwL9Ti
                                                                                                                                                                                                                                                                                            MD5:84415B7368FD6FC764CBE86039CE0626
                                                                                                                                                                                                                                                                                            SHA1:62F238E73348C77EB9E865426A7D1B7DE23CBB2D
                                                                                                                                                                                                                                                                                            SHA-256:C776195AD46333C6C9A9FE3C74502FFEA9A02FAF122388EA3567922CC65A3060
                                                                                                                                                                                                                                                                                            SHA-512:8423F7A626064813EA9D7CA974AC4A3D23B304717BE6853CC10F356BA3A21971C531E2ACF7FF0285B81897BA54BF02265C96F4DCDE1BB35A350F399BA2479E17
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/js/popper.min.js
                                                                                                                                                                                                                                                                                            Preview:/*. Copyright (C) Federico Zivolo 2019. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=e.ownerDocument.defaultView,n=o.getComputedStyle(e,null);return t?n[t]:n}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll|overlay)/.test(r+s+p)?e:n(o(e))}function i(e){return e&&e.referenceNode?e.referenceNode:e}function r(e){return 11===e?re:10===e?pe:re||pe}function p(e){if(!e)return document.documentElement;for(var o=r(10)?document.body:

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2041

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6128
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9600880415306445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:/TlWgUNNVZ1MfPVBVRZ9yAdx0sF6N1WFkl9zqkkzbMEO4hpqoL2gRsoOgGTeWU:/TlWxDZ+lZZ9y6G1lfq1NpqoLlRsoki/
                                                                                                                                                                                                                                                                                            MD5:DEC29F6E4D400EA77642DBBC49B18A0F
                                                                                                                                                                                                                                                                                            SHA1:DEF9FB66D5F6113AF3FDED9238A801EEFB003C2F
                                                                                                                                                                                                                                                                                            SHA-256:5E1DD3DC854696291FA46960EF1A1C446E3FD51D09A7849CA6A36D2B15262C34
                                                                                                                                                                                                                                                                                            SHA-512:DB4E4395EE1D7B56B5738AE81CA22349EC63C32030AE9FF1A32E66259948407DEFA7344EF231FA8A1BF7F69DA922B6415D57E4EFEABA221459A4CAC0FE5FF88A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...{IDATx..][.nGY~.w....>..K.B[j*.\xa.....[.n..]..........(. ...*...Z....xcb...!.(...Z..wO.v...5....5k..}.w[.}....43.<.a....A.I......|..'.Z.W.....i....].Wff....9gf... ...iD ?...t]..s.m.4m.;..j........ "$_..W.........n...o )d.5.<)...#.|.K_../..?x......(.R.ax!5I...K.+.}@./p...[... (.._...-~..RT....4......^...W...7..sf...<......}.....#..9...h.'..;%U<....F..l.... ..c....dI.*F...Iw|.........7.....?.......}..g..f.A...E.xR!!_*........."k.s....go..{...@......#7...#R."j..VK.,c..uT[.Y.....R.....v4@h\.\z..w..{...w.{..._..?8....GR....Z.P.z..g..&.'..psE3.%..h..W..'.|..........S...q*d.=,#....2.H..ua....BH.cf.`$.T..x../.|.c..o|....?j........b.,8....xM...l..P........&f\...Z......W....|..W..".B....oh..&z!Z.Z.xr.f....aMaW..U.._'.h2.......w.sw....~ .%..Gh.UMYu%...O.U.(.b.J.....Do\$JUO..OH....~....G..S.4M....0#K9.YV/. .B...".......~No.._..........}...p.XU...../Tse=^b

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2043

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldRoboto BoldVersion 2.001150; 2014Roboto
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):162464
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.524438741684788
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:x6X+/XYXXXXXXP9kPbVQdSZr/OkS98QSADOy9w4zb4VB22knj+1NmLVhygfTZluN:x+yZQMOJZDboVB22k5zTW+w
                                                                                                                                                                                                                                                                                            MD5:D329CC8B34667F114A95422AAAD1B063
                                                                                                                                                                                                                                                                                            SHA1:0A1793926E2EE724CF2FF3FC7ADC745348659F82
                                                                                                                                                                                                                                                                                            SHA-256:EF2AB0E402D5CB9DE893E263A2C44E57F57FEC3974B0D981BFE84DEC3DAE83A1
                                                                                                                                                                                                                                                                                            SHA-512:34B78978F62FD447C60654E4BE36877EB95AE9B7F616CA59858D2251C47825EEEBEAFD04D317D1E36D4C0FA9122A94D0140A81B2EE69FB08A3237EAC4279BCFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.rtbrain.app/fonts/Roboto-Bold-700.ttf
                                                                                                                                                                                                                                                                                            Preview:........... GDEF.5.5.......DGPOSZ.61...<..Y|GSUB.2....b.....OS/2..........`cmap@&Hr...|....cvt .N$.../....BfpgmS.W...-D....gasp............glyf.u./..9....vhdmxWHS7........head.......,...6hhea.&.....d...$hmtxT...........loca....../.....maxp........... name7.c....(....post.m.d....... prep.6~.../..............F>._.<...................N..0.....s.................l.......0.5...............................N.................................3.......3.....f..................P.!....!....GOOG. .........f.... ........:... . .....d.................-.|...@...@...\..._.@.G.K.?...|...(.....^.9...#...n.S.~......._.......F...@...7...i...d...=..._...V.B.}...9...6.....".x...-.).K.b.......<.V.3.......b...s.^.....U...x.(.....U.............V.).....T.......E...(.D.t.;.....#...........I.9.x.`...9.....,.......4.J.D...o.,.B...B.S.H.......E.z.h...m.....F.o...~...o.{.i...B...o...B...o...8.....z.h...................J...0.......".0.j.B.....c...c...Q...........\...].F.V.......M.i.~.F.V.......~.L.Y...7...0...e.......K

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2046

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9434
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.97790805462771
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:wcAdeysbIOg+DOfesaDUDjBYIek7V0hVfaXYRg:wcAcjJg+KesrDjFGhVfl6
                                                                                                                                                                                                                                                                                            MD5:6923E82566A33CFFE4B1A3ED357E14A3
                                                                                                                                                                                                                                                                                            SHA1:8B7ED9AB58BAA9461672F457C37D6870011701C4
                                                                                                                                                                                                                                                                                            SHA-256:266B290D024808348C02E75193A03BCDDE32353A9A012F38BEC507841C72FBD4
                                                                                                                                                                                                                                                                                            SHA-512:A43DAD2C3D0878D520FD607EF23FC446333783493FA19D2E96035AB263A5036F7B052E22D7D83A35D590DB5FA5049A137846981F0E7B6C4528671AADF17C2047
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mycam-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.$..WEBPVP8L.$../c...M8l.F. ..$.....!..........W%..@w.._.-.M......He.GIl..I..........y...s./...>.n=..p...,2...y..'.<..~..: G..H....2o..3./..pO..m.n...b."._..W.1D...=.......k....C..&..}.C.u.$....}.Y.g..%...2+.k...s....2.+.2...0...7.....U"..>..x`..2.&.5%..4rF..i(IjU..........X.U._mQH3.~.`.d.<....Nh....dU...nN...S8..{.....|..B.1|-;..5KY>............a..R..F..C...A......S....=.UE.fZ./..!tD.Ei'..l..k.eK.....G.}...../X.P.......{6...j./,.Cu.........M...VL.:uTS.......?>S.XS.P.....iS..>.M..C..F.&.TP.&!Q...%.3.C.Ms.....a..jp.1..h.!..KX..H}.i....j.E+...-..l.....L....N)G..H..<.{1:..}..#.8...x.2.v$.m...>O....7.?.Y.......r..O....r./.sb.=..S4.9..9G.:T....u..{.u....F.D.<.t...E..6..9A.....MEev.....P.i&.M.ay..u..aO..y....2...>....z&.....a.....1........b.y.....^.t.p....8R..`........L<.........m..In~......"333..}g.U,..>..'ff..4`..;..]]..A9.$G.d...{r....h.'.......p.u..!..@8 .2..!S\1...g.#...vb.?.H.>;T...c..'P.E<72......P...V....JVvR.N...k.............0I

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2047

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7580
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.968109691964937
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ULfHOERNudT1Jhe9Ob4PYS3EIIbb/iMrVZXR0dor6eJdCI/:U7uERQdT1Jc9Ocg2hib/isX+dUZdCw
                                                                                                                                                                                                                                                                                            MD5:3828A6594A74C732398A5164F7A341EB
                                                                                                                                                                                                                                                                                            SHA1:2A720E2F7790FF034B8C9E12064BC542FF06A5BA
                                                                                                                                                                                                                                                                                            SHA-256:CAF0845D5DB242E977DB0F96BC597A9813B015CB8751B2321C3F0CF082FBA9EE
                                                                                                                                                                                                                                                                                            SHA-512:42BEC2A5FD011572D53850F6355E5A87FA774D2746D59CB5B2627CB4620174247CA04884C1C5BB363C77B289A269C3270E91563976B84BFF8AF72764B276BE07
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/cmaptools-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.....m.F..>9.n....".?..YO.`..0...$S.t.$....i. ..{....1..i..O.V....I.....p....G^.u.,q.?*.N....F..)...x.r$I....`..Px.......0.?'...d.........?.....w..G?% ....'.x.b..Q...8}....XHp.q.i...HS8a....t...(..&.........tj...*.6.9......t..O..8.bh.....i.....".L.DR..(".L%...H&.%.H$....m.H1...ADL@_..,.D,...M[s(.U4...k...-.Yk.n..<.tf...8.'.f.0....<....^`.O.....18.....J..0mA...6.=.(...\...*..d..'..Ni..o.%..u.S.u..=.....DrsP.Mu.a%...5U..v..<.NS..EE%....\........)XK. .. ...A......^.$I.dEf...{ln.;..*......#.M.U..gs.iV..9.s.B.9'.sN.9.s.6.*.g....-.....j..l..W06-../.oc:...8..u.9...}..l..H..aOa..>C.CEM...N{.Qg{.....s..9,..t`S..4'...u..^*8...9Q_`.u....d.p..}../`*(<.Kia.dH.....j..m..+..m.m..V.z.]U.AI.$G...Y=.9p........p..te....y....P.[...}+...o..6......[@@yiC.R.n..+...C../...B....P.....x..n|>i..vi...y.OX_.n........_<.k..J".J.,....L..?.*.l....Z..hY. YE,. pz..u"..,=a.Z`vq.EQ.g|.....^..3-.C.(...A2.h5.[....q..N.<...)Qz..."..-I.d$........w.....k

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2049

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):20208
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9896805850882195
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:og76DFeiy2kFcQXSaqQayfk2YslMRGp1Zzq27UeJISD:ZuZei3HQCT2Ys+GnZeuh
                                                                                                                                                                                                                                                                                            MD5:7352DC964234983208BD4E840121ADE2
                                                                                                                                                                                                                                                                                            SHA1:45D4BEF165E5A1D2AC6117BA045AD6AE8E1C739F
                                                                                                                                                                                                                                                                                            SHA-256:A335BBCB4E97F4091390010D3BA8C9CFB8446E3E3A918B82C5DAA4D862A2975E
                                                                                                                                                                                                                                                                                            SHA-512:6B5BE6774DC4DB41E6B921AEE709163A1CC0DD04B8A9FB2C46C29A0C6D49C73AC65CBE1CC8B5975E3460659E8D24C2ABBBB270823FA1B3F5CB6842D6D0E599CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/efootball-pes-2021-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.N..WEBPVP8L.N../c...M.m.6p.....'i{BD.'..d..F.UKZ/>[. ..nc...@,M..."I....H@.....Gj$9R.$ER..]s..?n..q.H."..6...<Xh....D=FVd........d.A..!....A.c...J.......L.z.../$...vm...3..%..m.....w@......9.c..bHD.bF...d.c"..6!.~....x..x..I.$.............$..P~.....$...P........H0f.0..M._...BDL..........`.^:.&<8...gm...m..~.#...6[..=F...c.g0Fzd=...Q.QUP.QJ.......-I.#.m...Gd6..c......h\...f.[.$.m.2..R[k}....x..X.......[....P..2fx....k....'.......X.........333.1...X.i.09`..-.Xz...n.m.J.nC.,...;...N......... ..[..~..f.sM...Vk...."I...GdfAwO.....w...'O..E...>.d.d.-....vgg.. 3#".... 4..D.......*.r.Y.....w.\/....s.\?..g..c...:z.E..+....-H.X|.x...x..A...z:..'....C....u=....__....g..r>.c\.%{..}(.x...o.z6~0|&L..;..n..CG(.B.jk.J....!....<Wn.=.......x..GBC..6.p.+..K........2.L.O....<......8.52R...Q...Z.....SUCZHD...w...8.R'......A.$.t.....r..|.y,w<o.o2g.O.Q.m'.....j...U.V.h..:.S.d..NuJ..K7...../..6....B.(e#...r.V2.~.......&...^p.v>.v.{...vf..CB.l...dMM....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2050

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):32
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.601409765557392
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:HeiCkum0KthMJGGQ:+ib1GQ
                                                                                                                                                                                                                                                                                            MD5:47C3F0AFC4EDD9A1B52609F31824AAED
                                                                                                                                                                                                                                                                                            SHA1:1C39E5A952CB1D3B76DDB636518D001CA2D33E62
                                                                                                                                                                                                                                                                                            SHA-256:A30231CB8E128C470D509E1A7777D362D8CD63C7F01C74A41EA1C8E1A63CDB01
                                                                                                                                                                                                                                                                                            SHA-512:1D8D22E211FDB059258BA47BE23657E83027C491FE0EB3AC0CE92B48C8253638D73899A11623FFCE78091CF169FF69FC56F564941FFB298E58676A6A6F8D9A04
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmwZ9jyRZwYjBIFDRepaL4SEAmcm1KstdUDnxIFDbIlc2s=?alt=proto
                                                                                                                                                                                                                                                                                            Preview:CgkKBw0XqWi+GgAKCQoHDbIlc2saAA==

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2052

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14404
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974468832219289
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:nVWY87hiHy04p6JxQ9Dlvln8B3EOp1/QwOYf:YR7pZKxwDlCBKwOYf
                                                                                                                                                                                                                                                                                            MD5:2CAB020FF473959CA0DFB3689306FB57
                                                                                                                                                                                                                                                                                            SHA1:3CF0C35B820046B4AFA6B2D00EBE75479617109E
                                                                                                                                                                                                                                                                                            SHA-256:1B9119CA51A176F1045AF2F61BA97C8CA909F2108F2FE5640AF3DCDED6F82ACA
                                                                                                                                                                                                                                                                                            SHA-512:63D40C95F77F866D3DBBA73AC3C5CFEBB44C7BBA0A0E2CFEE6F332A72F18BFCA136F722548751FB1E135605ED38558F7E89E9A8E65B61774AE1C97BF5CB205FE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..7.IDATx......i]....y.w.}.;.<B.b(&Q..%...8.g!m..^.bV...86.f.[cw.;..N.h.....P.Q.Dd..j...Uu.s.g.g........NQ......?...K.X.....$..C...`..C..*..%..9$.2..K..?....F...#...@...0... hQ....0.........R.m....0...2H`q...q.....'.@...... ...R.m...2.:. ..d.a...8.kJ. I..%.[..`.0....K..?.....$.j.].&mk[.d>...C..rN)I. $...&.|AlK....A`...F.0 .@..$...q....y..=.......]..Z.h.W....[>~r.....d...N..d[...N9..H2.0....`@.......9$l.-.Y.dW..=wn..._....w}..C..OwF.../...}.2$G.D.Gc.Giii..4Z=V.x..g<.g...y..7....R.6..X..0.O2........R.).mK2.:[....4.....7...~..wg>M.Y., @ ....2. .......6M............{..g>..,c.& U)9..Q.......m. .%...1..$.`*..\J..{.~...........P./ ....u...0..%...D.I.e.^.>.@.Ci.4J<..........|..z"'.8,%.T.".nA.X./.l.......*...(\.x.;.......?t.|.K`.r.......D;....R ......$5R+.P...9-'V.0*1...w.............fu..4..O.....J.H|Ad./.A.Z..J..Y..<..o....q...!...J.Z......W....)../@

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2053

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12620
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.966720797941534
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:bWtCNQyRiYzwnTAG0xC2VH4qPVsToA2DPq:60rib0G0Uc9qoA2Dy
                                                                                                                                                                                                                                                                                            MD5:464BFCA4134A0720FA660A833E6BCE84
                                                                                                                                                                                                                                                                                            SHA1:5EDC0B3DFC27CB1649BB089EDFF07A042EC6D5B2
                                                                                                                                                                                                                                                                                            SHA-256:1F63FF460976630BF5DA34BE2910609DE796547A9B85754522DC63BA155650D9
                                                                                                                                                                                                                                                                                            SHA-512:9B4AE198077B341216C2092CBD3DD2FCA469939D4625649D55C94C97A4FCDAF0EEF0D73B0DE032EF18FBA45DAE257397FF91CD50C181AFD24460221D576A07D3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/recuva-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFD1..WEBPVP8L71../c...M8l.6.`]/.G..........$.7\3I..%..... ..hD.IW....].....O.....U}.....Z^....y6..X..$I...........FZ#......=9.....p".DD/p.F."9......q4..... I.!..$..9..b....a....2.....$....L..,.'. H.v.7.J.....|......B.^t."..p*._..I...&n.....d.t)...m.....5.v.i7..]......|N.3.l...f.r....6 .$.~v...i. ..>].!......4K..^.....P.8....P......]..1..;R+.......X6.N..m..Z....sE.$.7.affff.>.c.x...cff..`F...k..K..... I.$I..(....?...1..$.$...".......p.`...e......m.m....[.}h2.q.>Pu..m..o.e.m.:YF.I..:.dj..{o.....I.mk}./".n...pc...[.....E..c......BMU..<i..H.m[...of.A.LI..Z.T\MX]Y]`..*..*....3.d.si.q.2#........s*@...B..q@.q4....p.....a..@.h. 6.@`...-.s.`@.#.g..2. ....z6....!.@.S&..h.k'[8.....$.....xf.a....L^...p..<........3x{.}...=...*A2..a...3.aw.YY9..-.L....4......i.0C.m....]....I..zz.m;..........E."..Q...`.de...........jJ...>.3..1h.....O........n.........N.4.e.d....u~.....v.w~.u.9j.0..X....N..*%....'.A(|b..M.....t'R..R.B4.......q......]~.....g..~...O.../

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2055

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Web Open Font Format, TrueType, length 48240, version 0.0
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):48240
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.990905550316269
                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                            SSDEEP:768:ZnFjkiqRyE/mKJ6xM+fH0ZWvp+aihktwIuKU5mtsqk4WRS1aLAsR0SxyE2PJYFxz:vVqGKox5uWvwaijIufmtZWKsq3qFMMPv
                                                                                                                                                                                                                                                                                            MD5:351E9A80BD41ED38F558AE9A8C72D4F6
                                                                                                                                                                                                                                                                                            SHA1:6B46F6F929BDE787AF78D57107CA5AC08456E0AB
                                                                                                                                                                                                                                                                                            SHA-256:C1826C77619422CBFC2D6C86317F35C583411ABD2F75DE81A7EE8BB309CD9135
                                                                                                                                                                                                                                                                                            SHA-512:5317BD8FB5EBA7255C6F3D79685EB899CC689B71CC378BE45834670E34E4B1FC8C67C00698338643919F7F3B25D718D7ADBEDB107ADB656EA5530963DF0DB78C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/fonts/35117E_0_0.woff
                                                                                                                                                                                                                                                                                            Preview:wOFF.......p...................X............GDEF...D...v.......,GPOS......#5..f.`.xGSUB.......#...d3D..OS/2.......M...`i...cmap...(........T...cvt ...0...C.......<fpgm...t...<....vd.zgasp...(............glyf......xd...hV...head.......6...6.W4/hhea.......!...$.{.1hmtx............LM>.loca.............}..maxp....... ... ....name.............!~'post...d.........H..prep.............1-h.......T.........N._......................._.<...........#.....\B......z..............x.c`f*g......................|....3 .P.p?.....S....1d3oc.......cRc.....x....?...x....K.Q...s.{.5.,51...^m..?.6."*"$.L..!..*.....7......".u...A..em......^..VF......mZx..xv?8.... .V..>...N.... .I...,.+X.....X.....S..1.....t.9...(.IQ!.E.8)QJY"..K..WeV>..._TFUTK!)JQ.u.9...Z..#.e.Y..=.\U.Z..f.....0{.A....^.[Lb5*l...9..x./`.f.6..O.W."!.zM.k.EM.k..5.^3....^SI5t....,j..5.hr[s`......G..........\.%~...y~.O.1..].;...s.;........F.`S.....~...)3j..}3d..]s.dL.i0..F<.....A.\.....9=...A=..|[....4.....?._nN/.x.c`d``....!

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2057

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16471
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9734359251327485
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:mvyTU9nqM3JIcvVQ0qTogg5NTmDcE+blcD9qS0HYn5tIi:syTUNqMCoIogKNT2gODMS04n52i
                                                                                                                                                                                                                                                                                            MD5:898506CBA9812CED855EE0519F2243A1
                                                                                                                                                                                                                                                                                            SHA1:0B82174FE3285B85AED5558B10FCD79F38AC6073
                                                                                                                                                                                                                                                                                            SHA-256:94888655D304A079BEBD74DFBBF7ABD512EB5022D6CB4FB7B1616494EEC7CB4B
                                                                                                                                                                                                                                                                                            SHA-512:3BFC2F3B5F24B201686615E6654B7525B6ABCD9818DC58FA05E64193020DA8B1AEBFB05B765B7DF726DE6BCCC133C80D0EB33D81B8AF596CF63801B98179C196
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..?.IDATx....d.u%.....gVVVUVWwW.+{..$5.........%H.,...C........20.F.mA#Q.EJ.E6I..n....U]{.[.....g..#....[$EJ.J.2#3~...}..{.7....0.Zk.q...<...!..~....+..^E0.H.E.."..... ow.......up...?.Li..(.......*.{.P.<.~..2..!...nC........ax.ao:l..(.....,... T>y....1.R.cL)....(...PJ....V.....i..lt.GJ*..R*."..eY....,.1v.7..#..(.....$...9?0Sy.......:...3I)...r..RZ.M..W.^]_[O.....x....u.z.~...f.9...eYyd.h....{...d?`c..."t!._.D...P.K&...~..{{{.m;..h4\..J.(#....+...h4..YJ.}.;.....".(..<....G..!..........<..4.SJK3.J.0....W..j...e...c..LLLx..6....{.^../."..+W..F.Z.v.......VZ..t.P.;F7..H.*.u...4-.,L.,.eYZ....<..3..n9.l4.?....W.k.`......X....k..8....m....|...w.}.}..o..J.$.r.-na.F.3.;z..b,}-.*.....#.Y....Qnm..\x.....|.I..)#...s.@s...7x....9..s.=..+..>}..G.%.p.,K.Di...c..<.........R.Eh?....Zj.....0..xee.W_i4.O=...L*I)-...O90..Nt...}m.u.\.R4...|..V/...o.y..n....u.0J..3..m

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2060

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QjNGM0EwOTQ4NjFDRDI4Mw==
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2061

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4555
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.940398105338876
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:M22khYvBovA48f9k6pRG2Ecy+L693i/mnlstsg3/hKDViU0OgJxF:EOYQAPfGKGsLA2mnlstzAD6zb
                                                                                                                                                                                                                                                                                            MD5:74EFD87844A85FA752C8669DB24C689D
                                                                                                                                                                                                                                                                                            SHA1:3DB3E16EF06B6C195D6233995C3455AC8A69B13E
                                                                                                                                                                                                                                                                                            SHA-256:6793EFE0AB0D4B3A7D41D6E02BA0624B9DF1343C2E43B45C7F996BA45CE82429
                                                                                                                                                                                                                                                                                            SHA-512:68CAA255D42C0AF340E23A2F7C80A6FE7B205036AC0B4A23C8F00A224F3A4B909ED5648089EBED1279C14E867EA219F90AFC3252AE570F0875FB9F0199C71193
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...VIDATx..]}.ewY~...;.{g....t..v.-..b..D..4....`.......cH....A...T._Z.5JP@....?P)_.......n...|.{.9...sg.kv.kgw4..df2s..x~....g(..ms.. ..5.k.....X#.F.....5.k.....X#.F`......h..zv..$.p#....FJ.Hn.4..)..@ %m.6wv.$]..xm.6.n.%.._<...b..._.D..x....x..N..M1$!....x...{........#...'_y.{...;.cr....f..:=...>78......e....W..Cw..q.1......Y..P....Y$..'.:..?2^d.q.....L.....g.........2.A?.h.... .H..Cs...MoFk.{.....ia......d..D.$Ipo.%9..cSJU....f<....Le%.`..,.d..]...RD..T..\......V'..F..."..t.cC..{.YV.g..X........W...-O..........Y..A6...AK..y...3K......@.].E....p....|0.\^...O..T........$j.B *.j...5.p.$....F....h"..a.......4...]Mg.E."...Y..\3.2'm.v6n..\.g...o....G{.....u....P;.....0..W.....Z ...........Yr!...........lk..KhO...+..hin.).....$..!.WC:6.26.....:...1......G.YT+z...cm`../a.8.....j..B.....".{...4..3.;1.[..%._8.;..`v*...6.|U. ....t.*.....N.......%.....6'.....^....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2062

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.4104172527605203
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:x3FrE:dFrE
                                                                                                                                                                                                                                                                                            MD5:0AC8DBE31DD35419AAE219847ED029CF
                                                                                                                                                                                                                                                                                            SHA1:C2BA43631D389A1ED40D64F7CE0E457C1C1AD185
                                                                                                                                                                                                                                                                                            SHA-256:2E5B50C64FCC5F4E0AD3E6CDF3D28655A271DE28F234B26F365EBF6B1A4A0F48
                                                                                                                                                                                                                                                                                            SHA-512:3A9AB6AB378A6357A489252D1402587BE58CF6648400BA173AADACB9050533140216EF223736F065315C2E84A99BF67F85864DEAC53A71E235AB7A6B1F03D907
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:missing (v)ersion

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2064

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):16132
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9850954510945655
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:gMgxq/sXsC/L9n9JeiFa5GXo6CGKysaySywAWOOj:iXDj17e0Xm1aPy7WDj
                                                                                                                                                                                                                                                                                            MD5:83264B4E7E326041B7F6C7B4297D3CE7
                                                                                                                                                                                                                                                                                            SHA1:2EC086FB0D99C0F1F2227F31E019327E5DC0E73E
                                                                                                                                                                                                                                                                                            SHA-256:D5C52538C1E2672B456B913AB195EB71579EF915BDDEAF42E1ED586DFB17ECF1
                                                                                                                                                                                                                                                                                            SHA-512:8078A5D82966BB4428D86D6436DC4AAD1C7ED7417ED40CB57EB307AF04FE62A8C5359BEFEFFB3E002E25911ACFE9AA12093DA35ED844D22218F9BAFC725ECCB9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/toca-life-world-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.>..WEBPVP8L.>../c...M8l.F. ..j...gwk.....,A..,0.d..Js2$..u@......o....2..77r.U.J\..0S./.9..(.........~1kZ..8.m.n...L....].F......./..m.q.dW.....+sP...H.....T.....R.....%.O.j..X..~..{?z...v..O..........#..T.>.}..9..^...@.Z../....d;.y.E..J..M....q.x.^.I..I...~I.u...i...o...=.K.~=..2....{.g[.>hll...gDD..s....K.c.F...jm.a).Q...........9..v{%..e..K.N.XM..W..i<..$bp...H...Z..o.{..b%..AzM.5....HI@.,........&k.@...\....<....5.K.UU]U-.]].....q.......[...Wu.r.k.5..........^.'..K...v.x...........B...;\.o<.....pw.../..v.L+......:..d.v.xq:E.....e..1v..E.w|...p..H...sv.....?.Q.A........T....E...'.8T.C...\"w..R..a.;.@......}.u.$K..0UaN.0'...hfffff~....;.f*.'.b[.,..:...m..f....q..us.i3i...m.m.m.m3..2..4.d..[.u........0`1.....V/.d-L..6..V;.....V.<R..;..k.....:"...i...4rKfW...6.@.l.1...Ll.....3.pJ(..F..J7...I.. ..I..Ht ..f..D...!.:....h....D..E......... tI|....wZ.O..GXX;.Z.? T.7.I..7.(h.}..,.'[%).f.+8X....+9b...Y0/e..v.....a..+....|..G"\..+

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2065

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7955
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957724180209998
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:1uOR+UDKfdCvrPOY9YJLRxse3ozSyYB84RWZzJW7GQTkQWO:IO/f4L9ozSLBHWQkW
                                                                                                                                                                                                                                                                                            MD5:798D7333ECC93DBD5454AC7F528E0147
                                                                                                                                                                                                                                                                                            SHA1:707CC5FF74527607F6202E661EE0BBA2872887A6
                                                                                                                                                                                                                                                                                            SHA-256:48CC84803C55E1BEA78DDFC642F1F2B455DD8AAE8A9B7034025A26F0AF3EC54F
                                                                                                                                                                                                                                                                                            SHA-512:08CDDA301A10DDA7BEB46C21792B0F22BE7D37B1C4FD0891FA7312172EAC0AACF1DB46F71107278E9F1A1054F814400636FA7BB027CDB44294FAAB7E7F26F4E7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}k.e.u....q.}...{...g2.....!...$..(.....H..@...%,..?.d..(......$.9.....{l...U]......{-~.so.....tW...........Zk..[k.C...{(.@..*......P.sUU:......s.9.@UU...5.-.Gq.0(..(NT.P"..o.)..\.A.o......'R.....x(.....^...D.K.k.g..A..{{{.Z..M...X3.Iu.2..+.w.,..s.T(.U....@..FD.DEED!....cDD.V..y.#.....D<...M.}=..>.9RD....E..Sb.jQL.+1.@.....ys...$Q.L.D...{g.U...=...:x..X.)"RQ.z.sEQ...*."..R.*s..~f..L.GC&.).........(..Y4.x.?..B|..^io3B...EQ.E./.,KQ!R"...(._#.....!VU.2....D..b..W...R..<....{..k/.8n...5.2.J .~.O.......47..Y....(b.L.'*T.@.T./.(,dD.E.{)..9W.*..-/.../....._.....;bYs.,.r8..F..(|Y.(...W.CtfF... @A`2...... @+(...UqN*o...#.J......T.o..Rr....d.|..@.........(...T..f&../...4?.v&.,...{f.<..T.,.(p.4..Q.M..p...7w=]8.7.c.....8..8.....=U......".!.0.......a...~;.p.._W....H.Z...t.$...;r}F.m.....Gl....:{qn:/je.v.{^..$.`Vl..#c....E.......p.5.5.84."...j.X.s"jHA.p5t.PD/z

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2067

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20270
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.975334241671506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:R3DqLACm0fWUU8738OBf5YDC7GtolLxv3IaXxyq5YCLILh:IOXUUwtEDPMvxyq7LIl
                                                                                                                                                                                                                                                                                            MD5:D7F42273DCC0CDCB14EE4ADD21C81742
                                                                                                                                                                                                                                                                                            SHA1:43AB579223B1824F64E11FBA2A314B172CC7D8B4
                                                                                                                                                                                                                                                                                            SHA-256:19DA95E17200A0B66DCB2BB06F29D099AE002979A88ED0860EFEBEF862F34A49
                                                                                                                                                                                                                                                                                            SHA-512:367A230DA9821FBB83700525CC70E59300CE0E141BC7162C02F1352272FFC65F1579C23FED724EF02073D78A6FE87EA55F598C0AD8D7527421BCDB5676A0DDC2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..N.IDATx....d.U&./o./.....}W.$....d.m..........@......3s.sf..3.........-....e..J.*UUVVf..{.[.m....T..3.reUf*.....w...[.q..R.3..D...U2A..R...>.&.......}....9...8.!.0.(.)V.#na.`l!I...kY.....1QJ)....`BH..HI$...!L0EHI%..pMD...BA..!.XJ.0F.'I..Y..B.Ea>m!.$.....J.;.y....6.6c.s.1.."..<I....l.k.....y...e..)...(.?.#,.6..;Q`3.....R.......V..QQ.!.k#B..X.)F.B.a..B6FXb....G.E.eY....v*X.......R.c)).(m...*$2.BRJ.....u.T..E(..*...3&rN..s.....R..0C.#...R*so.KD.DR_.........@.L}.O...c......B(...;1...).......3..9.._........<Em..i....!.C....!$0...M....nB8X....G..o.>.t..!..E.6.v+.....BH..j.YX.p-....z....,.....E.D.Z1.1....R...h'E..S.~....+.I..q)......<.o..=..u77.:s..r.,..#.HZp..&DQ.Y!.....GGDy.R...,.<.AdO.)...XJ$....8.3..L...."...w...+.&.8|./....p....l....I.&%.RH..8....8.R.sA...... ..K.....U.bFr.pL..>.J.8.`T..%.Q..KeQ'..x4..."G...xU.....+.A..G...'...;b)..$..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2069

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSthypnMJYTNYNk3F6K9X7iHLzn79M4eq8a05jd5TuWTTTZt5kat_KzpAnIgMacH20h0rSpsSCYLHvilX0qYZzAUJMJOK8&google_hm=eS1CeDdqVlRGRTJwRVFVWG53V2RPUDFLMG4xbUhXdktWcn5B
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2070

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2316
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.799595341240873
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:MWbdkqW7+tSe2KC0hxMoUom1dLvno8PxtvNNKbH4/LCSh6mF:/xWqxbUoGjo8fvKbudF
                                                                                                                                                                                                                                                                                            MD5:FA24A784F6CF55E70ADBA83733C4BD2A
                                                                                                                                                                                                                                                                                            SHA1:B2B0A19E0CA2C69941AA8DE3E25B02FADF81F322
                                                                                                                                                                                                                                                                                            SHA-256:5EF8BC566A5DA929D4A762E93A09FA3A99261FCE130EF43E8A11E37BF63DA25C
                                                                                                                                                                                                                                                                                            SHA-512:829DE830257B02E33B3F00C5EF0168E3974A64E1FC538358356070BD9BA5B91731ECB426F7AFCFB943328E01B326042993A93101B0C7F7F230CFC6E8A467599A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms/static/images/5cei5r.gif
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8X........1..1..ANIM..........ANMFb.........1..1......VP8LI.../1@....e.....[|.............v.......6.s..n6.6...6.6.paPcPq......P.i~?if".?.:..BU.^...?......=...o.F.....[..T><r.=.(..y.....a!`p..A./..m.0K.......8..;...X}.........._K..#.+..O.l.....7mH.j.....|h....m1.0Q......^.k.n~.L.~..?...{E....?+z.'......Xd..O.Zo}}..l.^v`?o..S...W....yVK.k.#.;.C..+......b.7.Qt...#..:.00X._...3 )%.-'...M......s..y....=I.+.<..>...[..v.=.+..^..=n.3#.6I..&.K....o..Og....].<.}....y.q...j..a..u....[R{.=!./.....v......m...4#Y.&.~..!3Ie..mU........+2..L..;..M....I.8H.3F0.v...q.f.4...;.. j%.#`9.0|..m......;.?4R1.......u....Q....H.l3..'.<..=.z.....Z....Lr0.....=.G......N.a.v......x-........P..m.~..M.p.......+l...60=c^v.mb7..3...".._.....Td..J.....]KR..;.......|...-..D...|..$}N....._....I*G..U.g`.7....}.........7.F`.I.8....H`.....;0.0.u....~.....-%i96....R{?...T..~.e.$3./.@.....rOKG:....MH....s...q.iu....L~S>...3.U.vd.i.#..MU.?....).I........&..h{tE.`{..+...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2072

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10051
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971110959358596
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:fGQ/id0/tU01zc5rPXjdiCk9g5JAvniuKuP863V1mnw9p:uWiditU01Q5rLdiC0Dvnicnsni
                                                                                                                                                                                                                                                                                            MD5:6F3307D0ED4E578C7DD3E2E3C011B5CF
                                                                                                                                                                                                                                                                                            SHA1:E754F678F6F62793CBD03F560F0241974C374731
                                                                                                                                                                                                                                                                                            SHA-256:46B5BDF8E626615CD5F350597B6E613B17F0C83CC515166EE85AB9471B1DE539
                                                                                                                                                                                                                                                                                            SHA-512:45F84E8C2C408648F521A6E310434797C1A35CCD536AF74661AEF3160F6A4598AF51E9B1C92C443DE4E38B579DB194B0D0BB704EAB13B01197C361CBECE12F43
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..&.IDATx..}i.m.u..s.....}O.J].$UIeYV..5.#..DB.$&..!.K ...0......-.|..C....q..$A.m...JR=...U..u.={..s...9..*..0....=.n.^k.1..s.zu.....@A ..)..@R.w... ...ev..@.\..|...?........N0>.G......p.j.....e~a..0... ..'..rA.........W~8...O..t.I.H....y....d...]........7.W;?K.5].@.......sP.2..b&.(c....*f......f..%~.)...q.4+mp..I..T>A@(V.`;{...I.U........\1.........j.nf....A.hr.!.|..8}.@P..I.H..->.Ap.......,.......$.N....&.....F#).a.....l.V .:.sn:.$P.4.]R;2.g.....R...q..r.Idf.J..r7+1D.......b...(.y...\n1.....s...xP...!.....N...Q.0..37...i1m<..d4w.@..m._w.n..y...%.2Z7..{a.(.O.A1[c........u<..F..............%..2$..k\\NIw'-....i..C"a...o.... @.J.:.GR...T...E....,a..f.b.\....%.....s2..sy\...u...0.%u_F.p.5g....H.s..i.D..?%.*....{.=8....du'X.i..aI....G..N.z.Q...u~.9L..ls+.A.JL[.....).=K......*7.IA.^..[}...8.....bE~.$.{...\.V..jv..'.9.t(.<Wq.L"...4.1.d.....b&.'.X.5M.d*..:.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2073

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8791
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.969811163127012
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:6NRcKOEkICLQ1FehC+Jkakv8hsHyulN+j3OWsYUbULdZxNx:6NRcwZ2Y6CqkfUhsHTuiTOdtx
                                                                                                                                                                                                                                                                                            MD5:45C3A244BCC2F5469BAFF7F0725423F1
                                                                                                                                                                                                                                                                                            SHA1:2F7A9F4243FCC0C91BEACCBEACAAB52C84167E6F
                                                                                                                                                                                                                                                                                            SHA-256:B2833588C3FD42D05DA24B232B0286888523D4F414F5879ECC4E9B7943473A61
                                                                                                                                                                                                                                                                                            SHA-512:0B6FA003AEDCA58C3638BCC3D28705EEEBB9DF6A0D610906342378A1A2096CC20E6E076E9E83834EAEA984B296565E2179D4644E3B7332DE98342440433EF92D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..!.IDATx..}Y.%.u.Z...3.;.H....$j.L;...r.[....c.A..~..;y.....=@`.9/A..A .B...b...(J.H.d7..t.3....:...$.dk...4.s....j}{X{..}..G.]...G`..t.G`.)R....]...Xla..G..(f=r...b.....#7.+v}..P.II....@...w...;5^$!.r....$!.5..;oYF.....W2.6.SY'...%...j.X........S^.......0..:..66....$K$.r9$`...P..`.p.....*.n.=.,Q..A6..m;..9..v.:.A...e?.5-.... H8..$.b...i.q8..{...f6..d..m....i.I"..0Jj.|...(.."f.(........!..P.q.C..p.r..<...8l.t...o...I#Q...jo...+A.W*..(."..v.>M}.fV...w?s...@.....7. ..$aR.a.m......s..M..Kd..:.-.. <xv8...qQ..-K.j.-.$..%............?)....H$E2../*......vzf...(.'..... ...QN..z.>...}.y.$..0. .yX.<...=..x.<HT..;,.......@.$.b.".;c;.....l.l...q.DP.^-....~k.~......q..). ...'*_.}m.3/.0KBniE....&.......Q"en.<8........K.b7...v.;k.x.m..v..W.1..^....bno..;.G....g...........LP$6O.YH.Y.d....&I2M....bp..... ."T..Q..AR...Q....F..Q..k#[....3..H .rIu.....1.:.....t .`5/.:..2

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2074

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5332
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.940902992534038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:WyUY4CDYlccF2kUpU9xti3cVySA6qCpllK4Y5Pj+lhGQqr/6gI:VGC0ccF2kUUxtispAnR+I/6gI
                                                                                                                                                                                                                                                                                            MD5:6127E189F833E6031A2D47076EAD000F
                                                                                                                                                                                                                                                                                            SHA1:43AECAB077435B99059FC6BFA071F6EA963262EB
                                                                                                                                                                                                                                                                                            SHA-256:70EF113B15C3C4C7494ADA490685B1A369582029BD19B79F2802B21B1371893E
                                                                                                                                                                                                                                                                                            SHA-512:94B01E53F671F9CE016D4A690F9B7781ADE3FB38DFCE57A3580E9F290C3A5C21BAB0EF54073D19C3EEACC07E5F7DD35E5189193DC822B7A12E5BBC0349E43B5D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..._IDATx..]{..wY~....3........K-PK....*..%1.`.xAA4&M0@......FEI...... B..n.H..j.Pi.1.[....ngo3.|..}...}..93{f.Lw.9..=..~..^..y..7......p.>F.N.V...u0ig.2....?.G..bM....Y.v.p...]7<.].._.....k.....[...`.......1k".[....L....,.,.....M....YkV..........}.53.Y%'.}sO..l5e,$.*.-...U5.....S$/.,o.v..)..2$.)%I$.S....H.4...deI .e!.....^>n.....j.......j.Gh..7b..a....UU.H..u..YVA...?x...r..c..Md....P.<C..7.52...^..A.s..`916c......O.f......./.T.n..W^....7+.L...1k.)..........m),7..Pc ........$Z`..?..c.....QN...jj..(...._;.....h).*.n5. .Rh........O}..H.$.4..S..X..9b...;:.a...~...2r*$n...@....\5[GF.......PZ...Z.........[..I.(1..ZQL...v .$.`.H8..)....YB.......t..../h........o......a5P..;..g.".[.M.f.2}R..<).X.H...4.X.....K.T.l.....`...&.YQ. ..mS...-..I...q)......(.4.U.3...d.E.....*.^...Ls..H.DD.E...6.2.Mr..R.J......0![..!..Caf...P.."U..)....q.iY...b.....%%.\]h..%h.B..,..I.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2075

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6581
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964810614782834
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:yaPU0B1CQhCK5+ANELIZ9vXsA3mwSgJb2gdOeQNjhN:FPHC4CPDkvcAD7pHdNQnN
                                                                                                                                                                                                                                                                                            MD5:2537AAC0863AE03DEF0B7896BB4B367E
                                                                                                                                                                                                                                                                                            SHA1:8C58AF874AAC091A3B4CF2E23FF6FE9EFA457134
                                                                                                                                                                                                                                                                                            SHA-256:F7769A97DA2C7D5354B40055EAA2AC78DD969E09D52D07E6D57637C22A02EB3C
                                                                                                                                                                                                                                                                                            SHA-512:3229390760E494E66F09945094D25DD97F2BAFBE14D28EFD42538302F9FCC0FD755DFE399A1F47FE45F8242C34DFDAE9F79D7F5ED081E13CC9604A9961A43FD4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...@IDATx..].x.U.n...$.....j...q.....d.q... .HB...{gO.......(#...;*..(2.<#>..$.......{owuu...tw.<.........s.s......z.....J..>..........A.&.......}.^.....?...<....P...F.....0. p... X..0.*X..(..Y......m4.?....h....g.]..[..#f.gZ./\.'..'....!P1.-L?b....{f.......xvO?.3.........7..o.Y=:n.o....L....7.....D.?......$....$...^$...C+S.S........e....j..@..........._H..................n=A.y7 .....2.....].u]2t.o.U..eY..P.t..,Y.....u.......<.P.}.[..F._R..B'..if....v.-.~......Y/>mbh..Rk.@2KBx.....e.we.....=.......Y.e)....j_8:.<1."%.21.rmx}.s...A..@.A...$Y..:{"rWA..cw.G........,J.....).....gb7.E.N.......5...r....}...:.S.`...v....`....{..W.8...4TH]1..t.W....P.7J..t.....5V..> .-.k.B..]..C:2....;.5u..]./JV.=*.BD...uo.65.$y.6c\u.....9...$.<.h<;N..^.eY.w.D.....Q..Fud.wdo..MY.yI.......O.|/..#.,elI..).......E.?0..]MoK.sxDq.........H....3|k..=%.]..x....+...^...[.F.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2077

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11880
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.952274784576122
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:l7RJZfGBI0GRcTqKCekvqDpLWpxkeDwoQ8FhED8v6KeIiFlcLqVx4MBRG9P1zGL:l7RndPcWZdepagSwqSsbyjYqLL61iL
                                                                                                                                                                                                                                                                                            MD5:21D324A444E3EB36C801D03B08314D4A
                                                                                                                                                                                                                                                                                            SHA1:9B0D8E0AB63831EA80A5945394115526814F06A8
                                                                                                                                                                                                                                                                                            SHA-256:40DCC902295CA4997F793481E76E3CD4F9DE8183827885E3E5B568920F9CA9DC
                                                                                                                                                                                                                                                                                            SHA-512:9B8A69C574910909D8214E77DB2B35491543A0333C91312C3A70BA3F61A18A948F09192AF01144AC9D6C29526AF5E3A630F11D27DBFF67FFE3F44A9FFCCF0C26
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/winrar-64bit-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF`...WEBPVP8LT.../c...M.m.6pV........O@..6E.I......?.}.....1..q...$)......".2..@Y..H.$.I..Y.4..y...$..N..IR$..i..8X.e...R(..x.........z...M.l.....X..BE....)n....v...........j>...0..c...-.........A......T~......]c..t.5.i#R...iC'.&8..=.. 'daS{..E...z.......X..0...*o]i+...N..|.P....Sw;....P)...Z........D".. ..#.H.........$I?I...m..?.m?....v.,hJm&Z..bS..<...8.}..RPR.w:.$.*.....H....=......$I.$I-zg..w...Q8.r#I.$I.....T\5....I.$.-IB..}....9..l.6.......9g)... <I.$.-IH..9......$>.o...={+..$.m.....|....,.....k..Z-...Y..D.t.z.O2....%.d.....y..?.I.q <.<Z...E.C$.Gx........Y.d.m.2.(...{.cLX.......7.43.].{...Z...[.$.vm.2..j....cq......K..z..s....F.UU.Gl...c.._#.e....lkO..'.;.@....2..%....X.5./b _.@._.x..4.....D@lIM.....Yb.K|...[.9F......^3.,7......n.I...,..l.{J.P61...'...7...g..1.._....^.}.n.1f..9h.2.@.....d..;..g.._>..._.e_]_..O..G.0..F.o...._?...o.r...e...?.X.....{....._.......\..[.&.8.`i.`...l..7?..]..uQ..t..].....s....B.2.,?.........0.........~.....|

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2078

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2079

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):14102
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.979974522027534
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:vu4M1VSoEXmzv+hGTMtI9/2x2dydjLIqgVbvmpN9XCWGCBHk/YF6+8:XMubXKm4gG/ZdonIqgBm5dS/YO
                                                                                                                                                                                                                                                                                            MD5:C9F71667B6CCCDFD542F0509049C31E3
                                                                                                                                                                                                                                                                                            SHA1:6D32654BA7F89C44468E94B6992C2CBEDD808F5D
                                                                                                                                                                                                                                                                                            SHA-256:9F536D5DDCBE0A69DB3D15B99DCB17F8809E3D04973F53C935C32712973A0185
                                                                                                                                                                                                                                                                                            SHA-512:D4B27B3AB5AE777C721F9AE1E23D46707F610A5339CE9923D1C725A2404C2155FF7B316F65500473ADEDC72A24E3D06903DB0C77C38E9A439475C7B7FE19ABEF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/internet-explorer-per-mac-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.7..WEBPVP8L.7../c...M8h#.T..qj....!....eF1 .e......m.U...NZ....O..T..~..j..U..... .e...q#I...{.egB...Z.E'...*+.....~...BME.../.#.V.y8..........V.....BE...B..(H....d.f..W......`...-.......+..t..X...[!G.z....R.Q..A.v.6.$.X.y4#/7/d.3:..0...._....dB.^.%....?.."...N}J...:=T%j....HW..HU...r.b/x D.fr.1 .. QH..........W..Y...I$M.\..x.P.v..,.@.mR.g..CDL@.j...j...6..M..C.6zeC..2+eT..BeL.Y_.#.Vm...\j...of.h......[.f....Z.%'..Z....%I.$I.-dQ...Wv.ffU.....$Y.m..Jm}mf.....c.c..z+...Q..3..,..lZ..qp..YY].m..jl.g.....M/.m..L..|.].G..'[{.I..d23.......4.{....33...M....].dVDF8...G.E.l....37s..H.....C.WJC....0J..L.h....5$f.....n...E`.m..&I{_.}?..../.m..5........m;../...yn\.y..$Ir$.-Q3....h.....W..'..Z.......n..$Ir,I...{......~.A..&....A..|.n.....=P$Q....P.t..... "&`...6.i..!..Lbm.03..+.".B.W.%.H.AB.HX0L.h...s.7..3..... B..P.&..%.rb..P...:).dpP.....>......*.Y.M.........CZ..H.&`......!t.p..6.N`..Q.`.M.Dh.+......2/%.jqA0@.dJL..3.......@@A.%c),...Y$tg.b...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2081

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7447
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.967591030870953
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mCfneNqwwHlfKgsvYf3cUaj4tvZlCxJmfA9VNgRT21:mC/yq/HxKgEYfsUajxxJsA9VN91
                                                                                                                                                                                                                                                                                            MD5:1EE11CE54E4DF824B0BC767F207E134A
                                                                                                                                                                                                                                                                                            SHA1:ABCF239782788362653342E11187F11126088DFF
                                                                                                                                                                                                                                                                                            SHA-256:719A0B74E300CAA19D52E3C081617452465C3DD02D1D888AE63F6BD445EA4697
                                                                                                                                                                                                                                                                                            SHA-512:07B2BEFD3866F92290D79D9BA5D2BBD7F749BA3EFECC9DCB1C705610EEB88579BD7299D842871024D7CD4FC5E14A0A1D13EAA3394955CFCDB7FDA4E8C9726E6F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..]...U...RK/.ef..I......vB.. . .,..)......6|....y...r.*....D$".$.(.@X..!.$..=3.]]U..w.U..==k&3y..:5.U5U......."!...2.......g....4W.F.LY"......h....u.f..Y...#....P.....Q..^.w!........U..S.!.c.s..#,!S...$.!X.N..d.....a.DG.{.|.v"e.\.!....0.... j....A.B]JT].....ZF....XQ....>........a.$.).. ..9.d'.%.........!/.o.>..6.`U`R......}...$....*.........~.... .......f.n ..t/.{,.......M..[sB..5......n..J.1J..I`D..0.....}..3....<..x..f.+bQ...X].#L..Bm.......C.......B6..I..&9........f...0X....}_.D...1.vs....w.?U...._..60.qEx.<....._...`.."...\y.u.......(8.8d..*.."..`...>>...1.....`.K...}....[\..Z.#.....*HF.*rV.N&....b...x.c+.'.e.. I..Po..}.1..D...]r.`..E=...].B(...Sd.x.....?{...V.k....A.'%,...8..^...-+'..*.a..a.....i.Nm8.8.....H./<...0.$..8.4'..g....3.......F.-..3.'.)....fE1...).~.~....q......0.&.8.)0.......\.8.....V[.f....b.....`...X...r(EPr.. .z.y....~_z...2.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2082

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):17769
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977968248575907
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:B4kjna+7SYcDTic7gAAoFp/DapQ4MKOZ4OUrThasQhHaw:BRjna4SJhzAwJacKS4OTH
                                                                                                                                                                                                                                                                                            MD5:27D1EEFC24F851D3B896837D9DFC6BD5
                                                                                                                                                                                                                                                                                            SHA1:F3EED584532304B2F445D0A3E39A17EBE2463FF6
                                                                                                                                                                                                                                                                                            SHA-256:4CC66390494E9CE807B7718D7DB7A46127ED729EB405B9AE7790A2E0D871C2AA
                                                                                                                                                                                                                                                                                            SHA-512:73A74C084DF9B78786E5AA3760573D79FBAF381BA85C6A48642A93301DFDF1CBDE993060CC193395F3A508EB3C9EDCCB6C5D7D11FC580221C53A30950334389E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..D.IDATx..W.eY....>...H_Y..tM.tOs.H..l.3..f.....r.D.......~.^D....K...xr....e....q.oa.....=2M..LGF.q.>{...o}.j.cD.o.."F8.0~.~.W....F1b......!.1|...}4.k.M.d.:.).<F.Q&p..3%q$.....<..c.#A.8b.....7.0..a.Pzk$..d|C...ID......p.... ..M..o.....(R....:.\w..#.....v.r...../...I...e.q........."..p{.c.........5.~V.....7..n.....2.......o.z./*.k..G....n.>9Y?{......4.&.......x.....L..$...2.......v.y.....~...j..o.O..V..7F>....>.gY.....;........pDb..R1..)f1.OV?:....../..0P....Z.#A9A...;o<........N......I.....S=n_....^].O...*..^.q.P..X,..0.l..O.?..o.....W......P.......O.O.v'...r+J..j...}D.`.....JZ./fw..w.z......c....B..H.u...g.....q..tW..5.k..M.-r...g~...g.kL{.".H.....|._~..=9.Q?lg.zykY.y9-)..i:.w..@...a.J....jP....._z._|..{.-.i.......I.".v.~zu^.!.j..W..3I!...L..... .PzK.i}.D...6........]{.vW..!...l..'.|Y..d.k..V...z.`.1...a.."..>..|....W...7..c....`O.z=n.v...|.k;.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2085

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11272
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964732755133301
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:j3mQwoXEJ/OpAFvESa5fszG27/KEt2qjgNPNf2+ocYw2G7e97kuAugFYV:TmN/OeVEnKyTqjg/f2+odyeRktugF6
                                                                                                                                                                                                                                                                                            MD5:AE99B9E28E7A4DDC6E3CC82F6FE1F5BE
                                                                                                                                                                                                                                                                                            SHA1:DAB65028D7EAA3D20BFF04ABB1B2F8D3B0E9B5EC
                                                                                                                                                                                                                                                                                            SHA-256:EDF0785AADDF0402A4C810E4C45964DE1C31A17FAD960582C3B6E67C29F6298D
                                                                                                                                                                                                                                                                                            SHA-512:1D39B3A21B4C41CE3BF13F46831541BD99A4588A7C83E4FB9DC3E97752A4CFFC340C8C35CD439420B0429C7FDDA24866BD7F4C19F2BA7B0C1215DC7FC0B7D12C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..+.IDATx..}y.\.U...Kw.M...,Y.-k..8v..$@.*......!.PC(..f..a....a(..j.a.*..-....6.I./q.y.e.l.,k}z....{.w...}w..'.f!]7.S.~..=....;.s..*./U%"UUUR.AU.+D..%f%r.e.,/.. ...D.U...[g..."...... "U......8f6lld.H.i.3`.%fff.w..@.I../h.KU..P...q.........x.-..J.p...,.LHE..E.d..0T.o.W..pM..../m...J.`..Zh}ve.bi.7.j.......n'.aQ.,..c......jaU:.^T\Q(....;.j.._>.w...G.?r..3Q^.....bRQb".JR...N.....A.D.+yL..~.......j-.Vw.("kb.c......%...z.....,Mz.c.[c..6A@..=..AXMI.=X.9..(.C..>.../~%..d.:p...D...d...*..*.b..(.(....*.....2.....4.....M.%/3%...$bS..z..v.o{kr.w..o0.Z..Zk.56.....nP.$%*.9e.............?$c.Po..%..7[..e"....J^....!@..>...$QT.A..N.EAk...."._...@P..P..0.D..T...l..^....|...]kl.Gl....X%/....8.....>...?....'AF..U.VF......d...k.....x1.6LATj...RS"S....Q....J4..Pf6.\a.{.n..w..........$.....j...]D.+rU.v.....3..4?u..D..Q.>.R.J.%(..H'....o.=....*.TiO~c.h .....b.<..~.{/...6o.&I....c....l

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2087

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12292
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9512600752517715
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:Nny8BxS83FPEYXQh38+ioytCsi3b4iRvqkS0YUD9:N3/3FUh38+zeiLRRGi9
                                                                                                                                                                                                                                                                                            MD5:0E03E99F96A0818755D4B26D5DB4D9BF
                                                                                                                                                                                                                                                                                            SHA1:0E6A922820E763E2194484109983A895F57F9B9C
                                                                                                                                                                                                                                                                                            SHA-256:E3C40B76A23E9BA0564BF9CBC992204763C42821897A539A32FA5E18942CE5DC
                                                                                                                                                                                                                                                                                            SHA-512:78BA399A9EE14699713B7A0B214677716A7F66CB420B395B8BB4698BE388CA349F86EC97096F8C2D28FFDF5BA59563EE0C72D09BF6E0B3A34A17EC642C71CE1B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<../.IDATx..i.e.u....{..o...z.K...8t..C.4ME.e...H.c..,@..'..X.._A...l@...%..DY.(QR....k.W..;.i.k....U...(P..7.w..^k.5~....].. ......................7n*..s...;@.......|..Dpp.P#8.R...4..........)....o......N..}..A& .....K.h.._...S$.?m.@.. {"...j.......u.).S2.*].5......1....G..C.,..R.S.dO.D......Nuv...3............@dO:.Dh..X.....k@..1...&.e.&.../....|!... .0.1"!P........(E" ((...B...Wu...]A...(x......x.Bd...... .[.B.Z........ @.F.d.D...l..m....Xi..t.r....;.._....g&.G.-..N..((.....v.z(..F@P..&..xs........}...^.~.,.]O..H.L.."..".,...gk..N.A.QDD...l...s'...]..#.5.f!(..<#..".J@...DP..8..8.....kW.c.(.@H.$@..B8{.r.wW.....xjh.... 2"...C.DF!E......#..b..3SF...".I.;.......SQ.:..(.`..$...Ia....Ab-K......U.G..:..F..n...`..T..!..j-.6*'..x.. . ..m.7/..%........E..=.7....F.....T...$.3.0.0.C.F...q`..].X8.L<.."DpZ...ZO...].A.. ....X...89.QN-..@'K...9'...+[......2A..N..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2088

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (30062)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):100682
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.480442581835999
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:1536:PfrpiyUxUILifHnEuSZKRLsINoqqG3uISdkIhlPe2J6C28rW1G0+:nVg3LinvSgtsMoqp3cdkIhZBx
                                                                                                                                                                                                                                                                                            MD5:E1E675A2E133AAC4599785E5B846EAFC
                                                                                                                                                                                                                                                                                            SHA1:FF077E399851F67D83C7D2E413B14ED293B39278
                                                                                                                                                                                                                                                                                            SHA-256:AD574CD8F4106D7AF8CFEA351BBDF5B9F51E9FB8F8F3A8CAFCD4E4459BB0FEE7
                                                                                                                                                                                                                                                                                            SHA-512:12DB84DC422BD39EAC7CAA11DF2F512E46E10F3A31A34454BC8094395DEE52194D489FECF7B67A55D780D49B5C21C5A446B9BA99431C873CD0521EA581DDF1E0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>. <head>. <meta charset="UTF-8" />. <title>Topics Frame</title>. <meta. http-equiv="origin-trial". content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=". />. <script>. ./*.. Copyright 2022 Google LLC. SPDX-License-Identifier: Apache-2.0.*/.var m,aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2093

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2838
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.917685968871843
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:ZOD4PToDI+hCW7i8AOlD45ZYBBHLmmRqmz2qN+bLzM3vQ0VjUoRi4z1swyPLPchi:IDEoDI5W75ASL73R+zEo0xUog4zByTPF
                                                                                                                                                                                                                                                                                            MD5:EBA7414A3B3AD1493B0127E7A04D9F3D
                                                                                                                                                                                                                                                                                            SHA1:998AE5C98685F9F49634982264D0476AB8595662
                                                                                                                                                                                                                                                                                            SHA-256:7B77DA87BDFF7FC3DC24280CB74BEFFCC9518C820AED50998281A2B9146E0F67
                                                                                                                                                                                                                                                                                            SHA-512:57BA8F8A23CD9B391B2A78CE77CE05298F6E0C2591AC9020CBEE3B2BD580708E9870E7D42A04BAC34BBB2024DB3DDAE37567E32ECB987179D1CDE035E0686D92
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/kanix-play-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c.......m..?.. "&..........]r....t....m..m.m'.....3..]@...w.g..:<[%.I.,!..al..La..Yk.F..`........v..6...5.).}..r..m...?..FR.e8.....m.u..v..U.zuW...m.l.6F...m..m....&}..,......4:....C.. N:....8kg..alm....J.m.t.{.G..m;..m.m.m.'..Q..!..4:..]..............)...........n...6p..:.............c*@......o..(PXF..,...Q3.B8p.hP.....!....H..tXd..c8..$.......\....XET."/%...~.8J9D_.D.f...KI.... ...*.^e..G.oE. ..hB.L.P..../.........}...s.......m.....iF.hC4'Z.$...n."..'.g.`.K.N..`.;.........j...f..Z..m8..dt...w..yb...N._:)0IT!......j........;..+.z>t..?..4.T..{...Da.z..n.<_.....|..m..4...B.zj`Q.....@.V...>.-.{..#......oZ..C...j0Io.....F..tQ....hG....Q.".#.....e..r.6...8.dE..q[.MuI..1.(..2`B8...n.z.....s....#@.0!4f.5..<5.....o.i..^.....dt.oGd..y<q.8......Rd.......k..Tn.....ns.\..).~....L...;w..|..q.;L...a...LS..FN/.:..d.r.R..K9...y.l.R.2....vG../...SV...:...X..y=..8r,`.H.a.;. .:.v..L.....H..n@.....J..E8...B.(......a....>.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2094

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):166438
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.753916786683843
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:6UymJzWori6fBmxw48e4GMyOIXCJuHugfqtsh7ozja5Haqnug:61Wye+x3OIdugi2hUw+g
                                                                                                                                                                                                                                                                                            MD5:A0C43C5060DEBBC562BD0498962736DC
                                                                                                                                                                                                                                                                                            SHA1:F8F52D79F276E5887E226D692A080F06ECEFECB3
                                                                                                                                                                                                                                                                                            SHA-256:EC72579D9D07D0E85472F574C88D15727D766B107827E6B5357B9ED32CC3F8E1
                                                                                                                                                                                                                                                                                            SHA-512:4538F0572DA56A65F162D2F575046D5AA5C5222BC1CDE799D35F9D20B26E00A58AAEA1A2EB711D8523494293DCD7A874EF4B1851A4C2127DD4179968A86D2720
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Sticky":["html",0,0,null,1,100,970,0,1,null,null,1,1,[["ID=f5050933c58699a2:T=1698409203:RT=1698409203:S=ALNI_MbRZpjJfDzwHDuy-FnhIHdUGylCKg",1732105203,"/","download.it",1],["UID=00000d9cef9f35f2:T=1698409203:RT=1698409203:S=ALNI_MZqGJ9KDS3JfMTZdYOewoTxeFKwQQ",1732105203,"/","download.it",2]],[138327306584],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CIiRlqqbloIDFdFScgodAGMGJQ",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"2",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2096

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):27980
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.982740096077441
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:qOpMDtiVr/DP3rmG7zOapywT+b8spnTB7:q2MYVnP3n7z7ywT+4SV
                                                                                                                                                                                                                                                                                            MD5:0AC49BAA1C92796E3E29179EFB0A6F05
                                                                                                                                                                                                                                                                                            SHA1:6EB5F7C58CA938AEADD2A54EE123A29AA6B7D557
                                                                                                                                                                                                                                                                                            SHA-256:A09AC6D73837AC350123442D47142F336AA1BAA9D5A95D53F4A79893C311A467
                                                                                                                                                                                                                                                                                            SHA-512:BA7DC8182FA7FFD07D3CE03218682C685FEC52AFBBE7AD069B2B585061D860FD7B499443D41849B952CF88D16B92D92209715AB4BBB4213255541B9D872400D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........5........................................................................]...}.m..:..Y....s.....1.}d5..^...7.N.......3..Z.+kxp.\Z-.So.o..&k.3.*....y..|.......L]{T.J.G.].g.9..l...hk[..k.H.sx...Z.V...OP....Qw.WH......v:^.....}.>.;m......k....r:?..= ..:{-.&./*6\.."..s....~..I.....o*"c....L.<.I.,..J....,..Of..=#.....D.ymY.=..I.......[.x...L6t.z.R._nW....^.........{...1..,.E<.......V.\.T..NC..cnY.....s....g<{..|.\.._D.c..k...Wm_.......s..(d).Z0.R...].{.....3.....m..9..+y. .......-......^.c....p...I..<.(.-.R.[5.+...=g_.~.<..;1t.q...6!k.V.7.IN.....q|....Z.o,^t. 1.......w...^...}...\Ry......>...m".l...C....%..#..I....\e...bN._Z..J...h..j.....]..+.y.X...Z...a8.v2.:z....*..V.:DDRI>._....=..gY.....i..y......,.FEq..c..CBp+.A[.}......i.......=....*.k.....z.'...z?..-..>..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2097

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):13012
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.963752835067185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:aNpCzsvbGtYhN7eISTqWjdCcIUlJWB3qteapUkEgZBQQ3fEiChxGkxqSW18Xn44D:aNpU+1pWZCEdegzBxv7UJqj1SDMO
                                                                                                                                                                                                                                                                                            MD5:97D4AEAB104A97133017B5086B16F22E
                                                                                                                                                                                                                                                                                            SHA1:02663BA34CEA135EDB647A10400D5E19A9BC5203
                                                                                                                                                                                                                                                                                            SHA-256:C99782186F36F36D4A73CEB688B1B78BFF1917225290C41764C4910525BBC008
                                                                                                                                                                                                                                                                                            SHA-512:8AC020DC72EE3CD96B229A5562C0D241BF875285E25FAE9250F222993ECC321350F7FDF14123B821595294D4101A81697248EC26802C99B11CD2B6E3DCD45571
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/assassins-creed-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.2..WEBPVP8L.2../c...M0l.6..............x.W.K~,...A.#;.>..9k.. i-~.$O..2.s..K&.}.=I.U..%u?......-....A$I..N...@...mU./'...p...Q:t'...Mp.!.B.*G.'....C..D...4..c.0!..U..7S.1".3!d...J. ..!.............aJ.......a......!...&...J.T.(h.`....u.R...B|-Z........t..-`.....(..`....m.$..z.O!"&.p".6T.J....J.e.0.).\.B.Jz....o.'C....SDde..3.c.5{.e.m....m..}...X...Bfef..$.l.D..#...Y...&M..>Wc0..*3...s$I.m.e..Z.sc\..M.$....<m.6..6a..e...O.m..-IV.c..>.0.$....$A....U......=....ct.4..$.$...<#....c=.Uu.0e.$Y.$...XDU.......]..7...#.."I...1"...w....Y\..NF..U....ffX.......@'..G..$.$I......../.L...$..~.o87..0....9)."I..=/....>...~.o...{......O....G...............i....S%..<.T..~fbo9x...h.M.....C3...K...gy....-..2..AA:..y....................}....@&.0r-;.../.....yL#..%.G..X....}.._.......w..}(...Y.S..B,.sR..Dr..Xs.e.0=M...)h...oW/c$..{.U....@D.q.........o.]...g.......@.a.H...._~..~.......0:.1`.!_-."..C.X...#...>c...y.W...:.Y...+..z.@..3-.W2..t..3.=\,

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2098

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9570
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957853587749129
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:r4OpTGT4suw1J6YxnUVcdtrxmhoNmBBsZ0OHS5XEPxPxAw:r4OpK0svwYldd1EhEmBmZncXEPQw
                                                                                                                                                                                                                                                                                            MD5:079287B25FEBD7475EA35C46EBA8C28B
                                                                                                                                                                                                                                                                                            SHA1:C780DD3FCCC3F505204A8ECEA2AFF07614E633E4
                                                                                                                                                                                                                                                                                            SHA-256:26B8810D115576B87D6C81F54143D5FA47AEB8979F6FF6C5B714CC2E0611CDB7
                                                                                                                                                                                                                                                                                            SHA-512:5C4E56C525E09E79E047562D59B6A5FF6563D9B46817AE355EC8DE05268506910482A7332E69D6F89CFFB4EDCAB87494BDBD59D35ABFF1B0E43428341EFEDDCE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/seterra-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFZ%..WEBPVP8LN%../c...M(j.H.t...O.......Nu#&V.AM......$..z.n,(K]...w.}X....`te...S..m.6.3..m[u2..`../J..".t*`d8.$.Q..........'.?.....5.{A.u..V[P....._.i..u........8uk..~*oN...n.>..._...S..8.O....w...d.....5..o.}../3~.,..P..|...@Q.P.....BQ...R.@.(?(m-S.....aL..E..!.v.........x....A.).f.'I........8.?.........?...ADL..J...B`...I......@k[!.....-m.vL.t>...U........l.\.Kom.3?.3+.....}.#.}..6V.#Ivm+Yk_..o........k.Vm+c.}.O..w...i..%...p.p)...r.^3..m.H.m.v..xv....m;&I.....?"....m.....[[=[...f.3.e'...w..>.o.m...m[.m.1..<.m...+.W..h\Q.B`...4.....I.$....#".....Ycf8.\`N.$2....%.]....3##...En.)=....$J.l.V..g.m.m.m.6.m.6.w....$Ib......)I...m....l.m..AS.m.F.&g.{.......-m{.H.~..1%i.aff..#....=bf........j.....$I.$Q.y......F9.$G...57.;.y.`X8....6Rt...OH.u.!a\. $....../ .....zI..e....M......\..k|......N..n..d&H....o>..s.....L.0.. . ....Z...w.wY^...Q.}.<g...W.^-V.O}...0....7m..y......j.!....l.Y.%6..\...o.|..{..\...h..}.9....i....k...?}.p.|.......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2099

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1134), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1134
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.867930815156351
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:sZO1PvTF787ityFyUFCXChOr/rXq8hD35XlGWzzD8b:sZO1HJ787iMy3XV6GDpXNA
                                                                                                                                                                                                                                                                                            MD5:4904BA798FC6FC64DE8844CF9B43668F
                                                                                                                                                                                                                                                                                            SHA1:F6211957DAE5164BD2DAF40F812312A5EA0BC83E
                                                                                                                                                                                                                                                                                            SHA-256:9D35615D83672E5CEB1BF88FB84A9DA3A4C243148B10BEA4B651F624BAC3D674
                                                                                                                                                                                                                                                                                            SHA-512:E2D346E832BA71EA6958B7592FA2C15354D3AD1FC4063B14A1DB6E50960F077836CA815F1206CC9B298C6A757C605FBD8825DA916557B25B76ADD141F36A10DE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/fontello/css/dit-logos.css?v=1695907987063
                                                                                                                                                                                                                                                                                            Preview:@font-face{font-family:dit-logos;src:url(/fontello/font/dit-logos.eot);src:url(/fontello/font/dit-logos.eot) format('embedded-opentype'),url(/fontello/font/dit-logos.woff2) format('woff2'),url(/fontello/font/dit-logos.woff) format('woff'),url(/fontello/font/dit-logos.ttf) format('truetype'),url(/fontello/font/dit-logos.svg) format('svg');font-weight:400;font-style:normal;font-display:swap}[class^=icon-]:before,[class*=" icon-"]:before{font-family:dit-logos;font-style:normal;font-weight:400;speak:never;display:inline-block;text-decoration:inherit;width:1em;margin-right:.2em;text-align:center;font-variant:normal;text-transform:none;line-height:1em;margin-left:.2em;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.icon-down-open:before{content:'\e800'}.icon-android-brands:before{content:'\e801'}.icon-down-big:before{content:'\e802'}.icon-icon-arrow-down-solid:before{content:'\e803'}.icon-icon-hellipsis:before{content:'\e804'}.icon-ok:before{content:'\e805'}.icon-cancel

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2101

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (5511), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5513
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.943039864717121
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:98l9f+VQ5T6AQg4jmVb5jxXO2F7aZ+a5U5qEQlxqHLD6fmKWFVFAe3PSzyML2Yn:GTGK5+ANXjxsZ+a5SGA3ZjvFAegLn
                                                                                                                                                                                                                                                                                            MD5:97E8224FEAE287A17488068A939E94B7
                                                                                                                                                                                                                                                                                            SHA1:1467FA58B32D69B93B0AADA8B43A137AAC8A7D5A
                                                                                                                                                                                                                                                                                            SHA-256:39C1EA040FEF293C6F3EC05AF16A4653579D1FAFD007FDF4E55DB0EAC19939D3
                                                                                                                                                                                                                                                                                            SHA-512:CEA55F250298B630D5111A5B4E44FFBC1437D4F86B56547AF34E8F6C1DB1EB0A27D3150CF65160131C59C8271859304C78114E789AE6B59DB8094CA315752BCC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms/static/css/appmwshared.css?v=1695907987063
                                                                                                                                                                                                                                                                                            Preview:.carousel-cell:before{content:none}.flickity-button{background-color:transparent}.flickity-button:disabled{}.flickity-prev-next-button.previous{left:-40px}.im-carousel-wrapper a{text-decoration:none}.im-cast-carousel-cell-info{position:absolute;top:5px;text-align:center}.cast-carousel .flickity-viewport{}.cast-carousel-cell{display:block}.carousel-cell.cast-carousel-cell{transform:none;height:120px;width:120px;margin-right:30px;background-position:center top;background-size:contain;background-repeat:no-repeat;border-radius:50%}.carousel-cell.cast-carousel-cell:hover{transform:none;z-index:inherit}.carousel-cell.cast-carousel-cell h3{font-size:17px;text-align:center;top:120px;position:absolute;width:100%}.im-carousel-cell-info{display:none;position:absolute;bottom:0;padding:5px 10px;background-color:rgba(0,0,0,.7)}.im-carousel-wrapper a{text-decoration:none}.carousel-cell{transform:scale(.8);height:268px;width:198px;margin-right:-10px;border-radius:5px;transition:transform .1s}.carousel

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2102

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14913
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9464748365257405
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:bAHLJZQoXNmfjmh5vaoXedT5Q9zTJZL4zi6MU4YeA3CtmiWh0nnJ+aPDRcnr99NC:GQTfjuNao/n8D3s3mjhsJ+ar2dQdIO1
                                                                                                                                                                                                                                                                                            MD5:7A27F66E17B378ECE938D68652C67E72
                                                                                                                                                                                                                                                                                            SHA1:1BD2F2680DD34E6DB4A4A231320701EE750FB061
                                                                                                                                                                                                                                                                                            SHA-256:172E951F323297FED40F21C004B503B64E950F9CC9564FBFDAC6943BCEA43BCC
                                                                                                                                                                                                                                                                                            SHA-512:9E64D03688F25CB1E115D43D45F54D3DEFFB511CA73DC03E41126A49AAEEA7CE06381CCE8D86F14D1911DD48C3D8525150C19D5BC3E7A31F13645A780F420084
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..9.IDATx......}......].u...Y.53.x...I.I.g_B..j.4..... ..!$N8..B....!H..P..T..M...M..'i.i..c.g<.{...\.......L.Y.'H.^.....$...CZ.RH.(....&@...... ...H.l...@D.Zm...2.`.).;....%.6.$....k.J..5...U.z(..a..c..;g.]0....}..0.N+.,..n|v....`.<.ma.)U. ...jp)..w..R..l.!........i."...x....\[-.$.N.P...+Z/.....~..<.%......+..-...v>.TT..^J..P_z..-.6.$..L.......$.!3y....F......<......w.x...."T.=...h\RJM.0.U..`F.</..x.....$;....~._..E.....'+....m...Le3.....*..(.......d../|)3.]$..t.H.$...R..d...H..6LCw,..E...1../.=.U+.P.qu}.h..J 4.(Zr.:....Zu..Tk]....i.l.K..A..V.J)PLH.. .....1..(I~_f.mg.@|.l.2S.m...sI.N.K.>9.d.y..(...}[:..8....8.</X%..2..0D.....Z..6...|.6.Nl2mP...IBH..B.K.[v...$qI...6.".,.....&B!I..8.....pD.jK.....I2...H(:.....xrm.T.....0..c)gm..q..y......67YQ`...*6.)...v...0._.`.46....D.!$...T..`c;....)B.(2./.0.....=Edj..% ...@.n...d..vf...*.QU.Q.|.n.4...T.....jTG.J.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2103

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9078
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.961828259553641
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:u/LnUHTH9/CDatAmBPB94FsuFdiC184fs+nT8SfaKz:MUzgGtA+Pj+xF8Cy4HQSN
                                                                                                                                                                                                                                                                                            MD5:ACCB53A31461776024CD101BA6F8DCA4
                                                                                                                                                                                                                                                                                            SHA1:A9F38CDE2B5EE8254FBE4E4AA871BD57182685B0
                                                                                                                                                                                                                                                                                            SHA-256:1D657191C13007A9843B5BD7EE8C92D1C082E8A2AE538B12EF65BBB1BFEC6B0F
                                                                                                                                                                                                                                                                                            SHA-512:BF92F697A1E12F648D5E5FAB570095116BF3FDC1BAB676760E657D8B564DFE806273AD638EF25264FE412806C5817E866125386DA4FD7561234E5C1BDBDE6EDA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/free-spider-solitaire-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFn#..WEBPVP8La#../c...M@h$...._............u...xj...Vu..A.....i....j.B.....`.l..m..5m#I.r l.......I.$.....e.....p.#.._8Gm...k.............x...2.O...ie.}l.7DX..Z.n..X...._d.E.i.0/=2......>...QRn.&...E!.xt!..!. B;#..&>........,...x,i..D.....4. 66.......m.)..{..BDL@......!s...B........6.m..@Jl.m.a..=.{^~......{o%.:w.q....cO.$.-I.......N^u....j.w.b..$Y.......+.....@..(....b............'"U.j..G...X.m.m..m..i.....</.m[.$.....U5p\........s.....*2.oI.,I.l..U.##.....s.........m..1....b.0\.. .....B..pQ..!... .......'.^....~f..;....D.B..8..4h..0.C]tS..2.....= 7.ah.D....@...AD... .....+q.K ......>..K3H..Jb....[z./.`........@D....-...]..:#.....h.k...x:..8..|0{.....i...96F..0.=.].tn..b,..!..-......:./{.....Z....j..9.o..W....0utG...j....iH..P@..-!.E(..0....u...........J../.v[.^].~_~..-.zx.......~oz..rL....V.S....J...)te..)e..N.v$C...w...m.."...k...{Z..3....y.g.Im.0....e....,.$..9.#....H0....v..u'.!v{k.A#.taNa_..C..w..{V.....<.\}@....E$d..O..$.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2104

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1054)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2689
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.40021492400263
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:Otg7xBo1IN7Qa69Fa9FKYPCfmY/bZyf2jcju8m5I0zRHkFRvEJG:/N7QaaiC+Y/jcju8WhRHMxEJG
                                                                                                                                                                                                                                                                                            MD5:9EF158292B617D358506529B02C73629
                                                                                                                                                                                                                                                                                            SHA1:843852D8ADDBF1A7F96C5607179E1C9423ED8A4C
                                                                                                                                                                                                                                                                                            SHA-256:3164DB7EF9EFC7121CE85192340A653C6CB87E34CAA05849C8FD47B7872F9FC5
                                                                                                                                                                                                                                                                                            SHA-512:D4B0E6E8900043C9C4EE010ABFD00A51D891FE4B4F424418DC1A75075E3DF931D0558BFB3E983190079EDDD0BF11D7604E70CEAF119351690812EBC21D7EAEB8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/window_focus_fy2021.js
                                                                                                                                                                                                                                                                                            Preview:(function(){'use strict';function f(a,b,e){a.addEventListener&&a.addEventListener(b,e,!1)};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .function g(a,b,e){if(Array.isArray(b))for(var c=0;c<b.length;c++)g(a,String(b[c]),e);else null!=b&&e.push(a+(""===b?"":"="+encodeURIComponent(String(b))))};function l(a=document){return a.createElement("img")};function m(a,b,e=null,c=!1){n(a,b,e,c)}function n(a,b,e,c){a.google_image_requests||(a.google_image_requests=[]);const d=l(a.document);if(e||c){const k=h=>{e&&e(h);if(c){h=a.google_image_requests;const v=Array.prototype.indexOf.call(h,d,void 0);0<=v&&Array.prototype.splice.call(h,v,1)}d.removeEventListener&&d.removeEventListener("load",k,!1);d.removeEventListener&&d.removeEventListener("error",k,!1)};f(d,"load",k);f(d,"error",k)}d.src=b;a.google_image_requests.push(d)};function p(a=null){return a&&"22"===a.getAttribute("data-jc")?a:document.querySelector('[data-jc="22"]')};var q=document,r=window;functi

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2105

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4115
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9323641692452895
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:oxnIiIko4cwrweQJwSFYO+3/ZlItJI4MW4mIM+O4:oxIx8weQJwSWVZPNWB2O4
                                                                                                                                                                                                                                                                                            MD5:8784BFFEECF446834D83B2C569A4E3EB
                                                                                                                                                                                                                                                                                            SHA1:C365B61EC7036A99BE2C18957AED22F5A38E3D69
                                                                                                                                                                                                                                                                                            SHA-256:5247FDBAB473362C660253E4923B3B33CCF3B53A0E18D7AE38DECA9BEF98D474
                                                                                                                                                                                                                                                                                            SHA-512:6A1F300C48E730A8611946C140B77140FADAFA80518429F5AD119AF69D35E516A3CC40A952F63A1E4FAD3A32DF7E9A814590980429D4E0DBD148BCC25BE95513
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx...p........$..tR:.h.'.e....-. ..L.PJJ..f(...P..B L...0-!m)Ph'..P`.M..JKli....o;..8>.[.....O..:V.cY.A.............V.hp.$_)!(.*.*.*.*.*I.A.V.V.V.V.VIJ.f.+.Z.....b6iA.C&A*LC.a v.;5.......T.y....b...%\sq.M7v=pm.;;.`......w.}A.f...w.Z........S.......,.....4L.W...D.).)R..h.*.T..*t..Bn..+.6.N.R.E.%%.%...U...{...,Xc.. ."..U...\T....g.oV.%*.ddW.".Q9.(...{@\.`....F......u.T..1%.m./:..e..*.!...V........@.<......IJqX."c....h.....t.>.aQA7.zK.X.......\........_.^?'...4.u.Z.fG. @C.....`.._vu.]_.~.G}O.4.v\...4X.a.=.8..,.ZM3s...0..X....%X.....l.t..F'.HT.a@r&....g.r.. .....Y$^E5(D...cY.gn.~.%r..?.1i%.........oj....z4x.....f,w..R;@.= ........T..y........l.my.S ..T.8_..F..t.h_....7.8..Nc...~B$..Xe.C..j..,.2..f.y1..V...i{p.YQ.i).....E..,.~$6vo..e.!Z..Z<...,.D.....VL*...-2..._.....X...U.DH.,.XjC..e.....aR.W.i.i.../..].>k..G.X.s....@t,.a......3..L.d%/.%..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2106

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12618
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.97216934632035
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:J5pZIPnNoAhD7SNBjOrODJ5q53XyOxO27PJZ:J5pZIFNoDOSnUiOxrPJZ
                                                                                                                                                                                                                                                                                            MD5:A549F13462AB161F25E62F572F01EAB6
                                                                                                                                                                                                                                                                                            SHA1:8B3BEF22D0E47EB79FB51FA3F763F6B093D7AD28
                                                                                                                                                                                                                                                                                            SHA-256:D9B16ECD302A734654CA9D94B1678E64CB36B368458E2CA781C028CF2867B798
                                                                                                                                                                                                                                                                                            SHA-512:F118ED48D54E47B9EB66E6CC6B231EFA7478E4624BD7BB6B65589A60B7B3A9CDA09FA8D109C524446D753C4116755B2AC2AC612F913E6E983B09FA0943DF9628
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..0.IDATx...%.'.;..xK...."...Z.i.......=..0.......6.alc...0.....`.h....g.....S.(.Kq).E.X\....UY.........F../3.D........".=.,..;'$....!(....D..H.RE "...(D@...D.5.~.%46.... p.....4..R).BL(.B(.u@.!).....@@RD..B...].!!...x.......H.! .F.L.s.H.....72.....]|...N}.`s.\.......7....!l."I.D`J.P.....A.n.Ny.]2. ..x.$..Dh..j. -..@Rm.t*I.A:....(..A..Yp...A.$ ...$....:..*4i...&...$.m.FL.H $..X.j%.99.J...v.'..(...!VE.+!fK7.|-...!..Q.%U.PL.......DuIVi.S..E...d(@.\2J8.J..K~#yy...c..rbf ]4e..!.L.&.@E[%Q@......1.byc.N3............L4..i..0.Y>XkNy.1.mY\.........F.x.....X.i9.VI.GR...m.2Ml...i....J@|...c.S..t..!h.P4.G.....*3..',F............y...I..6..r....1@....p.I .Oh.U..4@..N.. 0QS..RP..q.B.B..RI..`....w.tad.y...@.l.a.....<6z..|.R.].d,. M.0_&.....9....ak.(.0...4B..Ea..P..b.K.C@........".. ..L..]..Zgor...M.....A....1,..N.......6..{|.b....%aGMa.... .....#).U.Q'B....Y...tJ.F..N..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2107

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9646
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.973427344955512
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:QYUpg51E2xU3us3M9IjHbCILvF26DGONXkXYT7Ew4YD0DEQVsQn:QYUO/va/M9IjHbBL9IOWc7EwAvCQn
                                                                                                                                                                                                                                                                                            MD5:96998B3C066F7630363E6855EE395466
                                                                                                                                                                                                                                                                                            SHA1:212E311E63F3093852AD03B00BB5356BFD76D84D
                                                                                                                                                                                                                                                                                            SHA-256:DA9CF00BA8866BAB65898113BDCDB71F9758DE181D1EFF1442A905CC5CFF8215
                                                                                                                                                                                                                                                                                            SHA-512:82953C139046F5CB93B2B3EABF161C43F954BF7027FB7F75AD234551AD218DC6DF127430CA747F70C603240864EE47C44880C7DB0A66E3D6EDBE73E35CF6A78F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/ciao-amigos-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.%..WEBPVP8L.%../c...M8.$I....k..&......e.!...6-D.........^.Fe....n...R....ml.....#t...#..n..G.$E./.2.T....J.....UU.3".....!l..'....TH.5`R........U..z.7..?s...-).?..Fe.e.O`..O....6?6.{..=Q.<.4..8._.....7.T.......Uy^.om.<...y.........='9cv+.Q..WP.CX[Q.....0.QV8.BQ..(P.1..m.$..z.BDL.`K.Am......XX*.....$.$..e...fc9X...`...HUVo.....x.#Ir$IjY..K.....p:.b#I.$.z...U....T..Gr..N..Z.I....k...m..C.dY...I.........<..=.8.....\.=..p.'&Yt..>..+R..m..l.V... .7..........@_....... nqmqk[....81.....l...g..6.m..1........I...&.s..v...)o..7.].....7.C"C.D...G..lm.i.........6{f/-...0. -..c.l-..U.A....b#I...>...g...$9.d.....^...K#..m.......{...0..6S.#TaP..g.'s."......P.i/...QD..[MY.)AA..V.V.M..L.2..:..A-AK..49(X.....g6..0...0.$....J.\.F.8...N....US!...j#.".....R..|.Zv+&M!.w....].$0..f@Smm.;.J..V75.%/.h......Z.,..Y. .P..$M. ..@...D...g..Y.:.......=..U..(.u1.@P...x.<.-T*B.^..pI.....i...n..Fv`.>...B(.;U.(&...`..BU ...J....4B..vJO.U.".K[>..d.....n..Dum.X

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2108

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8216
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970134061115969
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:JUi23Muf48H8UTjUSLiVcsyRS5J4n3PI6vU2G0FXf:2i98Lw4i58SvGf
                                                                                                                                                                                                                                                                                            MD5:C1F3CEC19E84F628860FBC43FDF4DD22
                                                                                                                                                                                                                                                                                            SHA1:01CD5763F6152DFA4E0F1BC4A2D54D9DCEBC2545
                                                                                                                                                                                                                                                                                            SHA-256:8B92D5551626409D5612C1ECBFF83DFEEDE64F98402BF83A9C5ADEAD28426A38
                                                                                                                                                                                                                                                                                            SHA-512:F3B1468A26F1F1C290D081351A1D5BAEFC7489F8216893F3C7FD958679C39EF033BBCA28059D2F4EEBC978A1D9D6B2ADDF6E6EDBBF46B3B8218D176A3B8518EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/steam-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF. ..WEBPVP8L. ../c...M8h#.TSu.....O.".?..o.P.}..J..]...732..px.<....P.K1.....i.{...`.m$I..T..@.......$.8..&#+.d(...!JgS....#.R..?....d+"o".#......@.Z.....<jS..d.5nU....t6JC...&i......IU,..X.b..(.b...`.....(.$../...gI.&(....:...Hf=..V.....-g.m.-.D.K..z.D._._T\q..../..v^.3..k~.c..j...py...8r.....k....>...(kq=..|8..K....<.......@.6....=D....l.BP%.z*..c.P.UT.7.....-.q..$'..Z.......<.4..Zs*...{...........(40(.@.y.E.i..X..x.....e..8.....*...l.l..$I."Ij...7.m..{.!..$I..j..]X....N.b.....8...U.....a\fff..033333'.......=...h...=.....>.H.......P.;0j..H.....W:...._.;8r......A..o..A..ot<.@.....k..I.m..~..=<.8..6.4.Y..ys...Q=.}...&.p7.....$.l.D....j..Zx}..M..............B.T\C2TQ*R.....=g^s.^..W.>....{....o..:c<..g..?..gHcHP..WH.!.T..X.p.*I.h....:S.....>/.|~.>X+U.....C)....z}...30.>...JR...$.#4$..3..j..:.8Z.;.9.z....2L.Xw.......Z......`.....g.FN..i=>9b\7.c....7.J...T.A!8C.pv\. ......Hhs....\.....Lu.....e..u]6..\.uj;E..Y.[......M>>c&....N5..L..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2109

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):4915
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.913429679041709
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:1X72eTllQwdfxOFQZwJZWrQ9FOgCISohpqf0Odde+:1ieTllQwdfxvZusgdSEp8dde+
                                                                                                                                                                                                                                                                                            MD5:2A146E383401D1B63C4D1E700FFD8E92
                                                                                                                                                                                                                                                                                            SHA1:E2231F98C9CB239087A8231F579466A1BAEC303A
                                                                                                                                                                                                                                                                                            SHA-256:E64D6E7EE9B24C8D662BC7EA79F4499C9E8E9331DD284BDAC9D8137099C85113
                                                                                                                                                                                                                                                                                            SHA-512:00DC9326F23572064C1E1F8B27AC205AFCE0D08C2EABE76DA76FEF8D41F9609714E630FBB091510B0B470F5785D22B8C38EE7C3A9B5E165026FACC2CCBE096AF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx...o...gf/...i..(.N[.%...8...:h..%.?..j.(...Az8>..v..r|.,9.II....x,.=g..q.E.....x...AX....|......,.i.,..,....e..`Y.,X.,....e...X.,X.,....e!.`Y.,X.,....B`.z...L@0 /{......g_9X...U...q.mHI1..W......|O.&.*&."R.$,@O.....5..4.RR...gDy..3.^..........A.2$/....~.D....". ..;/qZ...4M.u..cl.F..Y.....c\k..Y....l..L.K.yz.........8l.:dB..k.?FL]+.UE'.#@..FQ.,.e!..c.4..A.B.BX.0..B.0..p..2.X... .t$.>...e....e.PUUM....B......B.u..:A<@.B.}.D.......!..&...j.^AM.8.#.P",..fI.Ju.....X.F^...0TU..a...W.........C=|...K%.,Kv.M...BM...l"`X...D.ai...CEQ...q.a.J%EQ.B.@...(.W......QC.u..8].K...0..9.c...8..0..1............v.}>...U(.O..Vf..Tf+.....(...RwK...s......y...0.m.1`.. .X..=C.c.._........s...n.ew...Z.BX5...@....[.n%....,.v.............2.........jo!..E.z.._......{/...].b...m$...F......v.8=[\O.=x...a..._;.t...PO..Xn.Z.5.3.....}.Y............8...6.?nz....,.P:...?...F=.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2110

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):27980
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.982740096077441
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:qOpMDtiVr/DP3rmG7zOapywT+b8spnTB7:q2MYVnP3n7z7ywT+4SV
                                                                                                                                                                                                                                                                                            MD5:0AC49BAA1C92796E3E29179EFB0A6F05
                                                                                                                                                                                                                                                                                            SHA1:6EB5F7C58CA938AEADD2A54EE123A29AA6B7D557
                                                                                                                                                                                                                                                                                            SHA-256:A09AC6D73837AC350123442D47142F336AA1BAA9D5A95D53F4A79893C311A467
                                                                                                                                                                                                                                                                                            SHA-512:BA7DC8182FA7FFD07D3CE03218682C685FEC52AFBBE7AD069B2B585061D860FD7B499443D41849B952CF88D16B92D92209715AB4BBB4213255541B9D872400D9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://cdn-guide.download.it/cdn-cgi/image/width=576,quality=85/2022/11/come-trovare-numero-telefonico.jpg"
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........5........................................................................]...}.m..:..Y....s.....1.}d5..^...7.N.......3..Z.+kxp.\Z-.So.o..&k.3.*....y..|.......L]{T.J.G.].g.9..l...hk[..k.H.sx...Z.V...OP....Qw.WH......v:^.....}.>.;m......k....r:?..= ..:{-.&./*6\.."..s....~..I.....o*"c....L.<.I.,..J....,..Of..=#.....D.ymY.=..I.......[.x...L6t.z.R._nW....^.........{...1..,.E<.......V.\.T..NC..cnY.....s....g<{..|.\.._D.c..k...Wm_.......s..(d).Z0.R...].{.....3.....m..9..+y. .......-......^.c....p...I..<.(.-.R.[5.+...=g_.~.<..;1t.q...6!k.V.7.IN.....q|....Z.o,^t. 1.......w...^...}...\Ry......>...m".l...C....%..#..I....\e...bN._Z..J...h..j.....]..+.y.X...Z...a8.v2.:z....*..V.:DDRI>._....=..gY.....i..y......,.FEq..c..CBp+.A[.}......i.......=....*.k.....z.'...z?..-..>..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2111

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5334
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.8655769515658545
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:LbNlQNpmUC8CBg2JGgL1KEmsMAU7V4uhP4K2d4yZqTk2aLpM6TtKHy:PjQNpfwd8OKEZDiquhP5262qT5al/tKS
                                                                                                                                                                                                                                                                                            MD5:197653687769711A547A73D0D80AA720
                                                                                                                                                                                                                                                                                            SHA1:9FEE5DA105159F3BA9AB77068F4C4145878145CE
                                                                                                                                                                                                                                                                                            SHA-256:9E7551F41C5B2C840C86D0EF07123304655357FEA375C962A9950C3EBDA276E0
                                                                                                                                                                                                                                                                                            SHA-512:F14A9B60F90D31F6F51FB1A221EA044F194AC494F470F27EBB23242A8E7DAC4539C686A677177518B88CF1EB95CAE5ED7659C3B3BA9BE900A7A2AF84F42E9E72
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/iptv-extreme-pro-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M(j.HR:...G.'...O...1+....*......v....*..s.6.$EJ....F<&.......d;Q...L4/...A..l.IRT1......3X<..........|l! ...#t.9se.. .;....u.H..:eFP.R....D...s.<%\%PD..r.i.....<....I.\.....m.&....#....Wy.|I5.D,..}}.<....L.www/.....8....:.b.....a<6.....c_....r$..*k_.j........C8.%D..H.G...8....NJ..{..........=...l.....m.m.....w.,..:......!...z...........r...=.!....x.m[.mK.j..\...3S\R .."q...>3^.{vO.m..mIRm..g..C..Y$*...oaf.....^=&......S.....L...z...ha.X...s... .9..<.S.Om.l..M.........F.Q.m...^.Y.I].^..w..8......-:s......<.......s.{/.T.S.D}J.1S6..J...|.W....3.\hP.$..7>........M3...<.z...1..X].....iX....O...c..o...Ib,P.#P.1H..X.F.......U...o.F{..f .Q.w.........:.._{6...L.uXo..P....C.m.Z..Y.t8s...V.....T......V.....J..M.0....:.....N.r..g.....q3|6.Kc..2;.gwG.R.Zy..M...J...c."....2...=/aj9Sh.5..h.-G-....X>B.v..Zh..@G.j....A..J..v.T..6R..@....B ...r.....C.....`.12&..=$...X...h."..T"1..}...1k.....].$.H.87.....&.'......:_.O6;K?d"...*.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2112

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11020
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9718405152258
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:pdsOqtmCw2gq7PGrnBAmrBv92dXY/xwO3BfHWOUJxcx2JVyV9ZA9yX:E7EJQ4BlrBVCXY/7B/7UJxcRPA9i
                                                                                                                                                                                                                                                                                            MD5:6CA50C2FB8A16D86AF98D7A26A58792B
                                                                                                                                                                                                                                                                                            SHA1:7A749B2A2A181854F4720CCB83FD2755FCF7FDAE
                                                                                                                                                                                                                                                                                            SHA-256:FDCDAE836D6D7D4E663963B1E61DC7201C0EC18331AE2D193F1E98B7833DC377
                                                                                                                                                                                                                                                                                            SHA-512:8E3A7AE8BFBED24878D0C846A0964A61CD357DBB2C3AC67257F7066E68AF6BDD61BC9D0FD5E50885C6783C4F4F3B57DBE79D10EE8F7C832EE7DEA8EC3B3A4290
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/os-x-mountain-lion-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.+..WEBPVP8L.*../c...M8l.6l...,.....!....\.wf.......N..&..L..?$..UG.Q3.%)F.(.......#-...}.`].|l.1hZ4.`.H..:>..O.>.....d9g....8....Q.B....$I...Y(....?.....:.~..<_{....'........n......9/......L..gI.J..&..$..p..........y.z.!.!C....0...s...S.....C.AxQ....s`..._...>..m.&....v..1.|74Tj....GMK....p.B....t...l.#I....$w..bfn1O..V.(..W.......w....\....H..I.ZV.....G...t..$9.$..}*3....w."..m....7.....-).$....Sx..3W.0=3..<133.$gDd.....}.oA.,I.$...{f.._.aB.%I.$I.-$..........!&MX./K...p....t.'......}...m...m..<.]+e.v<s...;.m.m.H....d.^.,...K....Zr.%I.#.m..yDf.._.3`.~.~a...T..i...%#..#L `..]>.a..L....@..$cv2. (......1'(..LCK`.O.x.$`..H.=.=....0 LKG"..,....!`6.c.._'Wd..K...,h1.UF.D..)......D fLI&FL..a..7<...L.....|.G..$=ACR....c....c..@i..c.W....9..0.*..k..'..>J...4$..<...A.6G2r..L...6.._...g..x/..12.....W<.%...=D.H....0.u..#`..M....~..4..}5...&Iv.....#...,y.?0.~ZD...=...t..q....8.R.....P.....pA.IL.JT.vM...E...6.......G...I.......T....%>.v\ydM56.:P...E=..0.5aFF&&.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2113

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8680
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.968602165225233
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Hs85Ll4EYAgap6N1QRAbVeNuCFpVr/2xOEwbPeT1ev+UNFuad:B5LvYAgFvQRAwNuOr/2xOEwbPeJev7LX
                                                                                                                                                                                                                                                                                            MD5:F671ADB1F7595FD7519B6F0C47E1E148
                                                                                                                                                                                                                                                                                            SHA1:9C6EB15133C5A1FC128C08467B0BFE3FBD47A440
                                                                                                                                                                                                                                                                                            SHA-256:AE2E0D0E77DFF3BB69494AA796AE612E6812BA8FE780EF17B054899A0AF7D5B3
                                                                                                                                                                                                                                                                                            SHA-512:310FCADA3246E589818C88A453E5B751F5961255325CBE13E4BF4D326731271ED5309001B89992CB094104BE32DD251DAC595ECD7E59A7C3011F0F4EB673F8C2
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/tuxera-ntfs-for-mac-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.!..WEBPVP8L.!../c...M0l.6.Y...?p.......5..Y.k|]..-..0...........@.....U.....H..(E....ZD..h.....$I...9"..R.D..8v.."I.$...F..ip..)Fjq...iF..C.!j..r.."p...z..`.=D.0...\y=.2.1.R.....M.......bj..Vw....".;J.<.....6.Maw4t~..M.....K..z.n.......C.......!C. ...d...A.@.@....._>R...... ..m....{.O!"&@.K...~..|.F.:.....&g....w..Oj.! ..t..bf...@3gvZ.n.U'M.%......;?b..-.'.Q#.d..Ln..K[7...."z.W....X..J'..n..9g.ik.I.#I.$yd..c:.O...k.uW8.6..I....~...."&......H..Su.5....q.i.Nz........^133c3...7.8.}..y.....<.j_EG.Z...i.J%.Z^..J.e...e.dYC.L.3V4t.yw(:.L...Zf..5y...j..m.m..r...>..m.w....m..j-.$I..Hf.Y........0.....tUxL@..).).....`J.Y.......fI.^r.....s.6.G<....h...x.*.As..iWr..,..cm.>....k..N...%q.....*E..:;g...&...J6eiz.#...5...'d..m!.L.z....Q.U.V>[..(.6..h.......Q..O...r.jcv..w.2_yHi.r}v..q.#]..L..+.y$...g5*........U.XO..c/.x...m....Hu.<.......x..k1|.........bpq.%O.s+.iU..X.h.#...<`..Q..G.R........W.....(Z.,.!..:....!...G..w.\.)..t...<f......\~.p.}.89.0

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2114

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12443
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974138715511142
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:kYyc35dk/2tP5yq7aHbj1rrtiWL7kqo1OWrhxStvIzb2dFqTOf9Jjr3+xPLYmhfC:kYblXubjpr3PkL1REUoFqeQXpG
                                                                                                                                                                                                                                                                                            MD5:15C712D605BCBA85DA606035956EDDF0
                                                                                                                                                                                                                                                                                            SHA1:606C5E4DCFB5EA52D9C828FFCFFC6B4513B3D453
                                                                                                                                                                                                                                                                                            SHA-256:1C0E0F9289FF637E272D7C13DCD00D90778E0604EF4557E39EF9CA44825A9E33
                                                                                                                                                                                                                                                                                            SHA-512:E666B07D94C70038D431E95919C0475A334472CD53A8A6685CF99B5215F34F55CF0320D32D8933B2F3AC3D876DF064C1CA012E8E3E58559F1B5D2CD2E620664D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..0&IDATx..{.eWU'..c...<....J%..<..g@..D..>...(.J.J.nn...E.k7.h.WmE.i..o.`...y+..".Q......}..{.5....9.c..J*!..Y...>g.}...9.1&.*...}.~j.....a....f..f..+.}.K.}..l.`..n1...:6,......w................m........W_.kGo.3....t...-M.GA..y..2..B.........?v...}s.. ...?>.w....Ln....1.....~.M.f........u,..*...dP....e/.,B....#..uq.cG...._~..S...^..?...._....]k'....../..B|..n$.......0L...@..(....)....(.....K.uNr=...;O.>9\.|..v~..\.....-.......m.....M.{7.%}9.].0m0..@.q.....L..`..g"."(.p......q.U!@F.K..YV..cG..*..N.....>s.......i?...{k./..Wgj_...&.K....Ee..@.d....`JIh~(&04...D.UE.... `....0..h..p../.:.4........./. .ejr...0..... b.z...a.S...W.....-..._.*.....X..b:....0....x...a..)..._:.....~..... ?.......z....&In.:.....^.pK.1N..&.tb.@.."...HiKJ....K5.......E........O.[../].c... ?..#...........j&...'..!...u...87........F;B.`=F@N........hX...Zq....q....w....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2115

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0950611313667666
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                                                                                                                                                                                                                                                                                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                                                                                                                                                                                                                                                                                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                                                                                                                                                                                                                                                                                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                                                                                                                                                                                                                                                                                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........L..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2117

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):28131
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980542867743361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:nvkTQURr1MKCSC2tHorXMLGn0jWdR+Nk6QfZQposeM:nM/CSC2EXMLGkW1LM
                                                                                                                                                                                                                                                                                            MD5:880BCBCA23489FFAF037A76F019D18C0
                                                                                                                                                                                                                                                                                            SHA1:F6214982065C790AE58C18C08C9C70BA16C5E55F
                                                                                                                                                                                                                                                                                            SHA-256:68C1E5972AC259EF459715DD9DFE1257100C8C092864733BBBBD87782F6FEC27
                                                                                                                                                                                                                                                                                            SHA-512:10EDE6E890615005E7F49DD58032A032E16F3505709CCDB294BD352913882BA5376BA634CC5CD2ACE1680CBC5D3E8DEDED55C7454EA1C7261340C44515C593E6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://cdn-guide.download.it/cdn-cgi/image/width=576,quality=85/2022/11/come-funziona-facebook.jpg"
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........7............................................................................w.z.3U..F'..{_.y.v.l...X.^D.N..IT.@... . .6..#.U...Z.e....|..w...U.f..HT..8X.V..e]gY....M%.._...o..........)2..?O...^^.A.."DN.|..1....yq.J>.P.c......hIW....]V.!...x}........R[..f..s.h&/_..-..N...4.[.........-).....;.#=.;o..h.H.0.....(..c./>..........3.w.h..S=...........C.v...._@.r..s....KO.....:"J....(^S_.....v....M[5W<.v..Gd.i|..s....(.S%5i......E.X.u.a..5..N..3KC.........kw.iw..X.r...^..~.9.V.......n._;A.9..GM...~.6t/.Zw>...hb.M...........+...F...y.._e.{...2.{.X.>y...K.e.)r.|.p..N.%~..A.r^.".....7..oS...pJ..7.2..z.q..P.k...11...1....b.5.N0...<...O..Z...e...i.V.U..q+y..^T$....}.....j{......~_.WJGn|..^..4.Q.......C.....ch*lA.4.......1.Q....|e^M....w...z[...(x.}.iI#.... .{C.9w.t>7...d../.....5@B.@.9E.=;..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2118

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12338
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964547745901017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:M6CIUxbs1J+HfoBwzxeDKkjvgn+3dT5y1WKK5+q:z8b/HSfDKkbVN4kB
                                                                                                                                                                                                                                                                                            MD5:3069CFD8BD0F425E4F343F2A2A7E6F35
                                                                                                                                                                                                                                                                                            SHA1:76980BE1050A9EC335C23077ACF427B59F48669C
                                                                                                                                                                                                                                                                                            SHA-256:DAFE310E63761884F898591B066CEC5697322D3EE21C4CFE084D7E796EDAA14C
                                                                                                                                                                                                                                                                                            SHA-512:EA5FAE00FA6801615563A57F6AD3694D60963D49DE96E874E9B235B452F66992624EFE5F9A0E5E3F2105F68E8B65D8B7FFC3F38204E44BF8F74787EE911FDC23
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/minecraft-story-mode-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF*0..WEBPVP8L.0../c...M8h#...aC...|{.".?..v.\......c....k5@.m...c...D..$....O..'.p.r...m.6.$'...G....a.W_h.p.I."eL.3..p...,...n.Hr$bp...0>.......)M=.......B0.G...a.`...A....`..mp..3...&..!&eU..t.L.I...........+..4X..[@..c.IU.Z.SLkzN...c.;...a..`!X........_L.'.H...B..y.>=1....R.....f..s-...B.l~.8...S2.K.!.M.....4J)......m.d.Y.1...........-...R.p.=0Yz.$Y.mI..D.>.....Z.:....H.Vmj.........<..$I.$I..H$......'.a.....%I.$I.-"...._....*M....9}..).".m.....#I.$.-V.1>.| 1.'b..9q.X.g....G..b#I.$.=kf.....t.$I...nv.P..E{,...%[.r..".`A_`q..cr.q}...g..e.I....m.m.n.........f..<:..^..$.$..E...y.{..[..g.{....f.".Y.m.$......{N...0.Y3..7..;`..I...............b+.4l..'.DQ..EE..09..9.#.R.|.{......M{....^.....)....D"ysk.!..f.'EP.6...P....Aa...\2..(Q.(...BP..|..@.....QS....*/J%P.LPB.j.MNq..E.....?+X.$. .F..\.x....u!...... .P....B ...B.\[.....m3M.=....PT.....1.....#....y.4th...!"..+..R...Y.T.C.I.Vj...j.*a.....n..T....I.3C.Bl.\..........o.........^U.Q.0..z..bE.......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2120

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7308
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.954048752886611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vt7LR5AMEIvqjaLo8UHtfDz6rnVyuTjWGh9:vxLR+MDSbhNvoMQn
                                                                                                                                                                                                                                                                                            MD5:606D432A877DE4EE874270CCCE224834
                                                                                                                                                                                                                                                                                            SHA1:8E458EE8F3AD70A78FD7653014BD9DFD8A8B161A
                                                                                                                                                                                                                                                                                            SHA-256:0A6882F2659B16F2E49840488DFB6DFD31A963DC9F04DA058637D4D197C2B47A
                                                                                                                                                                                                                                                                                            SHA-512:241DA873DA1410D82420820429A3E3BE40AB75EFEA8B3B4389A953A23D75FFF48B13CB2EF952EA306A2C4E3FDCE881747DF3EA90692ED53F7BFCA5BC53A3345F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}yp../.v....V%...S....6.....Z).)[...Q..L9v..d$Y.uxe.LY.d.%.D.HY.E......<@..........@.B..p.R".....5E.fzzf~.............p4.P(...B.@ .....E.Vg"q..|~....P(....P.....8,L.K .0V......$I..m.Z-...l6.L..x.........h.ON..$I.'.N.......-.+!..0.JU.&,G..@ .V.....bq:.J.B..R.P.Tj.J...U*.R)..58.R..S..J...dr.\..).r..n0.fq.z..Ey<...KCFW..B.JX..Hc(.$I2..{.^.Ri0.DB!..5...@ .}.%x.@ ..j98I....,..E.d ....aZ.1.JXPL.&....f..R.d2..f.3Fr....r............D8..z.....y<.BA.....x< b!Z...J.G...U8.].....#.1....Ur...g..[......p ...e4...\>.o.../PdAZ.0...FG..@.$I.Zm.X.8.ah.W.FK.B.$I.H499i4.......+&_...."..#.V.l..1..5....y...D...q..D.EQT4[8...]..=@Q...j..X.\c....S..#.8.L&.........J I2......V......6o."......E"..l...`R..J@Xj.X..^.B..x<..zd..o....tmmmZ.V..;.N.....b.....0Xn......4.....]...(..........f........@.d2.h.x .'m.-l....y...h.+.`.c.._..%.Y6C..a.!.-u.[....4.Mcc.Z..h4.A.-.....X[.....|@*.N........3g

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2121

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (4179)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):189816
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.550787416720178
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:tYaU0lduI6RIeHlNbRbM6yB9/8YGeuoX51en6Qy5:CYu/nL0WYGeuoXPA6n
                                                                                                                                                                                                                                                                                            MD5:12EA9BB79290639CB727AC8C9BA1A646
                                                                                                                                                                                                                                                                                            SHA1:D88952B679C768DCAA26F4A0FE349EB5B836F9BA
                                                                                                                                                                                                                                                                                            SHA-256:43B4343922CCB84BEAD2AB5D06A68049D80562CA1DB130B97FD14022993A03C1
                                                                                                                                                                                                                                                                                            SHA-512:645FADA8DEFFECC46B1CB5C4AD5EC3407ED2C689EE2A422721269F4454BE813EBD7F502E24DCD3B57BD00CC98A846F0CB209287C7D909E382AB15213C6AFDC3B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.googletagmanager.com/gtag/js?id=UA-30374496-1
                                                                                                                                                                                                                                                                                            Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_autoEmailEnabled":true,"vtp_autoPhoneEnabled":false,"vtp_autoAddressEnabled":false,"vtp_isAutoCollectPiiEnabledFlag":false,"tag_id":6},{"function":"__ccd_ga_first","priority":1,"vtp_instanceDestinationId":"UA-30374496-1","tag_id":9},{"function":"__rep","vtp_containerId":"UA-30374496-1","vtp_remoteConfig":["map"],"tag_id":1},{"function":"__zone","vtp_childContainers":["list",["map","publicId","G-XYHRS06G1C"]],"vtp_inheritParentConfig":true,"vtp_enableConfiguration":false,"tag_id":3},{"function":"__ccd_ga_last","priority":0,"vtp_instanceDestinationId":"UA-30374496-1","tag_id":8}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":"gtm.js"},{"function":"_e

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2123

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (22464)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):22589
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.425455390000458
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:BaqxjkxXps0ZbbTsuLpYuhdDDRvPM6Ajcmo6mFrkHdMm97eE+Tufchrh3FFdS:0+jkxps0ZdpYoK6scmoUHdR7Pfch/S
                                                                                                                                                                                                                                                                                            MD5:D2756A11B15A4CCDB3CEE896827F4DC1
                                                                                                                                                                                                                                                                                            SHA1:DA8D5A5F3A79BA36B5987B0ADA6F6ECE39E6AE66
                                                                                                                                                                                                                                                                                            SHA-256:BA34ABE5F7DB9BCCC4E96465F09AB91BF5393F22DD0ACFC2C0E304DD3D94E66A
                                                                                                                                                                                                                                                                                            SHA-512:0DBC44A4AB8BA5C5810D5AFDBF92D9CB4F2275F26F0CF80AB833C3687786A81142C932DCEF3FCAA7CDF32CD6908AEBE7B3A4A63B4FCA13B7BAA463DB7F4155DB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://secure.quantserve.com/quant.js
                                                                                                                                                                                                                                                                                            Preview:/* Copyright (c) 2008-2023, Quantcast Corp. https://www.quantcast.com/legal/license */.!function(){"use strict";var e=function(e){var t,n,r,o,a=!1,i=!1,c=!1;this.then=function(e){return t=e,!c&&a&&(t(r),c=!0),this},this.catch=function(e){return n=e,!c&&i&&(n(o),c=!0),this},e((function(e){a=!0,r=e,"function"!=typeof t||c||(t(e),c=!0)}),(function(e){i=!0,o=e,"function"!=typeof n||c||(n(e),c=!0)}))};e.resolve=function(t){return new e((function(e){e(t)}))},e.reject=function(t){return new e((function(e,n){n(t)}))},e.all=function(t){return new e((function(e,n){var r=0,o=[];function a(n,a){o[a]=n,r+=1,t.length===r&&e(o)}if(0!==t.length)for(var i=0;i<t.length;i+=1)t[i].then((function(e){a(e,i)})).catch((function(e){n(e)}));else e(t)}))};var t=e,n=window.Promise||t,r="qcSes";function o(){var e=i();return"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,(function(t){var n=(e+16*Math.random())%16|0;return e=Math.floor(e/16),("x"===t?n:3&n|8).toString(16)}))}var a=function(){try{if(!window.se

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2124

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2125

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12943
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.976392132891305
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:YluUlP7DSNFe7+Jlcj/b43O6vdjBRPCtFZFVV1mih81Tl9CkkQnkss:YluUBObA+kL0e6vxD2FZFVV1r89Nq
                                                                                                                                                                                                                                                                                            MD5:FF7D26CD3F17BFAE21F1701E92CD6692
                                                                                                                                                                                                                                                                                            SHA1:FAC0D1B0CD2A9FA691C6383CC4E3663581469204
                                                                                                                                                                                                                                                                                            SHA-256:352EC3DA6BD23A26342657D91910FC3D08E912BF8514C3D4BDB2ACB38F31C3EF
                                                                                                                                                                                                                                                                                            SHA-512:9DD1988E52400CFB180C071941039DE3CF4EBB4DC23219A319C19F4BD99EB34C4986D763BBC03AB23E57E8411057CFE5236DE5E1667C5474D049B7BCA33F78CD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..2.IDATx..}...U..]j{{...{.=..$..@." ..Fe.Q.e\AET........a..EDE.A.."K. !{...!...~{-...w.U..N...#_x....Sg...9...1...... .u... ..A..A.!..QJ.....`"..T*.k#...!.k....A.b.!.[........!...c ...........gq...A.!.' $....W.@.O..6?X.q".....w.{.3......kk:z....1.a........K.._..i9=.....0.....K....c.....#..b.4.C......f.R.0b.m..Q....!.z..).P..0.l]l.XE.....U*...]...!..&..?.........B..I1.t.s....._V.a..rE[..../h..]{..w..jl.hy.Wh.i6e).u.`s..../.a..y.H... .=......v.l...>....1...7..o......g...J..H.$F.Vs0..B.y..N.m.....U.`,.4td.....%1q.@.rM`p.K.z().1X^V.......@\...@.-U.m;FJ..!..p..fd...m..K...W...k.4k...^ij....Qo..5.mH.I..(!te..K.A...:....x.r-.6.%SBc.x<n:..(?.s.#B_4.P.Jd..ej..1..R..&V...5......E...CB......+...W...J.._...PR._.B]G."]..Eg..b....3\..nKg...IF.t.....[R;+`x.y....].P[c..j;....f....... m^|....zn..R..r....F...b,f..P.#b..u..l.V....Q ..._$u)01.._.`.%.6(...WD......$.I].....5..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2128

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (829), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):829
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.406968590949366
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:4HksSq5/Jz2pRNrBZJuvu8goqc0ioNhc+ZP4+mI:2pz2bNrVENtmN+F+j
                                                                                                                                                                                                                                                                                            MD5:E545366AC003BD553B349F28AB81E545
                                                                                                                                                                                                                                                                                            SHA1:7CDD5E67094A54D67586F2192B9BE755BE8CD68B
                                                                                                                                                                                                                                                                                            SHA-256:C4466F98F68A6D106C8FBD8A26DE9A2CD116E2123F5ABB18EE01D53D63EBE296
                                                                                                                                                                                                                                                                                            SHA-512:AEBDB760FDA7D6957BB5BFE360F2B2AE89043D614CE502B414F5934A396672E7F268845C13010E60C4C3FE5C6FCC8ED8F63A293EAF28FB46EB19E9DC5D0CCBD1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://www.google.com/recaptcha/api2/aframe
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="J6zQUUHe8qrNJq7qKri-wQ">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha */ try{var clients={'sodar':'https://pagead2.googlesyndication.com/pagead/sodar?'};window.addEventListener("message",function(a){try{if(a.source===window.parent){var b=JSON.parse(a.data);var c=clients[b['id']];if(c){var d=document.createElement('img');d.src=c+b['params']+'&rc='+(localStorage.getItem("rc::a")?sessionStorage.getItem("rc::b"):"");window.document.body.appendChild(d);sessionStorage.setItem("rc::e",parseInt(sessionStorage.getItem("rc::e")||0)+1);localStorage.setItem("rc::h",'1698409211939');}}}catch(b){}});window.parent.postMessage("_grecaptcha_ready", "*");}catch(b){}</script></body></html>

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2129

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1763)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1864
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.909740232721352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:G9yzVumZOkUe33FByejgktMTucwmlm+tv2JTBa9i6deNaq0fb:G8z86VvjVMZMwi6Pb
                                                                                                                                                                                                                                                                                            MD5:CB72F6CCABE78B7D8A0B84B128A82558
                                                                                                                                                                                                                                                                                            SHA1:FD82503D06183AEE4CFC097ACE82EE24E0EAB31F
                                                                                                                                                                                                                                                                                            SHA-256:11679A2FA46061BF9FF01CBB18BFEAEC969F52F96615866BDADAA1099F0EE7B0
                                                                                                                                                                                                                                                                                            SHA-512:1351F069C9A857084D1197AC46FCD1AE91EA7EC7C203CEA8CDEF4E0E430B0C5D9E1CFA751A3387B1C72828BA8BA26D175C24CF37787594A64ECF22095D9F7EFA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/ms/static/css/flickity.min.css
                                                                                                                                                                                                                                                                                            Preview:/*! Flickity v2.2.2.https://flickity.metafizzy.co.---------------------------------------------- */..flickity-enabled{position:relative}.flickity-enabled:focus{outline:0}.flickity-viewport{overflow:hidden;position:relative;height:100%}.flickity-slider{position:absolute;width:100%;height:100%}.flickity-enabled.is-draggable{-webkit-tap-highlight-color:transparent;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none}.flickity-enabled.is-draggable .flickity-viewport{cursor:move;cursor:-webkit-grab;cursor:grab}.flickity-enabled.is-draggable .flickity-viewport.is-pointer-down{cursor:-webkit-grabbing;cursor:grabbing}.flickity-button{position:absolute;background:hsla(0,0%,100%,.75);border:none;color:#333}.flickity-button:hover{background:#fff;cursor:pointer}.flickity-button:focus{outline:0;box-shadow:0 0 0 5px #19f}.flickity-button:active{opacity:.6}.flickity-button:disabled{opacity:.3;cursor:auto;pointer-events:none}.flickity-button-icon{fill:currentColor}.flic

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2130

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15067
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.965079613578578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:FARsUnfPBZIPJG8QUx7V2Z7zaBJh4EW5X4WAWc:FAR1puPJG8Qq7V2ZyBJhjW5Nc
                                                                                                                                                                                                                                                                                            MD5:96AAD53FC57D2D92252BA99C094EF54F
                                                                                                                                                                                                                                                                                            SHA1:79F078D3DF101510C3940B0CF3E9A0B4AE142EC1
                                                                                                                                                                                                                                                                                            SHA-256:BC4BAD8973B8D5A3029B2FE2A3CF7A7A4C983369AB5C8EF633799DF2C136D933
                                                                                                                                                                                                                                                                                            SHA-512:7CA56D8F5EA2E8C67A964AA31C6771D79EEA07BBA4F1244222D0877EBF2FE972571764AE4BF64177BA2A01FB14FC5005E816F89F625D0CB17BAC8D9207F02E8E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..:fIDATx..Y..I.&..f.W.y...Q@UWU...1...,."|\!..C.....w.....B.,wv....@.P...../3U>.{d$..=.5Lq ....wu5.O?.T.E.... ..L..."._. ....x.Cd..!.........Q@......)@....( ..".....B.A..... (V.T..T.....! B..X.".?y..\....h..l..=.2.T."......0..(dD.`.....'( .."..Z`v.B...[.q......!a.`@t.............C........X.. BX... ......... @..T.....8A....$SN*X.[P..B.....l$.q|px....<G$.xnaany....r(...... ......7&@.......@..0.s.~,.9.5.p..w.8M..{r..Yf3.x...Z.Q.4...:m.-......(..,B,...ah.....y::....$.......I.S.r.......!d.Kw...-..).C...j.o.@.:...51Vu.6..Q.x..d.{rp.=;K..9.s..t.gg.....w/.JS65.`..$.D`..D.$@H99.l}.l...U.8_)U,...).Y,.i.......[........ ('.($(....B.(e....%..S...A.%...y.'..O..8.=..s.1..iR.f.......k..>.....+.,!..3:'..g]...>...g.....1..=a...qe@.&d..G.'...>.....m.-.. (...Tl;..f, .2.n..B8......?......>{..r..T;n"W.]....-*DE..4.j...?.y.'7..4........r.`....r...=.FsM..)B#. c.J...!:vy..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2131

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16100
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9723937671658245
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:KcvTieBFba9m7vhKqFdB0UpY5M3uWVO1ISNTtdmzMtRLrmT3EE9rdYhIG6RyG/Xm:K2rFbl75KyLjtwmnkdbS9qdxRyoha7CH
                                                                                                                                                                                                                                                                                            MD5:9FB55E7A4433E028305C46303C02D543
                                                                                                                                                                                                                                                                                            SHA1:EB87CF9C3244BD26C00DDE255521545E420FDF59
                                                                                                                                                                                                                                                                                            SHA-256:C426C42913661FF112C4021BFBD83CB90D60D83D164AC0243A1E3C38652B3543
                                                                                                                                                                                                                                                                                            SHA-512:30AD870E87F63C81E04A250412738FE7A2A437E029E091565C8E91A8E5BA56EEC84F161E65108FE1F799EB76D2B02DB2D6791C1CC8D2E16F7BD93CA029773DEC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..>oIDATx....\Wu'|.}{.Kw..i....Y.1.ec.0..0...I...d`&!..B 1.!..7.I2......^$.-Yj.-...}.}y.]..}....j...h7..W.{.9.s.....1Pw0. ..cI..o..BH<.......b.#..,N.!\...... .....?..^{......\TX.I..B.c.y...u.......]B...Rqr.P..j..bI.o....l ..\(......^a..[.........GFF0..Y.BB.. ......`.F{{{www.?..=...%.v-Y...RZ..oy1s.#.0.@mI......^...EWO.$q}...7....1......7o.{..[w.....-..y^.T..G).$I(....$!.4M..$..1&..&h....j2..;.U...MURL(..n.E.!..!..dn..B..G..G.T......\...8....LMM.^.<y....$I.o...;....j...).J.J..<...*B^.,..*V......Y...D"!......m+.5.A...v...Y...w(,.aY.ggg.o.......O....B~).U.BBH:...rCCC.=....W*..K..8p`.M7z......'.5](.......]S..0.T*.......p...<dl~GB.P..E.......RU...._...b....._m...T....T*.j..n...........}.{###.rq.....FM..y...-FTUU.%...b.@ ...TU..;.S,.'&&....i.X...s.%.Ph.......=V...z?P/.....o...Lf......O....6..$Yz[.Q.....f..c..Y....<....(.^$...QL.K.e.#..............jn...\.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2133

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7884
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957029007466227
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:RPmz2LDUu0/CY0nHuM3NzfIAkjNR1KICMv9:RPmDu0j0HuMBFkjNR1KICMv9
                                                                                                                                                                                                                                                                                            MD5:EB6000524378981AD90A72E6F310A0D4
                                                                                                                                                                                                                                                                                            SHA1:E3A5A8348503715CDC7A09A2A7AC543EB6BEBEE6
                                                                                                                                                                                                                                                                                            SHA-256:2C70550788EC629C639BF51D5FC910BB37CCF20B7435716F4AD978142CC1C141
                                                                                                                                                                                                                                                                                            SHA-512:A511E430BB752E9920F8C57B9421EBC86C0962C9A0243AC929A6A77DB42015626A4794B404039B16DF74503F3C2E82E5D05A2D0A7C6348F26E9B7B5E4EBFB127
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/cmaptools-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c......$9.......9<D...Z..J..sO....w"%.%.7..I.......c.v+]~..!6....mi..o$5..q$.2.[.......q....6.$EJ....h..Z...`..m;..........0....?.. ...........Vi.1t_>L_5B...P.6_..#..../.W=V.e...|..-J1s..8..XQ..BP.8$8.`,.z.+....\.L.2..(.>..2..f.........Uk..5..ATI.@-.O.|h...O.8.6.J...k..A.Q...C..`(....s....A.......qI0..A.!....u(h.F....."b..5..M.A...}..n.e[P...J..d..K.s.gfs._...V....L.....zzW..N.D.../.....B...C.x,...X...M..u........b#fB.6..R.A.a.W.X.\Zx-........B.EE,.n.p#.vU.>UX.K~x.!=a..w!.p.7..T....kY.....m.+Ir..?'"22..i..=.{...fd...Kh...{...w.M....?...^...W .+h&...nz......~........C..........b`0]MS...rkh..\.LZT^:....b.....h.+a.@.P..r..^*(o..<t..\..7....U.A..../Q....-.8.h.@n........Z..m.m..s)......m.m.^.m.m.....h.....m..m.V...:L..:.....V...-..,..>,.={o..c......^C.)....B ..."..2.......V.. ......X.J..F.XF.0..T....,.0..k..aa.U....2;..H=,.h.j.N.. .r$a.#.T.d$..hLFF.m.cW.AV.oZV.D)...y.>.T.l....,.;.@.>..].%d$Ddt.c........}.$O...d..p..7..$

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2134

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):15346
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977481679369169
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:jdQ/7+03bUo4ttNxpqJqC1ox6mxnWAH4r+cKoL9ycWek:jdQ6ejSts67DHSBWh
                                                                                                                                                                                                                                                                                            MD5:E82DCAE2ED2E7E1BA052D7B3C5FBA851
                                                                                                                                                                                                                                                                                            SHA1:F79BE4F6F0E2170B8F74D2C7CC3799FE595223B3
                                                                                                                                                                                                                                                                                            SHA-256:6100641E64D430909B651FA0F1D05228DB539F93915210B10291A275B38AC961
                                                                                                                                                                                                                                                                                            SHA-512:50BC80FAAD475D4FFFC89429E378950F866820190596F365ED0460583C2C3185658A61DADBF39517D90BC434809F99AF0C0DDA50DA67D1EE6D0A7C1C75E72CA7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/geomame-for-os-x-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.;..WEBPVP8L.;../c...M8h.I..................@..Q.k4}..I......z.;.E.KGgf.Y.3..TT.+..$...$)R....y.(.,....IR.`h......?....H.dUI.%.?...w..3....EM...V{.^....r':9......<.m.....X....@.N.....ZaM.............D.?h....c.D.n.......M.`^.]...\.L.0.../Jm...!W.2.....B..... .7gw55A..._...:..........JR.;{..^..e..0..m#%)...`.........k.%T..IK.....c.Z...U.hi^@yK.$I.$.=._...ua.I...>..b.H.$.l..A..).m....O^...m......q/.l.i[.....S../..o....6C.Z'`....m{.\.kb..jJ.....$I.$.%b.Qx.........cTU...%I.$I.-"V5....{.S..............m.ex.|?....!..O....t....9l..{.<.|....Y^..c....rU:#~...m.j$[.6.Z[...{...0C...$..<.y..%.<33...I.kMO. ).l....[DddVmfj.......N.....p7S.P...XT.N.%.`..mI2.9..U..df....j...}X...033.fNqRq8f[..ai.......2.I....-33s..v._........n.....'3Nl.d.%..7..|.........E...5..U..Q......AD.{%F.W..*..n\5.4V.H..`.0P.F<F`...}L*7....P..0h.1fA.;...>I....P.U.. ...F..x.|4%.*....c>.A..J=.U$....a.. QM)....T..h....*..CB......U5V.1...c.VbB)W...`..H...JQ....+~T'^.p...%

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2135

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12130
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.910664456307939
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:AV/hTRHeu5x3hFnXxWrpIKQXlXOZlP52vWkT4LnUECyntMJKi7zaa9o9HXIHYSgv:e/nTL3PUKHOdxU4Ln11OzU4HzgT7
                                                                                                                                                                                                                                                                                            MD5:CE4B526F3773D1EC4600DDB9C3ED28A5
                                                                                                                                                                                                                                                                                            SHA1:FD5F2F1DCC2CA1714865A4A09AEAE4B279D34905
                                                                                                                                                                                                                                                                                            SHA-256:EFC3770AD8EB781D00D005CAFA56975BBC156457B87BED81FBB34B7CA8191644
                                                                                                                                                                                                                                                                                            SHA-512:1170E956D0A53B868234079CE429413D1767881AEC94D273933C40D28228C63622E5AF810FD888631A64F916CB7DB1E5D80909B16733B794AB5A5D710B939291
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx.....y^....{]{.w.U.U.9.4G..B< .D`..A.....AV..W..?.J....X1`.Q.%.2....p.....=tw...{...}g.]U.....@..1..'1D". .1..bb'.6.+KU..hh .8.!.B..e{6..i... @...f...;....k...^.S..B.:...a@+!..*f..N.vR.d..i..6.. . 414..ME.E..i..AZ......].E..&.."{B..3..S\9..]A.X...NFIc9BKs .%Q......b$"..]f~.L...........lh...Q&.F..Iw..;Y..u.M.H...Ls.Sj.....&..$.TL.'.H.4.2R.).3.DB..a/ .GB.y..?(.J..TA..)......m.....S..ry..g.......x..l..........i..T5..)5..x..sR.:^.Q.y=].6.\..Z....dN&..n;..S...........-`.R2.... h.1... .c..T.*"ao....x......n/gw..k...x0]........6Tk..d..@R...5..;.."..Q..i.....\{.g..k./7>.:.5].qr...3.<...k..q..-LdJ..u.H:& .'..w.....Q.....D..:F...Kj.q...yz{{..../o..........s..IW.K..XI.bNU...(.:..c...IR...e.P.s..v#..Z....z}tr..^.g...g?..G.......stK..&t.H.<%...1.OS...A+...A.q.......~.g6.........zsw^.fw.Z..).ZM.t....M,.L. P...........@.B....t.....S.wcY..5.|..Q]}n..,.<.q.#'/

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2136

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7481
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.954012195779298
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:EBUoJEuRZCVS38iBpI4TA7my0kqQ8neznakz9Hfm3jil17mdvzljHNG85n3T3yl:ERJEyIS38iB7T+b0kqfeNzpGjU17AvvE
                                                                                                                                                                                                                                                                                            MD5:A66D7188A985DACD00FE838817ED51B5
                                                                                                                                                                                                                                                                                            SHA1:71E6F0BB75CEFE4AAA7B7AD4CBE81C7020B4CE41
                                                                                                                                                                                                                                                                                            SHA-256:AE248DAC6F017095E1804F3D7D2A6A08B511EFF317F68496B7604E128B27AE4D
                                                                                                                                                                                                                                                                                            SHA-512:00F117F98DB278B62579B1A88A6CA121EF3C1ACBEA419209840DA5FB10A989CBB4548DB6DDC66F7C49AACF1BE608D0D27CBEEB7915287B21352030EDE5A8D537
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}I.....Z[o..;..bbHA#..(p"d-.c....r....;.`....3...i|.........k8..E.,.0....$.t7P]..+..q..ef.. ..A.&.oDGuuUv.|.{..Zk...l.-.l.k.X[..2.....e.._.c..a..t...>.aO...........J5!t.SJ.}.q>.M9.S6..R...f.....7c....*.u_..=.?.0,L....x._.v....Zk)...3k.Ci...eY....A..X.'....q.k...k..ua).S.F..o.}.......g.....0....QJ.../..!F..c..5j.Ji.$...m.8q.Z..^.T...!. ....?......w..555..~....F#N.....'I".p...jq...YI....8^YY.t..s...o...?E...|...4..z.N.q]wyy.........Da .....Z. .(..n7..4h./aV..cccq..z=)e......0??.,yV.....`.h4J...8A..?.~.._........!fw4Pa;..8.!$M.f.../...+.f..^.....H)....y.v.w......C.<..v...F.....z..B.....~....`0.m...p.......4..q.!.....}..W.......^ozzZ)%....8.R......q.....T."....~.=.1.j. .(...t........V............f..w/...0)t..S.8...B5..n.;11qoc....R..z....6==-..R.........|.;..w..P..^U..hM..H.....U....T...c...9.B...:.c.`.`.O..G....v........8f....<y

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2137

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5234
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.686831645289366
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:sNIk6F9vU7f2qo97f+oilBauChhH8jy2bWYg4XioS0bJzd0BHM3lC:/Tk7tE7f+JzauCYVgP0bzos3lC
                                                                                                                                                                                                                                                                                            MD5:4BFC28B12A6EA3D4741A66FF70191351
                                                                                                                                                                                                                                                                                            SHA1:0B35A4E1BD3E4AFAEBD8C5D86933BA9D02628B95
                                                                                                                                                                                                                                                                                            SHA-256:19EA3CD879755802208D2ECA460FA2F233D8DAA369B67A076AADF3D568C5C39C
                                                                                                                                                                                                                                                                                            SHA-512:964AA745C3573245199CAF4ED83157F4E3C68E519D4D7096DE06EB533BB9E634A7716744007DA6727F1245475B460EF460556ED6E588D47146866F76A9E9A29B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/notepad-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFj...WEBPVP8L^.../c...M0l.6..F....AD.'.p....W....0r....hM.=..$..fSU.IF.&..$..Nm.4.$GJ....\..8......T...pk.V......*...a....?t.I.#...m.zX/..!-...`y..`WUU.C.\/.....5. .DD44.R".tI..`;...tx...C...F*Om.2.....R1.G.G6.\.Y..FV.!W...k.5.....D$.....-.=x.....3-..oa.......9...z.......$......c.....-...B{..t.sk....G7.e..G!.m.v5....ffNTD.)@..6P@*.b..>3\.g.....$).-.:.?-....}E..9EK.$E......o.w...=.1..m..6..\@Rq......x.G%.F}........F.$Q......Bn$I.$y.Q'../...u..H.#I........^.A.H.&..._L...........3.;....$...'..$.m#H....d..`3.Iy...0...g..;B..[.Io.s.'..x..+..?.7>y.'..}..-..D.s..v.l...y'.....)oy:.;.......!K.-.X5...m..c2. ...d.....L....."-....tpO.........?..'.^....F....... 0b ...2...L..d2d.u0..bA....<5...=...K.5..E.].o.X .2.^....x].....w.O.....p..Gj..A..r.0.r..3.c...#I l.......Vs....^p..f.... .0....<0...I8....(#..0....u..N?.mL.d....!X...#0ra........U...E....SL.....|....c.m1......B.K.......F.1. .hk'..V/.L......Z..........1r.@^0...y.....s.!..``|....3.f.._~......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2138

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10996
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.941604716038424
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:SgqG2yvgpYNvydQ6lT9e1PkCfJsq3O5tj/dm++C7Z0M6gPlw4nhHNR+DfmM/wLuo:SgqGN3iYF+5tj/w+b1dCAHL+DuM/w5
                                                                                                                                                                                                                                                                                            MD5:B2EE26D532CBB833031C3E71CD6F9E5E
                                                                                                                                                                                                                                                                                            SHA1:24181A9136C4786165B85A9FDC71FF9811A49F56
                                                                                                                                                                                                                                                                                            SHA-256:EAF0BF3AEC46EDABC6B59F5B96B9B551E5AB60FB29003C4EC34D60D9A019F2B5
                                                                                                                                                                                                                                                                                            SHA-512:E9F253D484286579622895F2E084B5DAD4C042C1983E61A25FB11AA6BC1A83C05BCCAFF14D42219BF7CD4C8F70CAD4BC3E29342555FD8DB79E819BF812235266
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/playonmac-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.*..WEBPVP8L.*../c...M0l.6...^+..|7DD.'. @k...6."p.%..:.s].}.h....{...JP..5....M{.u..M..nl+.....I.....*.'..k"$<%.z.+E..l[U..p9H...C..~.r.H.j.w...z.|.....G................I...P.../.. .2.BHL.7..o/..o...b.].....=.......w.{X....d.u. .....C.n.._.c.&..Y..$.h..._...[.!6.P1!Q/..W.-..k<.)......5...n@...;...gd!........b./.....X..jT.E.......,4..|.Ci...q....$.....m.4.Q.....P....DG......`9.j-t..c..s.....p.X1.[.S..=....$Y...a..C.....W.s...=;a.....$A.$.z........T.oI.,I.l.I,.......q..2.c.|..J.l[...DD..733.N@|..........j.**k..7...$I.m.e.QJ.......;.g33=3.Z.Zk...%IVm.-.(........w.s...........Z.......=m.m....d....\...i...{.......m.4q,..g.m.$I...$37...j.@....=.../f.rw3.../[..F.m...l.....|...l.3.............#BR$I.$.....zk. h.6..C.^.m.I.........0.Q..t......."SD......P#R..R......m..1F....1.Q.Q%1>...@*.@.).0..LA..%....$...A0.....t..I........P...`...`)c..^.1_......&V.F.B..7...h...r..... ...@.l...J.5V..5...a.5_....O..O...[....k..~z.....UU.V&Q.....I

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2140

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):166700
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.756523810056461
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:gUymJiri6fB3xw48e4GMyOIXCJuHugfqtsh7ozja5HaMSug:g1W4Xx3OIdugi2hUwXng
                                                                                                                                                                                                                                                                                            MD5:C264E5ED7FB7C5C038A1870D5C0219A1
                                                                                                                                                                                                                                                                                            SHA1:2542BE2D5341BFF0067639B60A25805665D6F2B9
                                                                                                                                                                                                                                                                                            SHA-256:6C37D5951C0E7581B59CD91B0101AE0734D622AD8905245F853005CBCDEEEEDC
                                                                                                                                                                                                                                                                                            SHA-512:DF5EEF8D5A276D3C0BA89652A1FF10C9D85917ABA5405CC470A195B894C132D21A280A8EADB91373CA6B574F3D53C7D4994CBE031FE9898C949B99416E723959
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Sticky_Refresh":["html",0,0,null,1,100,970,0,1,null,null,1,1,null,[138327306428],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CKTbnLmbloIDFYtYRwEdYJQEwA",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"4",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20067;&gt;8&amp;&gt;`dopb/%&lt;1732261!=|vqc)!7201061?&#39;9efotm(&amp;20723;&gt;:&amp;&gt;`dopb~&quot;]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var q=this||self;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2142

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8148
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971921196352357
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:MiHW+vHe3rrLWoKk/t2JVEkTZGjkV9MplinuXu50kuA9nlFsaa:bWKebrXB2rLGQVyHmqj5Ol+z
                                                                                                                                                                                                                                                                                            MD5:B318EA978690806E9E5EF0644C32CDD5
                                                                                                                                                                                                                                                                                            SHA1:F32E7C8BA0E43D9AF2BF6FF38588289A46509A58
                                                                                                                                                                                                                                                                                            SHA-256:66D54DD9C864A1240C34D4D3CDA30D6517662E13B2FEDF12697978C10B31D1E7
                                                                                                                                                                                                                                                                                            SHA-512:672949E8F8DEB1FB5F6D59570BA7773BE413540E2CA6238381BA0D2556B854624A3429B8A0D99796F38E8516829B500C0572B331296E83E8A2D885DCB5F72983
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/microsoft-office-2007-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c....Fm#IR../.Ox.].....|.........z.l.KE. ).~YsHb.1F~\..m[U......Z...u......H..*..pw.........Pn#IR.<...Q:.-.x....Q..?..C... ..rw!W..%=..5.c.......[.:qVKU....4..S.0.,.j..QGU...{.....h;.U..@m.\..]..*..^....nI....:...U.2.3G.lK[..=..QE>x...8?#....n....n._.w..U..|.pNw.Y...33ff..!....B...)bf{f....c...../.F.utC..t#m4Vu.A'3.LS5u.JTmX...Z..ml3.0.Y..w.(3...*..)/.1..0.X..=.$..~.vpTDQT5wg.0.y9.67..Y1.43eeCRdd8lK.-o...m.....{zP..H!.Rp..,33.....7fffff.0.dE.4...tW.la.vH.t.....Y.r...km.m....m...6..*.*3......l ...{.|.n.l .(D..>.0 ......s...ho...u..Rb....(.0v.M[F....`..`A....5...1.(.QD.Er$...Yy...^..r...4.I..k:..........".E.@....n.J."W. ...H.....h....r...E...%..W"...#..\R..c_...5w...x.'...bA....U.E.....u.).PY................\..{.|..}....D3?!.?l..<z....K.c....N...H..~...R\...0Q.........S.].A...m.gv..{.9..:.}`.D.....n#6nfff..&..)3.*.E..q...X............[/.ho.....q~.....y6..=l.[f.....e.%X6..a@d.0....1)...m%....O.......V#.0....>....d...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2144

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2910
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.864011472134585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YP7Ctv3sR5KWWjGpWThJ/deO2QWnmwXNoTQsCIUipBTO3qVUQJp8QpYWK66:We/sRkW3WtVdeO7YDoTI4TO6VUQJhpYH
                                                                                                                                                                                                                                                                                            MD5:51D0ACFD3470036769422C303793B3D2
                                                                                                                                                                                                                                                                                            SHA1:8D17BFB9E3D7B3A6C75E92CE627F58FB9EC26553
                                                                                                                                                                                                                                                                                            SHA-256:CBDD5353675BB392D917F161529A0200DC415330C5499E91DA461DA78186648C
                                                                                                                                                                                                                                                                                            SHA-512:63C3B069AFF4C2BFE0F71801F59095B3EE8785338E7925520742E2F19130A07E0AE64B2FFE4BDF8E747DF66427BF3E04264B75BE375CB9200D95A8C0A15CA2ED
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/microsoft-excel-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFV...WEBPVP8LI.../c...M0j.I.R.Z....s.D....Wh!.B.I.v.a6..V:.$.bX.....~..m$I.......B(-.{.8.$......x..H....8...[...{.X...O..;.......9....3.J&.oh?Y......P..rYK9.....m.sw..pR.P%..u#i..0n.P......C|./.j..J8._.O...n/.8...>.....I.>..?#.5.msm...{.g..'{O.m.f.U......S...=.9.m[.me........KLd1.1.d....C....r"ww...{...k..$.$..D....ZU}Mw..0...F......D4,1.......3%KX.X.....w......3.KX...=.._]..1.Ti.Q.h........&...^..?../.....Cb..r.:.d...8.c7...o?.E..t....|.;.w.......f.b$........................Lc..@H.2..\.....'...S5.....,....A]...d..AoZ`..0.e.L.;.Y.....0XI........'m#.v.&...;..Q.....%C[a.S4(.ah{....Z`.hW..V.Ss-.o;.p.m....a.9..f.........u.-.I..-G..i..r.......v\}g^}.WL.<$.a....(.;-?{.'..8~......$.f..*a....l.p..g....;......c ..b.&-......-.[8..V..S.aDa..\..>.}.......o.vN.<..F...>...0XN.Y4.a....).%$(..(...F......=...`N..h^...a.C../6...LB8...*.pRJ..5.....`N.".RUjM..h.f..F.@...@...1.-.$..h.b.........>.....0.#..)......(5j...q..[A.....H...%.#.jj....$Ln....w......TL..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2145

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):19960
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.962909958571326
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:27r6g8+ueEEoqUzhID2dkKUfkjZc3PkfhbdfHScYsWlN/Qf9kTu:27pt3EEvsg2dkzMj2/K5fHql9Qlmu
                                                                                                                                                                                                                                                                                            MD5:CD84E21536477172E84843F2FDF75F6F
                                                                                                                                                                                                                                                                                            SHA1:A67E0642AE53F69845444FF7D3D03FF7AAC024D2
                                                                                                                                                                                                                                                                                            SHA-256:D050F0DDF5D859B3483034B99EC8682AD6259B30E45974E7BB32F97D9A7194C3
                                                                                                                                                                                                                                                                                            SHA-512:6CB335F8C2ADF37B64BE9ACFA7C824123EBFA50641AE3892AED1B98EF7BAC309C2984D2A952ADDD23443B1374ACB26511381BA6DDFDAA3D9004D701FADF02DAD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............sRGB.......M.IDATx..i.].q&......W+..4..z!.E.k..RC-.{..id.R...{b.........K8..!..4cK.Q.(Q.E.l..f.wt..4..P{....L.......y@DU...}....../.~.......P@P...QD...`.._..?......( ......g.8.D..........DD....7.s.P...FD..@@.Zk.(....@.K#....V.Ki.F.u.={.<..x.-..Z)..B..;.HD..Q..9..5.{.P..........t..a.!.)%..D.#....'..k...ZR.9..kq(.............ff..A..;..v.m...=.c.XGF4. ......B.._M..#p.f`f...{_.....E...u...sr_..>.k..:.#"..._^.o.'.=n..........%. ....B..T.......D@@.@DD@.Z..3.L...^D&......4..Y..2..o....Z..}G..j.....9[..2.R.n..D.5)".fA.A....V....xf..@B.(!."..$2Ld..5.w......o~.......8c.~.......H...g.x..<.a.a.....P+R .....Z...h!R;uF.M.s.VE...f.`...X.....(@.D .H...E..}R....&{:....y.$"."..O.o..R.*.(.wd..A.=.......`.T.....V..D.k...BD.$.......{..d..=..e.. .#>p.".F..HC.D.D0.....y.`m..g...F..@...A..l..U....=...=CmB@..DH . ./..<#W\..#R.J).....c.@.u....}xm>.q-..Q......J.".=.,.,.H..K.H.0.L.B..N|/.....'r.....}...Q.....(@p..H^.P........@.....'...X..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2146

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8540
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.958780860247192
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vz4MMp92fy0hoqUgSBudsZBmsepkIcnnhfIYEWgk8d/f:vUMeky0hoq9OisOkpnCxp
                                                                                                                                                                                                                                                                                            MD5:9239E4D21E9F73EC0B2F7DF5DC91DEAB
                                                                                                                                                                                                                                                                                            SHA1:B510C1C3525B22AF0BABCFC3A06F8320C679F27D
                                                                                                                                                                                                                                                                                            SHA-256:AC47308A1C3E53795A57B34F533E7DC8CCE2A1CE7325F895396E196B0FAF408B
                                                                                                                                                                                                                                                                                            SHA-512:ED77A1E5105C0B7F36279FA0BACF5638F1A3BAA7F80369B2FEBC5D7AB22F0CEAFC32F7E582BF6C1FEBB9F86E7540E6C32A591DB06D394D77365FF7D9D948AA48
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.. .IDATx..}y.eeu.o..;......i@.....q...^..]1O.....kE.f.cT0.8....q$(8D#Q4." . .-*...t3..]..9......9......R...u.{...o..pHUq... RU.e...}..G...V+..N.l...[W.%...a.....C..".#D..w......:........Z.N........'nx..w....A......&Pf..2:J..k..<.nh..>.4.iU&'+.7F..U.V.z...1....Z.._$'D".=...Ra.sQU'..{..._]z...xltL......`V(....*".N-2K@\..^..u...x....xt..uK<<.m...!.h...\...4.5.....0.-...va...c..n.........gf.,.P..U'/(.Pxu..PekU.Z.V4.......l...h.xu.F32L....b.E.Vmr..xx.l..5.dE.V$.S$.9..}.W.....w..P.z....gI...NX.^T...._....0.YKY.U..2.jM.J.f4...xl4..h=.w'_..v.....{D.TR.(........5}.D..j.N($.^.2.y.Uq.Q........"..$..A...T..H.2kE.......{..;.. .......^.N..`.]....K..m....<..|.....JJ.;......47S.N#........_F.....*.C33.g........E...|*..D...#...[...u.ZM.e..U.Y_..........A.~r...."...9....Q:).@.$B.BU..V*..G.../._........'?s.;.,..H.u.f.|T.%.c$//....U.cS..../..=...+[.SQ..Z..Ek.P.l)..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2147

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):15914
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974609548063477
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:jshy4WlwXdQ7Nqy38K68ZaK6KO0nVdMC1XqlWd+h1y:jshbsqQd86Zabf0XMCFkxs
                                                                                                                                                                                                                                                                                            MD5:0118D4989F7DBF6E7F94AD620736707B
                                                                                                                                                                                                                                                                                            SHA1:76B9496E27EE583687AE5B34ED5760362418C4E8
                                                                                                                                                                                                                                                                                            SHA-256:26CEB0B9D82333C4758E0D9E9A94516F36828D9402264DEB58F134BE8F37FAFB
                                                                                                                                                                                                                                                                                            SHA-512:4DDF603A6292AD079C0044A1168FBC8D57D4ECC03753E20503E3A3631102FCD067EB956B729A0778435EB62EC09240D26D8DEB367B8E0857E0BF9D4A56D2BDD3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/spider-man-unlimited-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF">..WEBPVP8L.>../c...M0l.6..{zw...8..".?..{...g.6.O.:.8H..O@...mK..m.^!...~B....P...........m.!....3.....n.Ir..h..i.:a.....;.Li8n$I..x..jm8..1..^....."b/..Hg....._..Q..{QG{..P.;.}...AhO{:.*.b.[..._.!h*E...7..A....(.(..XL.er.....(.!.B..$ ...J.E.. .;...i..s..3.....@..`=I....)...w.$.....LJ.!...X...0.k..........BDL.....{...Rr...-......~...$...t..}GD..Z....m...g..E-..|.l.......*+3#..+O.m.$I.:.!".[]..........L....$.l.".....y...L!D!J.U}.g....k..m.m_.q.(.2..6T.6.c.bfff....9.bfff.....r.I.v..,....M.$I...QU3s...,..f.%.w<s.<..Q...kfN.p0PU._. ).D....yDf..h.^d.'s.....XU...n.*../.S{.4}J!......{....._......._.........X..w.m5.........1..rS.T..a......~.S....m2...D._....s.B.%0...?&.D/j..m.[...~`..0...1....*.I>.{..9.Dx'2..~.;..O..}...............4@....h.P..M..s.=....Oh$.~....2@...B.(.........2z.C....3.......z/4j.....x.u..S.`...y.e..h.....n.`.....1.b3.I.1A.._.....sb....(2..[I...}..^V.E..H........<7....`...4..\i.70.......4.#....<F..%z...#...$...].|.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2148

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):23674
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.97710176666318
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:YNZfbwz2TnTAsMiTXRvu+iKoUPWI8u7VZJer1E/g8JwNcvhgiQqVzT6:qpbBnOqXROiMO/wSvhgiq
                                                                                                                                                                                                                                                                                            MD5:96761B75B516653CB482694B134642A4
                                                                                                                                                                                                                                                                                            SHA1:3C482EB575BA4CE35AB76F2567EA14BCEF5E60A1
                                                                                                                                                                                                                                                                                            SHA-256:7C3AD1119093B87AA1C2BA65BB335B6E14C2C6C21DE884A653611E3E348BF51E
                                                                                                                                                                                                                                                                                            SHA-512:9630CCDA48784776D4538F0F1D0F115A257CD6825B6153CE3E6DE2529E50CB04BE5061A9BDCE901089E61397800A07ACC6A8542A3F223BC345A1A5768EDC4E44
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://cdn-guide.download.it/cdn-cgi/image/width=576,quality=85/2022/11/come-funziona-outlook.jpg"
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........6...................................................................A..z...8H.8HP(.0..m.:...Y...1."..f7CF'..B5....6...3....\....E..i.E.c{\.h.M........SL..4...v2Q11......u.._=9&..j..]b/+U...*o..c;Q... ....`..P.Q ....B.h0p6.(.hPI.}..F.v].a.2.E1Me.i......R.bN....t..}S.\.6....,c..R...'.-..R.K..,...2.h...n.M.....q.g...(.5..#..A.%.I3#..Q4. ....A.p ...........f..Ir..e%..d.@..8.i......>.;NR...9u.....[{.L].SX"....f........Y..k..<.V....I...@....Jz8s9...9..Y..j...7.a..jMD.. 0..F...h...../Z.sAh..@.%LR......1..P.RQ6.Zf.'..>.:f..4.D..Th_...E.L.....K..m..o...1Y~.:.n.s..<...s..h...H.iKI."..`.....d.M.<M....f...L.&..w)..5.x..B.)L...#0.*......!.K.:..[...&.R.+*....h.......U!#_?.ky.V..y..z.d.{.+/`..]3.:9......f.m2.2.m.......x...6`...TI..`..X..O..k.u.z.........F.......k....!..+.S...7..WG.c\.c..W..s_..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2150

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):495
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.343943203103631
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:+XNgPnkIBU8eJh0NIgPnkIB8KS0N8YTaDTxJ:+2Pkt8esTPkaS0CYTaDTxJ
                                                                                                                                                                                                                                                                                            MD5:8E5374E1FC93A1F36D0C57E734570BB5
                                                                                                                                                                                                                                                                                            SHA1:9B72A5CA6B48F8DF94681C3D9C6DC202BEBC6CBD
                                                                                                                                                                                                                                                                                            SHA-256:BFB36E2D915EDACE081CF6E691AE973757221AEAB7F983F762688A58391B9796
                                                                                                                                                                                                                                                                                            SHA-512:17DE672E7E2A5A56C33F649DF63240AFD4CFE123FF6605AD63DB7999218CCEEC1FD9C55D7E9FED5950262F49C49A7338D016BC6DADC32D60304A8A0B55458B5D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/favicon/site.webmanifest
                                                                                                                                                                                                                                                                                            Preview:{. "name": "",. "short_name": "",. "icons": [. {. "src": "https://cdn.download.it/dit/favicon/android-chrome-192x192.png",. "sizes": "192x192",. "type": "image/png". },. {. "src": "https://cdn.download.it/dit/favicon/android-chrome-384x384.png",. "sizes": "384x384",. "type": "image/png". }. ],. "theme_color": "#ffffff",. "background_color": "#ffffff",. "display": "standalone".}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2151

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (10703), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10703
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.035435720042419
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:b8Ipx3Ef7qdMYUE/gbRy97+9orKzSv/QKfP09BPGt6lqj:QlT2UE/gbRaq9orKMQKU/i
                                                                                                                                                                                                                                                                                            MD5:8294A2CB9F5220443C1CFEC20F1036DF
                                                                                                                                                                                                                                                                                            SHA1:620A179821AB575AD07AF4E426B31801BD81DEA3
                                                                                                                                                                                                                                                                                            SHA-256:C91E06FA9DDD31B7CCF2097169B9334C0626886A2488DC57FF03662A8FEE7F34
                                                                                                                                                                                                                                                                                            SHA-512:47E076B0D78639778F7ECF49A901D128EFEB84152C9BB4FDB5E76460DA136101ED25F73663AD46C4D08CB5B3DF6A2BFADA69B8515146AE4A0C4A3C7E56BE9EB7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/css/main.css?v=1695907987063s
                                                                                                                                                                                                                                                                                            Preview:@font-face{font-family:stolzl;src:url(/dit/fonts/35117E_0_0.eot) format("embedded-opentype"),url(/dit/fonts/35117E_0_0.woff) format("woff"),url(/dit/fonts/35117E_0_0.ttf) format("truetype"),url(/dit/fonts/35117E_0_0.svg#stolzl) format("svg");font-weight:400;font-style:normal;font-display:swap}body{font-family:Dosis,sans-serif;color:#111}body a{color:#111}body a:hover{color:#111;text-decoration:none}header{background-color:#1a7dff}header p{margin-top:10px}.inline-link{text-decoration:underline}.inline-link:hover{border-bottom:0}#head-title p a{font-family:stolzl,monospace;color:#fff;font-size:1.2em}body{background-size:500px 500px;background-color:#fff}@media(min-width:992px){body{background-color:#f8f8f8}#head-title p a{font-size:2em}.im-radont.afterb{margin-top:24px}.im-radont.afterb.present,.bcnt{margin-top:12px!important}}#head-search{padding-top:18px}#head-search input{background-clip:unset;border-radius:5px;border-color:#fff}.im-radont{border-radius:10px;background-color:#fff;bord

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2152

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2616)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):20369
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.532408091309827
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:6YtUQjt5DGglPWt2ACG1RUI2J2uoUirFjxAMuBHkxXJSyexXs4XBTa+rpnlc657L:6YtU6tNGglet1CGH2JDoUiB1AvHkxXJ0
                                                                                                                                                                                                                                                                                            MD5:24E5837EE9F1D9C1EFE4170C8EEBEE18
                                                                                                                                                                                                                                                                                            SHA1:7BC8BE03640A56943A292E3905CC4736904A8411
                                                                                                                                                                                                                                                                                            SHA-256:A198F092051A356C1E62C1296F628DA5732045ABAFBD974EB7FFF157E14FF042
                                                                                                                                                                                                                                                                                            SHA-512:752F12E578B10B9E129A23B96602D53DD215565A6F1EEC451F2FF9AA76E1B9C0461EDCBDFA20F5752F6887705BC4647ECDD470654BBE6A392A8E46B740BA1D13
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://tpc.googlesyndication.com/pagead/js/r20231025/r20110914/client/qs_click_protection_fy2021.js
                                                                                                                                                                                                                                                                                            Preview:(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this||self;function aa(a,b,c){return a.call.apply(a.bind,arguments)}function ba(a,b,c){if(!a)throw Error();if(2<arguments.length){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}function t(a,b,c){t=Function.prototype.bind&&-1!=Function.prototype.bind.toString().indexOf("native code")?aa:ba;return t.apply(null,arguments)} .function ca(a,b){function c(){}c.prototype=b.prototype;a.O=b.prototype;a.prototype=new c;a.prototype.constructor=a;a.P=function(d,e,f){for(var g=Array(arguments.length-2),k=2;k<arguments.length;k++)g[k-2]=arguments[k];return b.prototype[e].apply(d,g)}};var da,ea;a:{for(var fa=["CLOSURE_FLAGS"],ha=n,ia=0;ia<fa.length;ia++)if(ha=ha[fa[ia]],null==ha){ea=null;break a}ea=ha}var ja=ea&&ea[6104013

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2154

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit grayscale, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):3491
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.88457339029632
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:DT7649XUw39pNfaEuFchxyaTRnQKB3HF+:DTd9Z39pNyEkaTRnP4
                                                                                                                                                                                                                                                                                            MD5:6C713BD1298D583B425411CEFA278CDE
                                                                                                                                                                                                                                                                                            SHA1:07C3ADC1B6F883A5E264BA1A7CF98C7239ACF61D
                                                                                                                                                                                                                                                                                            SHA-256:FD44A5F9E4426AB2D6B193EB7732D727562A69843B771A75B5B22CDA8926A2A6
                                                                                                                                                                                                                                                                                            SHA-512:B66A83F1C797EF8D81823D185D09130A70BDC3F02D2EB08AB25AD7F6A8E71D5C2CD9E00ABE3E3BB3E5263CD30DD92ED4E570B4E0F0E8DB1890DED01FB0A13751
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....U......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx......u]............*!."D.[.f..:...E+....t2c.Y.-.:5/ej..a..f.43..:..( "q......}....~...C.....!s....2..$."3c.Y.7#..s...8B.0.l..Q......$.M2`T..B+C..&6E.AI.h.03...0S.;..2.....Y`.....!........1.B',.e0..u..K N....-f2..wox..{.s.d...S.0..S..j. ..,...cq.#.#f.Sw.a..4.|v.s... ......X'.....`.[...e.'Xv#....7..@.`V{..B...l....0.L...w.IQ..`|h...B*...hlsr4L..1i..`&H.....3..D]qR..SAjU.b0'..T..4l8)...R....`....h"N..0......`.4..U..3A...'S@j.6'..T..9.T.9M&......&.j.8)..,Z.ds..8.f*..W...yh...V.kd.....M. .....q...o5.....xe.r*.....v....e#Y<..$ C.A...o.P....0..H. .O..C.....0...]c...2.L.p.z..4.._>..-....!....okC.G..{>...y...,032(.....9.g03.....#.....6.AB..2..@e8h.2$4.9.2f...,,..t.1D.m.....S.V.h.........S_....45X..tJ...E!@...4.4.nW.L.(..?...=..._...zM..w...k&.v..e..8..j..r.U{....mK.=_........U...1b...j7.....y...v..7W.J.....\.\.6...h...hE.K:....x..&.{.....|.}7..X

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2155

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11970
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.939636040476324
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:JWWDxXCcxC4w59fm9QvH2M9Y3vHBlbc371tRGOhZ4t373TwdzFcT5x3h:Imx5C4o9GQvdS3vhlbc37kO3Q73CKVhh
                                                                                                                                                                                                                                                                                            MD5:B9124143DB8EA71C9C3A7C9BEA8A4B92
                                                                                                                                                                                                                                                                                            SHA1:66BB6492C597BA013EB2D7EE3AE6ABE13155EE89
                                                                                                                                                                                                                                                                                            SHA-256:D232E8730A92549B16D14B3D20B5AFE74F5B4787BE247259B2FCB2741455D121
                                                                                                                                                                                                                                                                                            SHA-512:B010EAD79F8831EDE800127E3827AC4A1FF919D5C2423836AE889D7C67F7584A13AC082C94A031AB46D6972E508BDFD737BD0BA5FED9EBE91B660D0ABF4B3030
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...MIDATx......}......=.Zk.5w..n..v.8>.3q.b.r8.. ...@.n.AB\....7H..n..!"$.Wd..c'..n.GWwuu.{W.a....~..U.....t.."..l...1.2NR.'...S.......O..3.....o.....*O3....q.S02..3...e.....%.c.d.Sy.....8y......x..t,>N.....q2...`.#."d....1O.|. H.I..2$.$..,....B..A`0.'K...c.H|.%..X3.,... A..P"0.H@$..&....Sy.Y.Nca'..<`......!.1F...s..8.y. N#..q...a.0....qB..d.`.....&@H`.O.m.1......".@.....c. l...aq.<"..$....fM. .G.....!.4C..H.b.<$.l.Vy.A.-..#.....d.i......D..F..'.)..1.Y......X3.`..O0k.!..A`.-...$.5.$..fM...&@<....D.[BFX..).....!lK...k....!%`$..@<d.O.d9..".f...a$.[k..ap...ln...........;..E.T`#.)...s".....O.<.X.X....r.t.5.T...t:.mL..6fK+...r...+.`.F....A(..SH..X....Z..&..`RbMB.".....@....e>..}\.w.e:.2.....6.~..n.nx...6...X...6..-.-[D.....}.V1.%(E!!0..P...Z.A.2..Q2.....a.F..3.(.p.q.....%......Qk..G..(.E.J.r..7W.Z.M&}Qky|.!......w_979.....+..,..lK.#..#..)...9?.`.ph..nc../.B..v4....$.V(...k&

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2156

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):258
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.21079861191154
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:TMVBd/i9mc4slzYrtj99z4L4mqZWzCF9xJLmgUhXqI:TMHd6+BjX48h9nWZ
                                                                                                                                                                                                                                                                                            MD5:D9512F0F525415F06C2957770ACFB9FD
                                                                                                                                                                                                                                                                                            SHA1:219155047825F9A836ACE8402B750116F5EAADB8
                                                                                                                                                                                                                                                                                            SHA-256:307238FD564CCF483E9503989F781D89C45525F80DEC2BB3E80A9AD70FB37BA2
                                                                                                                                                                                                                                                                                            SHA-512:B1BF13930CB63FC5B8C67BD09F213C0CFDE364C6C2CC961361EC466E41368B8E8E134159689AD5B77C2BE234AAD132A1150712C95CABC64123B7530E2C11D3FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/images/maglass-blue.svg
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="490" height="490">.<path fill="none" stroke="#1A7DFF" stroke-width="36" stroke-linecap="round" d="m280,278a153,153 0 1,0-2,2l170,170m-91-117 110,110-26,26-110-110"/>.</svg>

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2157

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):5771
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.567559413357578
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:emfPJjqUcK1ozVNg3jhp9+dxfJ2zVBwa3DHhRboc61aWL1k0RguoNAT3yR:9FqUqzVNgTdecB1rhuclWLwuoNATe
                                                                                                                                                                                                                                                                                            MD5:BB94D1B5CDACAD862D1CE68EB1E71D3F
                                                                                                                                                                                                                                                                                            SHA1:A27FA1FBBC31F416A8CF9E4349C73D496C6EACEB
                                                                                                                                                                                                                                                                                            SHA-256:4A409DE6220135EFE2A8A3BF7CADB079A2357C1D19A7CF66BFF0CB2049EBEAF8
                                                                                                                                                                                                                                                                                            SHA-512:A09627BC370D037F52CAB22B9306372A6E812D0C59A5B7E28F97A5EED51D43BDDB84E82D0CBB30DBC41C7A8067F3716A22CF86934B39843A2F70C0A1FF09D8E6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........5..........................................................................................................................................................................................................................|..w8`$.......................1l.......9;h.vDV.cR|...e+...\...w......................{<vd.h'g...Ueq......>hxY.-I..R..<9.e...........{|J..H....................v.....s^b..{V.2..;./2SH....h...*...kv...2........:.........................I.y..S.z...-.;..c...uj"..>J1.Yb]..-..............................u..y.P.t.w........u..F.......-....n.Gh.........................Y.g.|....k.........................S.WC.. ........................H..l....,..Q.+...8.>\N..m...c>..k.......NK.t.c.~.*z.....................I{f_f.}...s3...U..c-.L.>...Y..J;?{r.bV'6....@............................................

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2158

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):16826
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.984132022695095
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:a/RPFNGfsSq1bTXRL2RNJVxBK1RWfobviE1t:aRnGfsX1b7wfJTBK1Re6v1
                                                                                                                                                                                                                                                                                            MD5:D33842739746F117D63F59B6481BEC06
                                                                                                                                                                                                                                                                                            SHA1:B5DBB113C73EFC42F31B57031BDDD40EF6501414
                                                                                                                                                                                                                                                                                            SHA-256:1D21ABDB316C82114FE66036761BDEF05D48EDAE6FBB627BA0462BE6D1860170
                                                                                                                                                                                                                                                                                            SHA-512:4251CF0C7D557C96E936DA4E0AB7A841F5DB81ACC7F286B6CFB2D48DC75D6080965BC476EB030533116743049D5AA673EE44AD4134FD49AFFDA757A8D80AE5D4
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/free-fire-advance-server-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.A..WEBPVP8L.A../c...M0l.6.l.....7.!... P./Q..).x....hL\....g..}.9.....Z.G.Y@2.../.$.x.6.$'...d..aQg..8 H..*.x.........n8n$I......u...*.?..vTTw.....Q..>...^..../.E.l6ValX.> ..g.K..bu...0`".ei.s(.gB.....].(c$P..%...F.....D..x.....(..I...c..@...G...$..N..mE.v...BK.$..g..(..5Z%.d.....a.(.Ea.$.d.~x..h.....@...*..-Z.A..6...""&..H......"..`.?..5. .bb..*&;j...6(..mK.$.Z.CD..}z.dX...}=.Gff.t23......'.eI.$i......K.....:..A]....om.m..R.....n#w..6...03.h....&..|o.fH........rW..g...m.Z|..w.].m...=..F1+3#32..dmo#I.m}.....<<"E..z..,.6......U...Z..?#...$._.$..m.{...........{'.w.v...q....ZJ...$..".m.9..e.2%...i1....|Nw.=.3....333.3n.J.TrDx...4|K.dI.d[D,.....3.6....Os...wSa..$9.l...GdV....3..'uF...U..n..u...`T..~.i..~.~.}.~&8../......R...............P8......GZ.............dO.....#..L.`ZvM...;1..B.5..A..w_<....sx.:o....Y.d.Xz.%...0..q".....#....0+.t4gB..DS.@...7.*pB=.......}M~>xz.....8Uw..ni5...m.4P<..)Pt-P,R;...!..W.................)...S(.P..S

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2160

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8555
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.973602716266285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:mNigsFwtO0l2w9vq86KLNn4TIZ0EHoEp+zAtTz1PH06pqjZHHNr:mNiHwtFl26vL6KLB3AEWGTw1HB
                                                                                                                                                                                                                                                                                            MD5:A09944B01BA0FE54D68D177253A1F81D
                                                                                                                                                                                                                                                                                            SHA1:FB94109AFBF110906777CBD8A83D8338519402E6
                                                                                                                                                                                                                                                                                            SHA-256:55C03E4EFABE7B11E3AF8B92CE572C836CD222249A33FAF975CBC04EF8540DE9
                                                                                                                                                                                                                                                                                            SHA-512:33E91C32DF4B9B5B5C3FB93DDFBA3082CCF3E3916B57CC140BCC6E7C79202F18947CF6EC95EFB306DE51E2D78F82938628E0A735D5B5D43FF84F2B5B827F83C3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.. .IDATx..].TTW.~."nQ..*.....WU.h@1FM......F.F..$.....L...L...t.....*D.6.>'..L2..3.n;.1....}.P..s..{8E.xu.W......q{...6........7n\o...].......|U}.b...Z..\.g..5.[O....r.v.).&..3..%...E.......K..?~..]o...).#Z=?.v......L.?...W><.M...3^9;...Tl.]b.(......5x...._j.Sb.,....FW8.^9;........?..][[....k..2.v.t.......+W....../..v...[`A...mT.}...].]Wf.....Q.-.....f.M[f..u./.m.}L.mTA...-...7~.....W...|bk...?........m.^....y...?8._/.|.R........*...FC.]_f.6."e6mE.ns.v.....m..?j\c.9z.{..3...pZ........p......._.W...|.r..^......]....y.9....K..L.[.....#.d.l...+j.Q..U6.....6..r;.........&M.k.hVV.K..7..../...`S......K..+..{.&.s......" z6-F-..+j.._.%..'Y....KI.2Xm.......|.....%.....2;^.C...d..........x.<.M.....F.q.U..$.H.%..D...R.BD.....%.eg<mZP..bW`..Q...[Zh.J.........[@a...........:.[.1..R......9z1...bQ.....:Rn.;..&zK.6...2z.Bf..&b,/.3.l."0f.W..H

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2161

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (2167)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3922
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.329858764951608
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:2n+kOwwUnqU9baYFwUnwbbO8qhcIFLW7Rw/LAuhBhPziLoE4BS0ZLVWNaQv6Qc+P:2n+pubVCuukcuhviY+J
                                                                                                                                                                                                                                                                                            MD5:05CA91AE9788EF03354671B196C01BA9
                                                                                                                                                                                                                                                                                            SHA1:DEFC249BE602267808451CCFFC13B661E9E291A2
                                                                                                                                                                                                                                                                                            SHA-256:D212386876860BAD63673D86FAD7436CD68336C50CBF367F326BC4A061A62A58
                                                                                                                                                                                                                                                                                            SHA-512:650A4E976D474395740FA274B2E3EBDA6FA6C13D4C568C0E7D076B1DA32D82BC656228960FB5891BA60059FBFEC3405CFE43FBC6A80B06D16FBF46458BFFAF19
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cmp.quantcast.com/choice/NckurUNbznaCm/download.it/choice.js?tag_version=V2
                                                                                                                                                                                                                                                                                            Preview:'use strict';(function(){var cmpFile='noModule'in HTMLScriptElement.prototype?'cmp2.js':'cmp2-polyfilled.js';(function(){var cmpScriptElement=document.createElement('script');var firstScript=document.getElementsByTagName('script')[0];cmpScriptElement.async=true;cmpScriptElement.type='text/javascript';var cmpVersion;var tagUrl=document.currentScript.src;cmpVersion='https://cmp.quantcast.com/tcfv2/CMP_FILE?referer=download.it'.replace('CMP_FILE',cmpFile);cmpScriptElement.src=cmpVersion;window._qevents=window._qevents||[];(function(){var elem=document.createElement('script');elem.src=(document.location.protocol=="https:"?"https://secure":"http://edge")+".quantserve.com/quant.js";elem.async=true;elem.type="text/javascript";var scpt=document.getElementsByTagName('script')[0];scpt.parentNode.insertBefore(elem,scpt);})();var qcaccount='p-'+'NckurUNbznaCm';window._qevents.push({qacct:qcaccount,source:"choice"});firstScript.parentNode.insertBefore(cmpScriptElement,firstScript);})();(function(){

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2162

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10652
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.949629812659313
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:1NKv4WTtj4wLuwfpVIibVoockRPNXQXw08Ae4FOEbjfs:1gnFZuopBpoHS0w0XrFOEHfs
                                                                                                                                                                                                                                                                                            MD5:840A93CD81DB14DEC68B15A24C71F56E
                                                                                                                                                                                                                                                                                            SHA1:6501A9FF7A6980369FCDAAAD9AFD45010042A98C
                                                                                                                                                                                                                                                                                            SHA-256:D09F468F90F37B345CB9787CC9AB27E1D08BCA91DBEB5FE54211ABFDC07B82B8
                                                                                                                                                                                                                                                                                            SHA-512:C2BD13AB5FFA3CA99B063C4FE08D8DD32F6A727516D4B4EA06E7B628C8EBB00016A317283FDE20E95FD2CA1704A7EA5098A3ACF4790853C9D9C57398B84ED75E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/onlyfans-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.)..WEBPVP8L.)../c...M0h.H.....?.;.....I._ZD..[.....k..g^[yI4W.z..`..6..nm'6..{.2..9...P....V. .m...n..v.....Jx%.....zz.x[.#I.U%q..Y.s...r..#.ik<3z.o..m.....w.?...'%.Y.....k05..].......u=d...W;^F.h..~..O../..VzR..W.%...O.n.0........S...Jw{.l..3..5..-...0..H...<.#..6V.t......cJX^.c.C...U..jr....+.@?..O,..".i.].%.]..C.8.z....&O......[".B..@...D.E...A.6...g}w.."b..;R.4.-...9..ii.:tI...-..v).k...$I.$I...Y........j....m....[.W.ZB#I.$.W.........m..m.VL..17..O8...+f..{.....-I.%I.m...ETU...i^.T.$I.$I.E$j..}.....d..PL..m..I._...gDFf......m..[..}...)+.....d.".m.>.".`.y...sB.y8'%...I..9..bff>g......9...-I.$i.s.%"~.....D">.3P.D.3.....(.....&..Dt..1........(.g.e .#.l.c..;..~.$ ..9.....f.3^...F./...H..#.(F.../..[....3..I.................r.l.-#.`v.X`@.n.....v.....f.9...a.3.,.s.bE,..v.fzl|3..ZgUS...S..[..H........R.....).L..aOI..........?.........pt..IQ...V..........-...%"[.C......U....B. .d.a...C.R$.BR(!=....$5)0.....E."..9..0.x5....%.,......8.H.JNfU..F/&.z..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2163

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11972
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970225987784627
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:oDGkyhyHgJuUabOvAPM1gUNmNd4liBGvi4RxDq9mPEhMopC96qGoZvrns79BI2ZX:GmCJbOvmMiUNM4lOei4TDq9mapC9QSrS
                                                                                                                                                                                                                                                                                            MD5:EFC85D1A13633A6F5FDC64CF28ECD914
                                                                                                                                                                                                                                                                                            SHA1:892A87B4A186416A1D3AEFA4772E3F6423ED8926
                                                                                                                                                                                                                                                                                            SHA-256:453CC06F7B8E6D2B8BFBA83BD757574CCAB4AA4FEE12D7EF366A833E7C42862F
                                                                                                                                                                                                                                                                                            SHA-512:108DC1B9FF05B5C9678F82F5EA05E3118F968A7A9D009DDDE00CC6DAC4673A2930858C975ED31D0F1425619BF5E09B48DE55279744B194850120078BF847B599
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...OIDATx..}y...y.{...{zzf.!........lRG.da.^g.]8X..H.,.?.5..b..$....._...-CvlY.E..Y..H...sP..\..gu..-^}...!)[$.[$.=3..U...w..............1...).&.#.... :4M.3.W...0........}...!..$N..3.%........^4.[..F|.........}..<.!..Rd..w..5..._it.......Y./...^....9#5..7.... .}.q....!ARa....$..'..5:.4&.5....!...I.$GG...!I.(.q).+i...F.2...z.B...0l4. ...z....|^Q.I..=..+...i. .d2.N.. p]...R*..$.wa..j...~..........\..o.>M.|...=...&.-.),.,. ..Y..,....e..)I.?..?>......f.YUU..i.........A..../...cL.$EQ@R..U...OW.UY....G.c.m(.A1.f..$....,//[.U..].,..2.C.;.,....>.......,.R.D"!.$Ia.....EQ.x.|.C....D.Z..)..... .r:....=zt...\.f&........w....E..1". .......<.s...}.`&.E!.. @.4Mk4.G...u..}.. ...>H.u...........!.>..ia......:.-.S..j%....m....s.......a..5.CUU):`...a.. 0......t:.h4.B.U....4.......~.\..}0|.R.^........j...[.AX.V......[........LF.uY.{.\.(...!.uM.,.V....W.U...!.$a.eY.k..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2164

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):175
                                                                                                                                                                                                                                                                                            Entropy (8bit):4.6636823011859265
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:wLGff7sEC4TbTECQ2ALodM/hABJK6AzCJMgfO/1KSoO3DI6NAC2ALoMHMe:wLGX7PMCQn0VJvAzCJMQO/1JMCn0MHf
                                                                                                                                                                                                                                                                                            MD5:276876D719B788B550844730B3851E8E
                                                                                                                                                                                                                                                                                            SHA1:E48EB0FA09D905D1858784DE3D54E6303E309C6B
                                                                                                                                                                                                                                                                                            SHA-256:18351534209A91B2F82B9D729CD40EC03DF685421E7F918ABF4DA735DC5237C7
                                                                                                                                                                                                                                                                                            SHA-512:2D654671C4A81A8A0DA3D01C33D5E669F61D9B19F90A72DE78CDFBBA761A7860DA45E62C8B2CEA2700907766CB1722669BD3E9550065D4C25DF5F20A3A96EB72
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/js/dit-supplement.js?v=1695907987063
                                                                                                                                                                                                                                                                                            Preview:$(function(){$('#dit-iavff').click(()=>{gtag('event','adcl');});});$(window).bind('hashchange',function(){if(window.location.hash==='#google_vignette')gtag('event','advi');});

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2166

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 180x265, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15905
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971874127947901
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qdnLRt5ozYrvHYphF0FuAWChi2ZgoNl0Qusm9usrDfYYr2pSeeoxnAxnc5B1rGpx:w5oUrvmhRAWVo3j7uNk1SeeXx4BhjCum
                                                                                                                                                                                                                                                                                            MD5:D2D64E345409F5405CADB0A600AEC857
                                                                                                                                                                                                                                                                                            SHA1:F142579D64E1D3DC766093E0C2C4477127EE9105
                                                                                                                                                                                                                                                                                            SHA-256:13C963A4C10C76EE0BB223C61980DD2034801804CC0FF1E64375F906BF51CC4B
                                                                                                                                                                                                                                                                                            SHA-512:0B307ABCA906A32D01476905136C6F8E15B081063398E69133427B912B91A52B88773B551E60B7826C085DB788F4E3EDDD285163127359A576D975D8DDFC7F6B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}..........."..........5....................................................................9^...'......:..m..q.%....F..a......Tt%9wY.n.Gt..qF.S(.xW....>..m...ZYnm..q....s.?.G.2..R...q..i..V8.".....S.%0..r...:....... .|x.g.;.~.w8..N.....k.8.X.]P......!...?.(...r\_.I.}F<.#.....p.A...P.....8.m.....o.a.~..P3..B:^.5...G..A.j.,..D..Z.....].....$..Z....ZR...Z.X......(....1.2..e...=..BI..K.6..?`.D..2......).'....@L.....Y9H.....S.wZ..S.1..z...._..k7......A...GI+..o.K9{[.1w[Yq.N.I]@.3.......4...H[.....J.]f4I.M.....K>8..kw.}........S{....I[.~B..*.W>8LG8@&D..L...q.....W.S..~.-....N.[.c..I.B,..6.[3i...0..J....`...~xpr..h..3\1...C...ZX..W..........V.$..v.|.....C7...(^...3.x.Q.......... b_F...}..v]..gt.iZ.v...u....=...X.%%2.Q{<C..+.5.F.T...$,@.bEa......kA.u.....3.s...@)..78.>.\.,...../*..=.W....xL......V.f...>5...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2167

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3260
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.911126988787854
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:fpd59qwX9qEZxfQ7digZn8OllFltlLhkp11:OoUSQQ88ODtxhK
                                                                                                                                                                                                                                                                                            MD5:8808DED624C5D792E8A5DD774A572F26
                                                                                                                                                                                                                                                                                            SHA1:009470E89AFFD1DF9C448A15DC7EEB1E8B8A7D7F
                                                                                                                                                                                                                                                                                            SHA-256:231E23573A3D9B39A064B6AF3151060936DA39EAE1BE3D9DAFAAE6AD6B057C10
                                                                                                                                                                                                                                                                                            SHA-512:BF416DAADEAD42457ADCA09A413DB74E9110885D18AA1037B55AD2B0CE79DA7F77C93712D9C0FCF403DF94B8C8052DB7862EFB65731CEA19821DC2F86E2A33E6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/celtx-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c....IS.|.....&.7l..I......H...5Z.m.m.m..Y.g.U..... #.zj.8>O#b...;....@.V22.."2 ..9...y1.....Z..F..&.....2Ha1.@H8.b"T.V.Z.Fv0.!kg..2T...[......2...l..........ar.?w]b..6i...2..0..O/}.....|.O..1L...K_.cP......k3FsFu.3..k..3..|.Ah...b..Z.(p.'=....w.=...f..k....t.h.k.>.T...";.e.....Xj{;./]7]...6-.X.'S[..T..f.........Dp.U(..i....b...6.\..q\.M+4HyYX.i.-&3.=......-Y2.P.;).6-....y.Z0.F.......gq6..#...L.).64/.H..h..].-b...H.....`.V.K.-.:.%0......g.(f.%...B.b.S.u...)w..k. .F....j.Kq.....6...R.Fl.<Kl.NQj6.Lh...iYG.\.eT.........y...tC.t..-.."L'..;?.q...\#.\'...m%o.5.j. .k).<.|.{... .X.,@s.4..."...X..&adK....:.0F.c.!l.(..('..c-..._<....g%U..h...X$... li6...N..9.....#....t.....W_V0..[e.......c..!g4..9.....GY...jf....._kU.b...dX..&.|.[y..I..w..:........o...mB.D~..L!.S<......}UX.^...K.o....l..+.+=.Id..,-3...zTX.z...~.g....<2.{.QL.vY..l:..C.!.....M...&....z......q.....<...,.,G..+..._^...G.+....{f8......O.dw....Fu!k.e.....?8X.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2169

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15480
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.976756097982756
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:s56JmvQCs9KzTlycSD+Fh/New4IBp+tAPMsIGz1pJ4aS:swCuslrSD+FjefIEtUzLrS
                                                                                                                                                                                                                                                                                            MD5:8A2AB450082F8EF003A4FE8E577560BF
                                                                                                                                                                                                                                                                                            SHA1:AF7EDA979BA205916D9118E92DC6EEFFF87B6E77
                                                                                                                                                                                                                                                                                            SHA-256:579A3F3D27D2D62A3265CF0858A2547F6E046FAD5511F1ED271A9BC72BEB5BF8
                                                                                                                                                                                                                                                                                            SHA-512:E4E15762D18B9B1BEBA1528E7CB77B5AFBBEC7B4E100A6C9225CB14A3BDDFBC2AC79310421C201D99BE74E64A59D4DB6DF38AAF93CFC7A856633334A54524E90
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..<.IDATx...t.Y..Z-3..,.,.$H.........D.....!.....-.,.......;........y/.N..3..........E).S....|..,.O.?..E.....l|S..../,...vbr..>z.T:P..z..5.k...L/.._.......?O..J.#..CL.lv~@.'@=..)..W..]R.z...........=..... ) ..;..`+0....a...A..........@..z#...v....l..7...x...-.)I....a........nB;..."|...w.Y...H.5......`%.eA*...&..h`...)v.....E").....)a..F.g...Fn......`b...(.r4.2K...&.o..N<0.O.x..wR.]..e... ..D...)..$`...bc....&....h....D.;....@G...t..z`..........X...0...LF......sB.>#:.5......t...E..............QhKE...}.>.D[t.d'............6.42.m....!.....@k.F..X90....L....\77..N`..F..0Z`5....k!.'...A.3%I.....D>.....eC..Wi!......'.}.%......?....K.h.=.*..@+..U...h%0..e.H.....t.0S.vj.0....c.4._.:tK.....};..~E.....Q.b".(..@...h.#%..._......4.6.1.jt<9W.7....f.......|Rl.&.&.v.$.!).).PA@.x.fc... Pc...0.....zJ..J.|.R.R...s....^.~..)....0.a.B..8p.g.....A..yF^..y...#..%G[D.".Q...a..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2170

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8138
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.89360247960396
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:uDa6uSWjqPzwuIhZzCjUs8aPlxiBNrEmu/PDI7A0t6:uDa6uSOqzgZ0zdQzrbCPOtt6
                                                                                                                                                                                                                                                                                            MD5:A4B0B4A9B2CB241AFBE851E250418D92
                                                                                                                                                                                                                                                                                            SHA1:1CFEE44D7AF7D51B99A0259AA6FB8FF25208C627
                                                                                                                                                                                                                                                                                            SHA-256:D40BEDFCF5F8FFD74866792472EF280BD0BE28085B8C33445519FF85D5B4A71D
                                                                                                                                                                                                                                                                                            SHA-512:3D4E2EEBAB6EE9A961C88A305CE42F8F09C024C4458B493DBC7FA68072CCBF23C2093D5E368DAE7EC65C77A4B50A213D5F704949E1A03B56171B014B72BC7144
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/bloodshed-dev-c-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M0h$IJ.......4D....?.. .....5._.=...6...s@Q..4..F.K...?...p.I.".x...... ......l.6]..(..oKJvr......$I.w.....6..B..O@....."":8#_(....<.Q...~._.W.9..h..0..wy..F.RV..j5?.*.F..0>.....g..d4..e1..1.+...:yg..P..7.o( ..'X'....:..Z.(..g%...|".ZJ..............Q.._".p.\/\8X={^......k..A.~...^...0.3....Fr...}......YG".hj.r"*?\.9.cm.2I.s=...Y.S..3b...\.<m@&K.Zh.d1..4WV........^...U.m+...X.....[.a...2..[.%I.$I.-$1....Z..{....p.._.m..mk..R)...=<.m......m{.;.}e.{.1.1=<.....j.y.vc.vm[.}......-".....p..M.j.......Z+..{.5|I...m[f....g.0y.f.\...3....1....%.;..........d*...J%........?K.(IQ..... ...J..B..Yk. ..*.-k..\\..W..J.@#...?...H....].n..Y.4I..F..8n\z>.|.%?...xyM....:.?|.....lG.:E.'.O..;..q..r...w.'.....0........m{jF_Z.(......`.]..@...x9......F..|.@..........zsoge..A.....N.g...R..b.#U.....KF;......6=...t.c.x:......].r..".......0%..../.......(i...]....".n.......%..7.`.....1.t....Z......Nj...>.../7..Sc.u....?...|..wXZz..=K.,B....b.C..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2172

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12990
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.940236549996246
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:qEDSCHNFXgW9Gzr3Px/krTf9ssvAjbP7ZWJCb47nXqV6ODdcAsDYN:qCiW9O6tnSToXVOJWsN
                                                                                                                                                                                                                                                                                            MD5:E28C2B7AFE42264EA7D07DB2260BAD40
                                                                                                                                                                                                                                                                                            SHA1:D99CD3A66B709E23DDFB173397237351A377FC80
                                                                                                                                                                                                                                                                                            SHA-256:39FC10F56B4F6B97F9E64788063577384176E48B8E384939D7D71664CCA3B2B1
                                                                                                                                                                                                                                                                                            SHA-512:D9B1D82B8020FD4E3FFB12D9C4638E4A8289E847C9959B4E6D229943CB8D035A71BD761502575CD0E5728F1426DF739164476BBF147A07E09DA71E358E63924B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..2IIDATx.....y~.....{.Z{.sN.S7wUSt..FmC....@D.q.. .b.r.e..H. ..d.).@"e..r.dD..@..l..v...n..v_...v.{..<..;...S..T..+....t25.f......7.+...G...|.~.~.w.l.r...............@..!..B.@......@M....W..%..Y..B...(...V...;y...'....8?l,...g..J#&A.@xj...c.`.vm.\>..|..^.....o.........fqg...tj,gqiJ. .t....T.AD.....O..Y@BU..h.....6.R..!.l..jP5..]_..s....|......sg/.s{k{j.......t.!*..!.t.iy.W....../....y.....g........P..<s...r)+.L2..<.....TH. .......5A....vw..gVXw]......Q/q)..5...N..}..o..o..i>.X.......^../....3......3..L' ......|'...o.......M.y.....<..{?...|...w....^.|.{...{...*U,.Ol.@.B@v...E .47BB.Q.... O..9.^..2..._9~...7{7A....m+....2.|.....o<x.......'...O~..#;. ............v.,W>|u~......._...l......;..v..So....H..y......f,9...v...k!a.Z...c.T"B.. ! 7*.J....4!..../8.\.8..#.r#R.j..q.8|.../...[o...|.W.......W...g....<[.,..C....$.iz...W<.....o.....>..~..~.V..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2174

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.292508224289396
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUmExltxlSle:JAle
                                                                                                                                                                                                                                                                                            MD5:55FADE2068E7503EAE8D7DDF5EB6BD09
                                                                                                                                                                                                                                                                                            SHA1:317496A096D6C86486A71D4521994BCD171A6BB3
                                                                                                                                                                                                                                                                                            SHA-256:E586A84D8523747F42E510D78E141015B6424CF67D612854E892A7BCEDC8EC9E
                                                                                                                                                                                                                                                                                            SHA-512:A9ADB9FEEA4BC14B9C34ED17CD30F8CB36DC686E9F69A292FE65BEBC195BE4714391FD98EC7B67BFD363FBBB6089C41A0B7CAB5130B50B461748E668CAC75621
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,........@..D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2175

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5304
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.956809071279243
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:PearLh0OPzE08PWwizJi0QV1ms2uH8Gso24tQmOw+7pcn:dhLPzR8PWhzJtQV1ms27orymO1+n
                                                                                                                                                                                                                                                                                            MD5:0CC36DDF61841BE570A56189431EC046
                                                                                                                                                                                                                                                                                            SHA1:751188A65DFBBCD2C1A57152AEEF1A80DF07719C
                                                                                                                                                                                                                                                                                            SHA-256:927A6013209E145788661E9906EBFB27A16C7E8B135C263EE2F4D4C97E8ADDFA
                                                                                                                                                                                                                                                                                            SHA-512:3E25AEEE9C53ACB498F80B5A3DF0E2681AF6483A62EC4236B122BA62E0F2A2F54A163C6AA9B57219250858966C23CAA8DA46B7060F51BDF28409D983C4DFF13F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/libreoffice-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M.m.6......!....` .l.as'.QI..JW~X]S@.......HI.P./.r.....d.(..~|.}...6.dE.......j..#Ir..{...O........O...q..W..f2.0...........&..)..S..9....Mn9.a.d..2....R....<.E..6m.$..D............>......../...+..".../.$'"..a.gz..L'.O...3....W..Y{53.pcQB.!.3..G>.Z.....S.O...x2.U....2.=n...P..WmM.V...R.........Pjm..X..2.1.#uk$J.....{...".t..lW.m.mM...{.....].+...>..m.mg.............q...TT*.\...h....s.^3& .|...D.._.....................QT.A..D].....X.DC......X...,85.....5;........@&>.Q....?.. ..tm.8..N....L.@C..@...#=..=8B...!.d.f...C..4]....% .H#15<..7..>*...u.....T...z.....Q...^......4~. M._.v...n....._T.|5...h...Kc...9.g..-.P|.1....o.Z....K....g....+]......./Ks..V`...3u...=...{jP.8.8....9....5'\;|.....t.RO.\ni%...(.8B)...$......&....'......./4+X.."XA......Z.....Iux1...d<S?.%..Y....$$.@."l1....<........^y.[..+R...`sR)..H..v{.^.....=....#g...T..X..L|...0.I.".........../K4..-........`As.B,.*.....w/GO.....>X.9..!..2.#.......#..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2176

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2178

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7950
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.968819567848361
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:E+zaUthVsp421TSOX59tHHl1U6K3AKkmeWzO7Rf7tX:9aUtcp425vX5Ll1+3AKpeWzO7rX
                                                                                                                                                                                                                                                                                            MD5:2983B73B2547823295013A0FDD8A583C
                                                                                                                                                                                                                                                                                            SHA1:DE6AE6A334A4F7DC2A22C053132BBBA82C4806ED
                                                                                                                                                                                                                                                                                            SHA-256:FF469564D4575193883821A44252E0BAD261057A6B799B33785E3BFAFAE89AB9
                                                                                                                                                                                                                                                                                            SHA-512:5C3DC7A982AC517BD07A4168F3665F17A1662FB8D451DB967B339C5B5032BA83BC1C4CAFE844085AEB44BC92D053C773C132A828C611BEB49E9E8DFEDFCDF422
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/whatsapp-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M0l.6.d..C..........I..-ol..|_.."..$!...43...=.U.....l[ZT..\m.-.D..H)....k<..g&..#Ir.|=..zc.....h.m.m..%..f.?..$S.I.<.....S%.pR..`j.....,.Q.V.{.r..LJa"...3H.t...{r..."U...O..Ss.....,.-..O...8K...:..8..J.Q....R....../..a...w.....u.N*.R9.Ml......!.....@..DDo.P......{.D...on..U....F.i8.U.,h?>b..o..;U.....H].T..L._Z^".(.G.....|..X'...........Pot..8.P.E'....&'..z..CE......i.+Z.........6m./........$.6.N...^"....z..y.#)..7./2..U.E..l[.......GEH.....!l#A.<....C71.X..w%I..Edf.......sL....Y..Ui".....'.%.....Lz.}.N.Gg..Z....t`........[b....D.m...i5.G.{........5}.'..Jy...`.B....4.....C2k..@.fj.y.P._.f...*..=..=..d`..&..@.k..T0h..`.m(l....x.XL.&..mo".......T5>3aff...2[....f..d.....0s....r.hI..."...V<.w..p_gL@.n..e.C..h.q.,c@..A.!.....@X.!c.G,s.......#.Me.|....`.[CJ.....G..n...h....1h.a.r....m.K..@"0.q.h...nw.....{s.....f7R....8n.k....*...........d.ly..(m8..0.].m./.1....x.y..)_.=........C>l.......6X.&..D.\.*{...F.p$S.X.O

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2180

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2181

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8906
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9330016977900115
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ehkXft45biZb/utZqNfo99c6mcUCMoNI4WDPk2f3llwDF6:sktl/utZAo9C6ZMx4WD82fMI
                                                                                                                                                                                                                                                                                            MD5:996A37D2E4008DB9935F5F2AF1637529
                                                                                                                                                                                                                                                                                            SHA1:BD2D108B3A6BAFDE29A9C51D2A2C938D5BE7C7B9
                                                                                                                                                                                                                                                                                            SHA-256:0E37602A2C558D2F6FCBC792AE96A132FD78BA780516FD417D03364519F5E5F5
                                                                                                                                                                                                                                                                                            SHA-512:0F019F6E2BCAAD3DBD91FF41AC65F7DEA45A974CED42ADC6473CEB0935451D426F768705FA3C7DE90CEA67BACB84D4029A91C52E884FCA28387A201249C15C68
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/fifa-21-companion-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF."..WEBPVP8L."../c...M0...MA#&...3n.....uC...Y...s....k.%.&Hu.T.a.ZJ....P.p....m.G..#o.....a.$E...ml.....'.$.V~~r.s..|....M$I.....1......?.........R.8p..6 .E*......LX...@*S&..`.. .^dj.`.6l....$A.T.d...8.c6l.. 5Ph.P.*.P.%H..$w*5...A..D...<p....~?xp3\.0a.....m....7.0..m.$..z.BDL.Jk.F...........Y...W.e....$wJ.....U....W.dt..Qo.9y..$W.F3'.9i......E..Hn$I......U.....H.#I2.{...l+b.<..vl...Z.q...V.m.m.m.m...........8.......[.$K.$.B.5..G...?.?...7w..-I.%I.m!.Gf.\......Z...1.tn.:....9.u....Cl'....T...I...fmu...{.[.OH.m...\:w...~...2.....O8B.2....0..H.#IR5...wO{.wr...3."....8<.Xt.Y29,..+d}.%:y..g...C.....?........@.V.a....T1.a..%.......g.!.q........y...u.>..Pr..5z..I....:[U......g;x./T..nzX.v.. ..zz-..S.Zy1......4.........$..(....*...x..R.eS.o\#...]..{@.x..."|.....4.....]..w........S.o.*h.ZO.AJ..Q.R.r..R..jX.L..t..t..v...K..........-(....T.I.s.i..RL..L..+..%..j.8...ZF.`.......5)..1.w{.ve.D@9z.6_....C+..$"..^.........$.{..............a

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2184

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):261137
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.325953855956569
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:k5ACUAe7qb8Rt+H5APNCH+iC2/jST0CxWRW+PCHxg80b:k5APAe7O81PN93qADQWGCHMb
                                                                                                                                                                                                                                                                                            MD5:5497B53F795516AD51BD84D8E79C1D61
                                                                                                                                                                                                                                                                                            SHA1:B3D3435D6CBAD87B50E23C5DA9C5FA673604F735
                                                                                                                                                                                                                                                                                            SHA-256:65EF2E4096E3187EC54DFE47B5F8682566AB6D2783AA3A2C3C522396C430139D
                                                                                                                                                                                                                                                                                            SHA-512:4AD669ACEE327EBAA874073DF698B1840A301272DE62C1303B4C4A35B9FEF2EEF3E68F3D77606DA6F44D63E3E3EEBADA3E46E5110B24102A2C1A009E4F0FE0F8
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://spn-v1.revampcdn.com/prebid/downloadit/prebid-client.js
                                                                                                                                                                                                                                                                                            Preview:if(window.pbjs&&window.pbjs.libLoaded)try{window.pbjs.getConfig("debug")&&console.warn("Attempted to load a copy of Prebid.js that clashes with the existing 'pbjs' instance. Load aborted.")}catch(e){}else (function(){!function(){var e,n={35706:function(e,n,t){t.d(n,{Pd:function(){return d},Th:function(){return s},_U:function(){return f}});var r=t(55730),i=t(64358),o=t(20265),a=t(34614),u=(0,t(78640).R)(),c="outstream";function s(e){var n=this,t=e.url,o=e.config,a=e.id,u=e.callback,s=e.loaded,d=e.adUnitCode,f=e.renderNow;this.url=t,this.config=o,this.handlers={},this.id=a,this.renderNow=f,this.loaded=s,this.cmd=[],this.push=function(e){"function"==typeof e?n.loaded?e.call():n.cmd.push(e):(0,i.logError)("Commands given to Renderer.push must be wrapped in a function")},this.callback=u||function(){n.loaded=!0,n.process()},this.render=function(){var e=this,n=arguments,o=function(){e._render?e._render.apply(e,n):(0,i.logWarn)("No render function was provided, please use .setRender on the ren

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2187

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5194
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.949751713807122
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:AyehwYObyEvo9iuHqO8YY94KaD9yCRDm6ezBv1CW4+w1NprLiac/:rqwY6OISpPRShI0w31S
                                                                                                                                                                                                                                                                                            MD5:E62C49E067CDC04AEEFEC7B2830D0747
                                                                                                                                                                                                                                                                                            SHA1:0BF1684F7DE4562D283D031B468107D2FA8089CB
                                                                                                                                                                                                                                                                                            SHA-256:84509386A248BCFC5CD1DC99F53583A5D02FCF18B69167DBC37699BB3290B185
                                                                                                                                                                                                                                                                                            SHA-512:E7636868DFFF4BECB59D16EC42050D26E5109614ED9EA8F26663BABBA8FC243556095A9FBD3D25EA46C11F81878FF5941065B0C96DD1BB759678F22BD0BDC74E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/libreoffice-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFB...WEBPVP8L5.../c.......m..?.......Y.Sj...i..I..ob.m.m.\Fk.....mcm....x>{^..+..Qqe.L..l^S..zQw.a..l..d..$....h....]+s.\...9...).*..-..l...~x..+#.&2..D..=..h.JUk..m1.q..J.......!B'`.@...d.I.l._n...033....j..s..k.. ...f..j..i`.03..J.mg#..~....c.m..qm..i:*.I.J.....4.g...tfU.,...m.w........3p.H......).$.X...<.'....#Q..p...y.q.J"#...{.T...jB.4.O..F$#3ri<9L.........M....q.=.L.@..Z...x.."....I.Q.....t..<..J1.....XT...:.JJ....U.A.Ab....!....*.c..r9$2uy..p.($...19.HvD.......S=K I..%..i...$....`.*.$+3==A_F.Iw...K<.Q*...H...8f#...QU..N6.o... ..R.4....@.d.E.#..yxa^./..j..FD..'..^...j.. ..H{."J...t.......:WA`B.......X.......+....a;.1..aO..!..dG<...D2.=..P.6..5(.H......_.).x...`....v.].+..:.s!.u.v'....2..t...8..p.<.-X(.a..vC@..bp1...XP. .z..X.....{.X[0R&G"D$...cc.....t.l..{.<.0..m$A.G..Q/..>.e..x..r.......9n...e'..I.9...]b...(Nc..Mn.... .Gm.....KN..P.\.Y1...#`m.`v\.h.>D~Ps.P...a.Q..<..G....^.......H^9..."J#W./.....e|..gT.O.y.d...St G@.....r~.8.54

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2190

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10591
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.943444372891723
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:uTSXl5O/KJSfJZh8m/PzZ6DGTFaZ7D0k1KV0QtUaI5af3LBDh:Oul4SJSBZh8yPzADGTgOkQecUaISbph
                                                                                                                                                                                                                                                                                            MD5:DCBABA6CA6C0DB26A4FBFDC1CC146089
                                                                                                                                                                                                                                                                                            SHA1:6BDD9AF53D8D43E27A9D912E613244CF0015D8A8
                                                                                                                                                                                                                                                                                            SHA-256:65511BF961E277319DD8C349B81CB7B71ABA00C0DBBA90EE7C00168C578E2E90
                                                                                                                                                                                                                                                                                            SHA-512:225A3014D7714EDBE3693A6E96D4C5DC1C81A4CE5F84974C7D07856A5038A09448A39D528C5CC025CA9C5EEF0C108ED508F2279AF85E0F59F7018F775B7DC026
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..(.IDATx..}.t..n...z.f-F.%.62v..$.0..@2c..c.3...C....O2.33$.I.y$.$..a.$....d......,[RK..z...Z.........~st.I]]u..~...PY...dYFQ.Z.f.Y.^.....jeY..8.$q..$.EQ.%x.a.$I. .t:.......E.X,.l6.AQ..0.....^fa.sf.Y..H.d6.M&.<.$.?.{fUX.E9....r.....5....]Na..e_..e..T*e..GFF..(.Dm..9...*........B!..Z[[/.._&.R-K..|>......#GDQL&..rY..!.R.V....Ub.V.Vq.onn&Ir...K..5..&...p.S.K......z"....T*.....T*...i..q\.......R...r8....mmmf.Y.*."._.]'....>I.Z..|.....MLL...J..,..`..\ &I.(.2..........d2911.p8..P%.._u{..%.2..:.N..B..0L.T..b.lvff.j.n.....8M..!g.........o_.R1...d.l6{<.l.k.XdI.;....3F.2... . .r9I.....j:..D".l.`0......V....<*h..7.......B.0>>.p8..*..dR........A..?....[RRmQ.. ...D4.ek+.J......5k.|.K_...IR...(V.j..O../~qpp.R....E"....j2......i...w....1.j.J......r...?x.`0.lkk3.LN...0.......E.Z...J.....r.$Ijkk.....?....od2...v.N_....!.a. .l2....c.N.<).2EQ.l..O...Jt..g.Y.(".bw.+..^.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2191

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2192

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7918
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964279470528331
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:tbuLMRPAZ5A+VD/Y9rfmsKGAKfZLlKOTxfjAcLPvZo+KbgiGNXwsn:tyyPstR/EisKOtIO1AuJo+KbgiGNXwsn
                                                                                                                                                                                                                                                                                            MD5:077975608C025FB9D14098F60D0A9D7B
                                                                                                                                                                                                                                                                                            SHA1:E5A5BAD2702A1E787EF2B49B1A8F53BE253833FF
                                                                                                                                                                                                                                                                                            SHA-256:3FE082DD9E4B9BAEF9816C26BF35C863376C39EE2A2719F3ABA2B2FC281C41F2
                                                                                                                                                                                                                                                                                            SHA-512:89FD879B44FDAE43591CB80A759B902ADC8DC0B0221AAD97374911C2B695FAB79C8A088E88B3163A3C33714F0A8EF4809B6C396920029A2F4CC6C9A5B80DE544
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...yIDATx..}..$Wu..?.........j.f.R..#......Zl-. ..}.....@6.xa0f.Y.#!.E....33.c..l.....a.$Z.I].VwU........GddVUwUuU..*...........}....RX.....`M!k.B.....)dM!k.B.....)dM!..v..7.7.p.s....<..`..ur..o`{..(.b..w.J..T.zb.-?..^..e?wF...W..}.9...};.Aw{..u.(....u.....O=/,d...^...&I......}..=P........q......l.Tz....c..hl4...z...1..._e`.(.JJ.!..v.uo...mgj,;v^..q..9g...A.....Fc....+..{...R..q}../8....3v..5.RY..1..h.f.?..).T.g8.Gu.b.v.*.T.9.gP!......h...1..R....>.~...>..'.H.WR.`.#.h.k......_|.U.j...A.k&I.RJu....I*..B...>.3....72....cl...E"ID..F.$.;..;.w\".........M...;.swy..K...k.#..t]...$.B...g..?..9....M..n{...A9......r...j....}gi...w..OVT)...o)w;..fk....D...$...B.K%....g>....U...v.......[.G...OL..T.......V....m.~....fgf~..lm.v;o.}....o..Gn..?.p....ZS..n....(._S(..X..M..........gN...;.!.k;...........}./>....9........b..v...z.V.Zw2.......1....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2193

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0950611313667666
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                                                                                                                                                                                                                                                                                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                                                                                                                                                                                                                                                                                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                                                                                                                                                                                                                                                                                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                                                                                                                                                                                                                                                                                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://ad-delivery.net/px.gif?ch=2
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........L..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2194

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2942
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.891939560930906
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:9u29uo4lwfWkDNRsX40FWa2ddO5Ob0UaPPg0c/SljtJwsPyAI0r0oj:979u/asBFWa88OgVPg0yuy/8rj
                                                                                                                                                                                                                                                                                            MD5:5DB57F5943B3CB23CB2D498FC5CF8C48
                                                                                                                                                                                                                                                                                            SHA1:44D09795D7B8735C1D269BFE1903216E0F9BCCBA
                                                                                                                                                                                                                                                                                            SHA-256:F0EAE3357A08576747B5D4F181D0454A20548D76E6696FE0F9F659CE8F50CD0A
                                                                                                                                                                                                                                                                                            SHA-512:455D94F9E176D7AA392610CD0A51FDF008FD4C17C41DD76EDA19549679D4B01303DC68F4846A9DF36C80243ACA00AE5376306C564CC12F8890F06731F61800A5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..{pT......B...*E$.<.q..$.D....q...T.* ".y.i..F.....W..Z.R.....`i.v........i-...3.8..s.......,..o..................<D.L. ..,...".......E`.X..1..."..,..."F..X...E`.X......:.`..i..f......<2......+..M..]Y#..?...$:.Q?Z-<.....de..D.Gs.Z.'[.0.._3f...l.Z.<.a...).w...4..eG`.k.p...A..$.;.....k.S..`.N.......WzHY...P3@.;.....&.....I.H..M=.Z.M1./..5.V2.V...v..W..RM.@P.7>..-...E..$<......~.12,...d......8..#...*p*..pq..J..3......){...(..^..x\..9.D.b..8.pz..tFw.5...d..qQhQ.....M....U/.x...W.....V-...>..(A..~pj6....^...g....J.bSa..=.z..kk`.>...^....'._.Q...^.....%...}w,o(`...X..h\........d7d}..\...O.2....|.)..p.....6.Y..........Vo..Vu....++.b...QYJ...)+~.....x..`.=...{..e..*v.>...y$...........__.cK..1..LXJv.j..+.....F....6.-]}....|Y..x.y.O...>4.2...UU.'...U?.....#z.R.#...)u..GF.E%..f...6N.... ..6.\..$.g:)o.....l...%*6A+....;W....N..+c....j....y.%7?.Gb...%..[..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2195

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):25015
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972758047262445
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:2p3U/1pbbpQi7BkCWhEn/SDo1F2eXIl4XgevnihNsJJDZpKQ+PRM85CKP50:2p3U/XZ//6E2L5e/isq3RMYO
                                                                                                                                                                                                                                                                                            MD5:76F9EAF7007C255F4AC3ED606FFEDB08
                                                                                                                                                                                                                                                                                            SHA1:5C66B55B348962252F7E75B6C30346C97474C00A
                                                                                                                                                                                                                                                                                            SHA-256:C966D51B18CE0514029AFDFFC340E676C1F677E6E0215DC25555D46A0646D6E0
                                                                                                                                                                                                                                                                                            SHA-512:319087860FA52A6CB8B01FC560B8D23258624272D95729815A06FF1F2EEBFC572235A0F354CA4811A6DEF88D4C1D484F830955BE128C745A4A8B62BD800ACE18
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..aBIDATx.].g.n.y......ON..{nN.. .."(.A.J.%Kn..<....8tMwMW...5nK%.m.*..IQ........ps.'..|9...Z....5k._..z.Yox....RM..`..@@@.........HX..$H"..P^+.sG.'....X.I0J... P..1.....U.U..d.a.M7.|..q.R...V...0.9..S..c.i...T...0.8..6C......;ECF,.=......T.ff.N......;o.q#.l.C...8c....R?..A...q.".0.H~.p..L.O..-.Q<.O2.....I.4..)..@...z.>."..SJ...$.......B....... .... FX.DF.V.+...{..n..Q.P.U.!B%9L.0.8.H.XQ..Q..,j.,..=i.G.....@..$...Q.TO8....E..Q..F..+.Ck(# !.(.?...~.F..x......O<...J...2....`<.<..3......c..%P..&qE.u.3.&\Vu$I.BEQ..8..."J..a.FQL......!.. .1..a.!&..B.@.PY.%IF....BJF.2.9U.-.vZ.a....$`p...*9AA&.A...a!gL.i.&..j...v..a... .h...'..h.....UdC....Dp..Y#...%.5..t....'.x..9g..w.F..8...}w........+o....HR. . .<..4e....!K(........L.4c7B...p..B($..7.].U.S..!.H...@..,K.z.G..J...R...... .3....u5.".L..B.0..i..;.p...8U.....x.+.s.2.rj...Q.8V.e.@..4...K33.|N.LO..6...Y.L&......j,....YZ.`2..o..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2196

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 576x324, components 3
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8646
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.82591434636054
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:PFOVSHgIvuBDzNtI2gWq+0LaEHwqjiOwIiHiviXRlRE5N/A7v7uR4:d4SHgauBVtI2ureEHnGOI7v7ua
                                                                                                                                                                                                                                                                                            MD5:923FBAE61245079717232AB1C5709D18
                                                                                                                                                                                                                                                                                            SHA1:9BBF4F8079135797A1E96B9F0FA03AC7086CD19D
                                                                                                                                                                                                                                                                                            SHA-256:6DAA98A3ADC2C54B547E864CB8B4CF52FC1834893C75F33C2EF28499F8009873
                                                                                                                                                                                                                                                                                            SHA-512:36AC082697559BEC22266E33A6F542AF6FA6BC057CC5A6C388BC80670E4FFEC4F068C8B86EA4386AEABA60DA6953C7E1B0173F69D43B5E48E9A87DB03711B2F0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:......JFIF..........................................................) .. )/'%'/9339GDG]]}............................................) .. )/'%'/9339GDG]]}......D.@.."..........7...................................................................../..................................................................................................#".........................e.Y.>!.L.Yz/$.k6N..[.td.yv.2u6wq_....]X...^....z..F.~. ....................s.C.|.s.Z.o|....@.]j..:...\..>..:^.........................%Td......o...[...-X......iF.24.../h..cP.;o9.}..w.!.[.~.Z.t^W.>e..-s....Gp.................,o...Z.....~5.=...wY^...y..?K.8Z..........K.T..8.....j..>F.x..hz...s.....)...b5.0................0..v....^..6.........78d<G.MG.k....r...>...|....@..t[.{...t..e.>v..K..../t...~kJ.Y.....W.y/n.].................'M8Y./..}..+M.zo.;A.ou.........1~.....}J.S...M[q........V.|..<....t.r....L8Wv...(lz.!.E................!..........^../..].t.w.....]...\..z..x....^.>.....X.#C.z.5.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2197

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14194
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.955957347314798
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:qeyU/Uab39nONCbyPmp1+mAQZDVDJaqyxudYjfNCnORF:0U8ctO8OPD18Y1HRF
                                                                                                                                                                                                                                                                                            MD5:DC70586FCD2FEC0DE5DD2049AA04FFC9
                                                                                                                                                                                                                                                                                            SHA1:1415CFACF1F739C17F49B3DA3ED37D9E1010BB6D
                                                                                                                                                                                                                                                                                            SHA-256:5CE39EFD06F8E9952BF41EEECC458DA49608FF44D4352B365B2666141DF0548D
                                                                                                                                                                                                                                                                                            SHA-512:AB69FD31D4365DAD1BD1AF015BF3BCD30F97B0AF31B7131587FD3D0DB6EB28D89C4BE8DCFB07CAEE7FE0571550CCA9E06A182106A326C7425F8619E9F06B9DC1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..6.IDATx.....m.y......Z.....9,V.H..DJ.e.l......p.8..x...8.L.YF..2K..`$.$6`..d%.b...Y...Yd..N..{...>w.:...N,..|]......%i,..`,..mI....A..%....{.../,..~...T0?..W.&..0...I..C.....6......=..'0....s.|.. ..I.0..CY ^...Tdq. 0.".....d....o'0N$[`...62...!AX.....{....k.........!SqZ$..................:^..'2.K..."....(.....1.!...a..$0......X. .*=].1..U]X.Au..n,A..QL..A..3...Mz.........P{..Ng....R. 9.C...Z=....s>.A...!.!..g....=..+...[4T.l..T...n..u...l...L...."/....F.k..Zr..1/.e..?.._.\n.J.>Iul..L..#R....AP......~........9....R8.HP.>a@....5.[....s....x8...#..t......o..m..K.00.Z..N..[M. I..I>&.y-%........wo.a.^hh.lf........S........E.?1.....v.....>...[."B..R.x%.`~..Z.{.@.~....>...7..g..NSU..........je..9,.Uw$%J../r"$.....`^3.\.2.^.7.,.|xT...\........i.j."2...G....<.._.?.h...1.m.2@.i...d!d.m.a!@2.`...!#...k..`.?...o.....?.)E%......8}>=RqS..e...B]o.A....b..d0.A.k.D8.....\..o..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2198

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9889835948335506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUkxl7/lHh/:slf/
                                                                                                                                                                                                                                                                                            MD5:B4491705564909DA7F9EAF749DBBFBB1
                                                                                                                                                                                                                                                                                            SHA1:279315D507855C6A4351E1E2C2F39DD9CD2FCCD8
                                                                                                                                                                                                                                                                                            SHA-256:4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
                                                                                                                                                                                                                                                                                            SHA-512:B8D82D64EC656C63570B82215564929ADAD167E61643FD72283B94F3E448EF8AB0AD42202F3537A0DA89960BBDC69498608FC6EC89502C6C338B6226C8BF5E14
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTbexngOMzoo-b_VFfwBNWVC8kAZWmWzsqkySSrSec67zZcjGH9V3FZZ7Psm-N6CK142YB5ixGD4jSHlOvn9478qqHhQ3pQKg&google_gid=CAESEMRWtCSq506Z9-r_lLfcJfQ&google_cver=1
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2200

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6540
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.844144293165099
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:pWTqM2A5AKYW80lKq/PTSsIlf2/6JDcRes:EqM2yAKNYqDxIleZRes
                                                                                                                                                                                                                                                                                            MD5:E3639AD6D5FAC40AC672E762FDF57E46
                                                                                                                                                                                                                                                                                            SHA1:FB703A11DBE67C042035170C5DE53047B7E32FC6
                                                                                                                                                                                                                                                                                            SHA-256:6F724BF28D5F1EA2D703AF75EAD91FE244CC7CE97FF57ABE82CD53759797D52F
                                                                                                                                                                                                                                                                                            SHA-512:6933FB09EA72EDE022B907B212663D327DB2DD1FE502622CE408B9BCD965553F7C0567A28739E84B1ABF14AA4D828781F5A7A3CFC2DB84390F8E0BC6B5BB4D62
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/pdf24-pdf-creator-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8Lw.../c...M8h#..j......0D....*.n...W.n.k...Z`.f.K..W.-.fCwKO."P..9....V..`.m .?m.W.N2..H.d%.._DI..j...@....$.{.1......?.Hq..J... ..H..\|....._.b.W.......(..i@0....A.S.E(.!&P.1.D..o.vL....y.....L8k.m.Y.....8.............jL%.l.v.6.\...$A....#J....6d.....y.om.m..S.c.fi........GfFm3.5z.1...R.B...0.0.8[.C.A:..G.'"..#.!.J.....si..s...~k.+CD..9......Mlc..Av.C}.+.."...,c..i.N.%....89...%"..rv..4nm...Q!'.D".8b..1."r"p.5.m,'.rD.#...;>.J4N..q.0.g.Z...p.S%...S|.].?..;.a.u.P P.`.......#.<.q.4..Uu..!....t.0..... ..q.p"..Q....8..`.@....B.....'.q.....s..-".3O...t.o.i..O^.....e2.....#...sC.#"......W...p.....c.....D.&RA..p|....{.+.....7.y....u.!...*.R"f,9.....ni.3..!.......qF.".'..L..........OC.%..%zxu..g.#.9.'G..+ycN.l.3[.X.C..a..3.!#R!W...bS..#.'%"B...F..g.........<.q..B.........;V`}..Z......_'...:..Of.ks.z9.q.-..B8..g.87..y....a`....u.+g...y...q............@X..f..../.~...."......{..$.. $..&.i...rm~....o...z.,..u..*{.f...&.......p?.....q.$..q...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2201

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12202
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.967378771791017
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Bb5PS8glQttapUpty9jgdDF3BgqdPB/MsxhXHBsI5NcuFsKhIHsnHA4F:BbRSatgEXgqd5/MoXhsGrPhIHsnrF
                                                                                                                                                                                                                                                                                            MD5:6F163DDD7ECB25427A5C0D86B481416E
                                                                                                                                                                                                                                                                                            SHA1:8BCF4E7FBB70E76DCBC6D78B35F72F9ED5D88808
                                                                                                                                                                                                                                                                                            SHA-256:90C6530A5B985C7C0D4BFA7AF903ABF73C223A13B79D5387602E6A07FAB2F872
                                                                                                                                                                                                                                                                                            SHA-512:24070B372E5B49096ECC692B9E10FC164D1694D4E0F5E760514A167F7F3001761FB267DB67E5BFD29A5D5CA33BBAE9A65440B1DB0515131F18B976EAB618767F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/soundflower-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF./..WEBPVP8L./../c...M0l.6..~8H..........f.v.I..M..P.t^q.n.[..U~......m..<3.P....MQ~......A$I....%2.x......I......I.=....... n#IR.......D.....yc....@..*.6.*&..L'Y.7|..!...UH.']c........,?S....}$.QP...2.* fP..#^......M/.D..M.4.YF9.(.J...l.4....z.[...Dy...w..K]..<..2..'....D..|..N..!.0 h.......#z;..S.bQ.t."_.....$'...2...7.#...M\...s..........)....V...jx-j..X.F..u....y.$Y.mI...}Z..T....X.FQ......u.;.F@!.$G..Q{_...|.Z\.oI.,I.l.I.........p Ij.,...)..c...m..HZ...>.'...I.L...jE..Z........,}.... ..~$.Vm...rm..lf...v...%.F..=.-K.$I{....X.z>:...6+fD|.."G.....<Y.F.m.)..#.....nf..=.{@.....LO1%sp..%.g.'...I.mKD...=.j3....#cj.).h.......pw3U.$I.#.m...G..1..n...)mX:.....Fs...............T..sT......."....C....x....P@..#.8.......:.'. .X.)..Y......6M.$4.PkFQ*...2#,..p.+.C....=*..9.f,......b*....U.o#...../.[.........r...W......4.Gdv..(...C....".Ei..m{.....2..bDEe.K..G.=..7........f2.r.....S..C.O......t...\......._..&.6...l...6.].p\.-.5..]..1X.M.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2202

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):24772
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957537558581465
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:M25vnzn0jSbC881/J7NuRS5/XQjo1ol9GYNY:pLUSShJIE5fMoa+YW
                                                                                                                                                                                                                                                                                            MD5:171B2DAB3540A4EDD0AC51F6DC928C19
                                                                                                                                                                                                                                                                                            SHA1:A974C8868A468005F81BF352A2370A00CADB9890
                                                                                                                                                                                                                                                                                            SHA-256:9212A105E5E9996D2582CCA733DF802BB60A29CB0B99831E49EE7A2C662554BF
                                                                                                                                                                                                                                                                                            SHA-512:0B5FB40DF0828E21BD5A571369EE54857630BB61A18B9FA0C0D0EBF7B44CFB31CD2DF516F5B1E8B96CA1674070EBD31046D52E120EFF99E472E588B7A2E9824E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..`OIDATx.M.g.&Wu'...*?...L.tONJ.,$$..Y$....`X..6.i.....i.........%@.....s~r.|..C.~..X_.......l..6..|Ww.p......Xl...C...{.xh.w..{wO\.d....78.wv......o~,..F{.c..7.j...C../.Y..."...T.W.q)....:S~...[.'x...L...z:..x.}.@g....~...O.[Y..T.........].....t.;...1......l....g....v.xJk..?.....S..8362.g.y..../=8..].o.f.?...u)47}.......=...W....;.K!.~....L....{........._.c..N.P$..!b.........Lq....B`L...H.U.3f.mo.y:.p...S...w..h%.C....?...2.....-....B.....J.....E..F...-. ..H..C.Xl.NN..+>w....g...0....@.......Kc+....[K...{.5L.......".....{2...A.r]Y.....@#.......Q.0..{..:.p..).AAR..#...z...B+3K..6.j.2(...B...!.t...!R.+.4.....)D..........E.."".uK......F./_.89.........c-...@..@..U.I....O...x..0 .q.a]....k....V.B.G....'9.Y.....I)..gZe...W..C....y..d.E.V.-.{ .....K.-._I.tB.d:....{T..._..z.L,..\[^......26....4Y.N/}d"...<}a....."@I...N.A..hB....$.R..N..A.J&..j4..~.0B.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2203

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.0950611313667666
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUMllRPQEsJ9pse:Gl3QEsJLse
                                                                                                                                                                                                                                                                                            MD5:AD4B0F606E0F8465BC4C4C170B37E1A3
                                                                                                                                                                                                                                                                                            SHA1:50B30FD5F87C85FE5CBA2635CB83316CA71250D7
                                                                                                                                                                                                                                                                                            SHA-256:CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
                                                                                                                                                                                                                                                                                            SHA-512:EBFE0C0DF4BCC167D5CB6EBDD379F9083DF62BEF63A23818E1C6ADF0F64B65467EA58B7CD4D03CF0A1B1A2B07FB7B969BF35F25F1F8538CC65CF3EEBDF8A0910
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://ad-delivery.net/px.gif?ch=1&e=0.7733645662064941
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........L..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2204

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8491
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964646671615172
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:fNqZA5RTNNi9D0pls6/auul4sa8DBG0mzwfrpywc0GmnNXPOMZZZoyHjYz5wE:8Zyo8+6/auea8DK6r2SPOMZr8P
                                                                                                                                                                                                                                                                                            MD5:3A0ED8AE64B97DCA1D5680892C43399D
                                                                                                                                                                                                                                                                                            SHA1:FCD15BC825CC6AA422228469E2EABDACA5C63807
                                                                                                                                                                                                                                                                                            SHA-256:0B98B450A74E2604F0D935A8085799DD99C3B8FBD58FDBED5FBBD47DA05970CC
                                                                                                                                                                                                                                                                                            SHA-512:0F72A478D5F0F0A7F36AE814A7BA02A1BA641FB409C41E7C900370A140A275F8AB511903A461F05D9A2F1059F70DDFB10887B949091974DD8272491659004D2A
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<.. .IDATx..}k.m.U...9..s.}...k'N.c....H .y.......@.!....P[.&m..AT.bBBJ.....JE...-$4u..1.BS..'&.....u.......9.....D..ut.>...Zc.9.7...)./<....L...^0...z.X..>.u.DI$...,/..Wr.$Q.<..xi.&...]...._...zt.>-.....<......#%......7..e7.N.l*...p..z.....<5..|..`I0..h.u..n#.u.&...F..H.....gu..4^...9$Zp...6.*..R.}V......f..:.c....uC.F@"..v.*o6..A.G.9._.....X.0..A.V..Fx.$.T*N<.rs.A..X..KMN 5....."|&.s....... R.#9.QrX`.X..M8.m.7..u .......^...TRH.....3...O..B....T...Z..W...VsN.".....cQ<.*..{.G.V..04b...d,I$..-`..x.}v...$v....P..D....P.:'.3/..qsT...%..B..i...7..o...-ho......j.p....O...^r..+k/.|C)../.d.6.9s.GR...d.......~.o....^.1..K..d|._p.I....Q.Z...C.F.).........z...6G9.1...y...../k.x..!..A..T..+....:...g.Qj...u.........[..~"e..B`J0..@?n>c....t.D% \:?.%O..........x..Jx*.A.....b..7.g5..JP....H.. /.Oj.\......p...'.....p...K-5......5..O~..8.%.... I|u~T....R?...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2206

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):34
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5251270918749356
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:n9m6QiFL4:nVm
                                                                                                                                                                                                                                                                                            MD5:B205296F7C49C67BAF5B78E8163061A7
                                                                                                                                                                                                                                                                                            SHA1:828DED5C881601F44CE02CCB9E8B98D214B5E9AA
                                                                                                                                                                                                                                                                                            SHA-256:281A6CECFF9B473286243BDC58329C1D8141B979E8985EA968D7D975F3A50E05
                                                                                                                                                                                                                                                                                            SHA-512:ABBB243E84448F153F337C61919C36F68F2503F14F7301A903ED76B5A321C60C09C5E5D1174E77EBE3199A1F7A900A0668555B729F008547DD26A00937FF7B5B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:partner parameter must not be null

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2207

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8400
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.971268007482031
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:M7APfwEkdrBm26nc0ohPKunTBNe1plLqyAPEEVhaJW72:M0PfwEkdr0tc0aVTenlLwPEMhaJWa
                                                                                                                                                                                                                                                                                            MD5:D762BFAFCB6FAC9F6D30E6B9C1F7F526
                                                                                                                                                                                                                                                                                            SHA1:8FC7818239BA174E69F4ED3DB0092EDF1071D673
                                                                                                                                                                                                                                                                                            SHA-256:7C9063FD302F54B4D6B3F9923C3496EC0D5F499E54046908F56A8DA0E16B202E
                                                                                                                                                                                                                                                                                            SHA-512:E211DE110AF6500F732ACCB68A2EADA697587483B5AC9374E41F0DBD6ABEF4E1CFAC7A78251D91190835A5C8FC1D3F1B55A9485BC8F9C638F8CA42DB1012BCE1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/mac-app-store-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF. ..WEBPVP8L. ../c...M0h$I.w.1....!....0.|...N".......P'..5...%.P.DT IhJ.#..t..R~y;..#.6..?.{........H.U.....b...4.....H..[.@bf4..o.../...........VVB.c.vJ...Z........v.N.J.....R+e..W..."T..p.l....W...*'...\..A....(.._..(^E.....G....... ../...\.3...V.\ .....;.X..S.(6..x......X..f.%#..P.........m...a..)D...X.r(.S.b..0.zxX].T....J...."i#.q.Tp...%..r....!..{L*?$Wo...i~.d.(2.g.I..".Hm.#.....v..B..;..#uq.w..m.v.....Fc).....Y8!f?...IR$e.........1....[.8..<U.m{<<.efffff.........../....=1w.....~.H...U..1*...c.XViK.:X.mi..Z..>.i..Y.x.p..Y.P.....U...'.`...`...../j.9.m...8Q.J'..y.m.7.l...{.m....V:N.g....m[.$.Z.c......?."3.......2....\UT..1...r:.T.N..S.....P...Z*.......AB.c..B...P.EL.|...:R..b...."..WR*.M.r*..."`........|.)..D+..!.*q.P.....1<.*;..%..db.0.)s.'.;...y...]....w...b,........j..=.......X.(s.7b)-..Ph.a......Q .P. .....h!.D.#..jkI..<<.'..0...|n....i..-./.{..I{+..}..h..h8....e..."%8.A.R..@8TbI...'...i..p.(.......W0..@Q..3i.M.5.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2208

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14536
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.961368941642811
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:r/cdD0tFA2NPmGU6HTZc0pUoA6/xH0mfVGAvBsUenyLBoYvXl2qPdTVEVM7uAM96:6krNXfZcz361fVGYmngBz2yE6uAMKYs
                                                                                                                                                                                                                                                                                            MD5:7137DDCA9A5F188E13B7BD02BD46EE8C
                                                                                                                                                                                                                                                                                            SHA1:08AD5EE489CC8E71D940727336E7BB4DF55327C4
                                                                                                                                                                                                                                                                                            SHA-256:8E599184BD4CA12362CBFF62EAA491681246A2C55221D3AFDFA1E3FFD4E33496
                                                                                                                                                                                                                                                                                            SHA-512:1B7B5E664AE7295629A0F5824F698101808C1E7769B08F6937D73B84720C09B28D66D5C88CB600E727FC0117A9595AA970BD9FC9586742BE462B75DF1C27D119
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..8SIDATx..i.d.u&v....k.KWU..F/@..h... @b!.c."..9.-3../.3....#......{..C....&.. H.........U]k..[.9.?....j,.8..@G.:+.s.=.w..=TVP.TU..DPE.QP.............AT..E...KU...D......_...................N.A.?.......]..../fVU...@.....m.".... D...............T../^p. ..h.Bw......l.......l.'.}......UE.&.@IT...T..Q.*..B....kN.;u..}..+++.Z.eH.....g. ...5.@.^..K.%b...O.R.Q.?...xycu..^|..w;!.@*nxh...oO.O.....M@!.*...%....Z../|.O.r.....8i#..#`.sP....A.}..m.....:6.....iBs...."..A.|..WC..:.P..9.ed._...8..0.4D.@......2.}....~...$.Q.Y......P`..wo.^.6.Y.l+...h.....@w?^.`....p.._......ql............+."....U%K..N.......OT.e..U..9g...A.t.(.%.O.....=../...a.M.-"....)..{9.........$..;I..-7...?..=.{....b..N.?}v..Yp....9q...8..K........".NC/.!.....m.=...k....n*`..EEU)0../,-......%;.8..?........* .....u*..+...\.......~....[.w....N;..%?......"s~.....{....a.....'.Z-..BT...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2209

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18113
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.979785313235813
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:nh90r5MOeT8rqEuRjDo/a2povdNew4U45SjICjn+UMSJFJYVgr:nhc5M4gB1jew4T5SFn+UMuYVw
                                                                                                                                                                                                                                                                                            MD5:BFB60178D1D7158C0FCA6E3A8782B328
                                                                                                                                                                                                                                                                                            SHA1:81A9D0E53118F31A037C2DF50E240A951B2A98A0
                                                                                                                                                                                                                                                                                            SHA-256:57CDA563545D12DB775DA17CFA8E6FD37981EB536828228D2E40EECC59DE3902
                                                                                                                                                                                                                                                                                            SHA-512:485365F2A6B54EF8AF7E864878B34CFA37D53BBE5FF0537D33210A09A1A87AEB71F487AF2130662BF4FC07BFA323B67C896EC52FFC1D3DEAB47C614882E089D0
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..FLIDATx..w..Wu........3}F3..IV.l..........r.bJ.H./7..ro..B...I..L3....-.n..:.....^..sf4.M..wG..v..w...^.y.........!".i"Dd.....%Cl........z.".DxM.MD...#.J.Z..4P.v.X..^......q..?..<?..n<."!..!..../2:.....}.....).>........;:...-<$..vk........qfB@l.jZ.57.........!!!H.....@k..Zx..D.......O...#.:zc.-.-....)..!;...u./..F.y.!..W|g...O..8.r@.$....f#....Zk.hDy...p..XD..DH..5"'.j...*....q...~..JW...RZ.*.F3.#0.t.'...&D....S.Xw.F..Sj.......f..s...;..E.R(%". .b..)?@...3. ......8g....!.m.#..0.ie"..t.-.....E......4.5......!T.vfdjl....sa=..E.....C....Ea.T...5h.46.Es...................P...DFH.....,.<......F...dFP.',&.'.....$ .......1Y.^..[I`......c..Z..@.....M...f#7............<9r..W.S?.r..)..2,a0!...1Bd\0..?...@@@h.".....E..L....f...."6x..G"jZ....2#fn........`p/.o..-....F...B...0...#...3..~..f.q+u6....D...q..k..m.WI.l...|.;W/..M.....%~.....e.m.9}.K\.G.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2210

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7538
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.963360274137738
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:CuptboufpUz6yNFr7DFd3MhAUo9zU7JUA54QAqMG:CuvtDyjr7DFKbo9zen4RG
                                                                                                                                                                                                                                                                                            MD5:BAEF423D22DD1F82E591FB4FE11B58F4
                                                                                                                                                                                                                                                                                            SHA1:4AF324414C1D7CA3519B1A439E9E6E98924EFD42
                                                                                                                                                                                                                                                                                            SHA-256:6D814C893BA59B573E722E5891F853C570273252CEB910ABEACD8784B3A000B5
                                                                                                                                                                                                                                                                                            SHA-512:0114BA56A85FF5C8445045FCD20E846F5CF4CA16CA2EF37EA50DE54A81E099901A541AB0D255B586672E24A55BE9DEA66148406268C838CE9D03CCAD7E737D05
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/huawei-hisuite-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFj...WEBPVP8L].../c...M0l.6.$.....n{3D....L.D2...j.LP.|...../..w..3..^....6.4............mm.5.x.W...U....6.W.S.Ue><.D&.........N....U+....9.D..Z(.a.D...?..4M?.4E...N..x...X.O.B.y..(P..4.....b..3..:.F.h:7.^_%.;..R9<.|....4{X...t.pJb.e..A.~..M...i.N.<O...].O...E....2.L. ..y.M..6.....n.d..s@.......(....7......4M.&L..%.0E?.4...L..9r#'.......t..y..M'}.......N...'.....C7$.FwuUe.......o.r.L.d1..t`mcX.:n...uc..hy...X.Q..5!.S..nm..I..<........9.m...e{..:..[.m.-........2.{=P.v..m...d..m.m.m..m...m..D.d"9.}....I..A.....P|.d.y.....:Gg..2.U.d...@.8.~..f.Ym....4iCLH..VMZ..LI..=.........).%.. .")..........m...T......MZ.9."..p;..n^\.9.6.$.D...W.A....e...\4b$.).jMz........{.]..s.B........"9.c./K.m-.B..;g..W$..\1{DQ$.HO1....z.~..S.:...G.j4....(...\]|D..6.......y..x..n....!L...o....~-yO.G...T10......o.X..\..&L...*.}.;...o&....`XD..W~v......M....lp.C.../.D.).1..............h.A....5dM........h....a..o.spTf.`.S[.P...eC.9z...2.G&1`q.......3...K..h.N...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2211

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6959
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.966758799391185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:R6FT6i3p+0+QHKJ69cSzGMGTV9Uyppg1MxM:oFOTQHKJXyaTVKype1M2
                                                                                                                                                                                                                                                                                            MD5:30100EA3F4315E291F2F639655E85AC1
                                                                                                                                                                                                                                                                                            SHA1:1794FF0D7B796AFED055FB1B5A8B1936CF3E906F
                                                                                                                                                                                                                                                                                            SHA-256:6A44BF6BA64D5414D56A7CE9BB97864C97030872A7C0A56B2AE47F73D15F79F6
                                                                                                                                                                                                                                                                                            SHA-512:FF5CE19BFB1DFA267C770761DB2BEC4136A079A725D9EC8BCCA039555FC25BF38E7C9619DD7067517B4ED3F4C5E1916F4E776E12A638D81E4553259AF06127E1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..yt.E...%...d'...a....3.,..?...?.1.3..0..{..,.!>d[.oY.Or..!.!a` ..p........$...V.e..X..c_u.Z..es$.}.S]U]U....K...Fc.X4..D.c~!r...}4u.^.~...I.F.}.o......;.Rm.M.!....X,..DYD.....Ny...:*.n....'...|.D.G+.7"...>.{D.E....)o.....@.v.....3Wn..hGJ.}2.....bS..5...B(.\..w``6....e..b.....$..[...AII..T|4...'.x....._.6......}x.HI..p..\.p}....?..UL*...H....D.6.@(.W.....r....,R....HP........=.......o^..."..# .z.....t.....D.q7..T..W:..mJ.((.?q.._..{.K.'I.4...Tq.%.9.....2.vRf..$?.w......N..........(a7%....vSX.}.X..uQ...H.....GB..h.P...[ii!.]T.Q?..yJ.M.yg...f....%..MF3.vQ<.Y......%....}.v.6?M..z....P.9.{.u...]#.o......P... OC..Hi.%.g.T.r)p..I.g..).G..D.)".-...p...3...*Y...d..,Ty/.#7>.......|...g.h...3..........|F..../.6>..&.FM..a.8.L.... ....U.$....$.EX......G.K...Z.(..z.?.3.......<...aq..%...@.A1=.....z...........W....za..`.l]U&....w.HX.].(

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2213

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:TrueType Font data, 18 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.001101; 2014Roboto-Regular
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):162876
                                                                                                                                                                                                                                                                                            Entropy (8bit):6.532050095534921
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:jgWSNgHPoqWL1MMeFchiZ414XtvlbjybHp/rGazzxla34cS2FXzyuDAbM5hDWH3b:jrsHYt56Nklyuk8WMoBiul
                                                                                                                                                                                                                                                                                            MD5:AC3F799D5BBAF5196FAB15AB8DE8431C
                                                                                                                                                                                                                                                                                            SHA1:CB0CB91A31F43293BD7042DDAB945CE161C29D3D
                                                                                                                                                                                                                                                                                            SHA-256:F0E5A21BF5C95E4C1BCE2BE98A3656EBCC6D42A21F41C4E3EBF69DD815702E54
                                                                                                                                                                                                                                                                                            SHA-512:A8B7F0F8759FCE064B8576429A59A0B18BFC7A6AA3B140AF43EC665FFAAD2A1CB27A2BD745435113894EC5D607A3EA706F92C19CA5A233D87F464362DD6063CB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.rtbrain.app/fonts/Roboto-Regular.ttf
                                                                                                                                                                                                                                                                                            Preview:........... GDEF.W.Y.......DGPOSJr....0..R$GSUB.....dT....OS/2...........`cmap@.Iv...|....cvt $A..../....Lfpgmg.\...-D....gasp............glyf.....9....6hdmx78..........head.F.....,...6hhea.......d...$hmtx..........loca..g...0(....maxp........... name5ScY...(....post.m.d....... prept...../..............*Y._.<...................N......0.s.................l.....I...J.0.............................T.................................3.......3.....f..................P.!....!....GOOG.@.........f.... ........:... . .....d...........................w.~.n...i...e.e.g.......&.r.....N.....5.%.....L...~.s.~...~.].~.^.~.5.~...~...~.M.~.p.~.d.......)...H.d.........K./.j.8.......5.w.?.......l...s.z.....-...j.5.....N.............v.......m.......P...1.0.........=...9.......V.....H.(.....X.@.....y.9.Z.m.}...0.\..._.=.]...<.}.`.h.......................j.....[.}....._..... ._.....i.....!...+...).......X...@.........q.......`.i...[...i...........Z.X.f.I.[.......f.n...J.Z...x.....F.a...B...>...{.......C

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2216

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9468
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9723699165659205
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:ntQ2wg8zrHopHLs966SxlMn3J9H4aVcn9XievsUMTlFIxN6:ntQK8zsFW6CY4k9XievsH06
                                                                                                                                                                                                                                                                                            MD5:C84442C73240E9795FF3CDA465986DCB
                                                                                                                                                                                                                                                                                            SHA1:39036A8CD322A4519C905B5CCDE1BDC5DB7D2114
                                                                                                                                                                                                                                                                                            SHA-256:92A4278B6297E1095B3B439A96DA66B387F08BD83C824BEAA450191F8303D580
                                                                                                                                                                                                                                                                                            SHA-512:DD925206A7A7EB4B5BF739686D5F114D5E916E19EFD2487A0617702643764F4C61B994CCCB4F148FC5F153BF53F42A511DFB27B05E4284B98273A2DA7F38B61C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/pdf-xchange-viewer-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.$..WEBPVP8L.$../c...M0l.6..\............u7..."..'.....0........[..mI.U.sQ.mK"....~.*...i..3._-.F..H...]Tt.B....$)R.=J.-...[."3..I.Uepw.[/$d.+!<.........I.j;&nq.;.....p..3.%......8&..f9\........f...r.!....?a.@.".+Q.!...}C.O"n...2..............MH...Z.E..I..}...1&((.P..kO.5.l...3..H|..B..9.|Q..p4..Mh...{..J"..n.......wv......c.,OyV.....m.8.a.;....t.....:.....|h.9G-.d.....Er........p6....L.e.......].c...tw........D.UxT*U.....:.......Js1aN.e9*.pre...9.T.C....e8qFG.<.T.....d......6..._.=..$[..0333.)>.sw.Z.}..)G..3..m.xifG..U..Sr$.$..g.%...w..9.....<..9.,'..Zkq&....Q....J.j.._4.E..H...5.yH..0...."..c.....?..x..iR....m.......c..<AS.#I.$E..<..gO...}.>..L....H.$.Qs...s...v.0 W......u.dl.[..... A.I.A\2..........:..d..&0a..L..`.L00...@.$..zm|..?..?.!.............6f/.].c....$.|>?xH..&0..LVe.....v.....XG.&..?t.Q.).!..D..Yw..:1k...0.....l.+A........@d$..7..!..+.8..;..v.-.Q.I.E!.....7.H.rlz..a..IV.#...9.@..$.iS.....!YU]d.....y.U...Z...@;.^i.#<..T.t...=...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2217

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):13501
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.957294415486871
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:JYznDHP5DsrxvSzOjMizUI1fwGVBwEFfmUO:JynDBQxvSzOjrwBE3O
                                                                                                                                                                                                                                                                                            MD5:4A8EDA18B0E601D48B1EB73820539EE9
                                                                                                                                                                                                                                                                                            SHA1:9A14981A193535B413D6E319F89669F28CE98B9B
                                                                                                                                                                                                                                                                                            SHA-256:8BCDF7055349E59060559F6F2E58F8F7B392DDAAA08A155C7F62D8D573C2AD91
                                                                                                                                                                                                                                                                                            SHA-512:7042B9853D7F9BD1B2076CCCD9710767E7BDC77CCD2F7EC76B5D38349D5DACCDF17772E895A870E74CE158BFD1FC906C66088932EB4B05FB135BB7583C6793A1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..4HIDATx..w.\./~N...{ROP..I .I.$..0Ar~N.x..k..g{......:.....`......9...(K(g.h.L..7T8....#.....=...i..v..o..=..T#......"..E.b..i.....~......l....6x..^....3.O.x...9.. .C..hsKsWg....y.YK...J%.Ah.o........P,>.....{........Cd....tp<Fxrhb.W.@.....??X.G...h.........K/.,.J...1..xax)D*|...._?....s....T............%..g6.....}.x5<...../y.[....g.X.JR...4.H).......G.G{..8.iM.....*......<aU.q.|U..%.j._.sx.T!.....q...&~...}.;.....+.,..R...~|.O*.eYJ..`..xQ}.q...!..t4&;U....$..Y...I..3L....A,...g......0.....)D..~...U.%.4..@...H.O..H! T...X......[G.jO.T. B..$.*...T]..._JiYf.u....w.sOM........~\q..*S.....'.z4.#c..c.!@.X...C6Nt........cv.....'...IJe...V~......K..g..b..._.........}......Z.....<...W..*.8..R....A...V.q..I..q0.'.....L..h...g.T..<p...>.@".PJ....+g.nb..S7.@5.;....1.9.j.J.Q.&S.@...c7...X...6..F.pL5Bm$RJ.b.....<...X,=...Ck...I!..#Eui..)..B.Z...yu...l.Jn.....m...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2218

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14158
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.979774594727858
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:U0+3Nk1FXJREEhwW6WoDPtn6IKXqlGsxSnBdUw/FbrW3N4Iab02BFtslULjScCUx:Uvk1JjEMw559AF3W949BXLXzx
                                                                                                                                                                                                                                                                                            MD5:3DDAE84E2055F52F4C2C58FD17CFBBAB
                                                                                                                                                                                                                                                                                            SHA1:DDDAD221D87B5CB2FEA8DAAC11F9D0C0AD5D7113
                                                                                                                                                                                                                                                                                            SHA-256:3DF3002D77A9F95C70019443238B4F7BC489F0E538F83AF0B8899CF85EDE58B9
                                                                                                                                                                                                                                                                                            SHA-512:5BA43FA07522BD235EBC6DB3BE9F89BD996F6917E6851655DA02174638E8561965B0219C42512013DBA56EC17581EDE651519480EEA875AA8887C5D4AD89CE17
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..6.IDATx..}.XTW...mz..w..........*(....D.)R..^.X.K..M.I4..M3.hz6..^.6.{.0.....S6....y.3.e..9....=.B....A.d)E./.$..."O.$q.#.wP.}...M0.[.bX:.A~..YC.. .....C..A...!.......&I.0N`..8.=!..$..n."....O...All..5... ........,...i.7......&A.4.....>......\!..M.. ....4B,j.BC..''....u.W....'.......`...A........ .. ..A`?.Gc.,yk..e{.\-.......q^...3..,....t....._&.....!.0... g.!.[a'..KP... .M'......pR........%99......55.Y/]..ed....{....`... .....L.8R..M..r...S..}......;/.LT..v..Lg...m.5?...\.[....\.........|.m....Y...g._...|z..y.gG.~.c'>n).l.q...C....F.. .......X.o...w].lQ9o..onVI..J....*.l.p....c..r...<.K..Q..wKb=/..L......{.4..-..=P..:X..>\..><_.z...........j..(..9P....P...9..V$.[..{u...{B....(.4... ..0?\*.H...e.xq/..m.N.Kg..r....{.....d....X.%&....%.^yzi\..3...-P.?\....;w.=o./R.Z?..~V...........1..4..c3q7.#..._....n;w..v.P.....&O.D{z..N4.w...-.Q.$q......bU........]

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2219

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):18544
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.986080553868551
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:sfW5y/DYlOObOEqSVO7TWcH8xYQj/ETPK77R1qj+1XDunUK5X3mqpwy+7:s+osOObOEqoOucH4YQ7d/u0Xil5X3mDN
                                                                                                                                                                                                                                                                                            MD5:EDE1AB05D2BD80CC73DCB2F898829856
                                                                                                                                                                                                                                                                                            SHA1:FC71C9D998493D0369349C6B3F59BE8198ACCABF
                                                                                                                                                                                                                                                                                            SHA-256:429B5BD943CBAB978A48AD1BE75048D6AB76D3CA3C503414005C1446194B6587
                                                                                                                                                                                                                                                                                            SHA-512:64EE23572657B5A108077DEB272271DBED8B125D88044560235E9F79A5EFA7AE15E748CEC557629E6B748E16397BF4AD3007AF5836731563CFBBCDA3CBFD5B27
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/live-football-tv-euro-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFhH..WEBPVP8L[H../c...M8l.F..........".?.*..t{:.afiY-1Jr^TX...sC.kT&.3-rw...9g5,.G.$5..<y.nMt...#.V..[...aq'.8....].q#I...w....c\(..........G+B|w......@..v....j~..!..#..;.5;....u_/.....I.<..cz.V.g....@.$i.+...<.x...8.....S.V.2.......".......a...>D...0P%B.1Y..(UZ..-........B&.d..!-.m(:..(..E.$#Z.A..0..B.$)S.P.....}.!....g...`ao.\0...*....Ma.m[u#.:...%.!..aH..jffff..P........!..!.a[.KO./...m."I.m......{@b.dff..?/a^.l.g..=....y0.de......fk..I..}./....#..d.fW63s.E.e..yf9...333Cswaf%EzyD8.$...L.T.1...2di..MED..:...xfm.m.}.m.\{/....38>..K.....oI.,I.l..U.#.6....>w=.-#.T.}I..H.m[.j.YU......v.v.P'.._..P..n...m.F.S.l.!..j.....I4l|......au.Wi.x.6....."..V.^..w4waX..D.XYQ.N.......(...?..=..&'=.n..1....:q#4WF..:.i.S..H....Q..G..w.QpT.e......#.c....g.. ...u....S..a.....*........\..\.<..d.x.Z.~X..s.~W%#...k*....^..!5E..%KoL&..]Y..."...~.H.T.i.i.S.(...Y.=".D0..O...w...)..l3.@Z"..J.l..f....)IJz0".:L.C.9C.Vs....F(....G.y.?.Wh\.v..R..`..P5.yL..4.(..T..H4H.My..S.r6mE

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2220

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):6604
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96265810185762
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:LYrmPtKwalH9xYFWavlnc4KBVpalsArY0bpl:LYyltFWa+ZBAdpl
                                                                                                                                                                                                                                                                                            MD5:AC9BAAC8D142E6317F4DF7E4D370E516
                                                                                                                                                                                                                                                                                            SHA1:D8A4A6DE639C34F901AF622732B36649118A64D4
                                                                                                                                                                                                                                                                                            SHA-256:3F61D279EA263109D41C9C0D1901D78A90BD5155534013FB9FB61E4BC0C5CCDD
                                                                                                                                                                                                                                                                                            SHA-512:824C57546535CF26B0E0846F17A61040DDB774C7821086F6A3ECA8DDFA98225272B19BD6D92504EEDEB6642ABA1EE88EDDB1346E52EABB5FCD7CA6AA86CB7F06
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...WIDATx.....U..s.;*$d.}.}.c'.I2..{...zIL"..AA......y"z....z8...#.<. ..J^@A@..H.c2]{U..^..U.v.tW............~.w....8,.p...E.:Ry"~WxB..Rx.........v.>A+?......Q...2|.(...[...~....(.U..Zf|?.R>. ..""....D..l...L.M.]..u....>.O../.........\....Mn.......O...R.I...(a.Iq!73.Fo:..Y.lYCO..a....Bn.u.?c..^\...Ff...g...e.;.........c..Q.}..&.u....X...`.........zd.=...v.......:).. n.{..T..ilJ..U..W...,.....)^.C*......I...%...<C.y.......;.-<.@....w0!......1..D<.ZH...8%..M.*...k....Z&C.c5D...`._.X..q..*e.x./...B./..<.W*..4...s..N.~=.......1_..:.....h.6. %%...5.5D..j..^.7...~]I...~.R..@..do.K..b.\*..X,...\.B.....v<...2..%.~%..Lz.i.X[....Q...Y..mV..8....,..j.o....L<...#j..:.[....._..*..|..O$p.r.(S+.J...b....}.%...D.9_Wb....1.~..`.v..$..Bj.....)...S..Y..K..d.a.t...|.. .b.W...b>_.$._=.....k...A6...._7..f.....:..).Ge.i..*...g....>X.Ht`.~.3A.v....I....g..#.K..jr.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2221

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):166129
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.752234146055435
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:UUymJnri6fBqxw48e4GMyOIXCJuHugfqtsh7ozja5HaRug:U1Wryx3OIdugi2hUwlg
                                                                                                                                                                                                                                                                                            MD5:CC968EE0712ED1E6C661F62E516AECD1
                                                                                                                                                                                                                                                                                            SHA1:C0ADD6BAEE81679EE2F3F507E01189EEE2B050BE
                                                                                                                                                                                                                                                                                            SHA-256:8A7BEFCBCE4FB1FA285B9D506D80E5B20802532E2296C511016ECFB6705028F9
                                                                                                                                                                                                                                                                                            SHA-512:C6F1BFD32054A7B8CE370150FEA5373F46CB54F8A2E9C5AD9B9393FFA2645EE61EBF85E668EADA6088084A4CB6AB57F393A41FD787BFA081AFB5052FAF4468D1
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2771134679225523&correlator=4248632618285144&eid=31078663%2C31078665%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&trt=2&iu_parts=5302%3A22764537101%2CTD-desktop%2Cdownloadit%2Cdownloadit-it-defaultpage%2CATF_Leaderboard_Sticky_Refresh&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=970x100%7C970x90%7C750x100%7C728x90%7C500x90%7C468x90%7C468x60&ifi=4&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Df3aa488e92bf77bb%3AT%3D1698409201%3ART%3D1698409201%3AS%3DALNI_MZFecWufxJfBW_wH_vjPEzi7uapDw&gpic=UID%3D00000d9cef7eaf64%3AT%3D1698409201%3ART%3D1698409201%3AS%3DALNI_MbKuVWw-1dpcOI7oaL0R8VxTcU6UQ&abxe=1&dt=1698409232481&lmt=1698409232&adxs=24&adys=853&biw=1017&bih=853&scr_x=0&scr_y=0&btvi=2&ucis=4&oid=2&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLFtdLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMTcuMC41OTM4LjEzMiJdLFsiTm90O0E9QnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjExNy4wLjU5MzguMTMyIl1dLDBd&url=https%3A%2F%2Fdownload.it%2F%3Ftyp%3D1&vis=1&psz=970x-1&msz=970x-1&fws=512&ohw=0&psts=AOrYGskQ9mYbxSQ6VAgm0Xw9Odaa0O5EMPOElfjJwHzCQ1Q2&ga_vid=512993721.1698409199&ga_sid=1698409200&ga_hid=875367689&ga_fc=true&td=1&topics=3&tps=3&htps=10&a3p=EhsKDGlkNS1zeW5jLmNvbRjt_s6ItzFIAFICCGo.&nt=1&psd=WzE1LFsyLFtbIi81MzAyLDIyNzY0NTM3MTAxL1RELWRlc2t0b3AvZG93bmxvYWRpdC9kb3dubG9hZGl0LWl0LWRlZmF1bHRwYWdlL0FURl9MZWFkZXJib2FyZF9TdGlja3lfUmVmcmVzaCIsW1tdXV1dXV0.&dlt=1698409195971&idt=3318&prev_scp=pos%3Dtop%26countryCluster%3DA1%26td-slot%3Dcustom-stickylb%26hvi%3Dfalse%26type%3Dbottom_sticky_leaderboard_Refresh%26refreshCount%3D1&cust_params=medium%3Dorganic%26campaign%3D%26source%3Dnone%26medium_campaign%3Dorganic%26medium_source%3Dorganic-none%26compliant%3D1%26ad_session_id%3Dfd5d701d-d802-4e13-930a-7924ce8c2702%26pv%3D1%26ab_upr%3D6%26segments%3D%26personalized%3D1&adks=47427054&frm=20
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Sticky_Refresh":["html",0,0,null,1,100,970,0,1,null,null,1,1,null,[138327306593],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CJPf1ribloIDFXNGRwEd_IQFqg",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"4",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20067;&gt;8&amp;&gt;`dopb/%&lt;1732261!=|vqc)!7201061?&#39;9efotm(&amp;20723;&gt;:&amp;&gt;`dopb~&quot;]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var q=this||self;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2223

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):7243
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.964170719111587
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:GhP21pp54jpN+kZGHSobZ5uAzExuiPQ+YUzI0UUOKyLd/tPi1uGPqQIIJqxRa:G656tEb+AvbRUT6KyRVP6tJeRa
                                                                                                                                                                                                                                                                                            MD5:E62514E2BB49FE85BA41E1D22107EFE9
                                                                                                                                                                                                                                                                                            SHA1:FA264AF8FD302A429AB2847ADE59656924D5AFD7
                                                                                                                                                                                                                                                                                            SHA-256:B619E5FFEE29220767755F9D795B61DAB2450E2D24970FF2F2C647478618D636
                                                                                                                                                                                                                                                                                            SHA-512:37BAE163BEF0A692858A1AAD2C6449321DB5092F67B8F039CF2D386DAEEC877127AD0121777C772BFBB8CFC06E6E660F86D86B07B2FC2CB58DD08839D95EA78D
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....IDATx..}i.%.u...z[..=$..7....th*..."..%..............1`.P..H~dC~8.!$.-#..0.$...V(A.lS+.Q.(..6.3==.o.{....^......9......n.{....[03.@DD..R.I...B..'.....-._...>........1`v..,...Bi8.....l....p..Sq.....8.......IXs.d..P?..Z.t....y^.&...e.Y'...e..i.*.....1.i./Y68,S(.|.ev.p.+o.....k.V.}..Pu^f.Y..6.n{...)Z..4.*.(#.L...Ij.B"...v..,..H. ...6^....N.T.s.jn.../..U..,.....3......x..A....c..W.....s.R............QXuE.rd...N..j......7V9.f.Uw.\%..:%...5.:i... .U!.M.../.;...u.....(E=.....Jt&kN.*..k.pe.P.........Z.z...5.-.k2...]...d.Fw...c.@x..O...~?=..Q..&+3^.G=W)..pr%do.g.t..X/.C98..bY^..m-......@.@...."..(.B....z.l.-=i...q<Z$.Kt..D$T...F...._...?.K...._....[.....=...la.,......`S...Q..@...$s}.:w..D.....ubY..8. A.:Q.3;:....=.....=.]......2.e.Lz.M.A..MD................$..0..*..h.Q..T3.of..\....&iA..........t...W.g.j..$.Tt.0.{....g.+..""4..l.....^..m....6A..B....U

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2224

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7640
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.975052366177421
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:wW2uZdcrhEnL9EJ3ZpC9KWCelMgfjKecehev9AL:7MZQUWjZDcCe1AL
                                                                                                                                                                                                                                                                                            MD5:C2959C74C769730E17DBCE376785D38A
                                                                                                                                                                                                                                                                                            SHA1:41C3265D222420E58AA0D90D8DE65182F761EF0B
                                                                                                                                                                                                                                                                                            SHA-256:3B885F0AA90F6F739867598419BBE2FB91A1EFB119E386B791176966FDC6DC83
                                                                                                                                                                                                                                                                                            SHA-512:51A8B374D31DF4BD9A3A884A00920A129C60C80F86EA442E9ADCCAC96FD13E54FE73EBFF27EAB229790ED051C3482B1C767E91D51B46F402E9A64C156A3BD62C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/brawl-stars-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c........O.^...; ".?..}....CDc.$..R2...h..........`.]#Pl[N...y+....Iy.W.B.]..m[U.q..B.[D....o.....I..Ink.q(Q..U.....S.v..'..7;:|^..c..X.%.?I...b.@!1...C../..Y.Y.?..2?...1dq>.../T....6X.!........^m..G.=..M.a......}..) ....m..G...>...!............G.!..f..=..f.g......_2..f......l.y ...).h:[....d.e..6.,..%...4........H...y`.@.-..6i......}$...'..l.*I........Y\...=.Lgx..3333333333433WMO1WR.^..#"3......s*..7a..RhI[V..T.i...N.q..p)......6..m.R..;.....2CI.)K...?$I.....GDf..h..m.>......l.....|,.m.G[......~.m;m...RJm]...fd.gj...8f..3.m..at.R..... ..@Y.[. .bP[..2a.<...2!,r_.......Q...p.z..tT...`1..`...+......@H..&.WzJ)-.....`..C.....9...6.|Y......f..\.lG.W..4SJXU_}.`0(....4.q].n....y.fd...pu.......%..Bs09...L.I..W.D.....1(..K...3......@.-...KwL....+..*...e.QF..e\P*LY...C.....-..'RR...6j....KO.....u.n..0Wl..}.......S b....S.........S.bv....f.Q.............h..&....:c.....~{s>V..%4.R............|....].h....v..s1.ps1.I...U...%J.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2225

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12712
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.970733936868514
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:HRKyhClyPrDhsFy9ZbNVkLeiOSkNvhy+HU18JQUeGU6:zhhPqFGZRZYk9f08qGU6
                                                                                                                                                                                                                                                                                            MD5:9D3EBE3AB0610655B8983248F58B81FD
                                                                                                                                                                                                                                                                                            SHA1:27384181B4A04867D5B6ED8480A76A13B442E0F9
                                                                                                                                                                                                                                                                                            SHA-256:17A0A6F9A116793E503BEE2008489F3FBCFDB41F501FDDBDF3037F443BF60348
                                                                                                                                                                                                                                                                                            SHA-512:3DE689A8248F89317AA1A4F658FE25878F50BF4CF330B3BD98CABA98FE429450441234BF312C43F7E56A18F45569A6A104B1CACA51564FF586BEC64BA0FECD44
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/los-sims-2-video-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.1..WEBPVP8L.1../c...M8h#......?...".?....(I..t._n.{Y....Q.-.R......Z..h".}.$$.9.rlR[8,...Tk(./....W.9.x.h.$.2.....a"...(B..F..H..m'>..p2M.?.K....".1....".......b..gd.........<z...;.Q.#!DV.Y...3GT..9c.f..._>..H.k..c>..p..B..k{...Pbd.!..2..Th....D..Y#.z@....Ck#............HA:.d.y.!.A.......m.I..... "&...m.h.......u....1.;.{.l.v.F...=.2..]..T]..Ko.4.w....H..[.$K.$.B........'.}K.dI.d[H.}....}.j2B9....H..........M.$..........q233K.....>..1333.....p2....;..$.$..X../s../.k..oI.,I.l.I<./...U}.W.jX...$yM../"YY..1vl-.m.m....m...UYU....|K.dI.d[.,jf..y........_._.g..W.wS..d.*I.m.>..EE.L]u3.N...........e:L.`f4....s......]B...4...sgKy/4...q..J...:..(|`#N...G..1F>.r.LS.......u#9.....d`...?...(.7ER"0...."...f.+.i....?.G.Q...&.C....F9mAj..!..Pi]m.....W..*.S~.'L.@x.I.j.@Z*i3.m.Zj.iBl+c..<...9.16.......=H$y..G.$&c2%..`.h....VH..=.C......LA....k..q.s.c.x...#0.'<......G()II..P...BM\?i.W..{..V.L`.tQ.L.I....D....(.c.. .c.....Z..{... .qL..`.H.#..f!..Z.C...Za.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2227

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):632
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.7045372281101185
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:12:wzzP4it6LWMaqfERs/tYFs8TmK3D0Qf0bmc3v4V2gqvX+YQjPFfpE:MgxWMaa9Y1XPM6c3vAXqvYjPPE
                                                                                                                                                                                                                                                                                            MD5:E379452497D611020A3277EA24AB7D3E
                                                                                                                                                                                                                                                                                            SHA1:C1B3C508058DF16E1AD828259D4193A8DE6CD412
                                                                                                                                                                                                                                                                                            SHA-256:6BDADB3F49DE399B97FA6AE855B15C9495E3EC4CEBA72E6D939B212111A7B140
                                                                                                                                                                                                                                                                                            SHA-512:0C3135145C0A7E280673B4F0ACF7C963028BA1AC018D3BD83861DCEB4179419CA884ACA11686602B109F4F114B7AD8F969AD1B82392337DCE06BF52A90B363B3
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/dit/favicon/favicon-32x32.png
                                                                                                                                                                                                                                                                                            Preview:RIFFp...WEBPVP8Ld.../......m$I.y/.>.=H8n$I."{..G..9.$E./i......p.I.".1h.... =.O..+0..?.......@..x.7.....t.Q!EJ.../.O.>.)R$h..).Z5.~S"H....B..|.h.../-......I.wr..$."4. J.........9...+.?...o..Q4l..........4.1C1..b^....!a....6.v....f..I.Xuc.vv..{...;..VD...m.l....+...Q....(..X..U......J?L..z..8nK...,..q..+..`......G..R.<g.>&g ..~.a7qJ.......KM...cr...{.#....G8..m.....T......./....fG.iu8j.|6<.'.9..L_..E.O..$.C...jbZc!.-.`...b..\y...D.).d..Q,.D[..i.......j]......n....X.SE-Zc...... ..O...a...ET.....@..K.j}...:.wo...Z.\.....].......e..m..N.....^....A..-.=.^Qh..6-.t.....P@Mg......(l9

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2228

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65386)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):431880
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.494338848096693
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6144:LsichyfUfyhwbTZfuLzoxBbkDD09LUnpn3KEyj0WdLMDz95XhUkAmx:LsichpfyeRNBbk4LAsj0WdL2z9FhUkP
                                                                                                                                                                                                                                                                                            MD5:68A2A3522EC848881E15D86709C3F7E0
                                                                                                                                                                                                                                                                                            SHA1:4381B631C7720185A45DD2EB149C1EFAC790D795
                                                                                                                                                                                                                                                                                            SHA-256:49DB66AE1889E3AE58A38124422C4D6648B19CF9F233B12412DB9B565B5D85B0
                                                                                                                                                                                                                                                                                            SHA-512:6E912ED4F47B2B9D1E4BF7286AF404EEEB3CC710097032815E17764307DCF9B5D228705F1AC8CF51F12710D5103783B7C88EB1238C61CF0AD06EC1C61BBE6F26
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js
                                                                                                                                                                                                                                                                                            Preview:(function(_){/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ ./* . . SPDX-License-Identifier: Apache-2.0 .*/ .var da,fa,ja,ka,ma,pa,ra,ta,wa,va,xa,za,Aa,Ba,Ca,Fa,Ga,Ka,La,Ma,Na,Va,Xa,Za,ab,hb,kb,pb,sb,vb,wb,Bb,Db,Fb,Hb,Mb,Nb,Ib,Ob,Sb,Ub,Yb,Zb,$b,ac,bc,dc,ec,ic,jc,lc,mc,oc,rc,nc,tc,vc,wc,yc,zc,Ac,Bc,Cc,Dc,Gc,Ic,Jc,Kc,Mc,Nc,Qc,Pc,Sc,Tc,Zc,bd,cd,ed,fd,gd,id,hd,md,od,nd,qd,pd,rd,td,dd,xd,Bd,Dd,Ed,Fd,Id,Jd,Kd,Ld,Od,Pd,Cd,Qd,Rd,Sd,Td,Xd,$d,ae,Vd,ee,Wd,fe,je,le,ne,pe,qe,re,se,ve,ye,Ae,Be,Fe,Ge,He,Je,Ke,Me,Oe,Pe,Ve,We,Xe,$e,bf,cf,ef,gf,hf,jf,kf,lf,mf,of,pf,sf,uf,vf,wf,xf,Af,Ef,Mf,Qf,Of,Uf,Vf,Wf,Sf,Tf,Xf,$f,ag,eg,fg,mg,ng,qg,ug,yg,Gg,Ig,Kg,Lg,Mg,Ng,Og,Pg,Rg,Tg,Zg,fh,K,gh,mh,kh,Bh,Dh,Fh,Gh,Lh,Oh,Sh,Vh,Yh,Wh,ti,ui,vi,wi,Zh,xi,oi,zi,Ai,Ci,Di,Fi,Ei,Ki,Pi,Ni,Qi,Yi,aj,Ti,Ui,bj,ej,fj,gj,qj,kj,sj,vj,wj,Hj,Nj,Lj,Mj,Sj,Wj,Yj,Zj,ak,ck,gk,qk,jk,dk,yk,wk,xk,Ak,Ck,Fk,P,Hk,Ik,Jk,Lk,Nk,Ok,Vk,Wk,Yk,Zk,dl,fl,gl,kl,ol,pl,ql,Ll,Sl,Xl,Zl,$l,bm,cm,gm,hm,im,mm,fm,om,pm,qm,sm,xm

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2231

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7558
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9696737701342935
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:zGpMfoTZvpuR9d49i1sT3zctPHRVYwcPe2oh6sdfFidhJgU:zQMaZv0RTTO3o/4TPhO6sZFqPB
                                                                                                                                                                                                                                                                                            MD5:87B342FCEA14F5439E6261D979A0975D
                                                                                                                                                                                                                                                                                            SHA1:0AD40B2A31BFBBAC4103CED874938CDE75FECFE0
                                                                                                                                                                                                                                                                                            SHA-256:A4D3498822F7B7460DA8627323CDCBDF119CD923DD68545C2734D9A8C94892B7
                                                                                                                                                                                                                                                                                            SHA-512:54B584B26B8C4DE3B003E890190B5B310BD8D6BFAD105D9E05A8BCF6049C290BCB0E978F36ADAF7838A31ABA2931FB96B59D7187DE34DEEC43D2C15129FC2AFF
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/windows-live-mail-desktop-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF~...WEBPVP8Lr.../c...M0l.6...^....{7.......4....-.*p.+f...T`K*I...M1.N.WC.2z.L2..\..l[....* ..r...........6......m...m.jr.)=.bQ1...R...v......)....w....a..R`.4.....w*<O..F..BCq.EL.].Jo....F...k.j..Y.....xz..p~V...u.......(...4C..dQ3. ..PK.A...0uem.....s..........4....\[...g..f....e.7KY..s.p<s<s<GF.L..8..m#..i.^..1..u...G.v.!...h..M.o..N..<E.<.<.T.@%[90[L.0.=ffX....4...b..0.hs..FL...d_.....hS.l....V.':....:KU.c.V.j.......s.m...=.`........w.>g..m........*Z*..k...3..B..K...{e......{.;t.ozB.\.)...].{..7...ZLz`'....`...ud7......0lff..^...-..[ff...$...j.#i.+.....JW.Yyw...j3.\.0.Ua.dJs+g...U.O`..a.]......aZ..R._k..I.m...3...>.r033H.<.~.....M..I"./.....UA...`n..~l.Vm[..R[..&m:..1.....&.j.bp .f.%.,.L.33...{..zo...m.d.,..+.....sG..X..`..)S.C......^.....m$E...j....Ao........>...{/....2!@.x&.?z.&.x.uPQ*.....p....Mx..)...3Wr....P..:v*.....;..{....*Y.;.....*.mE.....?.......?...;.....*DE.Z'.6....z.C.w.....e$.`..7.&HCYCO...RRM.`8..,..6n.....K......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2232

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):14157
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.952983386806198
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:X988bpUAWsgX7PjbHk0T9htxkV2vM/gGfYy9Ohb:NnbpXE/DbtRBGz9Gb
                                                                                                                                                                                                                                                                                            MD5:83717688112F6206831247CB51B6F556
                                                                                                                                                                                                                                                                                            SHA1:7C4AC1E3A04E4BE21B27C5977B32608565FBAEE7
                                                                                                                                                                                                                                                                                            SHA-256:AD676355F83BB3CFBFCA89940D7CCEC842E38A5EE671915F6E3A062F73A22E30
                                                                                                                                                                                                                                                                                            SHA-512:2F5F231F9ED490A7F00DDA8D5B461720233FB0AD6803715FBE12AA0E900F12228D8BE0A618EABD055167AB1B10451619DEC2B11EA54E57B6BCF57CCFB52A058B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..6.IDATx......]....{].....=JHh.$l..06..Y$N\.r*.....d..l....Ev."^...U..$&..p..&f.H..n..Vw..~.}_...z.9-...P,...%.....P..B.1.BA... 0..`YR:-....k.b...m.o.....3...a^.....C..M..V.sK.a..31....ga0..7Y.2....-.f.xF.FP..-..`..F...!.$.!0N$[`...62.... ,d..G......-.d.!.0!d*N...c!!#0...#..?..!..Y.q".T.l,.Pa...|.1.[.9..0..9.@`...$@%.k3.k...T.k...da...nY.?9.......>=~.Lsm..G1.t..mq+...8dZi..........B(0.....&..<#.-.m.lK".=..j..I..g.<..v..X.FO.L.j....L....o#.e..........Q..%......tbD.......+....*.....qk.*.3J.`+.....o... @`^0.....{.D....KYA.FnS.G,/..G..W.]......hQ.C+9..J.../.<'...)..o....m_.7..TC.'3I.$F...V......T..-............{.|.O,K1.%.DH..0..R..../.....777..W^.....w..[U.!5....5../U....R,...D......^......e(..E.e..G.8<...j*...~..F.F)"3j.q4P...{..c........6..TP@3N!K.B......?B.A...3C.3G....r.<.....$........G.{*nj.=vmh.....lQ..Z`.oK.....`H.c._l.....z8...#..I}....M.}bI.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2233

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5474
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.948427976781425
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:bLwO+u3EyiOBu1V6gjUcP9BSfEDX8x6bz+I9+GnxY389HXQShXKuHdttUOLZ4jwj:bEu3XK1Vj/9BS8r8xQJY83m0AOLZehte
                                                                                                                                                                                                                                                                                            MD5:37991B87E83A99512DAC4FB7C191B8D6
                                                                                                                                                                                                                                                                                            SHA1:02EC0A3895AC7922FF84A6B473C441700562DF8C
                                                                                                                                                                                                                                                                                            SHA-256:C2467F57736053066FDCAEB8BBE683BAADB0B1BE91CA47D74CA44BE6A43B8C03
                                                                                                                                                                                                                                                                                            SHA-512:ABC66EBA4F4362677155C4BD7A6D847D8727F4CBBA1A074E61ED272D2D98B67136209FA028C6751E544BDFA4C1AE35E2D19D49F8558EC7DBD3C2CFF810786C32
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/microsoft-powerpoint-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFZ...WEBPVP8LM.../c...M8l.6.`.w..............mn&9.mcvj...'W....r.@._5.b......I;.-g.G.....n.8.m..%....X7...<.7.$9R....a.<...@Z..7.$9R.G......7.......A..$$^.G[lo./,d. .x...L..0..?........T...C".D.`Z.,...5..-..E.}.\.%is.A.d..&.....h....W.ey,.......P..}../>.CA.6L..vw.D...l...9.&b@....~j.vm..y4..Z....[...N.a.q...v. .\:.......u...@.f{.............l."IvNDfUu.4]........y...yi........a.....2#.h......GG1a8fN_J.9t.fj...Z)...w.Ri..*.P+..f./......Z..33.]*3.iL..m.m.J9........%.O.-Y23...^k.#IRd[.Y=.....`..73..S........i..Z[....-.`9/,.y.d.e.9..F..iY0].fh...M+..&.....&r.-.U...c,..B.A.L..eY..a.)B.2.:...Z&.b9N..5.r.Y.2k...c9.y.&.:$.0.9.h5..C.m....i..ed..I........F.-.H.a9fe.&...h...Br.,...Qs..E.Tr.W_.C.js......y......l.1...u]...e9,3.<l..d..ey....'.i.ey.N.I^.i.v..Ec3....:M7d}i..\....l..B......}.?.....tIv.fD.]v..9'...e..&"...s.........}.u.~.......a.&.....:lC..B... QM...&..C6......y...q....8A9'3&|..z......:.....3..G..............Pj.&....\.3..D4....q..s..T..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2234

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9318
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.953115488561078
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Aui1RytaWJ9SOeC5RiNWfOSJ8kM0iHTFSOfdzmTo523UZTRrfIGV9tS0Lpw:AlrWJAr+iEREFSOfdzmTDCRLLScw
                                                                                                                                                                                                                                                                                            MD5:016396D10C623DB6E1A90C6A891A0209
                                                                                                                                                                                                                                                                                            SHA1:59F5FB90EE62DC9004AE4D0D02D606F5F054E9A0
                                                                                                                                                                                                                                                                                            SHA-256:43D72790EFE4CEDD11BC6E855E0CB162E25C2C70264F41E4931086820A30F2F9
                                                                                                                                                                                                                                                                                            SHA-512:F31CE78A544E49E61FE3E04DD0086B17CAD32C5B34205C3236C6C77F29F6DF53ADC52024EB237A63B42B0F85E33A546B8C9D90328962485CF0811F3FE055E5BE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/wordpad-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF^$..WEBPVP8LR$../c...M8h#..u.z...D!....y..I..im..3.$J..go...3}...$Qe@s...+...K]..$.U...T..k.......G.$E..J4..#.._..t...H.U+.....$....a....-$.....(..M.<.>.n....G...T.TR.f"B......~e....DJ..-.9.v.....{..GD.....p.r..z.... B.......tU...E.....F.7...|.B,.>.@GG...DP...*..>....L..EX..}....@D.OF>..../..$.(R...Q^HEH..m.0I.......Q...........i..7.A.....Y.e.kG.d../ "..y|rR..."p."...!".b.+.I.mY.$IZ.~.V.k....m..w..--...$I.l[.$!..DD.j...W..ET......mE.l.jm...3./f^9.+.>.y.\0s,^.IME..>.sl.mK....{...1.....U.P.1......$I.j.m.y....k3DwB9.;:q.>Z.H.m'..{...2;.LS..I2.....c.K..AW.&..WU....K....q1..zI.NDJ.p|-z.......H.""..f.Y.......%...&<0..`f.....#....,<F.}..=.h. n.9..Ze....k.`!..!..s......@(t@....-X\.`}..E~4.....PP......oa`>.A..m....EH.....,....nP(Ra..5bb.....t...kN.R.L.p..v,....dX.......?...4.>....#f....f.m?.~..,...3...i4.#......e......?...w_..v..`..v~eX.Q0.6........w.@~2.....~...^E*.......0....._........y..e?..h..C......).w-9.....m.a..mu..........w...........

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2235

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):4704
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.955535489271561
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:L9nSe2P352dJzWtr2HKAzXWRKwFXFGFYGOONeQtRxiR:hn5wkdJmsKAzXWRK+iYerjW
                                                                                                                                                                                                                                                                                            MD5:7109920D774EF01764F0110AC86C2D37
                                                                                                                                                                                                                                                                                            SHA1:17A8280C7038156270C0B92BFAB27457D4C9BD71
                                                                                                                                                                                                                                                                                            SHA-256:CEFDBB4DED491E70697420DA13A47FEF47139250B0537739F27606CBB4F1BDBC
                                                                                                                                                                                                                                                                                            SHA-512:007A548E57D1F2EB205B43A3BEEFC2444B17A5AEAF73E534ED2789DE4F15FCF0D985C1AA3991331D1A0FA4B871086F88F37476C992B3E378BA39034446E79C5E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/microsoft-office-mobile-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFX...WEBPVP8LL.../c...M(h#I.....,!..........F".d/4GH ....'...7.a..,i.Om..2...G...q$.J..C..}.8.sw2`"I..V$..9...G.P_..$...2...5.DU.'..R.....l.....N....[..%NNrB/L..5Ig.....&j.-..`......&.y.Z(.cy....:0y..........n.OD]L......9.n...f...;...*,...$g.snD.,.[.{...I.Kc.7.{.a.{.I.K....a.. m..(.RyCs.=.MBA7<..mxF!;..E..v..s.+.,...y4..I.&=4.3.B.......d......W>.6.R.....T5.... M.USy..`....1.(..,.C.K3.`%.k,(l..Dk..iQ..6)......eff.W.)K.#k...#km.bf&...AK....v.m{.....4ncB.i.Dt....`...*...=g.H.......O.YB..D.....H..i.m4..`.d.g....t.=\<<G.........>...XcF.<7.uM|..Wx.....6..e..xJ.m.g<...GY..6`T>....TR<....=...g.w.._4G...~.Y...>+.....~c.B.x.0..q....K/.....L..X_x..2.P......?....A.gd..gF.b.0T.C......Yq....h%....B.>lg.....r.4......u&............7..R.Q'.....QO=.).\...^...6..|..W.B.9q....C.9.j.R.......9..g>.>.U...5.1.l....\..p.c..?.zL.IMs.`...^5P..=#.<o.y..`.|.1.>G.x.9.=.k..'.}...........N.(.Y`-..4b..z._.%....`..KWL.o.z}.........?.....!/RS..~.r.y...y..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2236

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12090
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.973382735121626
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:lItloQ65TILqbzdnTmPXrYXRskg2b1QApnRRtVxmPh0akHgolF0j+6VYisFosM6Q:lItl80LshnyfEXRskgaQApnRRtVQm0o6
                                                                                                                                                                                                                                                                                            MD5:4232AAD73867C8BDEA93C2148B33351D
                                                                                                                                                                                                                                                                                            SHA1:E9D3399EA3B2F2228F2A3D4328F78B6A133C4619
                                                                                                                                                                                                                                                                                            SHA-256:9E52C14C2C0245C6280839F49A6F56D26F9E7A238F4B784B429E9CDA0849FC89
                                                                                                                                                                                                                                                                                            SHA-512:B654C4C8A5C2B1BB25DFE8E972A160E45145D2E8A1A2F124BFE2441354017EE84756593EB156935AA34E35A668F027AC5217A819C02F170C68ED57D5AD17DF2C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/unofficial-tvtap-pro-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF2/..WEBPVP8L%/../c...U...mZ....."b................zA.v.._&.....6...0.vH3.a.333.p...A.....~a.[:./T.r.R9.\`!t).B...|7.=.S..N.\..sW.>.f.+4....:..|.6c.b.N..1.]`.)G..{.cg...mf.O..D....65(5..C3J'0C..|...2..5o8.t.......fc:.A.pF..Bh.C...u...RfH.m.(.....].....?...iZ.\....$..".0..]..]3..H....._.C....A..j..Qm.....$.m...m...x7v........} .m#I.......\...F..Ln._o.{...q.s..;x...;zx@..;.;...w8......vql......_..V....\......+DE....K..B....%D,@.K...E0... Ze,A.M/d.,b...6.*.)B..(G........i.....".Wex...w.l..J`.45 T.....!s....mO...(X.{........U.r.Yd.9..2.d..(.m.n.].....:......&.$..m;.Hk...6..m;c.m..=.zT.f...m._.....IR.f)_."H.E9^.....H.{. .T....Of..2C.._........`.....:..C........L../.LS.<........2.z..<.O.T/. ...,...w........I..@s..K...`...#...0.N..N.....~.<!.......\.Z;<c..\.6...a...2Z.e.H..i........f0..=..A.. .....P.OEI..J..^&.i.i]z..a...{a.a..w...Zy.7..)q.26J.=t.....7J19...52.!.X.aL...jE.w.L<.3}...) ..1.C.M..@.....d&..jr...Lg..CPR#K..y)..]7.3V.....6mtM..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2237

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):48
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.8915414066556506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YGKeMfwDpHXAYHf1HJmM+sJiK4:YGKe9t36RLp
                                                                                                                                                                                                                                                                                            MD5:82AFE934CB7D3AC2858D3374014A24FB
                                                                                                                                                                                                                                                                                            SHA1:FA6FBDCE4D72662A4FE391989A35280492FE367A
                                                                                                                                                                                                                                                                                            SHA-256:2A16AC49668DBC041EC09F7B52668E59828413DBC65FE1C8FBD6510E72E52471
                                                                                                                                                                                                                                                                                            SHA-512:7C879D04F27F5A53EA8E89AA45917C56B6816B7F2E044791975A6CAB9D155D9C7E603464FC52984A17C37A600B91859F97935E6160A2C5C7000E7807486970FA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://apis.cmp.quantcast.com/geoip
                                                                                                                                                                                                                                                                                            Preview:{"country":"usa","region":"fl","city":"orlando"}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2238

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):12248
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9677826673811945
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:dmiEV5gI6VTyMKYHo9PZyg0yhs5Mu/JjCMn2dyW+8w/Itwg+7Iza/3JODEzV1h8I:Uj5gI6VeMKYyBrC5RJjch+p2uZOSPx
                                                                                                                                                                                                                                                                                            MD5:21EBDF04744430947D2E6EB63DEA4FAE
                                                                                                                                                                                                                                                                                            SHA1:F2978F3A2C4FF592DC12EE8C6644F34DF8E6C0D9
                                                                                                                                                                                                                                                                                            SHA-256:C5852EED250669010E97E0BA4219CD4A755B08D999643275812FCC00BDAD81DB
                                                                                                                                                                                                                                                                                            SHA-512:F24426FE18C9581241106A1E6F7E1D102EFE19A1DD9748B40A04A5BE29D5DA23E253727C93CCD22FF89E34210BF4ABDBA5666C05ED0F7193EE8B3546AB44CEDA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/gacha-cute-mod-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF./..WEBPVP8L./../c...M8h.I.T.....xHD....~.-...6MK(...4...Y.....`.~.R.KR@a...].>.&..*i.h..A#I.....z./..]8n.H.5..P...y.s.X..$Y...G...h.....{.....& n1...2............S...aB...~06...Lw6`...ed.wJ.)'j..|..3.F.?O.#}....^..7....`LRmJXRF..$...C.....`...........#.....>.4.~&Km..%K.&..{.S..Y.'..K....J6..../._..7.....0 .`.0..m....."b..g..U.P.iR.Hj.*..0..Vf*H.4..Ae...$x4n..I..I.m..#Q....p..a..W....`...Ir$I.....9...-I.%I.m!.EU....5;...$I.j..a./.e."I.m.E3s..........2.."..HUE.F..$.$..YD.=...8.30..%.Ke....{.$I.mK..X.>V.S.C0.....9...^Jq..[.$9v$.Gd.#.......}8g.!@.W......I.m.$IZk......j6....jc"z.l.m$..$.f....?....6[.....>...#..U..i2.Z%...u..b9.....i...L.#..o.bh...<$..o..~3...T.....x.O....?j}.;.../D$.M.L..}....4d.#.,b .o..~$y....F.Y.B.}{.....'....{lb...g..}.....^..........t!.....l...>6......Ter..G{.H.......d. .m.B.+.............a...8.....S^..n.Q..~.P..\...-...>...g.Wd....L.......S z.h..`X.... .fu.6N!........n.M8.9.......]..j.p.W_..l..q.......\. .\=/6..rx

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2239

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):13966
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.984583499907952
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:bddIg9Q3VqYRPRWrXtuPeIOzj739nTvgZIID2:ZdH23IYRPQrdB739nzc2
                                                                                                                                                                                                                                                                                            MD5:A0AA679D3B85F775EAF4F2B4FC6BB7B4
                                                                                                                                                                                                                                                                                            SHA1:1B70DED8F2195FDD1C0B99E2E2E272D8377082C9
                                                                                                                                                                                                                                                                                            SHA-256:A3D0C6D76B8878A6697871635E98984156E645D844CA2C1A5B80D78120CE3CDD
                                                                                                                                                                                                                                                                                            SHA-512:CB6B2648C10C03B92815105F72FF6A109502D82BEC327F038C3DAAFC5F3FB130A81DA21988B1EA544CB08EFE08F3031B9EF98A03C44285612D9258D584B8B30C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/tvtap-pro-tvtopp-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.6..WEBPVP8Lz6../c...U...m....v..D...]u9C..`.N..iS..n..x.._.h..]333333...2..tI.....$...``q..y$...y..\.]i.H....G.\C.[.......0......q.X......0...ohT&C'...:......\....b...m50...)4.}l.{.....=.8.....=0e.T......<.L...j...m8r....v..|)6gt.m.L.v\..z....;.u......L.L... .6`7R..."."..../..m...;. ^..m.y.....,c..k.m.m.m..{...1...4j.2N..m.(.9.9..X....$.89@".y................q..gi.{...y........O....;DM..x..a]....#.F...E...30..>.....U.%.;v.... .^`G..k.........H...d"G.........X.@l....pTtd.F...\.......Z.n0...........9.'.6r-o................]...I...C..C .g....[..g5+.Y..t.>j.m.i.}....m.........B..B....H._.m+.d.V..3.V..J.3.rT#U.. 8...L..Cp#I..X.<..x.....5Jp..x.A|....G..H.......6......h..^.....v\k...n..].....J|....E..X.[.[.W..^........\.N.z.K.Q.w.V.K...Q....W.....!\.Y)..K...j....0.a.J.#\..w.f......f$.4..j..a<.3.y..0..2.:[.p..../r.7.B..R......`j]u...%...q....@.......2.J5......p....O+...C.X..X...K..........[.q.R....5.u9..........E.iP3.YF.....f..l.u.=.y.7#K..R.....M.8lq...\

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2240

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):6254
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9075848776908835
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:HAW1VSZ3U/Dxvu1RAGhwnqE0PFQTjrE+9y:gEShUFuAMPaHAOy
                                                                                                                                                                                                                                                                                            MD5:F97D4EBD9BED05A7A35E0570C29E561A
                                                                                                                                                                                                                                                                                            SHA1:75B6897BE6B30F27A3D9DB22365BE74B1D67995E
                                                                                                                                                                                                                                                                                            SHA-256:150B9BCF1F84A53AA135AA97733E4862FEDAC9AD6A17840D922AF5D858F572DC
                                                                                                                                                                                                                                                                                            SHA-512:48E3A60F52C76F51FB3E3C9F0BDD9E6A23BD9B27CD8BC74C9E829797529ED26F41C7004A0D8F3C3F43EDE20DC1619B299F6A7AEB5B5CB88721B6C85A4683C2BA
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/pdfcreator-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFf...WEBPVP8LZ.../c...M8l.6.`%......v...O.$UIRwK...dsaw..Y.lX..'.x.~..5sa....<....t...9=....}...E..)%....F.O.[..H..)..^.....<.F.n.6.$..u.Nh...gO.a....&...0.I&..p....(.XV].O..6.X.J........xVO.i..b....d........ #S...2....1.WeJd......O.*...3.E(..P...m....x......l2#...t.ej+.N...].!. ....m....{.O!"&.l.....:"...Gi$Cf..(...V...].$I.X.|...KF...l..b.....1...G/l....x.l[.m.<..8.6..Bl...;.%`T`...eI.$I...{.n..`.3.1...m;$I..%.....(dUf..5.m..E.\.m.m.m.......CO.m..m[mc..8...V..4rv]W....m.<..Xk..$.$..../...e*...<g.L.........}.........g.....e."..s.......P..k.08.....c...o.wo...|.."s........lx[.....:.M.".Z......jH.%.......N.....K...z8..%...uu..Y.y...y...7.6....j..T..x..p.@AQY....{>;./...8...1.....b)...Ns.54.Z.+g......o+..Z.~3.UGw.?->....^.....!.u:3.F=.p....0...a)2;...pF.z.y.6...z......>L.8..5..o......L.t..0......FcC............S.Z..7.....2.F..%..m...{.|........................`9.K....G....= ....]r....S.K.....(`....@.x`...`.....aF..{...Dy.&.0.........R

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2241

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10046
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.973073813106869
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:NBWpI8gG1ajSwFFvLBG2XRpkH0c69TAZqOGzkTctfR6gv2bMUDO26eOD0:Nwi8xupvzBGeFcea+kTKyb2oOg
                                                                                                                                                                                                                                                                                            MD5:B5989904508B774778A8D04729957A26
                                                                                                                                                                                                                                                                                            SHA1:A651FAA85879949CCF46980B3F14AB161E2F0B4A
                                                                                                                                                                                                                                                                                            SHA-256:CDCDDE6F06D3E949F3CF3E349804E3995A58462AA79EF1DB9BD00B28D5750496
                                                                                                                                                                                                                                                                                            SHA-512:4BD4A53ED563559EF31DDD1879EE38ED0F9D70B23474D5759F11A7A610F7B4AF2BF116DE3E7BDBBFC1D91C5CDD5521D32B2C8912D969579B377948975EB4A1FB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/brawl-stars-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF6'..WEBPVP8L*'../c.....m.F.l_.....CD.......@C\P$...M....m%.V.O..)..K."..K.^.(.[N.....H...)..vw7w.t/\..*..|.K... .;A.H..TM.A".b..A"..GE.mm.U...D..=]..+...L.. .9""....A. ""B!M+....Gs..i......k.f)...5F..g.H..`s......b..n`.j.%S......,).`...(.=....R.:..)0h.1z..R(..k.........K....{...[=.-....._9w..=..w...w.....,.8.`."....j.....T......m...!....2333333333...y....s.^/....?...U......U8-K..O.{o...J.....p....\.d.Z..f...h.;4.|.UI.E8.,GW[..3..D.m.1I.m.q.W\............m.m..m....L..*].q]...m.m[.R....Z..>.m.m....9w6..+..\.gcj...[.......).(...|.....v...X.+<C...`..P..x..0..(6<.'F'...2...!.R,...aU....6k2.`p.Nm. .(.lk...I.`.?...T2.T...h.).Vhb*.....]."].%t...H7.&S....S.2..>......m...*......!Nc.0PL:...J.....}.K@.#..2...F.tF.2.<2`Zi..(......p.............+.CR8.T8.....!.......s.$0U..b..N.O1..0..-....l..4n..(....CfS.dk............d8...g..5.\..G.O...{...Q.^.].....X.....%....bBc......X.!...@..bk6.,Ix.;..D.5p?8.<(...Y......U....z'...x....7....Y_.n.....>..%.`.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2242

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15281
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.977689247403851
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:OHe5/mEfFm6ySzbe3tMDAk4OAD/h/PZMcsP/8o1F:OSm+QNtMEPV9PZMcsPPT
                                                                                                                                                                                                                                                                                            MD5:EA3EA3DCBCA83A3C46386709B23763EA
                                                                                                                                                                                                                                                                                            SHA1:C0A436E2568A2EBCDE35BB69AAC955049F203596
                                                                                                                                                                                                                                                                                            SHA-256:92AB60B1915E6A0A791C50AD475EE1E5FF474AA7748CD437F8ACA3AFC8675DD6
                                                                                                                                                                                                                                                                                            SHA-512:F4D4188FB502EC70D17F41E0DB39BC4925B8B719C7504CAC508E101167EEC005D0AA059D5CDD314BFE00A2229A520FC3DAB58AC87210D22DA21AFF3B3A86EE85
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..;<IDATx..i.d.u.v.s.[r...........3..b........ (..@..eE.p..._...C..P..B.mQ.i...E...3.1.........k...-...............z.{..|.K.......T...W...R.M.@...*..]?.....E9..L....J..+i.j....z.;.b....A.@D....."V.n....$.&..8.jF..fs..f.V.l.....E....4.......$.Q2.+HM.....7......^.q5.q..0....*...."c.Hnk.%UUUB.N.On.......(.......*........6.....cGO.8rryny:^...I.TM..PU..B.,...~.xQ.U..*........s5.......\.1k916f0...`..f..w..#R./.....+@J.......j.c3@.IUEDUDE.;...P.....s...w{.W.....!.<...O>...Sw.mj.X.......}...R(.*".$$L..._y.G....t.+..O.;..pp.3Kb...U%.J.$LJ&\.2..!&.W...\..^w...3... .oX....b....e....g.fy.....].x.J.,~.C...3.].,B..l....4.Y... .q..m..z....~.o.....N.:v.n.....W..L........(...Y.....?...y.)..M.w~.j.:..H!J.Rfm....p....=...>...~.<|`...am.l..c0.....+.Y2.....W....=....?y...6..|...A.HpF.WP%...`..>..dj3.r......(.i.O....>H.b.B.<.x.&....../...o^.p..............a..5.:.D..*...F..p

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2243

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):12171
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.958996468243355
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:JpH1ZEY3DAMgHHXJpdMbcjAXU01nlO3P7xHUXq81o8LsZp67R1UqdupWTMRe43dZ:xZEY3Df6dQcjAXjuf72XVP7R1gpYC3dZ
                                                                                                                                                                                                                                                                                            MD5:7FD7E38C529F33D7FDF25D0898835F0D
                                                                                                                                                                                                                                                                                            SHA1:E23B2B65DC77816F4445C0694623867B094EC25D
                                                                                                                                                                                                                                                                                            SHA-256:1D22D39DF42A532D9934C0967467D0989B7ED135DF127C807F188FFD718F8DF8
                                                                                                                                                                                                                                                                                            SHA-512:98C9A2A9288CD9952A6B01D617464D71CE418A813B089FF5B30D85E5F804DE77BF46A48F7AB5FBB3B9026ECC51D147046308AE478B39BBC1D1627173C11F7A18
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<../.IDATx..y.].u'...{.s.\..$.F.&.....IL....vl0..x..._.n.I...;...~......8....;`.x......1H.IhBc.TRU..;.a...s....d.w......u.:k...Z."...! .( ..~C@.7(....7..`._...O............m.L.k.kOw..:....L...//y.o..z..o.....|:...j.2...7.......Y...uC....n...a.L.8.H..."N]..])...c..n..... S.O...^.xf..Nh..bz!.k....@i./.....$...4...`(....H#|#.. . ....$g .w..E.Q.P,0..$.....'.........k...8.;...T-...Q$.v*.)).?#j@..A`A.A.....D....,.|{......Y.a..HC...C...l;z.....k.+.....y.3.L..E.o.R..<. ."...Z..;n.F0.!"R...C.q..bE...#@..@....m.s.Y..S...".06....oy...h.g......QJic2....Y...V\h..<...R.......[pBD...YD.a......E.....f.9.D..7..tV.>.....E.q....?...&...]..57.4.w.x.d2..~.$.|N.r...z......C&.........(Ff.=$B..3...G..%.x........p.:...:.......ar.k[...d....../%.8G.(.( H..E..B...Q.8... .....He...#.@#......G^.....qq.A+RDD.H..J..Ec.+....0.."Z..vn......^.....A..........0.SQ.,C.........V.}..#....g

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2244

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):19254
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.985014482361322
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:MSaYtvvS5nbn+y52Ec7OSkCToG/Mur5l3YQI3OQcS2icep01SY5Oyb6e34Jv:/tvKVhsEc7TDToGEuDyX2qpSSY5Pme3I
                                                                                                                                                                                                                                                                                            MD5:5E88C945959477243286C31E378219EC
                                                                                                                                                                                                                                                                                            SHA1:8504F6661F0411823E0AD555767675E9CBD7C514
                                                                                                                                                                                                                                                                                            SHA-256:1A781CB80BFF38D1209B263AC2FCAEDF2A6ADCE6329F8695BB8D92FFBF044641
                                                                                                                                                                                                                                                                                            SHA-512:0F4658AB0B4895526A6184EE5208878F65DB662F4007F944C48ECCD5F770F8342832B1116538B9D4B510B9D20DAFF863374E35AC64E34E0471858CE9704BA70E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/ultimate-custom-night-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.K..WEBPVP8L"K../c...M0j.H......<s.".?..L{.._.2sP.._.'......g.\jq.W.s...$E.....&G*.I..*................m........F...%r.=W....|1.vf.@.).../pn.....TQ....$.<..}..N.8...;.-A w.8.....A.Pn $...8 ...Q#D.2F..(...o...a..I..!F....!.....'...*....1..G.Pl...>.*.8H#vq.(...![...........m...io.!D....7*.t.].*....PN&......o$}..9I.6....=.>..=.m...m.....cu:........{.s.oI..I.mK..="....=..k=....x.7....@.QUeF....$.l.D.<"..xn.......0F.]c...p3..........c%..M.4...g..}<m.m....>..mtw..q.&.t&.....=_.q....Q$I....2...{f..g....}..`?...X.....hf.p..H..+"Jf..\...<.0.=O..3.YQ.^.`.."..;I.b.5.-T..W.....4..zM..?;~..gW.n.~......[.R..UC.w.^^.].?...}......C......_..g.~d............_..[.o.^.....=.|.{.w..8...._.....KI....z........{.Ss.....o.O.}.O.w...e7...........w..^.......?%...>.+..$.3......_...cZ...E...~....D...7..o.../?........M.=@....E.... 0.1.......x.d@*.....{....}<...(...#.l.o...r............H..........~...>...W.f.....1.xW..S.A.q.y.$v...o+..U.....G......@.0......f+pi...b

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2245

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):15356
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.969812617389736
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:uCBmPwzWk6reCWW0BzFekHskuj/uEkkpo8GJHQ7Ssmzxc9Pdiq6:uCjsreCWW0PeahO/q8KHQ/mzxgdk
                                                                                                                                                                                                                                                                                            MD5:C0B7946CFDB260F1B27AA52771E26782
                                                                                                                                                                                                                                                                                            SHA1:9B29C22535449C8D3E2B6227A437E9A8971C0568
                                                                                                                                                                                                                                                                                            SHA-256:2C29B85E5DD88A7D24A1571E9E560035B151748ADDA1AF1C11EF7F2CABE7B084
                                                                                                                                                                                                                                                                                            SHA-512:52BEC570350EB059347677240F860C52BFD43342B0B0085A830BF5CE6859A6634E46A75E3E707435116033782E10A0BFE68BAD37E20E8EC64128B0756D972C72
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/battle-monkeys-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.;..WEBPVP8L.;../c...M0l.6...oy...n...O.Z.$..a..s.J.f,.{f..~....,E.k...d":j."..j..........6.?..A$I...U>..-.....H."+t....x>[..{....(.$9R.....e.'......t...1e>....\.......J.....2...m{_.i...00.q.a........bZ...<..R....S...1.....K...L^.....>)..a..L..j*E..B.A.C.......@..n0.q...?......D[s.tb._....V..<..+..0@......i........]un...m..3T.C.....Up...NT...p"A.@Pb.]u...m2.m.="3K.>..ms..i..Y0.t...lwWUVeF...m#..$F.....o.^.$7..H.y........uEL.om.M.m..!..Y.jt.}...x...g.B.3.d...h.YYXKf.)...n.$I.d.%...Y5.F_.+xu.6l...AcfUF...H.U.m+R...z.c.Z....cRe.....`..:.ZK.).s.m.$i.v....GR3...!ju.u.n=.V.g.|WG...u.7..[.$K.$..d.K_...f>.~K..-I.%I.m!.yd...........}.?C.....3..wuMO[.c./.m....m.....n.kj.,WeU*2.m.m$I...Lfdfe{o.....x?.2"$...m.R$......%Wu..XL)....+..g..X.s...N233.d..`.fJ"CF.....!0@Y.....f.X.`...$.......;a...A.g...1....?..]...K.]....WcG1$0JB.1...b(..ec_j.;:.>..O......+@Q..%/.$/..S...##.a2,3..H..Xs3.L..1k...).......W`@...z?.T....cvIi....Q.Q&....,....../X..ba.P...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2246

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9889835948335506
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUkxl7/lHh/:slf/
                                                                                                                                                                                                                                                                                            MD5:B4491705564909DA7F9EAF749DBBFBB1
                                                                                                                                                                                                                                                                                            SHA1:279315D507855C6A4351E1E2C2F39DD9CD2FCCD8
                                                                                                                                                                                                                                                                                            SHA-256:4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
                                                                                                                                                                                                                                                                                            SHA-512:B8D82D64EC656C63570B82215564929ADAD167E61643FD72283B94F3E448EF8AB0AD42202F3537A0DA89960BBDC69498608FC6EC89502C6C338B6226C8BF5E14
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSj84SHqIWBKnRMfo46qncMhVbr0Cs6j_oJYmMhzoL2w1uemsK54AY2iqkW_EA43RgdHjblGqyRtCXcw91fSDUV70M9WHk&google_gid=CAESEMRWtCSq506Z9-r_lLfcJfQ&google_cver=1
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2247

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):8138
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.898065532812352
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:laGyR35xGYMi6ysSSK5ft9F8V9DReLAPLvc5:Itp5xOiLs/KD9FOe0D05
                                                                                                                                                                                                                                                                                            MD5:A0E5ED38D525BBDBFFF734BA4DEF819F
                                                                                                                                                                                                                                                                                            SHA1:7A9B15B550F2A4DAC0BE7D3C0967E309A82DEDCB
                                                                                                                                                                                                                                                                                            SHA-256:2C6A0C73FEB743E8CD169CF068E33E2E3B0CB368B39DA45B56F718DD55159080
                                                                                                                                                                                                                                                                                            SHA-512:A205959986C251537C66B4B12BAE06BB759BE3DC265017C0CCD84CAFDC7A0EF782CA3FE32FBCB8D02EB33C4663117CDA4149E49133096E16A32D649F7C1902A7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/speccy-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c...M0h...g.......!.....+..1......J..>.~..W..p...`K..3..l.KT..M.63...Mk..0.......)...$)R..w.(...../*j.........U.....D."..".@...""....!K$SD.Y....J..A.~......'....._.\.2x~......W..L..."........(.A....~..1....*...%._.....l+T..5.....:..mk..j.6.y..$.Jnffff.]......{..v...........c.$'.w "&..m[k$M:.}.d2s...Hfff.ea.fQM.......*ff.d.`p43I...?*,W..sd.m...6h......Jl..a.c.V.oI.,I.l.I.=.....?w..tW....m.!I....,...=m..k...C..msl...h..Z..TD|._.$9.m...{$...c.=g.[1.0.Z...5P...WO.$9.m...yD.\..k..z...Z...1.#3=."..k.`.P........#."..G...5..a...:.......7..@.0..0.E.`...$.........@`.. ...9...9g..!.A.....L.4.U.2p....!....L2c..4.H..S.(..h@ .....1.#....9ezW.....c..f.4....s..N9.;|..c...].0..1..1..P...3NY.f.){.~........h1u,.T........iLL..e~..'0.vl... ....Q....... h$.r.?..I..L..$1.1&1.......H.._.[.#@.....DPIF.......wL...AP)@e.1.........jZ.@.8o..7....(<f....vf..HF.k....+.+..i.3..n........`...` ....E!1.c....)..>g$==...T.....R=...\.......Bd..SI..;3....pL......z......

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2248

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9622
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9607898268863035
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:D1Sq3FQSLtcytPqSRGcFvNVCEs60VwhG74NRH7nZc2agoTLHNRk:hSqie6ylbRNVx074NRO27gLtRk
                                                                                                                                                                                                                                                                                            MD5:8D9E2C7848358493C9D524449890E9F3
                                                                                                                                                                                                                                                                                            SHA1:98433BDB50531FE71CA518E0C3B37258C9781D19
                                                                                                                                                                                                                                                                                            SHA-256:7E679458E0EA3428204AA7ED8F90454E6AB53BA286585841C698F55E6A17163E
                                                                                                                                                                                                                                                                                            SHA-512:5C71A137C9808AC2F584B700700F7F23EC5C600057C9615D98D636097A18F3D0D10D9F2FAF9951F95EBF36141AB9D147644871A4024EDB093A4C78978367BC4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/minecraft-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.%..WEBPVP8L.%../c...M0l.6..{.;......".?....s.....r.".+9...I.$..$.Xk.\...>p.ZR.`.6A...m....p.I.#......Ygi...$.....w...../..$)R>.ob../1Ol......7.bk....DB...9@g..$..V..9/J?Z.~Y.K(q.i.,.:...<L.S.i..!Y....`.ydN.a....qDN..R...Y\...n.`...b..?.].>...|...3.....P..4.?.{!D...G..Xh..bS..J.XVf.Y..9b>..m[.m.bjc1....j..d.....hY..1ao.b$I.d..._..3M.'I.e.$.I.{...=...........gsL.&.UI.t.}...U....3'3336s\9...UU.)........>=..Us.-I.%I.m....GF......Z..Q.Ou..p3...I.j.mEdi.of..\[ .`w.%#|..H.m[SDT..=<"y1.U.U.j./fH..sW...oA.,I.$..53....?.nB...$..~.o87...Hm.}l..F..2F..h..!F0b....1..0........H.c...qAo...@....@|..f....2....{......1......l...V.-kZ....a...L...D.a...`.x...3....9.f.G.#.2.5Y3..8.F..w..1......`f...=S....p.+..(....?K..>p;......DZ..........7.O.....$R.......%..e.....P....l........^{=.._..#....u......=?......EZ ......qm4........2.1;.w.J.................6.g.....>..k....w.. ..@.`..G. ...@.S.!....?.+....S.....&...+Z.P/...X.{.......Vs...H.8#...`4X. ......1F

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2249

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5092
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9369464289842595
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:stJFVDOkOMomFqSVlIZ4hLMKnbL0KYA9BiJxPncV4I1/aOoWGPmlu1L0T9s:stX9JOMomYSVlIOhdImwPnS4I4VJPmlw
                                                                                                                                                                                                                                                                                            MD5:C70827831A0737CCDB95D893AADD3221
                                                                                                                                                                                                                                                                                            SHA1:CF41A218079500C8C04F98C486F7814C96CA0AA3
                                                                                                                                                                                                                                                                                            SHA-256:B2752493477A033D981B5EAE37AA5A778F59DD1A62C62D450309CD9C3C70D99B
                                                                                                                                                                                                                                                                                            SHA-512:DF10229BF7807E5FB29A6EF77479C7001543F0BFE34FA7F2C6062988E442D40C0689FF127D58867000DFB0638FBDA11912F6DBB13928EA6CAFB73DCB3B2F7C7C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/slender-mac-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF....WEBPVP8L..../c....x...........m.ic.m.m..n..n...^zg......Y....kJ.4*..{.`..>...<.....?...mz......L._.J...6G.+..?mB.)...*....?./.X.\..7.<..D....z.7B........"...d<....DQtb(6.*j".A.*.../..S..c.O.T..%..T.zidm.....m.......R'5.De.Q....7....F...e...i...e.e.2.z..J.5...O......W.O..l.\.D...f.g..k....i........z.O..&..W..V ...8J....oj.fY..kH.:R.RV.....$.r#.r.g..c9.].X...b.Tm...~...8d..]~..v.G3....jY5.ZaJR...n....HF1..3..9..vJ.s..i.h.L..<..V..h:..H.....5.IKF.)..4JO...V6.r.u).BD..X..I.pg%U..:4..-...:.O......}C.r$.m..8.g...,...at...5R=~.Q.5P}5...j.......^..<.........{........W5.3.8.q8.in.ry..:.&.H;E.k$.-+.d"0..JAM.3HV:..SuF..y...t...b].K...~..Y.-e6..).\.....6/...Q_.....+.,.-9_.....su....L-.|t..TM...I.d )W.......QC*S.Mq.Z..Ld..r..x,...]..J.........z*.k.Y...FVtb...)......Jd.V..qkp.....H.i..z ......W<.{..ao.)_.Y~....m.h!3.0..hTM.?.B5..FEU...,..ZUkU..zJk......b.....J<n2j.H!..S!.>B..)..B.}.*..FP...,DH..)1.n.R...oX.`.k.U/.w..Y.*..`.j.(..a.......&.k.:..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2250

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):13760
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.974113886974945
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:IF5sId6YZyAfxKdl7KrUsTV1CofwOHRtJBLO:IF5sIVuL72UsTV9f1tJBC
                                                                                                                                                                                                                                                                                            MD5:DD157DB559D83484BA6BFC643E17F96B
                                                                                                                                                                                                                                                                                            SHA1:D2AC9900A62F82FE9061A5BEDF2CEB0B5F96C593
                                                                                                                                                                                                                                                                                            SHA-256:33A0240B1C14927C578CA942B8D1803AEF98FD8636B64482C1AD57A6AF9A4E42
                                                                                                                                                                                                                                                                                            SHA-512:D24C15818E3792100B661E8B7EC0FB5B41CEF7F2C22E49C0FCF2D3C8564B0E21F9E7EA371C2B559AFC29E5E061FA574A79AACA9B8EFB6B2CBFC73AE83E8E5541
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/ravenfield-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.5..WEBPVP8L.5../c...M@h#I.........-...O@..c_u..*.x.[......,...2..{.s..WS.}U*........,.m$..p./p..':..:.8..H.e.......:s.c.q"I.........K.).......d....H.0.mi...u...Oz...?j...c..E..q.CF.P...@.. .....\x..A(M..I.....F@.Q(y.9.nq..{`rc8.@.h.M.B...0..dddd;...8....m..v@a.....#$..........013....JT...)j.fv..X.0..m#%..z..BDL.S@.hT.%`.U...%.j.....Z...eX.....~.m."I.~.QU3s.H.d..af.%.....c1.y........"r..$Y.$...k..g....f..|K.dI.d[D,f..u.....<.....a....$Ird.-Q..1...c|.p.pj..Nq.Omc.....*...W$I.m.....9'..e......Zc...[.$K.$."b1....7......3..f*.....C..m....H..m^.m....I..........8.}.e.j.$...\k....$.E.%.L...ctK..).$I2w.....Yf..~.......0T.e...).......%A...D...LF...@..#...N.1c..............T....I_.t..W..5*.....2...U....v.H. .#.&.P0.(....T..X..UJ=qB.@............`..`.f..T.....9...t.._.......E.5...Um....'t.....C@K{%.@@...S.......V........c!.6..]F.p*...2[..$X.A,... ...4..Q"M...".g...s..!.[....SG.1f.[.\%..CeF.H. ./}..>..[.V..V.........P:.J..4.z*..L..=o....RS.8....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2251

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:Web Open Font Format (Version 2), TrueType, length 3520, version 1.0
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):3520
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.931011732748
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:Sq8MSLNCQTilvelfD22JYEpt//yUTK83sFBWFPdr:VMNhGpo2DED3jTP3YwFPdr
                                                                                                                                                                                                                                                                                            MD5:1495C465F8B66F64094C9D5FF163D6E4
                                                                                                                                                                                                                                                                                            SHA1:0923046C747B5B732CA91013F12E9B00095DB260
                                                                                                                                                                                                                                                                                            SHA-256:6117060A9640C268607F9F9F26889C1CBA88AEE1989E9CBB5F4BBB2B0B3C7DC6
                                                                                                                                                                                                                                                                                            SHA-512:A624562B546EFC5F6AB39AA6A5202D2EF1D44E2D312ED0DE6314A04792B323D07EF1C0AFD5918D9475125E43B9E7024A376D66DAF34B7B24E9E4D55075E183B7
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/fontello/font/dit-logos.woff2
                                                                                                                                                                                                                                                                                            Preview:wOF2...................f.........................T.`..~.........D......6.$.,. ..Y..#.........#.q ..%..L...wA..JbmQ`.....QN.........`..f{...;...w..u?..w<...j^6............s.}N..ag$"..?:.......h,..G....BN}........%.X.M.<..t.(* ....7...6........o}E..zZc.....*.f&.C.E.."&..).J.yOKF...Q..bP...e{K.....>......@.E..5.:...\o....N.`..C...L~...L.83%....<.....-.Gt...x...s.W.ZH.?...F[.F.{.W.`....+.P0.D6}...4.o9~.... (...{vm!.g..@V......>".Y{......5.20........*.]|i.c.?.= ..........$..G<.';...t....T...w....:`}r[mw..G....?/.1..1..)..h ^.....W..W..W.....1..A6..l....."......<.q.y....{....p..kZJ...[.o.....e....:......q.`.U...vW......%%_xl.K)O._w...9.-.f..\...^.0..{|e...T..tt........."#.#.!...)l....V..!..}U../...`...Ba....7Oe\5...k....Re.......,YJ.M..Uz...}..4.R.e=....p..y^.c.K7N..#.,.&...bls......#....P.. -......{...k#..Z.S8T,=/..o.....&.Z.....e..k(.!..f&.c.h.`....J.d.....=r:&k..{..W.po......A.m.......41.k.(....%....h.oD.3..)( ...B.V....q...i..........?...r

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2252

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):2352
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.892590315031195
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:1mtlycpqZEgVCrR2Its7v2vOvt+soU1ckoS8GqjRaB:CEVEVZts7v3vtrojSqNe
                                                                                                                                                                                                                                                                                            MD5:3713DBD1CF1B0773645D9BFDE9505696
                                                                                                                                                                                                                                                                                            SHA1:DF6BED52AB21061D3289543BA0A491B7F37D060C
                                                                                                                                                                                                                                                                                            SHA-256:D5100434F963DFCC2151DB127ACB409ADF8E30178675BDCE592FC5C02A17E277
                                                                                                                                                                                                                                                                                            SHA-512:CD90F9FBBED268574A488A9AB3068325A05FC24AB815CAAEEB9240FC3A57CE28FE54B2C5289ECB2EC9575D66243C81EF6540ABC4225CE435CD7198E86E7DA3B6
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/curriculum-vitae-europeo-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF(...WEBPVP8L..../c...&.../....3-.5.......|.n.......A1sTT.........l.......n..W...(f...56.57.6...0.0..D.....@....V.QS...T.Q{...*.b.ZH.$..Zk..{.m.o.m.mch.m....hk3$..=..m.l.]h..2.....r.m......Cp..$W.nM....?...V.+..m......X+....\..+.4.K.*q...HF......&..H.E..G.....f..Wn[.+.R..W...q..-....q.\.LV....]..dT"....sn..(.....8..o..@.cy.t.j...U....l.J...7.....w.N\.W..$...........Na2...H ....vU..&..F....D H.B... #....^........K.1".r.Y...........X...%...2.\I....7X8......7W.$.h..Q..6........r! ...7GA.NS.!D...@.Z....*6.r9.m2B..Q.;BU..$.....!..I.....,Um...Z...l..3ho"....,..r.e..M%.).&...;.....oe.Y.3c....`.....V...=...ok..D..)d.`.^}.H...1..;..~.^......c..E..s.(....2!....&F..1:..E!P..n.!...%!...,I.J.o#..`..)..pn&..S...n/Tx]..xR.."0O;... ..H..X$.#H..#.T.&.6{S....F.P....6.s..:.v.f.>#Io.G.;....,..n....y.e..xP.Q......$).,..K.#.H.x~.?T.Tsa(....0K.9F:.Hg+F(.Q...Ja.......A4..>.?.....0........-!6G.<...3v.0J!UtGR..wB|7....H.d.I#........Y..;2....u...#..Hb.x.?.h!=

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2253

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):43
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.292508224289396
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUmExltxlSle:JAle
                                                                                                                                                                                                                                                                                            MD5:55FADE2068E7503EAE8D7DDF5EB6BD09
                                                                                                                                                                                                                                                                                            SHA1:317496A096D6C86486A71D4521994BCD171A6BB3
                                                                                                                                                                                                                                                                                            SHA-256:E586A84D8523747F42E510D78E141015B6424CF67D612854E892A7BCEDC8EC9E
                                                                                                                                                                                                                                                                                            SHA-512:A9ADB9FEEA4BC14B9C34ED17CD30F8CB36DC686E9F69A292FE65BEBC195BE4714391FD98EC7B67BFD363FBBB6089C41A0B7CAB5130B50B461748E668CAC75621
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEGhHD-_NAwxACZg5XX9NFM0&google_cver=1&google_push=AXcoOmTN-6MpGZ-nYcIn_RMkqLfQa_JDo351kpnoS0spM-jG77550cFsAJjg87etctgKdzSys-arRRCFL7NaWP-FxcxpsnVYtw4&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTN-6MpGZ-nYcIn_RMkqLfQa_JDo351kpnoS0spM-jG77550cFsAJjg87etctgKdzSys-arRRCFL7NaWP-FxcxpsnVYtw4%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,........@..D..;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2254

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 32 x 32, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1226
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.113915996220454
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:hXx5dV3dGaN62U5CyAzLqJvHqryoKxmf5jNPqJzXD430ec:hDdq2UQyAHqJvHqryBo5RPqJzXD4Nc
                                                                                                                                                                                                                                                                                            MD5:E9BFCE47D6B4CA438C06813D4B687BD4
                                                                                                                                                                                                                                                                                            SHA1:114F55CBF7D2F4F000B5922E65DA87767E12D6C3
                                                                                                                                                                                                                                                                                            SHA-256:79CB3E1D6B6DA8A8412A35EC1723EECE210B5363BD804CF3731ED645029BFD40
                                                                                                                                                                                                                                                                                            SHA-512:4A432FBADE9133833287C68AB56BFC0A9341FBF5C5A87AA04D799EDB204F66D324CBAC84E5DB8107E2ECF694CD8CF6C251CFD823F65D125163D39343288798F5
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR... ... .....D.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE.......nO.nR.................................................k=.mA.l;qqqrrrqqq.}..}.rrq.nJ1z..}.2z.oQ.i.%|..}.%{.h..i.$|.i..h..h..i.$|.h..h..h..i..i..i.%|.h..i.qqrvpi{pbyqevqjqrrrqq.pV;y.>x.lKsqo.i.@w.?w..|..}..}..}..f..g..}..}..}..|.uqk.}..}..}..}..}..m>wqhxqh.mF.}..}..|. |..}.Zu.ype.}..}..}..}..}..}..}..}..}.tqmuqltql.}..}..}..}.rqp.z.+{.rqo.oV.l..l*.l4.l0.l1.l).l3.l+.l2.e..e..l4.mO-z.'{.({.({.'{.'{.'{.&{.){..}..}..}..}..}..}..}..}..}..}..}............tRNS..........................9..............................................1..1..!...66......5.....1@.@.6..:...3..7...........................5..8..A..@'..l....IDAT8.c.........R..R.2.p.I...0.B...O.&......$.xJ.*....!.3 .V..)..D..`@V...R...$/. .......zH.Bu........8.0....U-$y.#.<C.#...A.D.4F.G8........!.p$......!.w............V.6(.....wpt2.........Hqq.7w.OV/p\.x......C,a.....N.....q$gH.i.a.......T...R.........Y\. ....i.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2255

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):10553
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.967203818354565
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:9wr4BRicdCJIs1c4mTlg0JqvH/sC2B0j0VA8JSo83+k4wlnG/kTT:9wre4y5ReH/sCe0j0JP83+JwlnV
                                                                                                                                                                                                                                                                                            MD5:9EFEA363705277EF4DA2CA6B6E5EDA14
                                                                                                                                                                                                                                                                                            SHA1:E6B528B06522E11B35B75E381835F355D81CF626
                                                                                                                                                                                                                                                                                            SHA-256:9ECC2A6BAAEB9548D8E9DA3BA9196ACA45FDC8048CDE7D4B2B1E86BC2EF8D4F8
                                                                                                                                                                                                                                                                                            SHA-512:D451E8DCF10C8A489C894E6551DB1FB06A6C9CB4412F57DC4E377A084D51CDAE81BDFD471425C265F5CFD39C715772923A4E6EBCB42AFBE203FB3F5B418F19EB
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..(.IDATx..}i.$Wqf.73k.K.ju...v$.H....`.......f.1...x<.0......`.............,.. ......]-...Z..r.........=._.I.......fd.._|......6.g.M..&.'...x/..F......'.fM\q#... .|.=I.Z+ ..ud.R.I3a.L..........F.p( ..2zq....T5...e..>.I.....%....HU5..n... c..;f...@ ......c...P.'Hf...V..."(.....p{ &f.l...P.....{.....(D...z%..5...k...*..g.tHU.%b6..l.c6L`b".Z..r....uYx(..E..)6..5....@..L`.m.s.Z.L.'H..7a.....@DT%..a.,....9...7.mKr..(..i.R.dG<?!.A'[....C.6pA....G."$..j&....(.Yk.-.mtH?A..'..SU.EU.1.bc8q.>..2.cE......R.8frL...\[....<..<(........[.x....-rF.O.(.LPU.s.<...~...W(.E!"..f5l...%./-.uK..%....qTc.DZ.o&.*.54Y`b..0....0.J+J1..^...L....Q.Q..H.3s..Q..G....U=4..{_.9P...\....?-....k.t......a....P:.g\;../ALd..H....v8<.I/..Wo.Z.~.&.x"...ql..J.G..c...S.>.s@.......W/....[.t.s.R..2...G\.."&6.....SL.l..[.%S....*a.q.D..u..Ta..R.<....6.5g...w?.k..+.1%.%.x.x,..I@d..Q.dJm..o..../@.n

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2256

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (634)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):1174
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.74166936214599
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:24:hY6t2eJJBewfHDdUg8EcvjHODQMJXeK+C6uS/MLmeK+C6uSGymWAuDSXeMzCUtVv:9V4goLHODS1CTXT1CTVyPyCM6Nu
                                                                                                                                                                                                                                                                                            MD5:2FE2B1F17888E326B010A8CDA72D48D3
                                                                                                                                                                                                                                                                                            SHA1:59CBBEEDE4C472024C482BAE8529144119BBBD27
                                                                                                                                                                                                                                                                                            SHA-256:9A9B7FB32E01FD70747F32EFDBD0472FD681C85EEBB0C42D10C7A514820A0062
                                                                                                                                                                                                                                                                                            SHA-512:30BE2E73020EB97A67709E47DED40E999D352DA9B94EDD946D1315BDA65AD616AAA3CDFCFA675D061E4ED4AE1BAE3F0D245908D44411B2425C49B4345D2F6607
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
                                                                                                                                                                                                                                                                                            Preview:<!DOCTYPE html>.<html>.<head>. <title></title>. <script type="text/javascript">(function(){var f=null,g=null;function l(a){var b="";n(a,function(a){b+=String.fromCharCode(a)});return b}function n(a,b){function c(b){for(;e<a.length;){var c=a.charAt(e++),d=g[c];if(null!=d)return d;if(!/^[\s\xa0]*$/.test(c))throw Error("Unknown base64 encoding at char: "+c);}return b}p();for(var e=0;;){var d=c(-1),m=c(0),h=c(64),k=c(64);if(64===k&&-1===d)break;b(d<<2|m>>4);64!=h&&(b(m<<4&240|h>>2),64!=k&&b(h<<6&192|k))}}.function p(){if(!f){f={};g={};for(var a=0;65>a;a++)f[a]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(a),g[f[a]]=a,62<=a&&(g["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.".charAt(a)]=a)}};function q(){for(var a=window.location.hash.substring(1).split(","),b=0;b<a.length;b++){var c=l(a[b]),e=window;e.google_image_requests||(e.google_image_requests=[]);var d=e.document.createElement("img");d.src=c;e.google_image_requests.push(d)}}var r=!1;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2257

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10248
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.932626577918532
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:vne+eK4ip0k+1K44if6OS+CVtHDXdP5/78XJM4xxj1kgENGj:vnXW5yJ1VtHLddexztsQ
                                                                                                                                                                                                                                                                                            MD5:97D8191A0CCF255F551089FE7E5FDE63
                                                                                                                                                                                                                                                                                            SHA1:538B96CBF430C63BB77DCA52886262D402A5ADC2
                                                                                                                                                                                                                                                                                            SHA-256:8DC7317C60BFDA78672B114AD44A29A300E692F07A8AF15DFC520DF6423734CE
                                                                                                                                                                                                                                                                                            SHA-512:4DAE95FB76A4E3D4698C67C59C327D6F4CB0D85C3E3C11D9F4628809BDA8F2E56019CB745DCD78B6B96244CC5B378F40A3320AD3B83BD1D29CA922002C959020
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/windows-media-player-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.(..WEBPVP8L.'../c...M(l...]..........+II..U N.4V..I...6.......l.H...?....1k.6R...$8.I......#.v.4.%E...<.{].]....F..)...M...:f..V..HR...t.Gu......0......).R...T...C(z.-......f....w..{.1#..p....W...|.".6....G.C...._.v.?..b.>.pD.Br.....v..... .JH(....j.`.....].^x...g...7......i.N#.v.}...h......ikd...Q.V.B.nG.ko....o..4.. ..s4?....rC(......T.?.........\.aS..Rt..1..&.Y...."m.'._?.m..mIR.G..A.*`..V....../P9...#....Ir$I..s...W...T..$.$........Z.t.._.$..m.Y.Z[..0....;.;....s13...Z...o.+..$Ird.-.3..cL..>....O.N.TO..c..s...7.+.k.$..>...=..s.Y.......:.1v.{.5go1..%IRm.-..B..vj0x......33Cc...Z(3.....m..R..Zkk}h1.B....m[..9....Z-..d.......'.N;....s..f.A..._33D........q..?.|..O.W.`.,..v.2..{..'A......[..#6....1.@/.g.....b....'.#F<..q.g...l...1v).c.`f...F..H..'..y#.kpM.s.r..e.e.1 ..P"...6.0..td5.......U.....mo[...u>........B.Rh....%F>.......E...R.*#..%4A.....M..84...s&.......A....$0...G.37.:.L!..4}bf......gp$D.>$.`.ls.@.c,....`...B.%.Z(.EUR..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2258

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):15282
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.962311713829546
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:uZx320RRTHn6S+W5kTguaWxAbBL+FKMXZ2:un2IRTH6Sv5CgnbBL+8ME
                                                                                                                                                                                                                                                                                            MD5:C0AD4A1F1E2DEA59D18C007F083F5927
                                                                                                                                                                                                                                                                                            SHA1:E4EBBAC8D4EE3649A0567C86FE2B44331024ABFC
                                                                                                                                                                                                                                                                                            SHA-256:D1A5A15BE2C1187D4C7847AB7A4CFD7AB03A91DD3319DD6097A79DB12CEB04B9
                                                                                                                                                                                                                                                                                            SHA-512:CCCA4103B00A7DDDA9471E830F0FDD4B40718C565478335BAF6FDCC6D158A7E481D29BD0EB00D0BE6ED1495B89802DACA001C544D6621972FAAAEE06B274EA5E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..;=IDATx..Is4I.%.T..|.....R...Y.D......L..9#....o..........|.*..8..H ..........._?.''#srr.-/... ...@.@...?.....&.....$..;.....<..1:.\..."..1.#..4....r..O#.....?z.r.J..q|..CUC`.......u~....U.i....\.@%J?}.$....X........._...2.;..D\...._..` 0.3.y......5I......q....j...~.,p"...x.........4..9PkMM..p%...o~...~..<}.u..n<..,....0S7W...O....9...^...o..).G....@..._.:.(u.%.8.B.pH,...8....f#}...).........M.[X.\N_...m.|86....qb2r.$._.v<1..x.f0.o.t5 0.......4H..GO.,....{....6...\.._....y)U.L...........T..C....> ...TO..._.<um..>.......O.:..m..v...].x).X...Q..Z....;....0Sf.k.?|.6..p..y5.j ......~$...c.o...n...6.?..O..a..Q.G338.bH.B5s.Rk...6l..8 .T.s.....S. }:0P..Y.P...I......X.M$l.bj..a0;.p7I.z:_"....8..]..p..RLN..M.=....n..^......7..^...^.$.T.y...i........#...!E.u......x\..i.~.....>...q....R......1 n.L.r..j9.|%xJ15M#.......Ob. ...9.&w0.:./.....lr.u...@F.A...&9|..&Y...$._.&

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2259

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):7762
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.972431815635849
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:abLa9+wURFnBrlbervZpj6D2tG77wR91flnruTh7yL5X:a6MRFnZBernj6D2PRtrK5yL5X
                                                                                                                                                                                                                                                                                            MD5:60AB59A82C34F10841D4044A4DDA71E0
                                                                                                                                                                                                                                                                                            SHA1:6B9B6EECE5153046586444EC50B9E474CC16F63E
                                                                                                                                                                                                                                                                                            SHA-256:15E552DD11EA6FC586B0A40F6F570066A21AFED9A4C8BE0FCD3C908AC5861C7D
                                                                                                                                                                                                                                                                                            SHA-512:F2E94F2746126D6128A9E9C323EB268BC97C9D515166A449F1C621AE8CB17B69532D1C93306A2FD0680D1535E324B67E201F583869823D862AF5B41EC75CD38C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/windows-live-mail-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFJ...WEBPVP8L>.../c.....m#9Rf.k.#.F!.......p...;D..$..$._..8.$.d..7:..f..3.,\..*.w.7....I@....i..F..V..X.1..?..e.g0...Z....`...W@./."....@..q..h..%.J.1l....z..}.;.>..}.~..w..)H..y(..)S.tY..v........;.,6]..B....&.....4)H]@xO.m#.......}.2.!F.....!.g..@..!...1...?..5WY.P........Oq(h.Fr....D..X7Gk.....J.s.....S$.......M..^23.../.{......;fffZl.....xf...q.J.!..#..R..fn....|..<n.!.4*.Li..........Ci..ph\:.gm..I.$.y._DT......y.;.X...X...Y.A...#2...LYE..^.m.n$.}.}O.e....Hff...3c...~.{.U-.j%3C.Hfp...Y...'&...m.$)._.D....z......Z...g..a:"...HA......T.d......J.W...<.......#$8...m.PN2%.......:...8h#..w.Ad..+&.....C.^.... _.)Q."^ ^.'...P..T.....a......Y...A..;X.'...Q..b.@l..G.g......+...tkzB...Q/....;.X$..R...OA..Gwn_C....AR0qu.*3Uq........1.H`$.nq}.Ih......y[..L.Cd..p..iHw.P.:..,*.R....T..9.Dp..t..UnY}9RY._.+...A.M..H......C...-..%....@....fg..H..i.e.....y.T.....A...v$.M8_%.D...n.......I.QP...<.].!....).i7...=..DU.....e.....a.|..vO....a..U..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2260

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):10792
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.980556738699022
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:gpdPrGLw8Jd9Yho1EMjCA4RBe2UdDHvvJ8XRk1ml/osLo3DP1q/e7iKVdNX:edyLhYho1EM5PvW2mla71oe7iKx
                                                                                                                                                                                                                                                                                            MD5:2D2AF175C7CA51E29235E58464BE9F54
                                                                                                                                                                                                                                                                                            SHA1:E2F1B18CAFAF5B290305737F9B54090A8BC916DA
                                                                                                                                                                                                                                                                                            SHA-256:1EC7F17B44B8E17084C83178E131D2C24BE3E9404B5ED6BA6EA3EC92E504D261
                                                                                                                                                                                                                                                                                            SHA-512:FBC867BC412F076DC4A14B88CC5D656C3446D85D4F1D7F78DAD4FA5CCAFE3E6E803EC9814F48E74DBAB020CB0CDBE3454AEAFAA9163045300AE97BD935B45D12
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/android/football-live-tv-streaming-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF *..WEBPVP8L.*../c...M(j.HRv..'.....O....t..`.J.F....`...c.tIN;.U-+........|.^8N$.....k.y.c.M.4.:#.F..Hy ....t..3..I.]7.....ca..shg#.F...h..........._....@..I$....iJ.(....N.D..".f.'.H.....lDD.cd!.....W.7Bh.....K.D.._...B&..E40.aht:......^).=..~...hQ.=...^.K.tT.@n.x......)S.#....JH...M.....BDL@....8............?.g..I..FdfU5........~.....O`.3fff.a......23.f.?.Vk6..J.Rj.).......[.h..03.F.~.l/......P.Q-33c{.2S.a...O(P.v........).X.m.m.m{;..f.I.q.../I.U.mK-Zkc23.?_.q....,[......y.#.vR..i.W...m._.w.pO.wH...M....{/.^.m.=<.mk.V.....6...}/.{......ZWs...#V.h].gV..kE....[5.....a.......F=8......C..m;..B..2....m.m.m.w.v.*.UY....p..mM.$m......2+..f.s...........>kfJv0.vL. ..PP+.0f"p....u.jA....@.S.M..x...].s.w.1Si..z.k...`B=R.$%I.F.t......c1].0U..y(/.O.....S`.#..\..%R.-$.... K.tU*.(.X`...^1...Ox ."........9..^./X....,A~"jCf......a.."[P=,...E._$X..-..'7.t.7.w(L>&...H......j%.@..|b,1.........3.?]..s.K.9.%...%..W.C..1.....PrN...Vb..i.a.E.j/t.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2261

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):166317
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.752379226788399
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3072:5UymJqri6fBqxw48e4GMyOIXCJuHugfqtsh7ozja5Ha35ug:51WAyx3OIdugi2hUwlg
                                                                                                                                                                                                                                                                                            MD5:1FAD2107E2FD7B88F195A7809EE540C0
                                                                                                                                                                                                                                                                                            SHA1:DBE14026C36894FA721CA6EA4C45A90B252C1EA9
                                                                                                                                                                                                                                                                                            SHA-256:9531F961B1AAFC7A4B8B8D43FFAE8C067A51384C300C16624190A059B3D97107
                                                                                                                                                                                                                                                                                            SHA-512:DF93E96709AA191ACAE5F321A18685A31D56F244F0DD7A2D8C9DEC05B8AACDE4C4756C67E6D64E765DC05D83457C6CCA7AE3F1CEB91F864D1BF6F74C8FE3633E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2771134679225523&correlator=398127976398457&eid=31078663%2C31078665%2C31078668%2C31078670&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&trt=2&iu_parts=5302%3A22764537101%2CTD-desktop%2Cdownloadit%2Cdownloadit-it-defaultpage%2CATF_Leaderboard_Second_Refresh&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=980x250%7C970x250%7C970x170%7C790x250%7C750x200%7C750x100%7C728x250%7C728x170%7C500x250&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie=ID%3Df3aa488e92bf77bb%3AT%3D1698409201%3ART%3D1698409201%3AS%3DALNI_MZFecWufxJfBW_wH_vjPEzi7uapDw&gpic=UID%3D00000d9cef7eaf64%3AT%3D1698409201%3ART%3D1698409201%3AS%3DALNI_MbKuVWw-1dpcOI7oaL0R8VxTcU6UQ&abxe=1&dt=1698409232523&lmt=1698409232&adxs=44&adys=110&biw=1017&bih=870&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLFtdLDAsbnVsbCwiNjQiLFtbIkdvb2dsZSBDaHJvbWUiLCIxMTcuMC41OTM4LjEzMiJdLFsiTm90O0E9QnJhbmQiLCI4LjAuMC4wIl0sWyJDaHJvbWl1bSIsIjExNy4wLjU5MzguMTMyIl1dLDBd&url=https%3A%2F%2Fdownload.it%2F%3Ftyp%3D1&vis=1&psz=930x0&msz=930x0&fws=0&ohw=0&psts=AOrYGskQ9mYbxSQ6VAgm0Xw9Odaa0O5EMPOElfjJwHzCQ1Q2&ga_vid=512993721.1698409199&ga_sid=1698409200&ga_hid=875367689&ga_fc=true&td=1&topics=3&tps=3&htps=10&a3p=EhsKDGlkNS1zeW5jLmNvbRjt_s6ItzFIAFICCGo.&nt=1&psd=WzE1LFsyLFtbIi81MzAyLDIyNzY0NTM3MTAxL1RELWRlc2t0b3AvZG93bmxvYWRpdC9kb3dubG9hZGl0LWl0LWRlZmF1bHRwYWdlL0FURl9MZWFkZXJib2FyZF9TZWNvbmRfUmVmcmVzaCIsW1tdXV1dXV0.&dlt=1698409195971&idt=3318&prev_scp=pos%3Dtop%26countryCluster%3DA1%26td-slot%3Dtd-topbanner-2%26hvi%3Dfalse%26type%3Dtop_display_leaderboard_Refresh%26refreshCount%3D1&cust_params=medium%3Dorganic%26campaign%3D%26source%3Dnone%26medium_campaign%3Dorganic%26medium_source%3Dorganic-none%26compliant%3D1%26ad_session_id%3Dfd5d701d-d802-4e13-930a-7924ce8c2702%26pv%3D1%26ab_upr%3D6%26segments%3D%26personalized%3D1&adks=1334063969&frm=20
                                                                                                                                                                                                                                                                                            Preview:{"/5302/TD-desktop/downloadit/downloadit-it-defaultpage/ATF_Leaderboard_Second_Refresh":["html",0,0,null,1,250,980,0,1,null,null,1,1,null,[138327306584],[5332046802],[13617419],[327760139],[434442],null,null,null,null,null,null,1,null,null,null,null,null,null,null,"CM2G17ibloIDFYZBRwEdI0MJyQ",null,null,null,null,null,null,null,null,null,null,null,null,null,null,"5",null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]}.<!doctype html><html><head><script>var jscVersion = 'r20231025';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {ebrpfa: true,};</script><script data-jc="40" data-jc-version="r20231025" data-jc-flags="[&quot;x%278446&#39;9efotm(&amp;20067;&gt;8&amp;&gt;`dopb/%&lt;1732261!=|vqc)!7201061?&#39;9efotm(&amp;20723;&gt;:&amp;&gt;`dopb~&quot;]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var q=this||self;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2262

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):20241
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.966120700817038
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:QLz3wZmQayISN6w1JcZDgOXck8d7HzssmYPC3gI/6y7MJ4s1wT7dv:QPArayz1JKgXzs1ECQIBQis1wTxv
                                                                                                                                                                                                                                                                                            MD5:9E8233BEA56DF6B8262CC5283148EA49
                                                                                                                                                                                                                                                                                            SHA1:722D840BF13944C6FD8E3A312AD55D8337994DD5
                                                                                                                                                                                                                                                                                            SHA-256:99789239F2DC2C31C915DA55AEBE9D0C6AED48AF3C1E5E201B981F8BEFC97379
                                                                                                                                                                                                                                                                                            SHA-512:C99EEC741168FC5AD6D1C28AF5E27A1CD9A0CD35505AD8757B1DAA7B813E1EECDDB3870823BA86C5EAFFB8D74FEDBF123A38D646D52F2D6660D53163193C5180
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..N.IDATx.m.w...u...s..L.._y.U.].`.@........H.NA.....n..h'v6vW.M..;dH......i8#..CR.P"H. H......ht...2...i?s.=....B.._edfT.{/..=..;..R.D......1.....|..T............|..p.=...).....D..Kg...9..iRk..8.J...q.[j..)zE?g.jZ....s...r..."..6...).L.e..XA.Z.b1.....Y......U#.j..."...]...c...LsF..l:Z........CW..Y^.6.........\..z.ehL].x.4..Q.i..i=y.\x8.Z.lgq.. .h.SU.@.U@D..!0...."..smh.@......3G.Y..j....)...>.. G...t{Wf..48X.%..+...f.E.h..L.!..".H.7^.....49.....qs.\K&..'.. .H.....A......20m.j4.......J..../U .....;BC.d..2sH)&k....{k5..<dy..ySGc.(..(.* ....M+,...H.4..\n. ......g..~...../.p....3.m...8.k...0<..w.o.?.~.OF?....N...p..........[YZ.O....~P...@.y...7....?W|.}.....cel.......y#.G.~.W.>.....A......p{...W....'....W.=....EA.R.8^...DBb.TU.Z.e....YVdY{p..=...6..V.....M../.0....(....D.*1FR.....z.+ D$ $...r..i..?..Y8X,.....K......"_>...S1..!....-...Mx..mC0.9fg?.....;[o

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2264

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.5
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:YGKeMfQ24:YGKed24
                                                                                                                                                                                                                                                                                            MD5:055DE8F64447F10ED2C4C7F78E27B7CD
                                                                                                                                                                                                                                                                                            SHA1:BBFCC7FBB135D3893E9BD559E44E069F57DFAB31
                                                                                                                                                                                                                                                                                            SHA-256:30C714BF4216E577686D238B98561D093672CB25BF90BAAB50DD956F75CDA4B3
                                                                                                                                                                                                                                                                                            SHA-512:1A726490120152235BBCE20368630EF20FAC7964BA32F846FAC2C1F1A58EE9722356AD94FA6342685E8CEB5015CE2E944EDD739B901D3D9B0A22A5238118142B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://api.btloader.com/country
                                                                                                                                                                                                                                                                                            Preview:{"country":"US"}

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2265

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 50 x 50
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):2663
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.47167825414699
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:48:YBx+9uJCPlc4ODkMzsiZNpjhqeVzvrNOmruOt/wW7PrUCIZ:YbWCCPlhskOZ3MeVzjNXrRokoZ
                                                                                                                                                                                                                                                                                            MD5:A54BCC3157F91E6B6D4A7A148A337639
                                                                                                                                                                                                                                                                                            SHA1:BE81208A6D1FC021DE5A4C6B52FB6B001BA40A57
                                                                                                                                                                                                                                                                                            SHA-256:2F251CD639519E4F0C35781F2F9E4DAC5BD6FA7521A694D9B96840FE074102C0
                                                                                                                                                                                                                                                                                            SHA-512:89D9AD430D96837467E18FC5E3D79F8DC2FA34B69841641B6F914611D581211939BA1FF6FE99F85EC039A3508EFFF890901477256F8468FC9F39218E7B32EA87
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:GIF89a2.2..........BBB"""...aaa...222qqq......JJJ............ZZZ...999zzz......&&&...eee.................nnn...^^^....................QQQ......***...iii......EEE.........VVV...666...vvvOOO///... >>>}}}............RRR......)))...jjj......FFF.........WWW...555...uuuMMM.........???~~~...............................................................................................................!..NETSCAPE2.0.....!...2...,....2.2....@.pH,.).LdD....H.G1Z..H.X.*...2..T.jvm.....XL...;L..'5\qcusvt'."}W+ .u.r=.;.'.a.4<.D....u;./.6% .7..!..$2...`;2F.&..t../."..u9jV6.t=.l%...>513.a.k&>..#k6.b.."+..b...8.+V/.a;.V+.t?.E...*$.0...d$.......@.. $....,XX.p".....J.. ..+&.U........,8.....7.$...@..:.L.q!..."6....CL..D(D.`..b.B...1...........,...s...0.Z.I.@......[..baB...4L."+..K...:!...).0.l.Q......K.).5...+l(`.S....HP.A.....>......(2P.a9L..<....C(...z0(.5..>.....i..12d.BG.+..j..b.r...P.P7g...eu...h@..$...@(....l...2........2...@.......0..O.,8...M....D..............0C"B4p......N...6V.`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2266

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):42
                                                                                                                                                                                                                                                                                            Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                            MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                            SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                            SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                            SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstVFQ2gLx4ZnK2vZhEwOhLcmOrXzuZj1KnqdL_1FjbA4OPt8I6U38THt8IZryW1rod4COwT7Y8B6fvhAeB8zXf7FVeV27zV5VqbyKL_&sig=Cg0ArKJSzAJVuVbJbyQIEAE&id=lidartos&mcvt=27841&p=753,23,853,993&mtos=27841,27841,27841,27841,27841&tos=27841,0,0,0,0&v=20231025&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1791997687&rs=4&la=0&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=b&rst=1698409201325&rpt=3271&isd=0&lsd=0&ec=1&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0"
                                                                                                                                                                                                                                                                                            Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2267

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):5246
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.946830214741799
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:96:mzbCrtS+ZXaQltN6SSOJOyzbVey4mTL+YJtp95DxBQk6LvLHrtsQx:+CrvZXaqoOdbVey4RQP9JxBILTHrX
                                                                                                                                                                                                                                                                                            MD5:7847422EB5AADB885328619D66505058
                                                                                                                                                                                                                                                                                            SHA1:D081623A4E9C3CF0A17F78EDBD494A979E1D871B
                                                                                                                                                                                                                                                                                            SHA-256:66490DA226597E334EF2EB80326988C93DD912CF9C44FE47A9AA78AD48A57E78
                                                                                                                                                                                                                                                                                            SHA-512:E347720DDCE60ADD7B1A4A871796EFDDA8AFA44FD69B8B56F49879646833BA1DA6374C85081F36F4297E46C90E039613CF58268E86E923B8FC88F9D0B98F8E50
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/nogba-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFFv...WEBPVP8Li.../c...M0h...M.m....9D.?$...@.1..0..W....k..3..^.n.6..u..8l..=.f.$%=..G.1bdJJ.....BA..L.... .H..#....U@.@'.CB..h.B....@..I.I IH...$.G.....M.....BDL@............(.a...I.GV...?].w.YR.%.E...D.....h...9~....-.&......Q(.X..mV~=.T..h..XE.*.c.l....c....$?G^...R..3...o......lA...m....|%..q._...`~...$7kffff.3333333333s..L.ff....:........`.9yO.&Xj....S.....Q.[_........\Ju.c8U{..o.Q.[.0.e.U.3...6RN.R..l?.p....l`J...=.R.....v..G}+=!.=9.*2...U.O.S.}J.A$IB.4..HK|...6...........<...0..Gpa.1......!..$...X......9..9.Yo.y.X6. H)@o...9.-..|.r\@...B.2;G....(.d{LC@.E...Y...../....f.7.yV.....1@..tz'..V.'qJ^.|...&..o......W..2a.$3..&..c...m0.<.P..M.\.C.r..sK.......\..V.'...F.A.H..l.....Y...J...'....Q..z(st.....N..]..Ax...-..S...Hb.$@.![@.}.5.6..U..n..af....n..G...,.l..`.J+&........ce...... ^.<;{m)7...(....+.1.].%.w<).IFB:.-.h..?.b.!..v...Hl.i'...v.d..d.\n...P.|....h..\...N0\...;....'.X!.T..i;."...[>.#...S.....8RJ.@.ZC.^4*..i.!..=.r.p\=..R.Q`

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2268

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):9250
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.975113833707626
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:Ip5GotallYia2xwROZbT5fmUDOJSShbnZ9Dl8LTZ6MTOZ:IuotavYF67NmhbZNOLT8h
                                                                                                                                                                                                                                                                                            MD5:4AA9CFEB003AA5FBF9F4CC7895B13907
                                                                                                                                                                                                                                                                                            SHA1:E8B2FAA520D4B41C0191FD0DA1C8F5DC58106665
                                                                                                                                                                                                                                                                                            SHA-256:65A36B90E587809459EA335527BA674E0D0BC77AA37C47FC925F9EEFBCC6C71D
                                                                                                                                                                                                                                                                                            SHA-512:F57098989438E5D23E2982427FBC3EDA16D372D0C44C3648890881AC0D00B10E0B41F407A70A9DB5A059D332D5EA57C91F0BAE6EEDDA7CF11ADF578BD9585291
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/gameloop-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.$..WEBPVP8L.$../c...M0h..2....../.".?...9Z...s.a......:......V.Z.&..U...V..5$q/.."..[p..U..O....$G..I>p..?.O..R..j..if...#.6..~V.7......m.r$I..$.Yr.S.....}..O.....v..MC....N%P.$.$../..t.8[S.dM.S!.....;U.w{I.4B...g:.c....xf....j)...|0:...%@..D.,@}K.rJ..Y.R!^...o.4$...#.....Xc..)....'5..`D....c.%...rmBS5.!..zt.B~....!.....Tf.?..\...P........q-.3..\~..8..m.$.a.;."b...S.tI.bQdt%.:....wL..+.$....,..f0333..W...>.j..N..m....=.0=M.Y.....0..U.K...P8.O.f/.J.....*.4j.T...F*.......Vj).4jC)..4.Ri5.i...a,3.m..Z.r.j....Kk..1.bf^.$.D...m...[n._.....[133....Z.'I.U.m..Km}.1.ff...t.(..Q.1.;..Ol33.F.U..m.1I.....iEgYm.9.{jk....m.eW...........)..T.}^s......3{....ZL_N....T..?.GG..^/....T...t../..>.c...2.p.$'..#G.n]IB$I.$yV."r.......I."I.y..kz...Nc.V..AAHa...\z`.:.X1O.@.;P?....G.k...m/x.:...=.&J......M..q.....-.x../............=....0w..,..n..#$.*t..............N.4n.|.....9u.}..{...[..f1.].y..,v."a.0......."x.........t..^.6^...n3...?.^.<W...;..Q..g.k.g.`.....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2269

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):1078
                                                                                                                                                                                                                                                                                            Entropy (8bit):1.240940859118772
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:etFEh9HYflvlNl/AXll1pe/WNN00000000000000000000000000000000000001:QNtY6+lKY6
                                                                                                                                                                                                                                                                                            MD5:4123CE1E1732F202F60292941FF1487D
                                                                                                                                                                                                                                                                                            SHA1:9F12B11BDE582DAE37CE8C160537D919C561C464
                                                                                                                                                                                                                                                                                            SHA-256:D961B08E4321250926DE6F79087594975FE20AD1518DE8F91EB711AF5D1A6EF8
                                                                                                                                                                                                                                                                                            SHA-512:11B24C2E622C408E4774FAE120B719A21A0B2ACFA53230126C35AD6CA57D33D4DE79CBE11D296CFBDE9613CAA03D66B721BD20CF4EE030CF75F5A1FD8A286DA9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:..............(...&... ..........N...(....... ...............................................................................................................................................................................................................................................................................................(... ...@.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2270

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):170
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.335916817166796
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
                                                                                                                                                                                                                                                                                            MD5:E7673C60AF825466F83D46DA72CA1635
                                                                                                                                                                                                                                                                                            SHA1:FC0FCBEE0835709BA2D28798A612BFD687903FB5
                                                                                                                                                                                                                                                                                            SHA-256:0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
                                                                                                                                                                                                                                                                                            SHA-512:F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2271

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (18059)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):18060
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.4322708404982585
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:YUEaIUlpF54dgfSBDs6A9yAsBIvyw1ikZeqLS7jBWQQw3CdePF:nNJZIgfIA9yAsO6JEBGQQZwePF
                                                                                                                                                                                                                                                                                            MD5:4B770EF898E13EC4A12E1144E349C844
                                                                                                                                                                                                                                                                                            SHA1:77F479E888A3E48483BC30FC17DCCC710E443722
                                                                                                                                                                                                                                                                                            SHA-256:6B4E1554C69D91DC4CC9AED8009346008A670C1A6FA9EC61D5CA4FAFA38437D2
                                                                                                                                                                                                                                                                                            SHA-512:5F9DB74BBE22BB93D528B90B59B58BB36C9F59CEBA1B5A88D811D2AD1DA4B3E8EFC28301C77E3FBA50904138E24D33E12D4B14762E61C27C3C7B33CB95C477CE
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://btloader.com/tag?o=5633429348548608&domain=download.it&upapi=true
                                                                                                                                                                                                                                                                                            Preview:!function(){"use strict";var i=function(){return(i=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e}).apply(this,arguments)};function v(e,a,c,s){return new(c=c||Promise)(function(n,t){function o(e){try{i(s.next(e))}catch(e){t(e)}}function r(e){try{i(s.throw(e))}catch(e){t(e)}}function i(e){var t;e.done?n(e.value):((t=e.value)instanceof c?t:new c(function(e){e(t)})).then(o,r)}i((s=s.apply(e,a||[])).next())})}function S(n,o){var r,i,a,e,c={label:0,sent:function(){if(1&a[0])throw a[1];return a[1]},trys:[],ops:[]};return e={next:t(0),throw:t(1),return:t(2)},"function"==typeof Symbol&&(e[Symbol.iterator]=function(){return this}),e;function t(t){return function(e){return function(t){if(r)throw new TypeError("Generator is already executing.");for(;c;)try{if(r=1,i&&(a=2&t[0]?i.return:t[0]?i.throw||((a=i.return)&&a.call(i),0):i.next)&&!(a=a.call(i,t[1])).done)return a;switch(i=0,a&&(t=

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2272

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):18746
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9717585175833525
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:1BrUqtuhS/fCJAOscPmJmVzQqOCydhWGhKc:VkS/fCJAOscnVzDydkGsc
                                                                                                                                                                                                                                                                                            MD5:1A3F120B7992400BEC90915DE9C0B74B
                                                                                                                                                                                                                                                                                            SHA1:0C2C95EC262FF09103A9C9E7CE2A48DD4C290F3D
                                                                                                                                                                                                                                                                                            SHA-256:94C22A80FE14DB775B629E842FC9AC11B3C2E207A1143E64B353BFCBA77932E5
                                                                                                                                                                                                                                                                                            SHA-512:5ED548763B209B1A681A87B687B00AC679298E3BBD0FF6C73B088A86D7A904592FCCCC246EE5DB6AD29D7CA4964F9F111D04E1900F57D89DC2FB260996B84C15
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..H.IDATx..g.dYv.v.y....|UW..j3..........".1..$...`.D.LH.B?.R0(..$..(..B.Zx.X3fw.......U]..2..?..=...fv... .Q.../...s.s.%...a^.@..@.. .H..."!..B..8.Q..... .D .......... ...../.......g..!?.>...@@.@...CD.C......@y...0....r.....!..........m7..`!"!..,k.......B..P!.J.a|..D..:...............fr.Y@.."H...(........!...._.w..A@rw..p.w...e...o..@).n."..9..!..@.cl..... .E(A..H..@C...DT.wm.....}.w.....!...1......._B>h..3......<...9z.."...6~^....Q.."...H.xy.sg..'b...H.S./..'k.y.#.B."=\.....%.x/.. ..?.c..7.x..a4Ezh.?.......o.S.".....|.+o.}^.4..q..F..Z^9...x.g.nR..{.E..%....!...h.......n!..TDR..ei.......9........"..y...!c..CK$.@2B..1...A)..(PJ...JR.....{.....{.dnB....].PP.o.../.).c..@.....wm.u..[......?ixN..,.......*....Q..q'n..z...1|8..R...Ai....D..Y.K.<.W.^.p..R$..6^..D......M.M5..........A..V`..4.0......!3&B.=2..{A....PP...|.In....P.E.' ..2.....[.WW.*.!.(.i...`.+......~..~.1`.@

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2273

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):11728
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.950031925923861
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:0GHJE3w6zj0chmOPd1V2Kr6rUPiW7rdSm4z4PBzDwHFxCgXaF:ppEA6zj0qmOPd1V2DUKW7rdSJz4ZzDuU
                                                                                                                                                                                                                                                                                            MD5:2826589BFAD9763659590FCD41F8FDC1
                                                                                                                                                                                                                                                                                            SHA1:33CBF615D414638320D920A1B4C4F5B95023C774
                                                                                                                                                                                                                                                                                            SHA-256:620D822C5527BDF77EE91A45D11B77ABE351C1A03A78FBBBBDD8E929792AD5C5
                                                                                                                                                                                                                                                                                            SHA-512:FBDD4BD5B3A591EEE8CC28F5D854DF5FDD51864DDC11393F155B57199752DD2D2818A55B0338111518E40C83423BD299923D7AB671A17A4381F5E3885F883D5B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://cdn.download.it/gen/mac/winrar-100x100.png
                                                                                                                                                                                                                                                                                            Preview:RIFF.-..WEBPVP8L.-../c...M0j.I.2....|R.....;.SD.<\........O6z8..}I%.Fq...c..5R....p.=W....m.I.T.....Z.C...ySZo..$[U&...}..........=.`...*.=f....&.7l....5.%.Aj.U..f..G)..G...O.X..T.%.5J.VC.CC'...d.aN.)..q!.A#./d.....F|.z.^E.Gp.'V..O!....G......5.GP......~m....D?R..I/..H.P..w..52:..E..Eu...7V.c.hu..-.3.j.[0....S..,.8X... d(h.FJ..v.........[......U..hZ.`...\....$.m%k....."....{.C..[.$K.$.B.........~.eO.$.-I.....a...H{.......1...mS$I....DD..9 9..33so...`..j.....Z..k.3.G8......|.4|k...m...d;i.......~....y......c.,.j;.m.Rj.}........?....;.;....\c..[.%.w$.m...kk}....Wg.B....j.I..$Y.$....{....m^...~.t..-I.%I.m...g.....g.........&.#x4.l..1F............g0..0..A..%.\........@.. ...hB...(.;." &.i0b6.4KL@.^.Dli......Y@..v..y..0..q.(....,<....,.M..y.31.?.......scFm..?.o..{..a.m@.A.....&....._..._......~..........F~.#f.?...?...?.a.|..._.l.MC...X..../...}......?.....S.....M{.Y......v . DF....*qe.@....'.?........:.7yO`..........._...)s...H.F..H...-...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2274

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):21383
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.973752921172611
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:xqpHdHMawkIttc6BYTfIvYdDR7elGDdrt6baBRu22xEAtd3gzv2rKsIkCPYGak9o:xqkawkSqRd2baIjtSLaBsYKFgU21BHf
                                                                                                                                                                                                                                                                                            MD5:58497F35333578CDFA4A586DBD3A1264
                                                                                                                                                                                                                                                                                            SHA1:913DC800152C302084D6D44E2394555FBC1C57AE
                                                                                                                                                                                                                                                                                            SHA-256:E1D9D2D09B64573F24BF5F840CF1B4E310E7556BE70C0F24E11691B79888B1FF
                                                                                                                                                                                                                                                                                            SHA-512:5FB589D89DA6ABBB45C251BF8683C7E77AB7E11F3D7832C4BC5D5D1AD082475F485C752B7709493C9A606C1C85E6A863A57BB8858BB1ED132F6AC8294DBE0E7C
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..S.IDATx.\.Y...u&v.._r.....7t7.@...X......(.&$.vH.X......~..Cv(FRh(q$..(j(....X.. .......k..=......@.c.8.../....=..~.O.....LX$...@..I.'I..R..1..H....".0..HL....\H...)..z....~....VU..\".T...`.5......G.(.....*...B.J$.Q.o...X...r..,.3......XG.3.#9..`d...M..6.4.'..w......JRS.*..R..e...FP........_....;,'.(.......d.....O<U.|M......4I.Bd..N4N;CGG.I.V....$Q.#. DR)....).d.U.A....JI.$.0..g..p..~....*[G..1-...c.f.q.w.-.X....J.BJ.J.%i.....4...E.9I....)..2. 4M..B\!...2.y.2.&J..j...x.#.;t...C..S...............]*....Ow..Yz.b..."...S)...O..........!.".........W*.@..$.n.r..$R)..F........1..r.K.).s...a...s......7~...<H.j...[..a..B...@.......<.B*...H!..$.....:Vi~6`J.(.\.P*.AD%.9'.$D.R.a.w.Yo8..2L.qg...D.Q....nlL(.....a....w^<.v7......G.JOo..-....* .AI.MO.........o.0.<...c$.. ....?|.3....C..~nR..H..S. ......PB.=[C25..UNT......s..;}aw....n..#..i..........V......".B....

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2275

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1321)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):17314
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.342134706855769
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:cCDFzlR6exHAiyyrYuy9ckdnfczIk7LcuNP/p:DlsexHAlii9NmIeLcE
                                                                                                                                                                                                                                                                                            MD5:2CC87E9764AEBCBBF36FF2061E6A2793
                                                                                                                                                                                                                                                                                            SHA1:B4F2FFDF4C695AA79F0E63651C18A88729C2407B
                                                                                                                                                                                                                                                                                            SHA-256:61C32059A5E94075A7ECFF678B33907966FC9CFA384DAA01AA057F872DA14DBB
                                                                                                                                                                                                                                                                                            SHA-512:4ED31BF4F54EB0666539D6426C851503E15079601A2B7EC7410EBF0F3D1EEC6A09F9D79F5CF40106249A710037A36DE58105A72D8A909E0CFCE872C736CB5E48
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://tpc.googlesyndication.com/sodar/sodar2.js
                                                                                                                                                                                                                                                                                            Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var l="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var n=ba(this),p="function"===typeof Symbol&&"symbol"===typeof Symbol("x"),r={},u={};function w(a,b){var c=u[b];if(null==c)return a[b];c=a[c];return void 0!==c?c:a[b]}.function x(a,b,c){if(b)a:{var d=a.split(".");a=1===d.length;var g=d[0],h;!a&&g in r?h=r:h=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in h))break a;h=h[e]}d=d[d.length-1];c=p&&"es6"===c?h[d]:null;b=b(c);

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2276

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (38350)
                                                                                                                                                                                                                                                                                            Category:downloaded
                                                                                                                                                                                                                                                                                            Size (bytes):39332
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.642716588275022
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:768:jF5YdUKH/UHWiGGLjMPXlpTrY/M7y2gjMs3+Yw7UUp:jF5YFU2i/MPXlpTrGM7y2o3op
                                                                                                                                                                                                                                                                                            MD5:ECAD67FFBB78906FEDAEB7D1D23AA5C6
                                                                                                                                                                                                                                                                                            SHA1:D419941E6858B40955826FF816789D04D7BE3D83
                                                                                                                                                                                                                                                                                            SHA-256:99235240097FFE1C3CCF93F0275840DF66A62F6CE406788402B06DF413755D67
                                                                                                                                                                                                                                                                                            SHA-512:3E548C5F7B1830FEB9B841920FE7EA0481FA5F050048C03564DCDCFD3500DF971D0C00D7CA2A57FDCA21B741B6CD618CC88EA7A026641669CED4572D62B16C1F
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            URL:https://pagead2.googlesyndication.com/bg/mSNSQAl__hw8z5PwJ1hA32amL2zkBniEArBt9BN1XWc.js
                                                                                                                                                                                                                                                                                            Preview://# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==. (function(){function a(H){return H}var v=this||self,O=function(H,E,r,y,I){if(I=(y=v.trustedTypes,r),!y||!y.createPolicy)return I;try{I=y.createPolicy(E,{createHTML:k,createScript:k,createScriptURL:k})}catch(Y){if(v.console)v.console[H](Y.message)}return I},k=function(H){return a.call(this,H)};(0,eval)(function(H,E){return(E=O("error","bg",null))&&1===H.eval(E.createScript("1"))?function(r){return E.createScript(r)}:function(r){return""+r}}(v)(Array(7824*Math.random()|0).join("\n")+['//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==',.'(function(){var H

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2277

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):258
                                                                                                                                                                                                                                                                                            Entropy (8bit):5.21079861191154
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:6:TMVBd/i9mc4slzYrtj99z4L4mqZWzCF9xJLmgUhXqI:TMHd6+BjX48h9nWZ
                                                                                                                                                                                                                                                                                            MD5:D9512F0F525415F06C2957770ACFB9FD
                                                                                                                                                                                                                                                                                            SHA1:219155047825F9A836ACE8402B750116F5EAADB8
                                                                                                                                                                                                                                                                                            SHA-256:307238FD564CCF483E9503989F781D89C45525F80DEC2BB3E80A9AD70FB37BA2
                                                                                                                                                                                                                                                                                            SHA-512:B1BF13930CB63FC5B8C67BD09F213C0CFDE364C6C2CC961361EC466E41368B8E8E134159689AD5B77C2BE234AAD132A1150712C95CABC64123B7530E2C11D3FD
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8"?>.<svg xmlns="http://www.w3.org/2000/svg" width="490" height="490">.<path fill="none" stroke="#1A7DFF" stroke-width="36" stroke-linecap="round" d="m280,278a153,153 0 1,0-2,2l170,170m-91-117 110,110-26,26-110-110"/>.</svg>

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2278

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16770
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.960429141809285
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:384:akpvHfB8kNrcYSJangIXAon2ZTWnIrZ18:j9fBoTJegS2ZTWnZ
                                                                                                                                                                                                                                                                                            MD5:9FC08E24AE1BBCC7589FD4129EDA3002
                                                                                                                                                                                                                                                                                            SHA1:0CD034B6F37B1EB0316FE0A234A664967E1CDA65
                                                                                                                                                                                                                                                                                            SHA-256:71EE94056B2A3731286369A1145568AA9A3EE13F3CBB595B76A63067E1922956
                                                                                                                                                                                                                                                                                            SHA-512:54C63FEED874D694226D1A4AD73FCFA3D26930103B1787A1E14F618BCA5AAD0CCE02562061D60B6EE0A2F6CAD1C306D3CBCD13D8BE7049E98428C486F1EAB93E
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.............gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..A.IDATx..i.].u&..>..{.\..^.(.... ..Z.5.$k.eG..$..wwV.dy9..R.;...W'qg.,.v.(Q.FK")."...A.(.0.\o..9g.....%..~.....B.z..}.......F....!.. .........o.%...D....n...'...H "...D$."...J...1..$.......o..|....="l~."..........0x.o...g[....Pp.Iop.._D.A.rSn.....<...K.K..... .`~.iJ@.G....s>..gmf3k....Z..q.k.&&&......".....k.......,""BD"@......Y.<{...=[g.$I....9.w.lf.u...$.2.w^!Yg.....9k.s.N.gv.5Xk..L`......-c..;v...MOOONNn..V.}.3.X.M.....D .++...K"l.e...,....{ff.DD"....Z+".h..9.DHHD.H.... ....@....X(....I.....D...i.......R_|.._.._^[[+.......................LD........I!"\.x...CC5. RZ...RA.... D.-E....!.. ..Z)..L.*...R*.F+..".[/.? ..,.@.}.h.6._ZZ..R. ....G...s.=.X.^O...k..\H.....~....{........0w........+.2". )....{f.Ji".Q...K.".. .s...{.f...!.".e.3."...on..J.X,$q......c.9~....>............E...V)..*...j5..k..?~|3..I..........Qydthyi...|...........{/...u[(..[i`..F..

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2279

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):9181
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.958730539603897
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:bQRNefZ44zk1oSQOX29Bqi8ZL6WE5W10f1oFwOUvmSAwoPJiLdvSNY6:0YfZx5SrkBqiEKW10f6qZLA9PQdKi6
                                                                                                                                                                                                                                                                                            MD5:98C5CD29C781BF60AFE24BE856B67256
                                                                                                                                                                                                                                                                                            SHA1:19F40D3B2EFB422C3FF387DC92442AB6E4A0CA7F
                                                                                                                                                                                                                                                                                            SHA-256:D7D3236B4F1A0CBB29DC1F56420C30D65CCC5C3A8DB335D8B963BF26E6FEB74E
                                                                                                                                                                                                                                                                                            SHA-512:3371E3786C75E2C1745806E325D27C9CD9CF2F279A7B5465BE87A644E0E6E7221E53E317099C271AA70E3E8B2F65C175D8FDF1B9673E8D601299936BAB3D6AFC
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..#hIDATx..}g.d.u.w./t..7...v..K.... E..)Z.d.\e.L.V.,.R.i..*...*..\.(+.b...$.. ...,6`.l..3........3...F...9Uo{.w.....s.w.=.l.l.l.l.l.l.l.l.l.l.....rWfz......201.._..-....O....W........O..@...\.0..e...*R;../...g.)......k...g....H@. ..H.o.s..f.(.p...=?...tO{ ...* .Z........z.5.....7.@.`...... &Bh.BcA ...K(APDP......J....{.P.......P<........d_...`V....w..G.#......;[.$....AE.. ?..A....G.BK.^...O.$.W@(.... ...L..(..i.........}.m.5.!.f....r..z....{......3..@^nn\..3`.p..e...Q...QC..~.s{..(B.(.....IZ......... .Z.h...3.../-...+...e. .......vx....".........c..A.s..ev.d......J@.PAAy."..oO..;.f..Y@......[.{Z........./...H.Q.5...rOM.i...ty.x2..fMd`z9.P.)...2.........5Y.N.....2#B.......`....iB./..4.C.!.`.._.\.d..d.G...R(......u.5....r.7:".`.L.5.>@..<.@..|?...O...!P..$....{p.x..........Sd~.....)n4..e..Q..Q....Z..Te....'.....Af..n.Ngf...N"..(MX.....y.....a@.+.a.."2.

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2280

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):8721
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.96734007915922
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:cOlNrds88PQ061z/R83YEh6MOiv9xwIwHBtwSRN/GwHpZ/00dD:cOlNrds8UIza3Q+oIGL/NJZ/009
                                                                                                                                                                                                                                                                                            MD5:C91DF9A1E91A8B1F29305A960BC5A3FA
                                                                                                                                                                                                                                                                                            SHA1:E1AA14FC05CB8D4E7824ED7CA72B29A3515855B3
                                                                                                                                                                                                                                                                                            SHA-256:3972AC10AB53131F0716F9DF1216280CE88EDFF95BD34D4469F7FBAD78C7BFE2
                                                                                                                                                                                                                                                                                            SHA-512:CF08F00190EE5EF04EF2B465340EA530195698638C619EB61003D7F4C7CEE1DB68F37FA8A2ACD36CD663B6E397072EFD0C84192C0D89E8CD9D466C3EDB02AB20
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...d.....p.T..!.IDATx..y.$.y.....w.;{ry..%Y.%.Bl...$1l.1`.F...i..;..........#N..|@.#..!!.D..y.ys..^..s.Y..GU....,w.;...G.........;.......@..@..@..@..@..@..@..@..@..@..@..@..@.G....?......;.K...y..?..g..\.0w..}.......5..#?"Q)Z._...Y6R_{..O.....=........'.O...w7.........X.*&..y......8..._}......K8.-...@..3?..s..o,5...}.S....8OP.zNe..l.?..c.=..; ..~..p'=..ik~.._..J.-Q..y.s3?..~.#..}<...=..W...=5....4..E..?.......u...$*!.cb...c.s......(......G....of@.7....?8:{.o5..m..D..yL.'..@O.\?......s/=...h......H!>e.=o./e.y.....}.;.x|..C....y.8..Q:VF.'U......../..._^......a...'g..y..G..`b.).{.U.!...&...-_0...m.s.i..@.,N.2.\}-.fO.................u..G4.]....I@.%......t..7.H.6qXg.Vc.....s..3.^.qjr.d..'.z..............S...=.c...D......N.hy....c...C...qXg=........9W..8..Mn..~r...o....).........>.......j....hP.B.TR..|P.....<I..q.M...".D.}..g.e...F.8...2O.~<.H...?.g...~.......F..........@Y.0}:.|.y.W....H.....:. .BM...ZC...3JF.Y<.y"O.S...>...

                                                                                                                                                                                                                                                                                            Chrome Cache Entry: 2281

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            File Type:PNG image data, 100 x 88, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):11105
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.9753014530675514
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:192:fjm/rSHFKTggBK44rNRaznwoD9eZz1yc4fLg6onMrhGpoYu28CSG5ipPJY2Lqq22:bm/rScTggw3Nk9OP4fLg6onMFGk22God
                                                                                                                                                                                                                                                                                            MD5:68E9FAC523DC2E95B9610A805989249E
                                                                                                                                                                                                                                                                                            SHA1:880A4BDEE67114F18C85F7741D326233335D204B
                                                                                                                                                                                                                                                                                            SHA-256:F04FC53A79368360F59682285DAAF3A53D3B07FF5B2A9331DD953366D7611F4C
                                                                                                                                                                                                                                                                                            SHA-512:D2AFBB44C199A5DC6CEEC695634E3678E8B8D74C36E0F800DA5306DBB5A04C4F2B1A59EBA25D1076A29AD40102771D0B823C5501A79FD38606A22094A564DE5B
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:.PNG........IHDR...d...X......ZR.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<..*.IDATx..}i..W..w..\+k....[..X.%y..-.6....l.x.g....z..zNC/..9...f.16...x./...ly.nI.....Je...{w~DDf.V.h.....H)....w...w.{A...Q...=2.R.SLK{g;.k.....o.........<x.Wc..*z<.i..D.i...:f.q.L.u....&....;......ZZ..k......../}.4.....t..D..P=......`M..)f8.4'..#.y@...u.E.2...a....+..F.. .p|......o.N%v.f#.......i...*...0)."............ W...Y#.k.`c.!...<.....[|$.=.x../........J...'=.[m..y..(.-gv..a(.E.s.0..2......AD.....$+.......{.$^...k..=F.oX.)Y.F.^.....M.....}..V".mQ..=_!{......J...C...r.^..OJ..4.Md............J..2U.@.0gH.)..wne..>....S... 7....t>....(..P.2.5.=....%...^.h...3. $.....4...q...$.....,..R.....c....qp...1....W......'hO.....+=..V..N).W*.`..6.x.-...z.Y.....S...)...1.qPR|.!...M...q....^=/.../.......m\.....|....-.s...........@k-8..u.n..".a..F....k|......!..R....dd..q.y.t.%.;_.....}8{x~n.[b...T.b}.9..o.@~z.G.......B~.....a...n.....4n......H.38.....Z..'P.........

                                                                                                                                                                                                                                                                                            \Device\Null

                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                            Process:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                                                            Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                            SSDEEP:3:8gOFjJyn:8rFjJy
                                                                                                                                                                                                                                                                                            MD5:5ADF91C8A8FF93FC99A0FA8E0EFB55FF
                                                                                                                                                                                                                                                                                            SHA1:F9A76DA0DD77CFDE37995DABE28E125B5D586CCA
                                                                                                                                                                                                                                                                                            SHA-256:9D90C44779D34C3152AB6065AD474667CCBF3B3193068CF39421F0750E418FEC
                                                                                                                                                                                                                                                                                            SHA-512:A32E554FDE18AB616BE4739D3B830DC793ADAA58CBB03E997A36A75BABA9B4C41FF8A673897AF2C07B3EEB5D3DD3BC0362662CBC275E6A3D5DC5925B996B4EB9
                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                            Reputation:unknown
                                                                                                                                                                                                                                                                                            Preview:File Not Found..

                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                            Entropy (8bit):7.44947779423579
                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                                                                                            • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                                                                            • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                                                                                            • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                                                            File name:teamviewer_Px-yDq1.exe
                                                                                                                                                                                                                                                                                            File size:1'742'072 bytes
                                                                                                                                                                                                                                                                                            MD5:e0cb873b4abc6e0650ebfcf9b7a328ff
                                                                                                                                                                                                                                                                                            SHA1:bacdeece4458ac1ee50cb505bd775588c4616b45
                                                                                                                                                                                                                                                                                            SHA256:3e6dd43ddc4d7f8b25bcfcefa639eb791e837325b92f137f61c1098ea11af0a8
                                                                                                                                                                                                                                                                                            SHA512:1ab61430ad92da86e58f3fc412317f3c1519c23ee976916e09145c6a91649b12162b75f5cc528cb65efba822736a614b669ab589df7c6cb67c3da3d53e9d45da
                                                                                                                                                                                                                                                                                            SSDEEP:24576:l4nXubIQGyxbPV0db26WJ/YENYP9nEbt24behb2GL6ddWB2YQEq:lqe3f67W52XhbTLN2cq
                                                                                                                                                                                                                                                                                            TLSH:CB85C03FF268A13EC4AA1B3245B39350597BBA61681A8C1F07FC390DCF765601E3B656
                                                                                                                                                                                                                                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                            Icon Hash:0c0c2d33ceec80aa

                                                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Entrypoint:0x4b5eec
                                                                                                                                                                                                                                                                                            Entrypoint Section:.itext
                                                                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                            Time Stamp:0x60B88E27 [Thu Jun 3 08:09:11 2021 UTC]
                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                                                                                            OS Version Minor:1
                                                                                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                                                                                            File Version Minor:1
                                                                                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                            Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                                                                                                                                            Signature Issuer:CN=Domain The Net Technologies Ltd CA for Code Signing R2, O=Domain The Net Technologies Ltd, C=IL
                                                                                                                                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                                            Error Number:0
                                                                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                                                                            • 27/11/2022 10:52:06 24/11/2023 10:52:06
                                                                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                                                                            • CN=INNOVA MEDIA d.o.o., O=INNOVA MEDIA d.o.o., L=Sempeter pri Gorici, S=Goriska, C=SI
                                                                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                                                                            Thumbprint MD5:88A95CC89FF2E0928AFA5294CB9522E5
                                                                                                                                                                                                                                                                                            Thumbprint SHA-1:C011031C6E7228944060AC53BBD85486596B7464
                                                                                                                                                                                                                                                                                            Thumbprint SHA-256:83CEC634FACF7B6F23C0C3C81BFB935315DA46ECDEF851F39C50B805AC607C1E
                                                                                                                                                                                                                                                                                            Serial:21586DE7F7F20EBBBC73A3FDF4368F4B

                                                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                            add esp, FFFFFFA4h
                                                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                                                                            mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                                                                            mov eax, 004B10F0h
                                                                                                                                                                                                                                                                                            call 00007F02C460DCE5h
                                                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                            push 004B65E2h
                                                                                                                                                                                                                                                                                            push dword ptr fs:[eax]
                                                                                                                                                                                                                                                                                            mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                                                            xor edx, edx
                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                            push 004B659Eh
                                                                                                                                                                                                                                                                                            push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                                            mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                                            mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                                                                                            call 00007F02C46B040Fh
                                                                                                                                                                                                                                                                                            call 00007F02C46AFF62h
                                                                                                                                                                                                                                                                                            lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                                                            call 00007F02C4623758h
                                                                                                                                                                                                                                                                                            mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                                                            mov eax, 004C1D84h
                                                                                                                                                                                                                                                                                            call 00007F02C46088D7h
                                                                                                                                                                                                                                                                                            push 00000002h
                                                                                                                                                                                                                                                                                            push 00000000h
                                                                                                                                                                                                                                                                                            push 00000001h
                                                                                                                                                                                                                                                                                            mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                                                                                            mov dl, 01h
                                                                                                                                                                                                                                                                                            mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                                                                                                            call 00007F02C46247BFh
                                                                                                                                                                                                                                                                                            mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                                                                                            xor edx, edx
                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                            push 004B654Ah
                                                                                                                                                                                                                                                                                            push dword ptr fs:[edx]
                                                                                                                                                                                                                                                                                            mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                                                            call 00007F02C46B0497h
                                                                                                                                                                                                                                                                                            mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                                                                                            mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                                            cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                                                                                            jne 00007F02C46B6A7Ah
                                                                                                                                                                                                                                                                                            mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                                                            mov edx, 00000028h
                                                                                                                                                                                                                                                                                            call 00007F02C46250B4h
                                                                                                                                                                                                                                                                                            mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x10e00.rsrc
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x1a67000x2df8
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                            .text0x10000xb361c0xb3800False0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                            .itext0xb50000x16880x1800False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                            .data0xb70000x37a40x3800False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                            .bss0xbb0000x6de80x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                            .idata0xc20000xf360x1000False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                            .didata0xc30000x1a40x200False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                            .edata0xc40000x9a0x200False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                            .tls0xc50000x180x0False0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                            .rdata0xc60000x5d0x200False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                            .rsrc0xc70000x10e000x10e00False0.18833912037037037data3.7107626182318394IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                            RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                                                                                                                                                                                                            RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                                                                                                                                                                                                            RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                                                                                                                                                                                                            RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                                                                                                                                                                                                            RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                                                                                                                                                                                                            RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                                                                                                                                                                                                            RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                                                                                                                                                                                                            RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                                                                                                                                                                                                            RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                                                                                                                                                                                                            RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                                                                                                                                                                                                            RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                                                                                                                                                                                                            RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                                                                                                                                                                                                            RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                                                                                                                                                                                            RT_STRING0xd4e000x360data0.34375
                                                                                                                                                                                                                                                                                            RT_STRING0xd51600x260data0.3256578947368421
                                                                                                                                                                                                                                                                                            RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                                                                                                                                                                                                            RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                                                                                                                                                                                                            RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                                                                                                                                                                                                            RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                                                                                                                                                                                                            RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                                                                                                                                                                                                            RT_STRING0xd60500x374data0.4230769230769231
                                                                                                                                                                                                                                                                                            RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                                                                                                                                                                                                            RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                                                                                                                                                                                                            RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                                                                                                                                                                                                            RT_RCDATA0xd6d680x10data1.5
                                                                                                                                                                                                                                                                                            RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                                                                                                                                                                                                            RT_RCDATA0xd703c0x2cdata1.1590909090909092
                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                                                                                                                                                                                                            RT_VERSION0xd71240x584dataEnglishUnited States0.2577903682719547
                                                                                                                                                                                                                                                                                            RT_MANIFEST0xd76a80x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                                            kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                                                                                            comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                                                            version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                                                                            user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                                                                                            oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                                                                                            netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                                                                            advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                                                                                            Exports

                                                                                                                                                                                                                                                                                            NameOrdinalAddress
                                                                                                                                                                                                                                                                                            TMethodImplementationIntercept30x454060
                                                                                                                                                                                                                                                                                            __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                                                                                            dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                            Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                                                            Start time:14:19:01
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\teamviewer_Px-yDq1.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Users\user\Desktop\teamviewer_Px-yDq1.exe
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:1'742'072 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:E0CB873B4ABC6E0650EBFCF9B7A328FF
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                                            Start time:14:19:01
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-1PPH5.tmp\teamviewer_Px-yDq1.tmp" /SL5="$2042C,831488,831488,C:\Users\user\Desktop\teamviewer_Px-yDq1.exe"
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:3'206'136 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:C2A9A21C0C0BD341958033EA11684FEA
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                                                            Start time:14:19:08
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:2'457'016 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:EE66976DF0A5C903F5A718ABF3E8AC85
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                                                            Start time:14:19:09
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-O4TPE.tmp\file_Px-yDq1.tmp" /SL5="$2049E,1559708,780800,C:\Users\user\AppData\Local\Temp\is-12944.tmp\file_Px-yDq1.exe" /LANG=en /NA=Rh85hR64
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:3'014'144 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:4AFC5E8740E48A3A9DEF088703BF320F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                            Start time:14:19:41
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                                                                                                                            Imagebase:0xf50000
                                                                                                                                                                                                                                                                                            File size:1'162'856 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:BB7CF61C4E671FF05649BDA83B85FA3D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                            Start time:14:19:42
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a
                                                                                                                                                                                                                                                                                            Imagebase:0xa20000
                                                                                                                                                                                                                                                                                            File size:234'936 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                            Start time:14:19:44
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Windows\Temp\asw.4df19368a3ff7b8d\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /ga_clientid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d
                                                                                                                                                                                                                                                                                            Imagebase:0xcc0000
                                                                                                                                                                                                                                                                                            File size:1'441'080 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:3817B172EA2CEF28D73F746A40F3B275
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                            Start time:14:19:47
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Downloads\teamviewer.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Downloads\teamviewer.exe"
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:43'363'312 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:D9CC2F111B059473F9AAEA203B42104F
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                            Start time:14:19:47
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://download.it/?typ=1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                                            Start time:14:19:48
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                                            Start time:14:19:48
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1848,i,17643070967775352318,13633463432469469210,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                                            File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                            Start time:14:19:50
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:42'543'224 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:2E185F8A6622BC3062254F6F195ACC81
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                            Start time:14:20:01
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\schtasks /Create /TN TVInstallRestore /TR "\"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe\" /RESTORE" /RU SYSTEM /SC ONLOGON /F
                                                                                                                                                                                                                                                                                            Imagebase:0x8c0000
                                                                                                                                                                                                                                                                                            File size:187'904 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                                                            Start time:14:20:02
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                                                            Start time:14:20:03
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE
                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                            File size:42'543'224 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:2E185F8A6622BC3062254F6F195ACC81
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                            • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                                                            Start time:14:20:03
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\icarus-info.xml /install /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff792c50000
                                                                                                                                                                                                                                                                                            File size:7'344'064 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:A87978C382EABC0165DB0C7EDC5797B2
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                                                            Start time:14:20:06
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-NG6P0.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7c0e30000
                                                                                                                                                                                                                                                                                            File size:29'187'936 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:58EB889F91B5133D5DB88612CA6E5887
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                                                            Start time:14:20:08
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
                                                                                                                                                                                                                                                                                            Imagebase:0x8c0000
                                                                                                                                                                                                                                                                                            File size:187'904 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                                                            Start time:14:20:09
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                                                            Start time:14:20:11
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files\McAfee\Temp1463644285\installer.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\McAfee\Temp1463644285\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7483c0000
                                                                                                                                                                                                                                                                                            File size:2'526'888 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:38F970B5919FA4F8174F559A91003924
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                                                            Start time:14:20:15
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av-vps\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av-vps_slave_ep_6915cd01-f335-499e-a29d-757d63acfb1b /slave:avg-av-vps
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff70d160000
                                                                                                                                                                                                                                                                                            File size:7'344'064 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:9A20D03282B552AAE11F3EBB5C6FE6EC
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                                                            Start time:14:20:15
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\Temp\asw-d32a2635-c851-452c-aa59-ba2bf2eaf936\avg-av\icarus.exe /silent /ws /psh:92pTtVrLghUeCvdojMeTy11lm0W8pIensAFEftQoS53IBBWRfoL5UB5tIfnOPzD9C77LA6CXbKiz8a /cookie:mmm_irs_ppi_902_451_o /track-guid:1f15a32c-af32-4c12-8a6e-e0cb84560a73 /edat_dir:C:\Windows\Temp\asw.4df19368a3ff7b8d /er_master:master_ep_f6bc39ab-1ada-4f12-9ea9-51a8d0166d8e /er_ui:ui_ep_374b7ed1-35ff-4559-b982-159ef69305ce /er_slave:avg-av_slave_ep_537920d1-4dd7-45ea-821e-f08dd4afa430 /slave:avg-av
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff711000000
                                                                                                                                                                                                                                                                                            File size:7'344'064 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:A87978C382EABC0165DB0C7EDC5797B2
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                                                            Start time:14:20:27
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\schtasks /Delete /TN TVInstallRestore /F
                                                                                                                                                                                                                                                                                            Imagebase:0x8c0000
                                                                                                                                                                                                                                                                                            File size:187'904 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                                                            Start time:14:20:27
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                                                                            Start time:14:20:37
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff64db60000
                                                                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                                                                            Start time:14:20:37
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                                                            Start time:14:20:37
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f93e0000
                                                                                                                                                                                                                                                                                            File size:25'088 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                                                            Start time:14:20:37
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline: /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
                                                                                                                                                                                                                                                                                            Imagebase:0x2c0000
                                                                                                                                                                                                                                                                                            File size:20'992 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                                                            Start time:14:20:38
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff64db60000
                                                                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                                                            Start time:14:20:38
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                                                                            Start time:14:20:38
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f93e0000
                                                                                                                                                                                                                                                                                            File size:25'088 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                                                                                                            Start time:14:20:38
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff64db60000
                                                                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                                                                                                            Start time:14:20:38
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                                                                                                            Start time:14:20:46
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f93e0000
                                                                                                                                                                                                                                                                                            File size:25'088 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                                                                                                            Start time:14:20:46
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:sc.exe start "McAfee WebAdvisor"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff64db60000
                                                                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:41
                                                                                                                                                                                                                                                                                            Start time:14:20:46
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                                                                                                            Start time:14:20:46
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                            Commandline: /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
                                                                                                                                                                                                                                                                                            Imagebase:0x2c0000
                                                                                                                                                                                                                                                                                            File size:20'992 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                                                                                                            Start time:14:20:46
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:882'136 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:786DA7AE2B6CCFE4A6A15675EE687036
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                                                                                                            Start time:14:20:46
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6f93e0000
                                                                                                                                                                                                                                                                                            File size:25'088 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                                                                                                            Start time:14:20:51
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files\McAfee\WebAdvisor\uihost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6499e0000
                                                                                                                                                                                                                                                                                            File size:855'520 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:12AC81D29928BF8B46E49A97AA9863C8
                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                                                                                                            Start time:14:20:52
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff795e70000
                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                                                                                                            Start time:14:20:52
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                                                                                                            Start time:14:21:02
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Program Files\McAfee\WebAdvisor\updater.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\McAfee\WebAdvisor\updater.exe"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff6da860000
                                                                                                                                                                                                                                                                                            File size:2'510'216 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:58F4650AC344EFBBD2F4D1EEE6076FC4
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:49
                                                                                                                                                                                                                                                                                            Start time:14:21:02
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff795e70000
                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:50
                                                                                                                                                                                                                                                                                            Start time:14:21:02
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:51
                                                                                                                                                                                                                                                                                            Start time:14:21:03
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c IF EXIST "C:\Program Files\McAfee\WebAdvisor\Download" ( DEL "C:\Program Files\McAfee\WebAdvisor\Download\*.bak" )
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff795e70000
                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:52
                                                                                                                                                                                                                                                                                            Start time:14:21:03
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:53
                                                                                                                                                                                                                                                                                            Start time:14:21:03
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c DEL "C:\Program Files\McAfee\WebAdvisor\*.tmp"
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff795e70000
                                                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                            Target ID:54
                                                                                                                                                                                                                                                                                            Start time:14:21:04
                                                                                                                                                                                                                                                                                            Start date:27/10/2023
                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                              Execution Coverage:16.6%
                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                              Signature Coverage:23%
                                                                                                                                                                                                                                                                                              Total number of Nodes:1288
                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:29
                                                                                                                                                                                                                                                                                              execution_graph 3601 4027c1 3615 402a1d 3601->3615 3603 4027c7 3604 402802 3603->3604 3605 4027eb 3603->3605 3610 4026a6 3603->3610 3608 402818 3604->3608 3609 40280c 3604->3609 3606 4027f0 3605->3606 3607 4027ff 3605->3607 3618 405cf9 lstrcpynA 3606->3618 3607->3610 3619 405c57 wsprintfA 3607->3619 3612 405d1b 18 API calls 3608->3612 3611 402a1d 18 API calls 3609->3611 3611->3607 3612->3607 3616 405d1b 18 API calls 3615->3616 3617 402a31 3616->3617 3617->3603 3618->3610 3619->3610 3620 401cc2 3621 402a1d 18 API calls 3620->3621 3622 401cd2 SetWindowLongA 3621->3622 3623 4028cf 3622->3623 3624 401a43 3625 402a1d 18 API calls 3624->3625 3626 401a49 3625->3626 3627 402a1d 18 API calls 3626->3627 3628 4019f3 3627->3628 3207 401e44 3208 402a3a 18 API calls 3207->3208 3209 401e4a 3208->3209 3210 404f12 25 API calls 3209->3210 3211 401e54 3210->3211 3223 40548a CreateProcessA 3211->3223 3213 401e5a 3214 4026a6 3213->3214 3215 401eb0 CloseHandle 3213->3215 3216 401e79 WaitForSingleObject 3213->3216 3226 4060ce 3213->3226 3215->3214 3216->3213 3217 401e87 GetExitCodeProcess 3216->3217 3219 401ea4 3217->3219 3220 401e99 3217->3220 3219->3215 3221 401ea2 3219->3221 3230 405c57 wsprintfA 3220->3230 3221->3215 3224 4054c9 3223->3224 3225 4054bd CloseHandle 3223->3225 3224->3213 3225->3224 3227 4060eb PeekMessageA 3226->3227 3228 4060e1 DispatchMessageA 3227->3228 3229 4060fb 3227->3229 3228->3227 3229->3216 3230->3221 3629 402644 3630 40264a 3629->3630 3631 402652 FindClose 3630->3631 3632 4028cf 3630->3632 3631->3632 3633 406344 3634 4061c8 3633->3634 3635 406b33 3634->3635 3636 406252 GlobalAlloc 3634->3636 3637 406249 GlobalFree 3634->3637 3638 4062c0 GlobalFree 3634->3638 3639 4062c9 GlobalAlloc 3634->3639 3636->3634 3636->3635 3637->3636 3638->3639 3639->3634 3639->3635 3640 4026c6 3641 402a3a 18 API calls 3640->3641 3642 4026d4 3641->3642 3643 4026ea 3642->3643 3644 402a3a 18 API calls 3642->3644 3645 405947 2 API calls 3643->3645 3644->3643 3646 4026f0 3645->3646 3668 40596c GetFileAttributesA CreateFileA 3646->3668 3648 4026fd 3649 4027a0 3648->3649 3650 402709 GlobalAlloc 3648->3650 3653 4027a8 DeleteFileA 3649->3653 3654 4027bb 3649->3654 3651 402722 3650->3651 3652 402797 CloseHandle 3650->3652 3669 403091 SetFilePointer 3651->3669 3652->3649 3653->3654 3656 402728 3657 40307b ReadFile 3656->3657 3658 402731 GlobalAlloc 3657->3658 3659 402741 3658->3659 3660 402775 3658->3660 3662 402e9f 36 API calls 3659->3662 3661 405a13 WriteFile 3660->3661 3663 402781 GlobalFree 3661->3663 3667 40274e 3662->3667 3664 402e9f 36 API calls 3663->3664 3665 402794 3664->3665 3665->3652 3666 40276c GlobalFree 3666->3660 3667->3666 3668->3648 3669->3656 3670 402847 3671 402a1d 18 API calls 3670->3671 3672 40284d 3671->3672 3673 4026a6 3672->3673 3674 40287e 3672->3674 3676 40285b 3672->3676 3674->3673 3675 405d1b 18 API calls 3674->3675 3675->3673 3676->3673 3678 405c57 wsprintfA 3676->3678 3678->3673 3679 4022c7 3680 402a3a 18 API calls 3679->3680 3681 4022d8 3680->3681 3682 402a3a 18 API calls 3681->3682 3683 4022e1 3682->3683 3684 402a3a 18 API calls 3683->3684 3685 4022eb GetPrivateProfileStringA 3684->3685 3696 405050 3697 405072 GetDlgItem GetDlgItem GetDlgItem 3696->3697 3698 4051fb 3696->3698 3741 403f13 SendMessageA 3697->3741 3700 405203 GetDlgItem CreateThread CloseHandle 3698->3700 3701 40522b 3698->3701 3700->3701 3703 405259 3701->3703 3704 405241 ShowWindow ShowWindow 3701->3704 3705 40527a 3701->3705 3702 4050e2 3711 4050e9 GetClientRect GetSystemMetrics SendMessageA SendMessageA 3702->3711 3706 4052b4 3703->3706 3708 405269 3703->3708 3709 40528d ShowWindow 3703->3709 3746 403f13 SendMessageA 3704->3746 3750 403f45 3705->3750 3706->3705 3712 4052c1 SendMessageA 3706->3712 3747 403eb7 3708->3747 3715 4052ad 3709->3715 3716 40529f 3709->3716 3717 405157 3711->3717 3718 40513b SendMessageA SendMessageA 3711->3718 3714 405286 3712->3714 3719 4052da CreatePopupMenu 3712->3719 3723 403eb7 SendMessageA 3715->3723 3722 404f12 25 API calls 3716->3722 3720 40516a 3717->3720 3721 40515c SendMessageA 3717->3721 3718->3717 3724 405d1b 18 API calls 3719->3724 3742 403ede 3720->3742 3721->3720 3722->3715 3723->3706 3726 4052ea AppendMenuA 3724->3726 3728 405308 GetWindowRect 3726->3728 3729 40531b TrackPopupMenu 3726->3729 3727 40517a 3730 405183 ShowWindow 3727->3730 3731 4051b7 GetDlgItem SendMessageA 3727->3731 3728->3729 3729->3714 3732 405337 3729->3732 3733 4051a6 3730->3733 3734 405199 ShowWindow 3730->3734 3731->3714 3735 4051de SendMessageA SendMessageA 3731->3735 3736 405356 SendMessageA 3732->3736 3745 403f13 SendMessageA 3733->3745 3734->3733 3735->3714 3736->3736 3737 405373 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3736->3737 3739 405395 SendMessageA 3737->3739 3739->3739 3740 4053b7 GlobalUnlock SetClipboardData CloseClipboard 3739->3740 3740->3714 3741->3702 3743 405d1b 18 API calls 3742->3743 3744 403ee9 SetDlgItemTextA 3743->3744 3744->3727 3745->3731 3746->3703 3748 403ec4 SendMessageA 3747->3748 3749 403ebe 3747->3749 3748->3705 3749->3748 3751 403f5d GetWindowLongA 3750->3751 3761 403fe6 3750->3761 3752 403f6e 3751->3752 3751->3761 3753 403f80 3752->3753 3754 403f7d GetSysColor 3752->3754 3755 403f90 SetBkMode 3753->3755 3756 403f86 SetTextColor 3753->3756 3754->3753 3757 403fa8 GetSysColor 3755->3757 3758 403fae 3755->3758 3756->3755 3757->3758 3759 403fb5 SetBkColor 3758->3759 3760 403fbf 3758->3760 3759->3760 3760->3761 3762 403fd2 DeleteObject 3760->3762 3763 403fd9 CreateBrushIndirect 3760->3763 3761->3714 3762->3763 3763->3761 3061 401751 3062 402a3a 18 API calls 3061->3062 3063 401758 3062->3063 3064 401776 3063->3064 3065 40177e 3063->3065 3121 405cf9 lstrcpynA 3064->3121 3122 405cf9 lstrcpynA 3065->3122 3068 40177c 3072 405f64 5 API calls 3068->3072 3069 401789 3123 40576b lstrlenA CharPrevA 3069->3123 3092 40179b 3072->3092 3076 4017b2 CompareFileTime 3076->3092 3077 401876 3079 404f12 25 API calls 3077->3079 3078 40184d 3080 404f12 25 API calls 3078->3080 3089 401862 3078->3089 3082 401880 3079->3082 3080->3089 3081 405cf9 lstrcpynA 3081->3092 3100 402e9f 3082->3100 3085 4018a7 SetFileTime 3086 4018b9 FindCloseChangeNotification 3085->3086 3088 4018ca 3086->3088 3086->3089 3087 405d1b 18 API calls 3087->3092 3090 4018e2 3088->3090 3091 4018cf 3088->3091 3094 405d1b 18 API calls 3090->3094 3093 405d1b 18 API calls 3091->3093 3092->3076 3092->3077 3092->3078 3092->3081 3092->3087 3099 40596c GetFileAttributesA CreateFileA 3092->3099 3126 405ffd FindFirstFileA 3092->3126 3129 405947 GetFileAttributesA 3092->3129 3132 4054ef 3092->3132 3096 4018d7 lstrcatA 3093->3096 3097 4018ea 3094->3097 3096->3097 3098 4054ef MessageBoxIndirectA 3097->3098 3098->3089 3099->3092 3102 402eb5 3100->3102 3101 402ee0 3136 40307b 3101->3136 3102->3101 3148 403091 SetFilePointer 3102->3148 3106 40301b 3108 40301f 3106->3108 3113 403037 3106->3113 3107 402efd GetTickCount 3117 402f10 3107->3117 3110 40307b ReadFile 3108->3110 3109 401893 3109->3085 3109->3086 3110->3109 3111 40307b ReadFile 3111->3113 3112 40307b ReadFile 3112->3117 3113->3109 3113->3111 3114 405a13 WriteFile 3113->3114 3114->3113 3116 402f76 GetTickCount 3116->3117 3117->3109 3117->3112 3117->3116 3118 402f9f MulDiv wsprintfA 3117->3118 3139 406195 3117->3139 3146 405a13 WriteFile 3117->3146 3119 404f12 25 API calls 3118->3119 3119->3117 3121->3068 3122->3069 3124 40178f lstrcatA 3123->3124 3125 405785 lstrcatA 3123->3125 3124->3068 3125->3124 3127 406013 FindClose 3126->3127 3128 40601e 3126->3128 3127->3128 3128->3092 3130 405966 3129->3130 3131 405959 SetFileAttributesA 3129->3131 3130->3092 3131->3130 3133 405504 3132->3133 3134 405550 3133->3134 3135 405518 MessageBoxIndirectA 3133->3135 3134->3092 3135->3134 3149 4059e4 ReadFile 3136->3149 3140 4061c2 3139->3140 3141 4061ba 3139->3141 3140->3141 3142 406252 GlobalAlloc 3140->3142 3143 406249 GlobalFree 3140->3143 3144 4062c0 GlobalFree 3140->3144 3145 4062c9 GlobalAlloc 3140->3145 3141->3117 3142->3140 3142->3141 3143->3142 3144->3145 3145->3140 3145->3141 3147 405a31 3146->3147 3147->3117 3148->3101 3150 402eeb 3149->3150 3150->3106 3150->3107 3150->3109 3764 401651 3765 402a3a 18 API calls 3764->3765 3766 401657 3765->3766 3767 405ffd 2 API calls 3766->3767 3768 40165d 3767->3768 3769 401951 3770 402a1d 18 API calls 3769->3770 3771 401958 3770->3771 3772 402a1d 18 API calls 3771->3772 3773 401962 3772->3773 3774 402a3a 18 API calls 3773->3774 3775 40196b 3774->3775 3776 40197e lstrlenA 3775->3776 3777 4019b9 3775->3777 3778 401988 3776->3778 3778->3777 3782 405cf9 lstrcpynA 3778->3782 3780 4019a2 3780->3777 3781 4019af lstrlenA 3780->3781 3781->3777 3782->3780 3783 4019d2 3784 402a3a 18 API calls 3783->3784 3785 4019d9 3784->3785 3786 402a3a 18 API calls 3785->3786 3787 4019e2 3786->3787 3788 4019e9 lstrcmpiA 3787->3788 3789 4019fb lstrcmpA 3787->3789 3790 4019ef 3788->3790 3789->3790 3791 4021d2 3792 402a3a 18 API calls 3791->3792 3793 4021d8 3792->3793 3794 402a3a 18 API calls 3793->3794 3795 4021e1 3794->3795 3796 402a3a 18 API calls 3795->3796 3797 4021ea 3796->3797 3798 405ffd 2 API calls 3797->3798 3799 4021f3 3798->3799 3800 402204 lstrlenA lstrlenA 3799->3800 3804 4021f7 3799->3804 3802 404f12 25 API calls 3800->3802 3801 404f12 25 API calls 3805 4021ff 3801->3805 3803 402240 SHFileOperationA 3802->3803 3803->3804 3803->3805 3804->3801 3804->3805 3806 402254 3807 40225b 3806->3807 3810 40226e 3806->3810 3808 405d1b 18 API calls 3807->3808 3809 402268 3808->3809 3811 4054ef MessageBoxIndirectA 3809->3811 3811->3810 3812 4042d5 3813 4042e5 3812->3813 3814 40430b 3812->3814 3815 403ede 19 API calls 3813->3815 3816 403f45 8 API calls 3814->3816 3817 4042f2 SetDlgItemTextA 3815->3817 3818 404317 3816->3818 3817->3814 3819 4014d6 3820 402a1d 18 API calls 3819->3820 3821 4014dc Sleep 3820->3821 3823 4028cf 3821->3823 3231 4030d9 SetErrorMode GetVersion 3232 403110 3231->3232 3233 403116 3231->3233 3234 406092 5 API calls 3232->3234 3235 406024 3 API calls 3233->3235 3234->3233 3236 40312c lstrlenA 3235->3236 3236->3233 3237 40313b 3236->3237 3238 406092 5 API calls 3237->3238 3239 403143 3238->3239 3240 406092 5 API calls 3239->3240 3241 40314a #17 OleInitialize SHGetFileInfoA 3240->3241 3319 405cf9 lstrcpynA 3241->3319 3243 403187 GetCommandLineA 3320 405cf9 lstrcpynA 3243->3320 3245 403199 GetModuleHandleA 3246 4031b0 3245->3246 3247 405796 CharNextA 3246->3247 3248 4031c4 CharNextA 3247->3248 3253 4031d4 3248->3253 3249 40329e 3250 4032b1 GetTempPathA 3249->3250 3321 4030a8 3250->3321 3252 4032c9 3254 403323 DeleteFileA 3252->3254 3255 4032cd GetWindowsDirectoryA lstrcatA 3252->3255 3253->3249 3256 405796 CharNextA 3253->3256 3261 4032a0 3253->3261 3331 402c66 GetTickCount GetModuleFileNameA 3254->3331 3258 4030a8 12 API calls 3255->3258 3256->3253 3260 4032e9 3258->3260 3259 403337 3262 4033d1 ExitProcess OleUninitialize 3259->3262 3265 4033bd 3259->3265 3270 405796 CharNextA 3259->3270 3260->3254 3264 4032ed GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3260->3264 3416 405cf9 lstrcpynA 3261->3416 3266 403505 3262->3266 3267 4033e7 3262->3267 3268 4030a8 12 API calls 3264->3268 3359 403679 3265->3359 3272 403587 ExitProcess 3266->3272 3273 40350d GetCurrentProcess OpenProcessToken 3266->3273 3271 4054ef MessageBoxIndirectA 3267->3271 3274 40331b 3268->3274 3276 403352 3270->3276 3278 4033f5 ExitProcess 3271->3278 3279 403558 3273->3279 3280 403528 LookupPrivilegeValueA AdjustTokenPrivileges 3273->3280 3274->3254 3274->3262 3282 403398 3276->3282 3283 4033fd 3276->3283 3281 406092 5 API calls 3279->3281 3280->3279 3284 40355f 3281->3284 3417 405859 3282->3417 3286 405472 5 API calls 3283->3286 3285 403574 ExitWindowsEx 3284->3285 3288 403580 3284->3288 3285->3272 3285->3288 3289 403402 lstrcatA 3286->3289 3439 40140b 3288->3439 3292 403413 lstrcatA 3289->3292 3293 40341e lstrcatA lstrcmpiA 3289->3293 3292->3293 3293->3262 3294 40343a 3293->3294 3296 403446 3294->3296 3297 40343f 3294->3297 3301 405455 2 API calls 3296->3301 3299 4053d8 4 API calls 3297->3299 3298 4033b2 3432 405cf9 lstrcpynA 3298->3432 3302 403444 3299->3302 3303 40344b SetCurrentDirectoryA 3301->3303 3302->3303 3304 403465 3303->3304 3305 40345a 3303->3305 3434 405cf9 lstrcpynA 3304->3434 3433 405cf9 lstrcpynA 3305->3433 3308 405d1b 18 API calls 3309 4034a4 DeleteFileA 3308->3309 3310 4034b1 CopyFileA 3309->3310 3316 403473 3309->3316 3310->3316 3311 4034f9 3312 405bb4 38 API calls 3311->3312 3314 403500 3312->3314 3314->3262 3315 405d1b 18 API calls 3315->3316 3316->3308 3316->3311 3316->3315 3317 40548a 2 API calls 3316->3317 3318 4034e5 CloseHandle 3316->3318 3435 405bb4 MoveFileExA 3316->3435 3317->3316 3318->3316 3319->3243 3320->3245 3322 405f64 5 API calls 3321->3322 3323 4030b4 3322->3323 3324 4030be 3323->3324 3325 40576b 3 API calls 3323->3325 3324->3252 3326 4030c6 3325->3326 3327 405455 2 API calls 3326->3327 3328 4030cc 3327->3328 3442 40599b 3328->3442 3446 40596c GetFileAttributesA CreateFileA 3331->3446 3333 402ca6 3352 402cb6 3333->3352 3447 405cf9 lstrcpynA 3333->3447 3335 402ccc 3448 4057b2 lstrlenA 3335->3448 3339 402cdd GetFileSize 3340 402dd9 3339->3340 3358 402cf4 3339->3358 3453 402c02 3340->3453 3342 402de2 3344 402e12 GlobalAlloc 3342->3344 3342->3352 3465 403091 SetFilePointer 3342->3465 3343 40307b ReadFile 3343->3358 3464 403091 SetFilePointer 3344->3464 3347 402e45 3349 402c02 6 API calls 3347->3349 3348 402e2d 3351 402e9f 36 API calls 3348->3351 3349->3352 3350 402dfb 3353 40307b ReadFile 3350->3353 3356 402e39 3351->3356 3352->3259 3355 402e06 3353->3355 3354 402c02 6 API calls 3354->3358 3355->3344 3355->3352 3356->3352 3356->3356 3357 402e76 SetFilePointer 3356->3357 3357->3352 3358->3340 3358->3343 3358->3347 3358->3352 3358->3354 3360 406092 5 API calls 3359->3360 3361 40368d 3360->3361 3362 403693 3361->3362 3363 4036a5 3361->3363 3475 405c57 wsprintfA 3362->3475 3364 405be0 3 API calls 3363->3364 3365 4036d0 3364->3365 3367 4036ee lstrcatA 3365->3367 3369 405be0 3 API calls 3365->3369 3368 4036a3 3367->3368 3466 40393e 3368->3466 3369->3367 3372 405859 18 API calls 3373 403720 3372->3373 3374 4037a9 3373->3374 3376 405be0 3 API calls 3373->3376 3375 405859 18 API calls 3374->3375 3377 4037af 3375->3377 3378 40374c 3376->3378 3379 4037bf LoadImageA 3377->3379 3380 405d1b 18 API calls 3377->3380 3378->3374 3383 403768 lstrlenA 3378->3383 3386 405796 CharNextA 3378->3386 3381 403865 3379->3381 3382 4037e6 RegisterClassA 3379->3382 3380->3379 3385 40140b 2 API calls 3381->3385 3384 40381c SystemParametersInfoA CreateWindowExA 3382->3384 3393 4033cd 3382->3393 3387 403776 lstrcmpiA 3383->3387 3388 40379c 3383->3388 3384->3381 3392 40386b 3385->3392 3390 403766 3386->3390 3387->3388 3391 403786 GetFileAttributesA 3387->3391 3389 40576b 3 API calls 3388->3389 3395 4037a2 3389->3395 3390->3383 3396 403792 3391->3396 3392->3393 3394 40393e 19 API calls 3392->3394 3393->3262 3397 40387c 3394->3397 3476 405cf9 lstrcpynA 3395->3476 3396->3388 3399 4057b2 2 API calls 3396->3399 3400 403888 ShowWindow 3397->3400 3401 40390b 3397->3401 3399->3388 3403 406024 3 API calls 3400->3403 3477 404fe4 OleInitialize 3401->3477 3405 4038a0 3403->3405 3404 403911 3406 403915 3404->3406 3407 40392d 3404->3407 3408 4038ae GetClassInfoA 3405->3408 3410 406024 3 API calls 3405->3410 3406->3393 3413 40140b 2 API calls 3406->3413 3409 40140b 2 API calls 3407->3409 3411 4038c2 GetClassInfoA RegisterClassA 3408->3411 3412 4038d8 DialogBoxParamA 3408->3412 3409->3393 3410->3408 3411->3412 3414 40140b 2 API calls 3412->3414 3413->3393 3415 403900 3414->3415 3415->3393 3416->3250 3492 405cf9 lstrcpynA 3417->3492 3419 40586a 3420 405804 4 API calls 3419->3420 3421 405870 3420->3421 3422 4033a3 3421->3422 3423 405f64 5 API calls 3421->3423 3422->3262 3431 405cf9 lstrcpynA 3422->3431 3429 405880 3423->3429 3424 4058ab lstrlenA 3425 4058b6 3424->3425 3424->3429 3426 40576b 3 API calls 3425->3426 3428 4058bb GetFileAttributesA 3426->3428 3427 405ffd 2 API calls 3427->3429 3428->3422 3429->3422 3429->3424 3429->3427 3430 4057b2 2 API calls 3429->3430 3430->3424 3431->3298 3432->3265 3433->3304 3434->3316 3436 405bc8 3435->3436 3438 405bd5 3435->3438 3493 405a42 lstrcpyA 3436->3493 3438->3316 3440 401389 2 API calls 3439->3440 3441 401420 3440->3441 3441->3272 3443 4059a6 GetTickCount GetTempFileNameA 3442->3443 3444 4030d7 3443->3444 3445 4059d3 3443->3445 3444->3252 3445->3443 3445->3444 3446->3333 3447->3335 3449 4057bf 3448->3449 3450 402cd2 3449->3450 3451 4057c4 CharPrevA 3449->3451 3452 405cf9 lstrcpynA 3450->3452 3451->3449 3451->3450 3452->3339 3454 402c23 3453->3454 3455 402c0b 3453->3455 3458 402c33 GetTickCount 3454->3458 3459 402c2b 3454->3459 3456 402c14 DestroyWindow 3455->3456 3457 402c1b 3455->3457 3456->3457 3457->3342 3461 402c41 CreateDialogParamA ShowWindow 3458->3461 3462 402c64 3458->3462 3460 4060ce 2 API calls 3459->3460 3463 402c31 3460->3463 3461->3462 3462->3342 3463->3342 3464->3348 3465->3350 3467 403952 3466->3467 3484 405c57 wsprintfA 3467->3484 3469 4039c3 3470 405d1b 18 API calls 3469->3470 3471 4039cf SetWindowTextA 3470->3471 3472 4036fe 3471->3472 3473 4039eb 3471->3473 3472->3372 3473->3472 3474 405d1b 18 API calls 3473->3474 3474->3473 3475->3368 3476->3374 3485 403f2a 3477->3485 3479 405007 3483 40502e 3479->3483 3488 401389 3479->3488 3480 403f2a SendMessageA 3481 405040 OleUninitialize 3480->3481 3481->3404 3483->3480 3484->3469 3486 403f42 3485->3486 3487 403f33 SendMessageA 3485->3487 3486->3479 3487->3486 3490 401390 3488->3490 3489 4013fe 3489->3479 3490->3489 3491 4013cb MulDiv SendMessageA 3490->3491 3491->3490 3492->3419 3494 405a90 GetShortPathNameA 3493->3494 3495 405a6a 3493->3495 3497 405aa5 3494->3497 3498 405baf 3494->3498 3520 40596c GetFileAttributesA CreateFileA 3495->3520 3497->3498 3500 405aad wsprintfA 3497->3500 3498->3438 3499 405a74 CloseHandle GetShortPathNameA 3499->3498 3501 405a88 3499->3501 3502 405d1b 18 API calls 3500->3502 3501->3494 3501->3498 3503 405ad5 3502->3503 3521 40596c GetFileAttributesA CreateFileA 3503->3521 3505 405ae2 3505->3498 3506 405af1 GetFileSize GlobalAlloc 3505->3506 3507 405b13 3506->3507 3508 405ba8 CloseHandle 3506->3508 3509 4059e4 ReadFile 3507->3509 3508->3498 3510 405b1b 3509->3510 3510->3508 3522 4058d1 lstrlenA 3510->3522 3513 405b32 lstrcpyA 3515 405b54 3513->3515 3514 405b46 3516 4058d1 4 API calls 3514->3516 3517 405b8b SetFilePointer 3515->3517 3516->3515 3518 405a13 WriteFile 3517->3518 3519 405ba1 GlobalFree 3518->3519 3519->3508 3520->3499 3521->3505 3523 405912 lstrlenA 3522->3523 3524 40591a 3523->3524 3525 4058eb lstrcmpiA 3523->3525 3524->3513 3524->3514 3525->3524 3526 405909 CharNextA 3525->3526 3526->3523 3824 40155b 3825 401577 ShowWindow 3824->3825 3826 40157e 3824->3826 3825->3826 3827 40158c ShowWindow 3826->3827 3828 4028cf 3826->3828 3827->3828 3829 40255c 3830 402a1d 18 API calls 3829->3830 3836 402566 3830->3836 3831 4025d0 3832 4059e4 ReadFile 3832->3836 3833 4025d2 3838 405c57 wsprintfA 3833->3838 3835 4025e2 3835->3831 3837 4025f8 SetFilePointer 3835->3837 3836->3831 3836->3832 3836->3833 3836->3835 3837->3831 3838->3831 3839 40205e 3840 402a3a 18 API calls 3839->3840 3841 402065 3840->3841 3842 402a3a 18 API calls 3841->3842 3843 40206f 3842->3843 3844 402a3a 18 API calls 3843->3844 3845 402079 3844->3845 3846 402a3a 18 API calls 3845->3846 3847 402083 3846->3847 3848 402a3a 18 API calls 3847->3848 3849 40208d 3848->3849 3850 4020cc CoCreateInstance 3849->3850 3851 402a3a 18 API calls 3849->3851 3854 4020eb 3850->3854 3856 402193 3850->3856 3851->3850 3852 401423 25 API calls 3853 4021c9 3852->3853 3855 402173 MultiByteToWideChar 3854->3855 3854->3856 3855->3856 3856->3852 3856->3853 3857 40265e 3858 402664 3857->3858 3859 402668 FindNextFileA 3858->3859 3861 40267a 3858->3861 3860 4026b9 3859->3860 3859->3861 3863 405cf9 lstrcpynA 3860->3863 3863->3861 3864 401cde GetDlgItem GetClientRect 3865 402a3a 18 API calls 3864->3865 3866 401d0e LoadImageA SendMessageA 3865->3866 3867 401d2c DeleteObject 3866->3867 3868 4028cf 3866->3868 3867->3868 3869 401662 3870 402a3a 18 API calls 3869->3870 3871 401669 3870->3871 3872 402a3a 18 API calls 3871->3872 3873 401672 3872->3873 3874 402a3a 18 API calls 3873->3874 3875 40167b MoveFileA 3874->3875 3876 40168e 3875->3876 3882 401687 3875->3882 3877 4021c9 3876->3877 3879 405ffd 2 API calls 3876->3879 3878 401423 25 API calls 3878->3877 3880 40169d 3879->3880 3880->3877 3881 405bb4 38 API calls 3880->3881 3881->3882 3882->3878 3890 402364 3891 40236a 3890->3891 3892 402a3a 18 API calls 3891->3892 3893 40237c 3892->3893 3894 402a3a 18 API calls 3893->3894 3895 402386 RegCreateKeyExA 3894->3895 3896 4023b0 3895->3896 3897 4028cf 3895->3897 3898 4023c8 3896->3898 3899 402a3a 18 API calls 3896->3899 3901 402a1d 18 API calls 3898->3901 3903 4023d4 3898->3903 3900 4023c1 lstrlenA 3899->3900 3900->3898 3901->3903 3902 4023ef RegSetValueExA 3905 402405 RegCloseKey 3902->3905 3903->3902 3904 402e9f 36 API calls 3903->3904 3904->3902 3905->3897 3907 401dea 3908 402a3a 18 API calls 3907->3908 3909 401df0 3908->3909 3910 402a3a 18 API calls 3909->3910 3911 401df9 3910->3911 3912 402a3a 18 API calls 3911->3912 3913 401e02 3912->3913 3914 402a3a 18 API calls 3913->3914 3915 401e0b 3914->3915 3916 401423 25 API calls 3915->3916 3917 401e12 ShellExecuteA 3916->3917 3918 401e3f 3917->3918 3919 40466d 3920 404699 3919->3920 3921 40467d 3919->3921 3923 4046cc 3920->3923 3924 40469f SHGetPathFromIDListA 3920->3924 3930 4054d3 GetDlgItemTextA 3921->3930 3926 4046b6 SendMessageA 3924->3926 3927 4046af 3924->3927 3925 40468a SendMessageA 3925->3920 3926->3923 3928 40140b 2 API calls 3927->3928 3928->3926 3930->3925 3931 401eee 3932 402a3a 18 API calls 3931->3932 3933 401ef5 3932->3933 3934 406092 5 API calls 3933->3934 3935 401f04 3934->3935 3936 401f1c GlobalAlloc 3935->3936 3939 401f84 3935->3939 3937 401f30 3936->3937 3936->3939 3938 406092 5 API calls 3937->3938 3940 401f37 3938->3940 3941 406092 5 API calls 3940->3941 3942 401f41 3941->3942 3942->3939 3946 405c57 wsprintfA 3942->3946 3944 401f78 3947 405c57 wsprintfA 3944->3947 3946->3944 3947->3939 3948 4014f0 SetForegroundWindow 3949 4028cf 3948->3949 3950 403ff2 lstrcpynA lstrlenA 3956 4018f5 3957 40192c 3956->3957 3958 402a3a 18 API calls 3957->3958 3959 401931 3958->3959 3960 40559b 69 API calls 3959->3960 3961 40193a 3960->3961 3962 4024f7 3963 402a3a 18 API calls 3962->3963 3964 4024fe 3963->3964 3967 40596c GetFileAttributesA CreateFileA 3964->3967 3966 40250a 3967->3966 3968 4018f8 3969 402a3a 18 API calls 3968->3969 3970 4018ff 3969->3970 3971 4054ef MessageBoxIndirectA 3970->3971 3972 401908 3971->3972 3987 4014fe 3988 401506 3987->3988 3990 401519 3987->3990 3989 402a1d 18 API calls 3988->3989 3989->3990 3991 402b7f 3992 402b8e SetTimer 3991->3992 3995 402ba7 3991->3995 3992->3995 3993 402bfc 3994 402bc1 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3994->3993 3995->3993 3995->3994 3996 401000 3997 401037 BeginPaint GetClientRect 3996->3997 3998 40100c DefWindowProcA 3996->3998 4000 4010f3 3997->4000 4001 401179 3998->4001 4002 401073 CreateBrushIndirect FillRect DeleteObject 4000->4002 4003 4010fc 4000->4003 4002->4000 4004 401102 CreateFontIndirectA 4003->4004 4005 401167 EndPaint 4003->4005 4004->4005 4006 401112 6 API calls 4004->4006 4005->4001 4006->4005 4014 401b02 4015 402a3a 18 API calls 4014->4015 4016 401b09 4015->4016 4017 402a1d 18 API calls 4016->4017 4018 401b12 wsprintfA 4017->4018 4019 4028cf 4018->4019 4020 402482 4030 402b44 4020->4030 4022 40248c 4023 402a1d 18 API calls 4022->4023 4024 402495 4023->4024 4025 4026a6 4024->4025 4026 4024b8 RegEnumValueA 4024->4026 4027 4024ac RegEnumKeyA 4024->4027 4026->4025 4028 4024d1 RegCloseKey 4026->4028 4027->4028 4028->4025 4031 402a3a 18 API calls 4030->4031 4032 402b5d 4031->4032 4033 402b6b RegOpenKeyExA 4032->4033 4033->4022 3151 402283 3152 402291 3151->3152 3153 40228b 3151->3153 3155 402a3a 18 API calls 3152->3155 3157 4022a1 3152->3157 3154 402a3a 18 API calls 3153->3154 3154->3152 3155->3157 3156 4022af 3159 402a3a 18 API calls 3156->3159 3157->3156 3158 402a3a 18 API calls 3157->3158 3158->3156 3160 4022b8 WritePrivateProfileStringA 3159->3160 4034 401a03 4035 402a3a 18 API calls 4034->4035 4036 401a0c ExpandEnvironmentStringsA 4035->4036 4037 401a20 4036->4037 4039 401a33 4036->4039 4038 401a25 lstrcmpA 4037->4038 4037->4039 4038->4039 4040 404e86 4041 404e96 4040->4041 4042 404eaa 4040->4042 4043 404e9c 4041->4043 4052 404ef3 4041->4052 4044 404eb2 IsWindowVisible 4042->4044 4048 404ec9 4042->4048 4046 403f2a SendMessageA 4043->4046 4047 404ebf 4044->4047 4044->4052 4045 404ef8 CallWindowProcA 4049 404ea6 4045->4049 4046->4049 4053 4047dd SendMessageA 4047->4053 4048->4045 4058 40485d 4048->4058 4052->4045 4054 404800 GetMessagePos ScreenToClient SendMessageA 4053->4054 4055 40483c SendMessageA 4053->4055 4056 404834 4054->4056 4057 404839 4054->4057 4055->4056 4056->4048 4057->4055 4067 405cf9 lstrcpynA 4058->4067 4060 404870 4068 405c57 wsprintfA 4060->4068 4062 40487a 4063 40140b 2 API calls 4062->4063 4064 404883 4063->4064 4069 405cf9 lstrcpynA 4064->4069 4066 40488a 4066->4052 4067->4060 4068->4062 4069->4066 4070 402308 4071 402338 4070->4071 4072 40230d 4070->4072 4074 402a3a 18 API calls 4071->4074 4073 402b44 19 API calls 4072->4073 4075 402314 4073->4075 4076 40233f 4074->4076 4077 402a3a 18 API calls 4075->4077 4080 402355 4075->4080 4081 402a7a RegOpenKeyExA 4076->4081 4078 402325 RegDeleteValueA RegCloseKey 4077->4078 4078->4080 4088 402aa5 4081->4088 4090 402af1 4081->4090 4082 402acb RegEnumKeyA 4083 402add RegCloseKey 4082->4083 4082->4088 4084 406092 5 API calls 4083->4084 4087 402aed 4084->4087 4085 402b02 RegCloseKey 4085->4090 4086 402a7a 5 API calls 4086->4088 4089 402b1d RegDeleteKeyA 4087->4089 4087->4090 4088->4082 4088->4083 4088->4085 4088->4086 4089->4090 4090->4080 4091 402688 4092 402a3a 18 API calls 4091->4092 4093 40268f FindFirstFileA 4092->4093 4094 4026b2 4093->4094 4098 4026a2 4093->4098 4095 4026b9 4094->4095 4099 405c57 wsprintfA 4094->4099 4100 405cf9 lstrcpynA 4095->4100 4099->4095 4100->4098 3527 401389 3529 401390 3527->3529 3528 4013fe 3529->3528 3530 4013cb MulDiv SendMessageA 3529->3530 3530->3529 4101 401c8a 4102 402a1d 18 API calls 4101->4102 4103 401c90 IsWindow 4102->4103 4104 4019f3 4103->4104 4105 403a0b 4106 403a23 4105->4106 4107 403b5e 4105->4107 4106->4107 4108 403a2f 4106->4108 4109 403b6f GetDlgItem GetDlgItem 4107->4109 4114 403baf 4107->4114 4110 403a3a SetWindowPos 4108->4110 4111 403a4d 4108->4111 4112 403ede 19 API calls 4109->4112 4110->4111 4116 403a52 ShowWindow 4111->4116 4117 403a6a 4111->4117 4118 403b99 SetClassLongA 4112->4118 4113 403c09 4115 403f2a SendMessageA 4113->4115 4119 403b59 4113->4119 4114->4113 4123 401389 2 API calls 4114->4123 4144 403c1b 4115->4144 4116->4117 4120 403a72 DestroyWindow 4117->4120 4121 403a8c 4117->4121 4122 40140b 2 API calls 4118->4122 4125 403e67 4120->4125 4126 403a91 SetWindowLongA 4121->4126 4127 403aa2 4121->4127 4122->4114 4124 403be1 4123->4124 4124->4113 4128 403be5 SendMessageA 4124->4128 4125->4119 4134 403e98 ShowWindow 4125->4134 4126->4119 4131 403b19 4127->4131 4132 403aae GetDlgItem 4127->4132 4128->4119 4129 40140b 2 API calls 4129->4144 4130 403e69 DestroyWindow EndDialog 4130->4125 4133 403f45 8 API calls 4131->4133 4135 403ac1 SendMessageA IsWindowEnabled 4132->4135 4136 403ade 4132->4136 4133->4119 4134->4119 4135->4119 4135->4136 4138 403aeb 4136->4138 4139 403b32 SendMessageA 4136->4139 4140 403afe 4136->4140 4148 403ae3 4136->4148 4137 405d1b 18 API calls 4137->4144 4138->4139 4138->4148 4139->4131 4142 403b06 4140->4142 4143 403b1b 4140->4143 4141 403eb7 SendMessageA 4141->4131 4145 40140b 2 API calls 4142->4145 4146 40140b 2 API calls 4143->4146 4144->4119 4144->4129 4144->4130 4144->4137 4147 403ede 19 API calls 4144->4147 4149 403ede 19 API calls 4144->4149 4164 403da9 DestroyWindow 4144->4164 4145->4148 4146->4148 4147->4144 4148->4131 4148->4141 4150 403c96 GetDlgItem 4149->4150 4151 403cb3 ShowWindow EnableWindow 4150->4151 4152 403cab 4150->4152 4173 403f00 EnableWindow 4151->4173 4152->4151 4154 403cdd EnableWindow 4157 403cf1 4154->4157 4155 403cf6 GetSystemMenu EnableMenuItem SendMessageA 4156 403d26 SendMessageA 4155->4156 4155->4157 4156->4157 4157->4155 4174 403f13 SendMessageA 4157->4174 4175 405cf9 lstrcpynA 4157->4175 4160 403d54 lstrlenA 4161 405d1b 18 API calls 4160->4161 4162 403d65 SetWindowTextA 4161->4162 4163 401389 2 API calls 4162->4163 4163->4144 4164->4125 4165 403dc3 CreateDialogParamA 4164->4165 4165->4125 4166 403df6 4165->4166 4167 403ede 19 API calls 4166->4167 4168 403e01 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4167->4168 4169 401389 2 API calls 4168->4169 4170 403e47 4169->4170 4170->4119 4171 403e4f ShowWindow 4170->4171 4172 403f2a SendMessageA 4171->4172 4172->4125 4173->4154 4174->4157 4175->4160 4176 40488f GetDlgItem GetDlgItem 4177 4048e1 7 API calls 4176->4177 4185 404af9 4176->4185 4178 404984 DeleteObject 4177->4178 4179 404977 SendMessageA 4177->4179 4180 40498d 4178->4180 4179->4178 4181 4049c4 4180->4181 4184 405d1b 18 API calls 4180->4184 4186 403ede 19 API calls 4181->4186 4182 404c89 4188 404c93 SendMessageA 4182->4188 4189 404c9b 4182->4189 4183 404bdd 4183->4182 4192 404c36 SendMessageA 4183->4192 4219 404aec 4183->4219 4190 4049a6 SendMessageA SendMessageA 4184->4190 4185->4183 4195 4047dd 5 API calls 4185->4195 4210 404b6a 4185->4210 4187 4049d8 4186->4187 4191 403ede 19 API calls 4187->4191 4188->4189 4199 404cb4 4189->4199 4200 404cad ImageList_Destroy 4189->4200 4206 404cc4 4189->4206 4190->4180 4212 4049e6 4191->4212 4197 404c4b SendMessageA 4192->4197 4192->4219 4193 403f45 8 API calls 4198 404e7f 4193->4198 4194 404bcf SendMessageA 4194->4183 4195->4210 4196 404e33 4204 404e45 ShowWindow GetDlgItem ShowWindow 4196->4204 4196->4219 4203 404c5e 4197->4203 4201 404cbd GlobalFree 4199->4201 4199->4206 4200->4199 4201->4206 4202 404aba GetWindowLongA SetWindowLongA 4205 404ad3 4202->4205 4213 404c6f SendMessageA 4203->4213 4204->4219 4207 404af1 4205->4207 4208 404ad9 ShowWindow 4205->4208 4206->4196 4218 40485d 4 API calls 4206->4218 4223 404cff 4206->4223 4228 403f13 SendMessageA 4207->4228 4227 403f13 SendMessageA 4208->4227 4210->4183 4210->4194 4211 404a35 SendMessageA 4211->4212 4212->4202 4212->4211 4214 404ab4 4212->4214 4216 404a71 SendMessageA 4212->4216 4217 404a82 SendMessageA 4212->4217 4213->4182 4214->4202 4214->4205 4216->4212 4217->4212 4218->4223 4219->4193 4220 404e09 InvalidateRect 4220->4196 4221 404e1f 4220->4221 4229 404798 4221->4229 4222 404d2d SendMessageA 4226 404d43 4222->4226 4223->4222 4223->4226 4225 404db7 SendMessageA SendMessageA 4225->4226 4226->4220 4226->4225 4227->4219 4228->4185 4232 4046d3 4229->4232 4231 4047ad 4231->4196 4233 4046e9 4232->4233 4234 405d1b 18 API calls 4233->4234 4235 40474d 4234->4235 4236 405d1b 18 API calls 4235->4236 4237 404758 4236->4237 4238 405d1b 18 API calls 4237->4238 4239 40476e lstrlenA wsprintfA SetDlgItemTextA 4238->4239 4239->4231 2984 401f90 2985 401fa2 2984->2985 2986 402050 2984->2986 3002 402a3a 2985->3002 2989 401423 25 API calls 2986->2989 2995 4021c9 2989->2995 2990 402a3a 18 API calls 2991 401fb2 2990->2991 2992 401fc7 LoadLibraryExA 2991->2992 2993 401fba GetModuleHandleA 2991->2993 2992->2986 2994 401fd7 GetProcAddress 2992->2994 2993->2992 2993->2994 2996 402023 2994->2996 2997 401fe6 2994->2997 3011 404f12 2996->3011 3000 401ff6 2997->3000 3008 401423 2997->3008 3000->2995 3001 402044 FreeLibrary 3000->3001 3001->2995 3003 402a46 3002->3003 3022 405d1b 3003->3022 3006 401fa9 3006->2990 3009 404f12 25 API calls 3008->3009 3010 401431 3009->3010 3010->3000 3012 404f2d 3011->3012 3021 404fd0 3011->3021 3013 404f4a lstrlenA 3012->3013 3016 405d1b 18 API calls 3012->3016 3014 404f73 3013->3014 3015 404f58 lstrlenA 3013->3015 3018 404f86 3014->3018 3019 404f79 SetWindowTextA 3014->3019 3017 404f6a lstrcatA 3015->3017 3015->3021 3016->3013 3017->3014 3020 404f8c SendMessageA SendMessageA SendMessageA 3018->3020 3018->3021 3019->3018 3020->3021 3021->3000 3039 405d28 3022->3039 3023 405f4b 3024 402a67 3023->3024 3056 405cf9 lstrcpynA 3023->3056 3024->3006 3040 405f64 3024->3040 3026 405dc9 GetVersion 3026->3039 3027 405f22 lstrlenA 3027->3039 3029 405d1b 10 API calls 3029->3027 3032 405e41 GetSystemDirectoryA 3032->3039 3033 405e54 GetWindowsDirectoryA 3033->3039 3034 405f64 5 API calls 3034->3039 3035 405d1b 10 API calls 3035->3039 3036 405ecb lstrcatA 3036->3039 3037 405e88 SHGetSpecialFolderLocation 3038 405ea0 SHGetPathFromIDListA CoTaskMemFree 3037->3038 3037->3039 3038->3039 3039->3023 3039->3026 3039->3027 3039->3029 3039->3032 3039->3033 3039->3034 3039->3035 3039->3036 3039->3037 3049 405be0 RegOpenKeyExA 3039->3049 3054 405c57 wsprintfA 3039->3054 3055 405cf9 lstrcpynA 3039->3055 3041 405f70 3040->3041 3043 405fcd CharNextA 3041->3043 3044 405fd8 3041->3044 3047 405fbb CharNextA 3041->3047 3048 405fc8 CharNextA 3041->3048 3057 405796 3041->3057 3042 405fdc CharPrevA 3042->3044 3043->3041 3043->3044 3044->3042 3045 405ff7 3044->3045 3045->3006 3047->3041 3048->3043 3050 405c51 3049->3050 3051 405c13 RegQueryValueExA 3049->3051 3050->3039 3052 405c34 RegCloseKey 3051->3052 3052->3050 3054->3039 3055->3039 3056->3024 3058 40579c 3057->3058 3059 4057af 3058->3059 3060 4057a2 CharNextA 3058->3060 3059->3041 3060->3058 4240 402410 4241 402b44 19 API calls 4240->4241 4242 40241a 4241->4242 4243 402a3a 18 API calls 4242->4243 4244 402423 4243->4244 4245 40242d RegQueryValueExA 4244->4245 4249 4026a6 4244->4249 4246 402453 RegCloseKey 4245->4246 4247 40244d 4245->4247 4246->4249 4247->4246 4251 405c57 wsprintfA 4247->4251 4251->4246 4252 401490 4253 404f12 25 API calls 4252->4253 4254 401497 4253->4254 4255 406690 4259 4061c8 4255->4259 4256 406b33 4257 406252 GlobalAlloc 4257->4256 4257->4259 4258 406249 GlobalFree 4258->4257 4259->4256 4259->4257 4259->4258 4259->4259 4260 4062c0 GlobalFree 4259->4260 4261 4062c9 GlobalAlloc 4259->4261 4260->4261 4261->4256 4261->4259 4262 401595 4263 402a3a 18 API calls 4262->4263 4264 40159c SetFileAttributesA 4263->4264 4265 4015ae 4264->4265 4266 402616 4267 40261d 4266->4267 4270 40287c 4266->4270 4268 402a1d 18 API calls 4267->4268 4269 402628 4268->4269 4271 40262f SetFilePointer 4269->4271 4271->4270 4272 40263f 4271->4272 4274 405c57 wsprintfA 4272->4274 4274->4270 4275 401717 4276 402a3a 18 API calls 4275->4276 4277 40171e SearchPathA 4276->4277 4278 401739 4277->4278 4279 402519 4280 40252e 4279->4280 4281 40251e 4279->4281 4283 402a3a 18 API calls 4280->4283 4282 402a1d 18 API calls 4281->4282 4284 402527 4282->4284 4285 402535 lstrlenA 4283->4285 4286 405a13 WriteFile 4284->4286 4287 402557 4284->4287 4285->4284 4286->4287 4288 40431c 4289 404348 4288->4289 4290 404359 4288->4290 4349 4054d3 GetDlgItemTextA 4289->4349 4292 404365 GetDlgItem 4290->4292 4299 4043c4 4290->4299 4297 404379 4292->4297 4293 404353 4294 405f64 5 API calls 4293->4294 4294->4290 4295 4044a8 4298 404652 4295->4298 4351 4054d3 GetDlgItemTextA 4295->4351 4296 40438d SetWindowTextA 4301 403ede 19 API calls 4296->4301 4297->4296 4305 405804 4 API calls 4297->4305 4304 403f45 8 API calls 4298->4304 4299->4295 4299->4298 4302 405d1b 18 API calls 4299->4302 4306 4043a9 4301->4306 4307 404438 SHBrowseForFolderA 4302->4307 4303 4044d8 4308 405859 18 API calls 4303->4308 4309 404666 4304->4309 4310 404383 4305->4310 4311 403ede 19 API calls 4306->4311 4307->4295 4312 404450 CoTaskMemFree 4307->4312 4313 4044de 4308->4313 4310->4296 4316 40576b 3 API calls 4310->4316 4314 4043b7 4311->4314 4315 40576b 3 API calls 4312->4315 4352 405cf9 lstrcpynA 4313->4352 4350 403f13 SendMessageA 4314->4350 4318 40445d 4315->4318 4316->4296 4321 404494 SetDlgItemTextA 4318->4321 4325 405d1b 18 API calls 4318->4325 4320 4043bd 4323 406092 5 API calls 4320->4323 4321->4295 4322 4044f5 4324 406092 5 API calls 4322->4324 4323->4299 4332 4044fc 4324->4332 4326 40447c lstrcmpiA 4325->4326 4326->4321 4329 40448d lstrcatA 4326->4329 4327 404538 4353 405cf9 lstrcpynA 4327->4353 4329->4321 4330 40453f 4331 405804 4 API calls 4330->4331 4333 404545 GetDiskFreeSpaceA 4331->4333 4332->4327 4335 4057b2 2 API calls 4332->4335 4337 404590 4332->4337 4336 404569 MulDiv 4333->4336 4333->4337 4335->4332 4336->4337 4338 404601 4337->4338 4339 404798 21 API calls 4337->4339 4340 404624 4338->4340 4342 40140b 2 API calls 4338->4342 4341 4045ee 4339->4341 4354 403f00 EnableWindow 4340->4354 4344 404603 SetDlgItemTextA 4341->4344 4345 4045f3 4341->4345 4342->4340 4344->4338 4347 4046d3 21 API calls 4345->4347 4346 404640 4346->4298 4355 4042b1 4346->4355 4347->4338 4349->4293 4350->4320 4351->4303 4352->4322 4353->4330 4354->4346 4356 4042c4 SendMessageA 4355->4356 4357 4042bf 4355->4357 4356->4298 4357->4356 4358 40149d 4359 4014ab PostQuitMessage 4358->4359 4360 40226e 4358->4360 4359->4360 3590 40359f 3591 4035b7 3590->3591 3592 4035a9 CloseHandle 3590->3592 3597 4035e4 3591->3597 3592->3591 3595 40559b 69 API calls 3596 4035c8 3595->3596 3598 4035f2 3597->3598 3599 4035bc 3598->3599 3600 4035f7 FreeLibrary GlobalFree 3598->3600 3599->3595 3600->3599 3600->3600 4361 401b23 4362 401b30 4361->4362 4363 401b74 4361->4363 4364 401bb8 4362->4364 4369 401b47 4362->4369 4365 401b78 4363->4365 4366 401b9d GlobalAlloc 4363->4366 4368 405d1b 18 API calls 4364->4368 4374 40226e 4364->4374 4365->4374 4382 405cf9 lstrcpynA 4365->4382 4367 405d1b 18 API calls 4366->4367 4367->4364 4370 402268 4368->4370 4380 405cf9 lstrcpynA 4369->4380 4376 4054ef MessageBoxIndirectA 4370->4376 4372 401b8a GlobalFree 4372->4374 4375 401b56 4381 405cf9 lstrcpynA 4375->4381 4376->4374 4378 401b65 4383 405cf9 lstrcpynA 4378->4383 4380->4375 4381->4378 4382->4372 4383->4374 4384 404027 4385 40403d 4384->4385 4390 404149 4384->4390 4388 403ede 19 API calls 4385->4388 4386 4041b8 4387 40428c 4386->4387 4389 4041c2 GetDlgItem 4386->4389 4393 403f45 8 API calls 4387->4393 4391 404093 4388->4391 4395 4041d8 4389->4395 4396 40424a 4389->4396 4390->4386 4390->4387 4392 40418d GetDlgItem SendMessageA 4390->4392 4394 403ede 19 API calls 4391->4394 4415 403f00 EnableWindow 4392->4415 4398 404287 4393->4398 4399 4040a0 CheckDlgButton 4394->4399 4395->4396 4400 4041fe 6 API calls 4395->4400 4396->4387 4401 40425c 4396->4401 4413 403f00 EnableWindow 4399->4413 4400->4396 4404 404262 SendMessageA 4401->4404 4405 404273 4401->4405 4402 4041b3 4407 4042b1 SendMessageA 4402->4407 4404->4405 4405->4398 4406 404279 SendMessageA 4405->4406 4406->4398 4407->4386 4408 4040be GetDlgItem 4414 403f13 SendMessageA 4408->4414 4410 4040d4 SendMessageA 4411 4040f2 GetSysColor 4410->4411 4412 4040fb SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4410->4412 4411->4412 4412->4398 4413->4408 4414->4410 4415->4402 4416 401ca7 4417 402a1d 18 API calls 4416->4417 4418 401cae 4417->4418 4419 402a1d 18 API calls 4418->4419 4420 401cb6 GetDlgItem 4419->4420 4421 402513 4420->4421 3531 40192a 3532 40192c 3531->3532 3533 402a3a 18 API calls 3532->3533 3534 401931 3533->3534 3537 40559b 3534->3537 3538 405859 18 API calls 3537->3538 3539 4055bb 3538->3539 3540 4055c3 DeleteFileA 3539->3540 3541 4055da 3539->3541 3545 40193a 3540->3545 3543 405708 3541->3543 3574 405cf9 lstrcpynA 3541->3574 3543->3545 3548 405ffd 2 API calls 3543->3548 3544 405600 3546 405613 3544->3546 3547 405606 lstrcatA 3544->3547 3550 4057b2 2 API calls 3546->3550 3549 405619 3547->3549 3552 40572c 3548->3552 3551 405627 lstrcatA 3549->3551 3553 405632 lstrlenA FindFirstFileA 3549->3553 3550->3549 3551->3553 3552->3545 3554 40576b 3 API calls 3552->3554 3553->3543 3572 405656 3553->3572 3556 405736 3554->3556 3555 405796 CharNextA 3555->3572 3557 405553 5 API calls 3556->3557 3558 405742 3557->3558 3559 405746 3558->3559 3560 40575c 3558->3560 3559->3545 3565 404f12 25 API calls 3559->3565 3561 404f12 25 API calls 3560->3561 3561->3545 3562 4056e7 FindNextFileA 3564 4056ff FindClose 3562->3564 3562->3572 3564->3543 3566 405753 3565->3566 3567 405bb4 38 API calls 3566->3567 3567->3545 3569 40559b 62 API calls 3569->3572 3570 404f12 25 API calls 3570->3562 3571 404f12 25 API calls 3571->3572 3572->3555 3572->3562 3572->3569 3572->3570 3572->3571 3573 405bb4 38 API calls 3572->3573 3575 405cf9 lstrcpynA 3572->3575 3576 405553 3572->3576 3573->3572 3574->3544 3575->3572 3577 405947 2 API calls 3576->3577 3578 40555f 3577->3578 3579 405580 3578->3579 3580 405576 DeleteFileA 3578->3580 3581 40556e RemoveDirectoryA 3578->3581 3579->3572 3582 40557c 3580->3582 3581->3582 3582->3579 3583 40558c SetFileAttributesA 3582->3583 3583->3579 4429 4028aa SendMessageA 4430 4028c4 InvalidateRect 4429->4430 4431 4028cf 4429->4431 4430->4431 3161 4015b3 3162 402a3a 18 API calls 3161->3162 3163 4015ba 3162->3163 3180 405804 CharNextA CharNextA 3163->3180 3165 40161c 3167 401621 3165->3167 3168 40164a 3165->3168 3166 405796 CharNextA 3176 4015c2 3166->3176 3169 401423 25 API calls 3167->3169 3170 401423 25 API calls 3168->3170 3171 401628 3169->3171 3178 401642 3170->3178 3194 405cf9 lstrcpynA 3171->3194 3175 401633 SetCurrentDirectoryA 3175->3178 3176->3165 3176->3166 3177 401604 GetFileAttributesA 3176->3177 3186 405472 3176->3186 3189 4053d8 CreateDirectoryA 3176->3189 3195 405455 CreateDirectoryA 3176->3195 3177->3176 3181 40581f 3180->3181 3184 40582f 3180->3184 3182 40582a CharNextA 3181->3182 3181->3184 3185 40584f 3182->3185 3183 405796 CharNextA 3183->3184 3184->3183 3184->3185 3185->3176 3198 406092 GetModuleHandleA 3186->3198 3190 405425 3189->3190 3191 405429 GetLastError 3189->3191 3190->3176 3191->3190 3192 405438 SetFileSecurityA 3191->3192 3192->3190 3193 40544e GetLastError 3192->3193 3193->3190 3194->3175 3196 405465 3195->3196 3197 405469 GetLastError 3195->3197 3196->3176 3197->3196 3199 4060b8 GetProcAddress 3198->3199 3200 4060ae 3198->3200 3202 405479 3199->3202 3204 406024 GetSystemDirectoryA 3200->3204 3202->3176 3203 4060b4 3203->3199 3203->3202 3205 406046 wsprintfA LoadLibraryExA 3204->3205 3205->3203 4432 4016b3 4433 402a3a 18 API calls 4432->4433 4434 4016b9 GetFullPathNameA 4433->4434 4435 4016f1 4434->4435 4436 4016d0 4434->4436 4437 401705 GetShortPathNameA 4435->4437 4438 4028cf 4435->4438 4436->4435 4439 405ffd 2 API calls 4436->4439 4437->4438 4440 4016e1 4439->4440 4440->4435 4442 405cf9 lstrcpynA 4440->4442 4442->4435 4443 403637 4444 403642 4443->4444 4445 403646 4444->4445 4446 403649 GlobalAlloc 4444->4446 4446->4445 4454 4014b7 4455 4014bd 4454->4455 4456 401389 2 API calls 4455->4456 4457 4014c5 4456->4457 4458 401d38 GetDC GetDeviceCaps 4459 402a1d 18 API calls 4458->4459 4460 401d56 MulDiv ReleaseDC 4459->4460 4461 402a1d 18 API calls 4460->4461 4462 401d75 4461->4462 4463 405d1b 18 API calls 4462->4463 4464 401dae CreateFontIndirectA 4463->4464 4465 402513 4464->4465 3584 40173e 3585 402a3a 18 API calls 3584->3585 3586 401745 3585->3586 3587 40599b 2 API calls 3586->3587 3588 40174c 3587->3588 3589 40599b 2 API calls 3588->3589 3589->3588 4466 401ebe 4467 402a3a 18 API calls 4466->4467 4468 401ec5 4467->4468 4469 405ffd 2 API calls 4468->4469 4470 401ecb 4469->4470 4472 401edd 4470->4472 4473 405c57 wsprintfA 4470->4473 4473->4472 4474 40193f 4475 402a3a 18 API calls 4474->4475 4476 401946 lstrlenA 4475->4476 4477 402513 4476->4477

                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                              Function 004030D9 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 357stringcomfileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 0 4030d9-40310e SetErrorMode GetVersion 1 403110-403118 call 406092 0->1 2 403121 0->2 1->2 8 40311a 1->8 3 403126-403139 call 406024 lstrlenA 2->3 9 40313b-4031ae call 406092 * 2 #17 OleInitialize SHGetFileInfoA call 405cf9 GetCommandLineA call 405cf9 GetModuleHandleA 3->9 8->2 18 4031b0-4031b5 9->18 19 4031ba-4031cf call 405796 CharNextA 9->19 18->19 22 403294-403298 19->22 23 4031d4-4031d7 22->23 24 40329e 22->24 25 4031d9-4031dd 23->25 26 4031df-4031e7 23->26 27 4032b1-4032cb GetTempPathA call 4030a8 24->27 25->25 25->26 28 4031e9-4031ea 26->28 29 4031ef-4031f2 26->29 36 403323-40333d DeleteFileA call 402c66 27->36 37 4032cd-4032eb GetWindowsDirectoryA lstrcatA call 4030a8 27->37 28->29 31 403284-403291 call 405796 29->31 32 4031f8-4031fc 29->32 31->22 47 403293 31->47 34 403214-403241 32->34 35 4031fe-403204 32->35 43 403243-403249 34->43 44 403254-403282 34->44 41 403206-403208 35->41 42 40320a 35->42 52 4033d1-4033e1 ExitProcess OleUninitialize 36->52 53 403343-403349 36->53 37->36 55 4032ed-40331d GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030a8 37->55 41->34 41->42 42->34 48 40324b-40324d 43->48 49 40324f 43->49 44->31 51 4032a0-4032ac call 405cf9 44->51 47->22 48->44 48->49 49->44 51->27 58 403505-40350b 52->58 59 4033e7-4033f7 call 4054ef ExitProcess 52->59 56 4033c1-4033c8 call 403679 53->56 57 40334b-403356 call 405796 53->57 55->36 55->52 67 4033cd 56->67 74 403358-403381 57->74 75 40338c-403396 57->75 64 403587-40358f 58->64 65 40350d-403526 GetCurrentProcess OpenProcessToken 58->65 69 403591 64->69 70 403595-403599 ExitProcess 64->70 72 403558-403566 call 406092 65->72 73 403528-403552 LookupPrivilegeValueA AdjustTokenPrivileges 65->73 67->52 69->70 81 403574-40357e ExitWindowsEx 72->81 82 403568-403572 72->82 73->72 77 403383-403385 74->77 78 403398-4033a5 call 405859 75->78 79 4033fd-403411 call 405472 lstrcatA 75->79 77->75 83 403387-40338a 77->83 78->52 93 4033a7-4033bd call 405cf9 * 2 78->93 91 403413-403419 lstrcatA 79->91 92 40341e-403438 lstrcatA lstrcmpiA 79->92 81->64 86 403580-403582 call 40140b 81->86 82->81 82->86 83->75 83->77 86->64 91->92 92->52 94 40343a-40343d 92->94 93->56 96 403446 call 405455 94->96 97 40343f-403444 call 4053d8 94->97 104 40344b-403458 SetCurrentDirectoryA 96->104 97->104 105 403465-40348d call 405cf9 104->105 106 40345a-403460 call 405cf9 104->106 110 403493-4034af call 405d1b DeleteFileA 105->110 106->105 113 4034f0-4034f7 110->113 114 4034b1-4034c1 CopyFileA 110->114 113->110 115 4034f9-403500 call 405bb4 113->115 114->113 116 4034c3-4034e3 call 405bb4 call 405d1b call 40548a 114->116 115->52 116->113 125 4034e5-4034ec CloseHandle 116->125 125->113
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 004030FE
                                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 00403104
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040312D
                                                                                                                                                                                                                                                                                              • #17.COMCTL32(00000007,00000009), ref: 0040314F
                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403156
                                                                                                                                                                                                                                                                                              • SHGetFileInfoA.SHELL32(0041ECC8,00000000,?,00000160,00000000), ref: 00403172
                                                                                                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(00422F00,NSIS Error), ref: 00403187
                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Downloads\teamviewer.exe" ,00000000), ref: 0040319A
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,"C:\Users\user\Downloads\teamviewer.exe" ,00000020), ref: 004031C5
                                                                                                                                                                                                                                                                                              • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032C2
                                                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032D3
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032DF
                                                                                                                                                                                                                                                                                              • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032F3
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004032FB
                                                                                                                                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040330C
                                                                                                                                                                                                                                                                                              • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403314
                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(1033), ref: 00403328
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406092: GetModuleHandleA.KERNEL32(?,?,?,00403143,00000009), ref: 004060A4
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406092: GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?), ref: 004033D1
                                                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?), ref: 004033D6
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004033F7
                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403514
                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0040351B
                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403533
                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403552
                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403576
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403599
                                                                                                                                                                                                                                                                                                • Part of subcall function 004054EF: MessageBoxIndirectA.USER32(00409218), ref: 0040554A
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                                                                                                                                                                                                                                              • String ID: "$"C:\Users\user\Downloads\teamviewer.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\TeamViewer$C:\Users\user\Downloads$C:\Users\user\Downloads\teamviewer.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`Kt$~nsu
                                                                                                                                                                                                                                                                                              • API String ID: 3329125770-47540553
                                                                                                                                                                                                                                                                                              • Opcode ID: 4f4e7a4209cacf2233f42e90a73ac4821f0654123dbc60adf3f7537713659d44
                                                                                                                                                                                                                                                                                              • Instruction ID: e7c85c4fe1f62676e3f8a08d8ca43f8bf3783ba147aef7bb7f1979754dcbcc24
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f4e7a4209cacf2233f42e90a73ac4821f0654123dbc60adf3f7537713659d44
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7C1E5706083417AE711AF71AD8DA2B7EA8EB85306F04457FF541B61D2C77C5A05CB2E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D1B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 267 405d1b-405d26 268 405d28-405d37 267->268 269 405d39-405d4e 267->269 268->269 270 405f41-405f45 269->270 271 405d54-405d5f 269->271 273 405d71-405d7b 270->273 274 405f4b-405f55 270->274 271->270 272 405d65-405d6c 271->272 272->270 273->274 275 405d81-405d88 273->275 276 405f60-405f61 274->276 277 405f57-405f5b call 405cf9 274->277 278 405f34 275->278 279 405d8e-405dc3 275->279 277->276 281 405f36-405f3c 278->281 282 405f3e-405f40 278->282 283 405dc9-405dd4 GetVersion 279->283 284 405ede-405ee1 279->284 281->270 282->270 285 405dd6-405dda 283->285 286 405dee 283->286 287 405f11-405f14 284->287 288 405ee3-405ee6 284->288 285->286 292 405ddc-405de0 285->292 289 405df5-405dfc 286->289 290 405f22-405f32 lstrlenA 287->290 291 405f16-405f1d call 405d1b 287->291 293 405ef6-405f02 call 405cf9 288->293 294 405ee8-405ef4 call 405c57 288->294 295 405e01-405e03 289->295 296 405dfe-405e00 289->296 290->270 291->290 292->286 299 405de2-405de6 292->299 304 405f07-405f0d 293->304 294->304 302 405e05-405e28 call 405be0 295->302 303 405e3c-405e3f 295->303 296->295 299->286 305 405de8-405dec 299->305 315 405ec5-405ec9 302->315 316 405e2e-405e37 call 405d1b 302->316 308 405e41-405e4d GetSystemDirectoryA 303->308 309 405e4f-405e52 303->309 304->290 307 405f0f 304->307 305->289 311 405ed6-405edc call 405f64 307->311 312 405ec0-405ec3 308->312 313 405e54-405e62 GetWindowsDirectoryA 309->313 314 405ebc-405ebe 309->314 311->290 312->311 312->315 313->314 314->312 317 405e64-405e6e 314->317 315->311 320 405ecb-405ed1 lstrcatA 315->320 316->312 322 405e70-405e73 317->322 323 405e88-405e9e SHGetSpecialFolderLocation 317->323 320->311 322->323 327 405e75-405e7c 322->327 324 405ea0-405eb7 SHGetPathFromIDListA CoTaskMemFree 323->324 325 405eb9 323->325 324->312 324->325 325->314 328 405e84-405e86 327->328 328->312 328->323
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32(?,0041F4E8,00000000,00404F4A,0041F4E8,00000000), ref: 00405DCC
                                                                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(004226A0,00000400), ref: 00405E47
                                                                                                                                                                                                                                                                                              • GetWindowsDirectoryA.KERNEL32(004226A0,00000400), ref: 00405E5A
                                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,0040E8C0), ref: 00405E96
                                                                                                                                                                                                                                                                                              • SHGetPathFromIDListA.SHELL32(0040E8C0,004226A0), ref: 00405EA4
                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(0040E8C0), ref: 00405EAF
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(004226A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ED1
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(004226A0,?,0041F4E8,00000000,00404F4A,0041F4E8,00000000), ref: 00405F23
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • [qm, xrefs: 00405D28
                                                                                                                                                                                                                                                                                              • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405ECB
                                                                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405E16
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion$[qm$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                              • API String ID: 900638850-1566795221
                                                                                                                                                                                                                                                                                              • Opcode ID: fb8208971b7bef3eab874112c295b4c22afd955e6dbc7abb81a1d2e78964ecc6
                                                                                                                                                                                                                                                                                              • Instruction ID: 70d043a0125fa0970afc212ad974551980140434863585fcf13b89b4fbf53fe2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb8208971b7bef3eab874112c295b4c22afd955e6dbc7abb81a1d2e78964ecc6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD61F471A04A01ABDF205F64DC88B7F3BA8DB41305F50803BE941B62D0D27D4A82DF5E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040559B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 329 40559b-4055c1 call 405859 332 4055c3-4055d5 DeleteFileA 329->332 333 4055da-4055e1 329->333 334 405764-405768 332->334 335 4055e3-4055e5 333->335 336 4055f4-405604 call 405cf9 333->336 337 405712-405717 335->337 338 4055eb-4055ee 335->338 344 405613-405614 call 4057b2 336->344 345 405606-405611 lstrcatA 336->345 337->334 340 405719-40571c 337->340 338->336 338->337 342 405726-40572e call 405ffd 340->342 343 40571e-405724 340->343 342->334 353 405730-405744 call 40576b call 405553 342->353 343->334 347 405619-40561c 344->347 345->347 349 405627-40562d lstrcatA 347->349 350 40561e-405625 347->350 352 405632-405650 lstrlenA FindFirstFileA 349->352 350->349 350->352 354 405656-40566d call 405796 352->354 355 405708-40570c 352->355 368 405746-405749 353->368 369 40575c-40575f call 404f12 353->369 362 405678-40567b 354->362 363 40566f-405673 354->363 355->337 357 40570e 355->357 357->337 366 40567d-405682 362->366 367 40568e-40569c call 405cf9 362->367 363->362 365 405675 363->365 365->362 371 405684-405686 366->371 372 4056e7-4056f9 FindNextFileA 366->372 380 4056b3-4056be call 405553 367->380 381 40569e-4056a6 367->381 368->343 374 40574b-40575a call 404f12 call 405bb4 368->374 369->334 371->367 377 405688-40568c 371->377 372->354 375 4056ff-405702 FindClose 372->375 374->334 375->355 377->367 377->372 389 4056c0-4056c3 380->389 390 4056df-4056e2 call 404f12 380->390 381->372 382 4056a8-4056b1 call 40559b 381->382 382->372 391 4056c5-4056d5 call 404f12 call 405bb4 389->391 392 4056d7-4056dd 389->392 390->372 391->372 392->372
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055C4
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(00420D10,\*.*,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040560C
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040562D
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405633
                                                                                                                                                                                                                                                                                              • FindFirstFileA.KERNELBASE(00420D10,?,?,?,00409014,?,00420D10,?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405644
                                                                                                                                                                                                                                                                                              • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004056F1
                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405702
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • \*.*, xrefs: 00405606
                                                                                                                                                                                                                                                                                              • "C:\Users\user\Downloads\teamviewer.exe" , xrefs: 0040559B
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004055A8
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Downloads\teamviewer.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                                                                                                                              • API String ID: 2035342205-4272890680
                                                                                                                                                                                                                                                                                              • Opcode ID: 7603539ad9b5937c9e56f8599475f37639822dfa53d4c139a839f7a9c6ea227f
                                                                                                                                                                                                                                                                                              • Instruction ID: 44541a5d5af4c0b2911f4644f2fa5328a4f1ed3919081d24b86541679c9c03d6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7603539ad9b5937c9e56f8599475f37639822dfa53d4c139a839f7a9c6ea227f
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F51CF30804A04BADF217A658C85BBF7AB8DF82318F54847BF445761D2C73D4982EE6E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406344 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 603 406344-406349 604 4063ba-4063d8 603->604 605 40634b-40637a 603->605 606 4069b0-4069c5 604->606 607 406381-406385 605->607 608 40637c-40637f 605->608 609 4069c7-4069dd 606->609 610 4069df-4069f5 606->610 612 406387-40638b 607->612 613 40638d 607->613 611 406391-406394 608->611 616 4069f8-4069ff 609->616 610->616 614 4063b2-4063b5 611->614 615 406396-40639f 611->615 612->611 613->611 619 406587-4065a5 614->619 617 4063a1 615->617 618 4063a4-4063b0 615->618 620 406a01-406a05 616->620 621 406a26-406a32 616->621 617->618 622 40641a-406448 618->622 626 4065a7-4065bb 619->626 627 4065bd-4065cf 619->627 623 406bb4-406bbe 620->623 624 406a0b-406a23 620->624 630 4061c8-4061d1 621->630 631 406464-40647e 622->631 632 40644a-406462 622->632 629 406bca-406bdd 623->629 624->621 628 4065d2-4065dc 626->628 627->628 633 4065de 628->633 634 40657f-406585 628->634 638 406be2-406be6 629->638 635 4061d7 630->635 636 406bdf 630->636 637 406481-40648b 631->637 632->637 654 406564-40657c 633->654 655 406b66-406b70 633->655 634->619 644 406523-40652d 634->644 640 406283-406287 635->640 641 4062f3-4062f7 635->641 642 4061de-4061e2 635->642 643 40631e-40633f 635->643 636->638 645 406491 637->645 646 406402-406408 637->646 656 406b33-406b3d 640->656 657 40628d-4062a6 640->657 648 406b42-406b4c 641->648 649 4062fd-406311 641->649 642->629 647 4061e8-4061f5 642->647 643->606 650 406b72-406b7c 644->650 651 406533-4066fc 644->651 663 4063e7-4063ff 645->663 664 406b4e-406b58 645->664 652 4064bb-4064c1 646->652 653 40640e-406414 646->653 647->636 662 4061fb-406241 647->662 648->629 665 406314-40631c 649->665 650->629 651->630 660 4064c3-4064e1 652->660 661 40651f 652->661 653->622 653->661 654->634 655->629 656->629 659 4062a9-4062ad 657->659 659->640 667 4062af-4062b5 659->667 668 4064e3-4064f7 660->668 669 4064f9-40650b 660->669 661->644 670 406243-406247 662->670 671 406269-40626b 662->671 663->646 664->629 665->641 665->643 672 4062b7-4062be 667->672 673 4062df-4062f1 667->673 674 40650e-406518 668->674 669->674 675 406252-406260 GlobalAlloc 670->675 676 406249-40624c GlobalFree 670->676 677 406279-406281 671->677 678 40626d-406277 671->678 679 4062c0-4062c3 GlobalFree 672->679 680 4062c9-4062d9 GlobalAlloc 672->680 673->665 674->652 681 40651a 674->681 675->636 682 406266 675->682 676->675 677->659 678->677 678->678 679->680 680->636 680->673 684 4064a0-4064b8 681->684 685 406b5a-406b64 681->685 682->671 684->652 685->629
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: e28a8ad83f22bfe4c4d455a141f03dc38bf257c2203b46f6b1d5cba347f55b6d
                                                                                                                                                                                                                                                                                              • Instruction ID: a8746b25a1c6b49bbeafbf020c2dfcaa04563a9eac1a8e827fb2969916571183
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e28a8ad83f22bfe4c4d455a141f03dc38bf257c2203b46f6b1d5cba347f55b6d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70F17670D00229CBCF18CFA8C8946ADBBB1FF44305F25816ED856BB281D7786A96CF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405FFD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FindFirstFileA.KERNELBASE(74DF3410,00421558,C:\,0040589C,C:\,C:\,00000000,C:\,C:\,74DF3410,?,C:\Users\user\AppData\Local\Temp\,004055BB,?,74DF3410,C:\Users\user\AppData\Local\Temp\), ref: 00406008
                                                                                                                                                                                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 00406014
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                                                                              • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                                                                              • Opcode ID: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
                                                                                                                                                                                                                                                                                              • Instruction ID: 1297c1e42099762feae64532f60583430090df1d404adb2e37743a0561846f6f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb61142ecab510d9bb051178c92cda44e9a3fae507c1338c77e1024ce068b834
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CD012319491206BC3105B38AD0C85B7A599F593317118A33F567F52F0C7788C7296E9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403679 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 126 403679-403691 call 406092 129 403693-4036a3 call 405c57 126->129 130 4036a5-4036d6 call 405be0 126->130 139 4036f9-403722 call 40393e call 405859 129->139 135 4036d8-4036e9 call 405be0 130->135 136 4036ee-4036f4 lstrcatA 130->136 135->136 136->139 144 403728-40372d 139->144 145 4037a9-4037b1 call 405859 139->145 144->145 146 40372f-403753 call 405be0 144->146 151 4037b3-4037ba call 405d1b 145->151 152 4037bf-4037e4 LoadImageA 145->152 146->145 153 403755-403757 146->153 151->152 155 403865-40386d call 40140b 152->155 156 4037e6-403816 RegisterClassA 152->156 157 403768-403774 lstrlenA 153->157 158 403759-403766 call 405796 153->158 170 403877-403882 call 40393e 155->170 171 40386f-403872 155->171 159 403934 156->159 160 40381c-403860 SystemParametersInfoA CreateWindowExA 156->160 164 403776-403784 lstrcmpiA 157->164 165 40379c-4037a4 call 40576b call 405cf9 157->165 158->157 163 403936-40393d 159->163 160->155 164->165 169 403786-403790 GetFileAttributesA 164->169 165->145 174 403792-403794 169->174 175 403796-403797 call 4057b2 169->175 179 403888-4038a2 ShowWindow call 406024 170->179 180 40390b-403913 call 404fe4 170->180 171->163 174->165 174->175 175->165 187 4038a4-4038a9 call 406024 179->187 188 4038ae-4038c0 GetClassInfoA 179->188 185 403915-40391b 180->185 186 40392d-40392f call 40140b 180->186 185->171 189 403921-403928 call 40140b 185->189 186->159 187->188 192 4038c2-4038d2 GetClassInfoA RegisterClassA 188->192 193 4038d8-403909 DialogBoxParamA call 40140b call 4035c9 188->193 189->171 192->193 193->163
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406092: GetModuleHandleA.KERNEL32(?,?,?,00403143,00000009), ref: 004060A4
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406092: GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Downloads\teamviewer.exe" ,00000000), ref: 004036F4
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(004226A0,?,?,?,004226A0,00000000,00429400,1033,0041FD08,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD08,00000000,00000002,74DF3410), ref: 00403769
                                                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,.exe), ref: 0040377C
                                                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(004226A0), ref: 00403787
                                                                                                                                                                                                                                                                                              • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,00429400), ref: 004037D0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405C57: wsprintfA.USER32 ref: 00405C64
                                                                                                                                                                                                                                                                                              • RegisterClassA.USER32(00422EA0), ref: 0040380D
                                                                                                                                                                                                                                                                                              • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403825
                                                                                                                                                                                                                                                                                              • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040385A
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403890
                                                                                                                                                                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit20A,00422EA0), ref: 004038BC
                                                                                                                                                                                                                                                                                              • GetClassInfoA.USER32(00000000,RichEdit,00422EA0), ref: 004038C9
                                                                                                                                                                                                                                                                                              • RegisterClassA.USER32(00422EA0), ref: 004038D2
                                                                                                                                                                                                                                                                                              • DialogBoxParamA.USER32(?,00000000,00403A0B,00000000), ref: 004038F1
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Downloads\teamviewer.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                                                                              • API String ID: 1975747703-564115399
                                                                                                                                                                                                                                                                                              • Opcode ID: 5c13432dcba976acc153c6c4cb0ae4a4ceee92b52a3611d71cd5da1aeea12791
                                                                                                                                                                                                                                                                                              • Instruction ID: cdcda0c5d6d895e27caec97b3fe99e3f57ebd92391a3aca4eab7d54baf018be6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c13432dcba976acc153c6c4cb0ae4a4ceee92b52a3611d71cd5da1aeea12791
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA61C8B16442007ED620BF669D45F373AACEB44759F40447FF941B22E2C77CAD029A2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 200 402c66-402cb4 GetTickCount GetModuleFileNameA call 40596c 203 402cc0-402cee call 405cf9 call 4057b2 call 405cf9 GetFileSize 200->203 204 402cb6-402cbb 200->204 212 402cf4 203->212 213 402ddb-402de9 call 402c02 203->213 205 402e98-402e9c 204->205 215 402cf9-402d10 212->215 219 402deb-402dee 213->219 220 402e3e-402e43 213->220 217 402d12 215->217 218 402d14-402d1d call 40307b 215->218 217->218 227 402d23-402d2a 218->227 228 402e45-402e4d call 402c02 218->228 222 402df0-402e08 call 403091 call 40307b 219->222 223 402e12-402e3c GlobalAlloc call 403091 call 402e9f 219->223 220->205 222->220 251 402e0a-402e10 222->251 223->220 249 402e4f-402e60 223->249 229 402da6-402daa 227->229 230 402d2c-402d40 call 405927 227->230 228->220 237 402db4-402dba 229->237 238 402dac-402db3 call 402c02 229->238 230->237 247 402d42-402d49 230->247 240 402dc9-402dd3 237->240 241 402dbc-402dc6 call 406107 237->241 238->237 240->215 248 402dd9 240->248 241->240 247->237 253 402d4b-402d52 247->253 248->213 254 402e62 249->254 255 402e68-402e6d 249->255 251->220 251->223 253->237 256 402d54-402d5b 253->256 254->255 257 402e6e-402e74 255->257 256->237 258 402d5d-402d64 256->258 257->257 259 402e76-402e91 SetFilePointer call 405927 257->259 258->237 260 402d66-402d86 258->260 263 402e96 259->263 260->220 262 402d8c-402d90 260->262 264 402d92-402d96 262->264 265 402d98-402da0 262->265 263->205 264->248 264->265 265->237 266 402da2-402da4 265->266 266->237
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C77
                                                                                                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Downloads\teamviewer.exe,00000400), ref: 00402C93
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040596C: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Downloads\teamviewer.exe,80000000,00000003), ref: 00405970
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040596C: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405992
                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Downloads,C:\Users\user\Downloads,C:\Users\user\Downloads\teamviewer.exe,C:\Users\user\Downloads\teamviewer.exe,80000000,00000003), ref: 00402CDF
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Null, xrefs: 00402D5D
                                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00402CB6
                                                                                                                                                                                                                                                                                              • C:\Users\user\Downloads\teamviewer.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
                                                                                                                                                                                                                                                                                              • soft, xrefs: 00402D54
                                                                                                                                                                                                                                                                                              • C:\Users\user\Downloads, xrefs: 00402CC1, 00402CC6, 00402CCC
                                                                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
                                                                                                                                                                                                                                                                                              • Inst, xrefs: 00402D4B
                                                                                                                                                                                                                                                                                              • "C:\Users\user\Downloads\teamviewer.exe" , xrefs: 00402C66
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C6D
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Downloads\teamviewer.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Downloads$C:\Users\user\Downloads\teamviewer.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                                                                                                              • API String ID: 4283519449-3264415900
                                                                                                                                                                                                                                                                                              • Opcode ID: 3f665217ac2245ad92c498c6fa1e551097c863ebe5e03bc44dd447b4a8322165
                                                                                                                                                                                                                                                                                              • Instruction ID: 1839f4375b44da3097aca9d4a8c6c84b0463c2d100b7a2d698c12080187f488f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f665217ac2245ad92c498c6fa1e551097c863ebe5e03bc44dd447b4a8322165
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF51B6B1A41214ABDF109F65DE89B9E7AB4EF00355F14403BF904B62D1C7BC9E418B9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 398 401751-401774 call 402a3a call 4057d8 403 401776-40177c call 405cf9 398->403 404 40177e-401790 call 405cf9 call 40576b lstrcatA 398->404 409 401795-40179b call 405f64 403->409 404->409 414 4017a0-4017a4 409->414 415 4017a6-4017b0 call 405ffd 414->415 416 4017d7-4017da 414->416 423 4017c2-4017d4 415->423 424 4017b2-4017c0 CompareFileTime 415->424 417 4017e2-4017fe call 40596c 416->417 418 4017dc-4017dd call 405947 416->418 426 401800-401803 417->426 427 401876-40189f call 404f12 call 402e9f 417->427 418->417 423->416 424->423 428 401805-401847 call 405cf9 * 2 call 405d1b call 405cf9 call 4054ef 426->428 429 401858-401862 call 404f12 426->429 439 4018a1-4018a5 427->439 440 4018a7-4018b3 SetFileTime 427->440 428->414 461 40184d-40184e 428->461 441 40186b-401871 429->441 439->440 443 4018b9-4018c4 FindCloseChangeNotification 439->443 440->443 444 4028d8 441->444 446 4018ca-4018cd 443->446 447 4028cf-4028d2 443->447 448 4028da-4028de 444->448 451 4018e2-4018e5 call 405d1b 446->451 452 4018cf-4018e0 call 405d1b lstrcatA 446->452 447->444 458 4018ea-402273 call 4054ef 451->458 452->458 458->447 458->448 461->441 463 401850-401851 461->463 463->429
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\TeamViewer,00000000,00000000,00000031), ref: 00401790
                                                                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\TeamViewer,00000000,00000000,00000031), ref: 004017BA
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405CF9: lstrcpynA.KERNEL32(?,?,00000400,00403187,00422F00,NSIS Error), ref: 00405D06
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrlenA.KERNEL32(00402FCF,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrcatA.KERNEL32(0041F4E8,00402FCF,00402FCF,0041F4E8,00000000,0040E8C0,00000000), ref: 00404F6E
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 00404F80
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FA6
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FCE
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\TeamViewer$C:\Users\user\AppData\Local\Temp\nsb4A46.tmp$C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\System.dll$Call
                                                                                                                                                                                                                                                                                              • API String ID: 1941528284-1190958055
                                                                                                                                                                                                                                                                                              • Opcode ID: 44ecab9e1ef5e24c1ff596ae454948ee53cb588ab7073804ea6e55edc91cb487
                                                                                                                                                                                                                                                                                              • Instruction ID: dfa66b7161a0f16b13ad00a25904a83b243dedeb6ee7557d1be3b523159fd244
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44ecab9e1ef5e24c1ff596ae454948ee53cb588ab7073804ea6e55edc91cb487
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5641D572910515BACF107BB5CC85EAF3679EF45329B20823BF521F20E2D63C4A419B6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004053D8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 465 4053d8-405423 CreateDirectoryA 466 405425-405427 465->466 467 405429-405436 GetLastError 465->467 468 405450-405452 466->468 467->468 469 405438-40544c SetFileSecurityA 467->469 469->466 470 40544e GetLastError 469->470 470->468
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040541B
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040542F
                                                                                                                                                                                                                                                                                              • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405444
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040544E
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Downloads$ds@$ts@
                                                                                                                                                                                                                                                                                              • API String ID: 3449924974-2597616715
                                                                                                                                                                                                                                                                                              • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                                                                                                                                                                                                                                              • Instruction ID: 5d613d5f07efa900d759e60f8f8ec78c4c71b6ffd2fe208e339ff175f81ef67f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3010871D14259EADF119FA0D9487EFBFB8EB04315F00417AE904B6280D378A644CFAA
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406024 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 471 406024-406044 GetSystemDirectoryA 472 406046 471->472 473 406048-40604a 471->473 472->473 474 40605a-40605c 473->474 475 40604c-406054 473->475 477 40605d-40608f wsprintfA LoadLibraryExA 474->477 475->474 476 406056-406058 475->476 476->477
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040603B
                                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00406074
                                                                                                                                                                                                                                                                                              • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406088
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                              • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                              • API String ID: 2200240437-4240819195
                                                                                                                                                                                                                                                                                              • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                                                                                                                                                                                                                                              • Instruction ID: 72752c577983536edbae7b7a4b2c1439e1101fa4b93fa8d0208d5a4e16dde88a
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6F0FC30A40109AADB14E764DC0DFEB365CAB09305F140576A546E11D1D578E9258B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 478 402e9f-402eb3 479 402eb5 478->479 480 402ebc-402ec4 478->480 479->480 481 402ec6 480->481 482 402ecb-402ed0 480->482 481->482 483 402ee0-402eed call 40307b 482->483 484 402ed2-402edb call 403091 482->484 488 403032 483->488 489 402ef3-402ef7 483->489 484->483 492 403034-403035 488->492 490 40301b-40301d 489->490 491 402efd-402f1d GetTickCount call 406175 489->491 493 403066-40306a 490->493 494 40301f-403022 490->494 502 403071 491->502 504 402f23-402f2b 491->504 496 403074-403078 492->496 497 403037-40303d 493->497 498 40306c 493->498 499 403024 494->499 500 403027-403030 call 40307b 494->500 505 403042-403050 call 40307b 497->505 506 40303f 497->506 498->502 499->500 500->488 511 40306e 500->511 502->496 508 402f30-402f3e call 40307b 504->508 509 402f2d 504->509 505->488 514 403052-403057 call 405a13 505->514 506->505 508->488 517 402f44-402f4d 508->517 509->508 511->502 518 40305c-40305e 514->518 519 402f53-402f70 call 406195 517->519 520 403060-403063 518->520 521 403017-403019 518->521 524 403013-403015 519->524 525 402f76-402f8d GetTickCount 519->525 520->493 521->492 524->492 526 402fd2-402fd4 525->526 527 402f8f-402f97 525->527 530 402fd6-402fda 526->530 531 403007-40300b 526->531 528 402f99-402f9d 527->528 529 402f9f-402fcf MulDiv wsprintfA call 404f12 527->529 528->526 528->529 529->526 534 402fdc-402fe1 call 405a13 530->534 535 402fef-402ff5 530->535 531->504 532 403011 531->532 532->502 539 402fe6-402fe8 534->539 538 402ffb-402fff 535->538 538->519 540 403005 538->540 539->521 541 402fea-402fed 539->541 540->502 541->538
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                                                                                                                                                              • API String ID: 551687249-2449383134
                                                                                                                                                                                                                                                                                              • Opcode ID: fb8bdaecb8610db7079700bd5469a99c5e74861b297f6c97a10e9c8668abb65b
                                                                                                                                                                                                                                                                                              • Instruction ID: 4ab2a5a1bcd3fb7fa9d72e81aa521510b391fe67da8672e6f00875cd24a8b3cf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb8bdaecb8610db7079700bd5469a99c5e74861b297f6c97a10e9c8668abb65b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D518F729022199BDF10DF65DA08A9F7BB8AF40795F14413BF800B72C4C7789E51DBAA
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040599B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 542 40599b-4059a5 543 4059a6-4059d1 GetTickCount GetTempFileNameA 542->543 544 4059e0-4059e2 543->544 545 4059d3-4059d5 543->545 546 4059da-4059dd 544->546 545->543 547 4059d7 545->547 547->546
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 004059AF
                                                                                                                                                                                                                                                                                              • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059C9
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • nsa, xrefs: 004059A6
                                                                                                                                                                                                                                                                                              • "C:\Users\user\Downloads\teamviewer.exe" , xrefs: 0040599B
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040599E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Downloads\teamviewer.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                                              • API String ID: 1716503409-3735532918
                                                                                                                                                                                                                                                                                              • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                                                                                                                                                                                                                                              • Instruction ID: 3a3981258a6ccd3f3c7180c2fb01dffc681fdc90015df490a153c8b64b3610b8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DF08276708214ABEB108F55EC04B9B7B9CDF91760F10C03BFA48DA190D6B599548B99
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405859 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 548 405859-405874 call 405cf9 call 405804 553 405876-405878 548->553 554 40587a-405887 call 405f64 548->554 555 4058cc-4058ce 553->555 558 405893-405895 554->558 559 405889-40588d 554->559 561 4058ab-4058b4 lstrlenA 558->561 559->553 560 40588f-405891 559->560 560->553 560->558 562 4058b6-4058ca call 40576b GetFileAttributesA 561->562 563 405897-40589e call 405ffd 561->563 562->555 568 4058a0-4058a3 563->568 569 4058a5-4058a6 call 4057b2 563->569 568->553 568->569 569->561
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405CF9: lstrcpynA.KERNEL32(?,?,00000400,00403187,00422F00,NSIS Error), ref: 00405D06
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405804: CharNextA.USER32(?,?,C:\,?,00405870,C:\,C:\,74DF3410,?,C:\Users\user\AppData\Local\Temp\,004055BB,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405812
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405804: CharNextA.USER32(00000000), ref: 00405817
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405804: CharNextA.USER32(00000000), ref: 0040582B
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,74DF3410,?,C:\Users\user\AppData\Local\Temp\,004055BB,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058AC
                                                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3410,?,C:\Users\user\AppData\Local\Temp\,004055BB,?,74DF3410,C:\Users\user\AppData\Local\Temp\), ref: 004058BC
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                              • API String ID: 3248276644-3049482934
                                                                                                                                                                                                                                                                                              • Opcode ID: 2f5f7bd10b83e5c994280ddce28bb3e0edcf250d71028fabecdb2709bf5dd46b
                                                                                                                                                                                                                                                                                              • Instruction ID: 1d2993da53655c0900dfa7f8eb6ffa86a16769ab8224128061af08a25d69d353
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f5f7bd10b83e5c994280ddce28bb3e0edcf250d71028fabecdb2709bf5dd46b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16F0F427105E5165DA22323B1C05B9F1A44CD86354718C53BFC51F22D2DA3CC8629DBE
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 571 401f90-401f9c 572 401fa2-401fb8 call 402a3a * 2 571->572 573 402057-402059 571->573 582 401fc7-401fd5 LoadLibraryExA 572->582 583 401fba-401fc5 GetModuleHandleA 572->583 574 4021c4-4021c9 call 401423 573->574 581 4028cf-4028de 574->581 585 401fd7-401fe4 GetProcAddress 582->585 586 402050-402052 582->586 583->582 583->585 588 402023-402028 call 404f12 585->588 589 401fe6-401fec 585->589 586->574 593 40202d-402030 588->593 591 402005-402019 589->591 592 401fee-401ffa call 401423 589->592 597 40201e-402021 591->597 592->593 602 401ffc-402003 592->602 593->581 595 402036-40203e call 403619 593->595 595->581 601 402044-40204b FreeLibrary 595->601 597->593 601->581 602->593
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrlenA.KERNEL32(00402FCF,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrcatA.KERNEL32(0041F4E8,00402FCF,00402FCF,0041F4E8,00000000,0040E8C0,00000000), ref: 00404F6E
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 00404F80
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FA6
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FCE
                                                                                                                                                                                                                                                                                              • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2987980305-0
                                                                                                                                                                                                                                                                                              • Opcode ID: c9236aab3ecf390f27b0d2df40a3eeaa529cc51138fd025aa611fd94b365db02
                                                                                                                                                                                                                                                                                              • Instruction ID: 033e4e5f5e4c037d50d2464c5542d6b5672e4837e9f8cb01fb8d89ff16108e1c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9236aab3ecf390f27b0d2df40a3eeaa529cc51138fd025aa611fd94b365db02
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A212B72904211FBDF217FA48E49AAE76B1AB45318F30423BF701B62D0C7BD49459A6E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 686 4015b3-4015c6 call 402a3a call 405804 691 4015c8-4015db call 405796 686->691 692 40161c-40161f 686->692 700 4015f3-4015f4 call 405455 691->700 701 4015dd-4015e0 691->701 694 401621-40163c call 401423 call 405cf9 SetCurrentDirectoryA 692->694 695 40164a-4021c9 call 401423 692->695 708 4028cf-4028de 694->708 711 401642-401645 694->711 695->708 707 4015f9-4015fb 700->707 701->700 705 4015e2-4015e9 call 405472 701->705 705->700 716 4015eb-4015ec call 4053d8 705->716 712 401612-40161a 707->712 713 4015fd-401602 707->713 711->708 712->691 712->692 717 401604-40160d GetFileAttributesA 713->717 718 40160f 713->718 721 4015f1 716->721 717->712 717->718 718->712 721->707
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405804: CharNextA.USER32(?,?,C:\,?,00405870,C:\,C:\,74DF3410,?,C:\Users\user\AppData\Local\Temp\,004055BB,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405812
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405804: CharNextA.USER32(00000000), ref: 00405817
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405804: CharNextA.USER32(00000000), ref: 0040582B
                                                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                                                                                                                                                                                                                • Part of subcall function 004053D8: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040541B
                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\TeamViewer,00000000,00000000,000000F0), ref: 00401634
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\TeamViewer, xrefs: 00401629
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\TeamViewer
                                                                                                                                                                                                                                                                                              • API String ID: 1892508949-2550921564
                                                                                                                                                                                                                                                                                              • Opcode ID: dc3f2b08dd0b23deb2200b8cff6eb9b6ab41173e829b03834ce904b4ad95c354
                                                                                                                                                                                                                                                                                              • Instruction ID: 4fb2b9239308f527e4829455642bf5c86be9504270dcf99fcce102751257b2ff
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc3f2b08dd0b23deb2200b8cff6eb9b6ab41173e829b03834ce904b4ad95c354
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1611E736508141ABEF217F650D415BF27B0EA92325738467FE592B62E2C63C4942A63F
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040548A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 722 40548a-4054bb CreateProcessA 723 4054c9-4054ca 722->723 724 4054bd-4054c6 CloseHandle 722->724 724->723
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 004054B3
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004054C0
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 0040549D
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                              • Opcode ID: 8c32d595c10ae78cfc35805ab98709760fd6cf99201592758dbf5461ff55bb51
                                                                                                                                                                                                                                                                                              • Instruction ID: 90ee3f3d0c484d323fd0424032eb65db2415cafeee3384e03f1d9bc4b04e7a5d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c32d595c10ae78cfc35805ab98709760fd6cf99201592758dbf5461ff55bb51
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FFE04FB4A002097FEB009B60EC05F7B7BBCEB00348F408561BD11F21A0E374A9508A78
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004035E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(?,74DF3410,00000000,C:\Users\user\AppData\Local\Temp\,004035BC,004033D6,?), ref: 004035FE
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00403605
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004035E4
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                              • API String ID: 1100898210-3081826266
                                                                                                                                                                                                                                                                                              • Opcode ID: a52acb0b260d536fd7618f3e20de318eec4c6c539c6bb2def64801f0e67eaa78
                                                                                                                                                                                                                                                                                              • Instruction ID: f6c6d059f9b75f5cc6a79e0049e3afa1176d7e4558308c53008dbe788c85df41
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a52acb0b260d536fd7618f3e20de318eec4c6c539c6bb2def64801f0e67eaa78
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EE0C2338100206BC7211F0AED04B5E77AC6F48B22F054066FC407B3A08B742C418BCC
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406779 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: b4bbaf917c5b2b4b29eca7dd879fe0279583c9caa0a8680a3fb668f2eecfa979
                                                                                                                                                                                                                                                                                              • Instruction ID: ac331763182a67db8ffe8b732b67c8974d54266b30473341b06133cd37c0d4bc
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4bbaf917c5b2b4b29eca7dd879fe0279583c9caa0a8680a3fb668f2eecfa979
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECA13171E00229CBDF28DFA8C8547ADBBB1FB44305F11816ED816BB281C7786A96CF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040697A Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: db4b2f824491321a50731860d46817135270c8e97721ba662834ece50dc26027
                                                                                                                                                                                                                                                                                              • Instruction ID: e89747aace1fce0fcb13a8d80e6f88749465aa03c559881c8099c8d07fdfb4d2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db4b2f824491321a50731860d46817135270c8e97721ba662834ece50dc26027
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE911070E04228CBDF28DF98C8547ADBBB1FB44305F15816ED816BB281C778AA96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406690 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: adca5b2b6989107afceee3a061708c38461c5fc9fc0daf484043dfdf7e09805a
                                                                                                                                                                                                                                                                                              • Instruction ID: d456333056e0522eb9a81365918d8492ce98a85054e5b278218ea4b7938feab7
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adca5b2b6989107afceee3a061708c38461c5fc9fc0daf484043dfdf7e09805a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1814671D04228CFDF24CFA8C8847ADBBB1FB44305F25816AD416BB281C778AA96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406195 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 5bfff9db2859b877ca6a77ec9405565887134ef839be144d68b3806b8d7c08ac
                                                                                                                                                                                                                                                                                              • Instruction ID: 4327eab70650ef0c96a691b493921a8ab8e5ba0d824f916f670fcb6a13d6a8f8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bfff9db2859b877ca6a77ec9405565887134ef839be144d68b3806b8d7c08ac
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11816671D04228DBDF24CFA8C8447ADBBB1FB44315F2181AED856BB281C7786A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004065E3 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 2f3dabd0af62f4e8bfcd4b659d73a5ba33a7939e144f292b7bb16ba2439e66e8
                                                                                                                                                                                                                                                                                              • Instruction ID: 63ee65aff5d1ea53a99bb7455827a561e54e570c364fe5978cc4b9ff32097947
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f3dabd0af62f4e8bfcd4b659d73a5ba33a7939e144f292b7bb16ba2439e66e8
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9711271D04228CBDF24CFA8C8547ADBBF1FB48305F15806AD856BB281D7786A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406701 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 83d4d9fa97144311a3e66a470cde7927608ab55fe6dc8c436fded4a10c430ead
                                                                                                                                                                                                                                                                                              • Instruction ID: 2ec41c1936be718984cf19d05ce660ecedc56656b80368bbb2ce29215557a5c8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83d4d9fa97144311a3e66a470cde7927608ab55fe6dc8c436fded4a10c430ead
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53712571E04228CBDF28CF98C854BADBBB1FB44305F15816ED856BB281C7785996DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040664D Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 1b21a4910564614c6641403ac362d6aa440f40f6368f9ee5d1983abbc3d5a3b8
                                                                                                                                                                                                                                                                                              • Instruction ID: 94740bf10ed9628fc2a816943eb7322e71ed29eec5e37d1a6fe0f7c23d4f3e83
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b21a4910564614c6641403ac362d6aa440f40f6368f9ee5d1983abbc3d5a3b8
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D714571E04228CBDF28CF98C854BADBBB1FB44305F11806ED856BB281C7786A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrlenA.KERNEL32(00402FCF,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: lstrcatA.KERNEL32(0041F4E8,00402FCF,00402FCF,0041F4E8,00000000,0040E8C0,00000000), ref: 00404F6E
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 00404F80
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FA6
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404F12: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FCE
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040548A: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421510,Error launching installer), ref: 004054B3
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040548A: CloseHandle.KERNEL32(?), ref: 004054C0
                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
                                                                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE(?,?), ref: 00401E8E
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3521207402-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7baa4545988b071bf1f27952e090968b1b6e0d745a44be253271fef70d106577
                                                                                                                                                                                                                                                                                              • Instruction ID: 49f7d359c4d218189077cc8fb8a526ed56d4096950e75cb47e310611910bd6fc
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7baa4545988b071bf1f27952e090968b1b6e0d745a44be253271fef70d106577
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4016D31904104EBDF11AFA1C984A9E77B2EF00354F10817BFA01B52E1C7785A85AB9A
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405553 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405947: GetFileAttributesA.KERNELBASE(?,?,0040555F,?,?,00000000,00405742,?,?,?,?), ref: 0040594C
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405947: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405960
                                                                                                                                                                                                                                                                                              • RemoveDirectoryA.KERNELBASE(?,?,?,00000000,00405742), ref: 0040556E
                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNELBASE(?,?,?,00000000,00405742), ref: 00405576
                                                                                                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040558E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 17f562840c1773a82e66d36c699c3ba4858698b3520e1b3e97930180dfe60130
                                                                                                                                                                                                                                                                                              • Instruction ID: 364b991763a9b947ff98ca2783b3bb2cd1a0068a6ee853e10d07d538a8c3989e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17f562840c1773a82e66d36c699c3ba4858698b3520e1b3e97930180dfe60130
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CE0E531519A91B6C61057309C08F5F2AD6EFCA338F040A36F891B21C4C33C88068E7E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                              • Opcode ID: a519dadb84f5fbb5742ded63e05e15cde03a873041ee9604df24846d4002906c
                                                                                                                                                                                                                                                                                              • Instruction ID: da56ad7cfcb2a9fecb994a09e4a0bd113f750103611445cd7b28aada07ee45e3
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a519dadb84f5fbb5742ded63e05e15cde03a873041ee9604df24846d4002906c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E012831B24210ABE7294B389D04B6A369CE710328F11823BF811F72F1D6B8DC42DB4D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406092 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,?,?,00403143,00000009), ref: 004060A4
                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406024: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040603B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406024: wsprintfA.USER32 ref: 00406074
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406024: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00406088
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                              • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                                                                                                                                                                                                                                              • Instruction ID: f390ed2799c289b087c769a87f24dfac638062b8da6604b2acd18c4b1555f769
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4E08632644111A6D320A7709D0493B72EC9E84710302483EF906F2191D738AC259669
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040596C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Downloads\teamviewer.exe,80000000,00000003), ref: 00405970
                                                                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405992
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                                                                                                                                                                                                                                              • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405947 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetFileAttributesA.KERNELBASE(?,?,0040555F,?,?,00000000,00405742,?,?,?,?), ref: 0040594C
                                                                                                                                                                                                                                                                                              • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405960
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
                                                                                                                                                                                                                                                                                              • Instruction ID: 96e5362f07f59601f7516fe8bcac2aa0a8151a45168581d09323fa3b8cc485cf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7D01272908121AFC2102738ED0C89BBF65EB543717058B35FDB9F22F0D7304C568AA6
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040359F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,004033D6,?), ref: 004035AA
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\, xrefs: 004035BE
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsb4A46.tmp\
                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-662018543
                                                                                                                                                                                                                                                                                              • Opcode ID: 596cad97df7a130adaf378ac47e28dabc4cf3a27c081830e49709f32aaba56d5
                                                                                                                                                                                                                                                                                              • Instruction ID: f4b59f51dd056b556ace1dccfc0996fbca79989fe12c672f2328a55b3cb2227a
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 596cad97df7a130adaf378ac47e28dabc4cf3a27c081830e49709f32aaba56d5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBC08030504640B7D1247F79AD4B5193A145B40335FA04376F8B4F00F1C73C5B45555D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405455 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateDirectoryA.KERNELBASE(?,00000000,004030CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 0040545B
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405469
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                                                                                                                                                                                                              • Instruction ID: ace853db513f64caea17b5c73fb52fb3118c2a3fabff3065b7385b8b337d2f64
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DC08C30B18101EAC6100B30AE087073D50AB00742F1444356206E10E0C6309050CD2F
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004022BC
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 390214022-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
                                                                                                                                                                                                                                                                                              • Instruction ID: ed5e863b5af70a22674a87f6432e4eb84017b1e79b4e81bbc09640d5f5368664
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AE04F31B001746FDB217AF14E8EE7F11989B84348B64417EF601B62C3DDBC4D434AA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405A13 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000020,?,0040305C,00000000,0040A8C0,00000020,0040A8C0,00000020,000000FF,00000004,00000000), ref: 00405A27
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                              • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                                                                                                                              • Instruction ID: edb1125888c6416cb1e0b95ca9609c2ac4c4c792cbd4e8f88826aa2405e91300
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7E0EC3261425EEFDF109E659C40AEB7B6DEB053A4F048532FD25E2150E271E8219FB5
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004059E4 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040308E,00000000,00000000,00402EEB,000000FF,00000004,00000000,00000000,00000000), ref: 004059F8
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                                                                                                                                                                                                              • Instruction ID: 6c2e581bc83b2d89c4a498056592e8f52b2bea012b9e1656670f40d352b29975
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DE0EC3272429AABDF109E559C44EEF7BACEB05360F048932FD15E3190D235ED219FA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403091 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,?), ref: 0040309F
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                                                                                                                                                                                                              • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                              Function 0040488F Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 004048A7
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 004048B2
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 004048FC
                                                                                                                                                                                                                                                                                              • LoadBitmapA.USER32(0000006E), ref: 0040490F
                                                                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000FC,00404E86), ref: 00404928
                                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 0040493C
                                                                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 0040494E
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001109,00000002), ref: 00404964
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404970
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404982
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404985
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049B0
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049BC
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A51
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A7C
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A90
                                                                                                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 00404ABF
                                                                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404ACD
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404ADE
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BDB
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C40
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C55
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C79
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C99
                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00404CAE
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00404CBE
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D37
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001102,?,?), ref: 00404DE0
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DEF
                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00404E0F
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00404E5D
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00404E68
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00404E6F
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                              • String ID: $M$N$[qm
                                                                                                                                                                                                                                                                                              • API String ID: 1638840714-226026362
                                                                                                                                                                                                                                                                                              • Opcode ID: 8b0289ef19e9e7d4f6956f04046df2f7fedd754f5cc9c605ccbb11d5e9afe659
                                                                                                                                                                                                                                                                                              • Instruction ID: e7c54df8ad39b376662a796d960b289492e5a6982c1727c2c37b81bede79f7f2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b0289ef19e9e7d4f6956f04046df2f7fedd754f5cc9c605ccbb11d5e9afe659
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43025EB0A00209AFEF109F54DC85AAE7BB5FB84315F10817AF611B62E1D7789E42DF58
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405050 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 004050AF
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 004050BE
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004050FB
                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00405102
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405123
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405134
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001001,00000000,?), ref: 00405147
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405155
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405168
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040518A
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040519E
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004051BF
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051CF
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051E8
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004051F4
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 004050CD
                                                                                                                                                                                                                                                                                                • Part of subcall function 00403F13: SendMessageA.USER32(00000028,?,00000001,00403D44), ref: 00403F21
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405210
                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00004FE4,00000000), ref: 0040521E
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00405225
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405248
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040524F
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405295
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052C9
                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004052DA
                                                                                                                                                                                                                                                                                              • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004052EF
                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,000000FF), ref: 0040530F
                                                                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405328
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405364
                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 00405374
                                                                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 0040537A
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,?), ref: 00405383
                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0040538D
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053A1
                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 004053BA
                                                                                                                                                                                                                                                                                              • SetClipboardData.USER32(00000001,00000000), ref: 004053C5
                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 004053CB
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 590372296-0
                                                                                                                                                                                                                                                                                              • Opcode ID: d6ecd7d14b8e00b748d1229dc10f545a94969e68e0fceeae392a714a00d68d17
                                                                                                                                                                                                                                                                                              • Instruction ID: d5cc627e10ac9a037e5b70d1472d8d3a221fef050c439e23246209dc4a3cc6f1
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6ecd7d14b8e00b748d1229dc10f545a94969e68e0fceeae392a714a00d68d17
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53A159B1900208BFDB219FA0DD85AAE7F79FB48355F10407AFA01B61A0C7B55E41DF69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040431C Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 274stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040436B
                                                                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00000000,?), ref: 00404395
                                                                                                                                                                                                                                                                                              • SHBrowseForFolderA.SHELL32(?,0041F0E0,?), ref: 00404446
                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404451
                                                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(004226A0,0041FD08), ref: 00404483
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,004226A0), ref: 0040448F
                                                                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044A1
                                                                                                                                                                                                                                                                                                • Part of subcall function 004054D3: GetDlgItemTextA.USER32(?,?,00000400,004044D8), ref: 004054E6
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405F64: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Downloads\teamviewer.exe" ,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405FBC
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405F64: CharNextA.USER32(?,?,?,00000000), ref: 00405FC9
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405F64: CharNextA.USER32(?,"C:\Users\user\Downloads\teamviewer.exe" ,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405FCE
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405F64: CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405FDE
                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceA.KERNEL32(0041ECD8,?,?,0000040F,?,0041ECD8,0041ECD8,?,00000001,0041ECD8,?,?,000003FB,?), ref: 0040455F
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040457A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004046D3: lstrlenA.KERNEL32(0041FD08,0041FD08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045EE,000000DF,00000000,00000400,?), ref: 00404771
                                                                                                                                                                                                                                                                                                • Part of subcall function 004046D3: wsprintfA.USER32 ref: 00404779
                                                                                                                                                                                                                                                                                                • Part of subcall function 004046D3: SetDlgItemTextA.USER32(?,0041FD08), ref: 0040478C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: A$[qm
                                                                                                                                                                                                                                                                                              • API String ID: 2624150263-3912182414
                                                                                                                                                                                                                                                                                              • Opcode ID: 1558e11706ab6d26c01ec83b0c58713cad93a9e9ab837f02d5dc5529ec40a987
                                                                                                                                                                                                                                                                                              • Instruction ID: 222947b4accbc62cc0073c5541b0f9589876626f1104fcc3d8441c992cea6716
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1558e11706ab6d26c01ec83b0c58713cad93a9e9ab837f02d5dc5529ec40a987
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71A17EB1900209ABDB11AFA5CC45BEFB6B8EF84315F14843BF711B62D1D77C8A418B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\TeamViewer, xrefs: 0040211D
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\TeamViewer
                                                                                                                                                                                                                                                                                              • API String ID: 123533781-2550921564
                                                                                                                                                                                                                                                                                              • Opcode ID: 98c6856de954bf32f67bc9aae575288044ef0a57168b27d926b9bae310f30c25
                                                                                                                                                                                                                                                                                              • Instruction ID: 15b8319daa3a69dadbe16bc3493db081a7dc62ee607a685d27ecc12527328b4b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98c6856de954bf32f67bc9aae575288044ef0a57168b27d926b9bae310f30c25
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 785138B1A00208BFCF10DFA4C988A9D7BB5FF48319F20856AF515EB2D1DB799941CB54
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                              • Opcode ID: a8d2051a0b43e45e0548476364d3f5ec7a3e7dc7c9238cb7b637b6be69fa9f30
                                                                                                                                                                                                                                                                                              • Instruction ID: a95b2630499809d01a6e7b037cab792d100f7a465f9f887e4e98b5ff960ae470
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8d2051a0b43e45e0548476364d3f5ec7a3e7dc7c9238cb7b637b6be69fa9f30
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79F0A7726082009BE701E7A49949AEE7778DB61314F60057BE241A21C1D7B84985AB3A
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403A0B Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A47
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403A64
                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403A78
                                                                                                                                                                                                                                                                                              • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A94
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403AB5
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403AC9
                                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403AD0
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403B7E
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00403B88
                                                                                                                                                                                                                                                                                              • SetClassLongA.USER32(?,000000F2,?), ref: 00403BA2
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403BF3
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00403C99
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00403CBA
                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403CCC
                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00403CE7
                                                                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CFD
                                                                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00403D04
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D1C
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D2F
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0041FD08,?,0041FD08,00422F00), ref: 00403D58
                                                                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,0041FD08), ref: 00403D67
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00403E9B
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 184305955-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 3ac918ef0a42e48e667534ebe08b1c5e2c6f4e88b6f53ea8c8a8fe3e2e231469
                                                                                                                                                                                                                                                                                              • Instruction ID: e8e4c14712e0ebd1bd3c96694815290efe84e81baa174b168cbdfcdac135d6c4
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ac918ef0a42e48e667534ebe08b1c5e2c6f4e88b6f53ea8c8a8fe3e2e231469
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29C1DF71A04205BBDB20AF61EE45E2B3E7CFB45706B40453EF601B11E1C779A942AB6E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404027 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040B2
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(00000000,000003E8), ref: 004040C6
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004040E4
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004040F5
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404104
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404113
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?), ref: 00404116
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404125
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040413A
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040419C
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000), ref: 0040419F
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004041CA
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040420A
                                                                                                                                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F02), ref: 00404219
                                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404222
                                                                                                                                                                                                                                                                                              • ShellExecuteA.SHELL32(0000070B,open,004226A0,00000000,00000000,00000001), ref: 00404235
                                                                                                                                                                                                                                                                                              • LoadCursorA.USER32(00000000,00007F00), ref: 00404242
                                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404245
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404271
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404285
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                                                              • String ID: N$[qm$open
                                                                                                                                                                                                                                                                                              • API String ID: 3615053054-4222120253
                                                                                                                                                                                                                                                                                              • Opcode ID: d6331d360d592cb1fcb1934a6ab791839a151b05b6f3426df7f2f496f579edd7
                                                                                                                                                                                                                                                                                              • Instruction ID: f5dd8c80699fee66c1c508087d6ededbe7bbcdfb93c9c5870bdb982cd402330a
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6331d360d592cb1fcb1934a6ab791839a151b05b6f3426df7f2f496f579edd7
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1261C5B1A40209BFEB109F61DC45F6A7B79FB84741F10807AFB057A2D1C7B8A951CB98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                              • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                              • DrawTextA.USER32(00000000,00422F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                              • Opcode ID: c0f94b8c962ee7b75acafc3cefd778743504d8a107dd351fe724bfdc705f9f00
                                                                                                                                                                                                                                                                                              • Instruction ID: a0b7ce50fec83efafeb16569406a1c152c04985fcf8b97c7298fc3655e55bd79
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0f94b8c962ee7b75acafc3cefd778743504d8a107dd351fe724bfdc705f9f00
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD419B71804249AFCF058FA4CD459AFBFB9FF44310F00812AF961AA1A0C738EA50DFA5
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405A42 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00421A98,NUL,?,00000000,?,00000000,00405BD5,?,?), ref: 00405A51
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405BD5,?,?), ref: 00405A75
                                                                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32(?,00421A98,00000400), ref: 00405A7E
                                                                                                                                                                                                                                                                                                • Part of subcall function 004058D1: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B2E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058E1
                                                                                                                                                                                                                                                                                                • Part of subcall function 004058D1: lstrlenA.KERNEL32(00000000,?,00000000,00405B2E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405913
                                                                                                                                                                                                                                                                                              • GetShortPathNameA.KERNEL32(00421E98,00421E98,00000400), ref: 00405A9B
                                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405AB9
                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00421E98,C0000000,00000004,00421E98,?,?,?,?,?), ref: 00405AF4
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B03
                                                                                                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B3B
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,00421698,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405B91
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00405BA2
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BA9
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040596C: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Downloads\teamviewer.exe,80000000,00000003), ref: 00405970
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040596C: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405992
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                                                                                                                              • String ID: %s=%s$NUL$[Rename]
                                                                                                                                                                                                                                                                                              • API String ID: 222337774-4148678300
                                                                                                                                                                                                                                                                                              • Opcode ID: 4c27ce9d423c33f638fbced1664b30ba87b14f005f57ce999c1b8a6a2e252c84
                                                                                                                                                                                                                                                                                              • Instruction ID: 42b7cc2c3f2f4ef7c3412fd2f3d3cbe4eee66c4c235e50fd6e5efd85f9217fc4
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c27ce9d423c33f638fbced1664b30ba87b14f005f57ce999c1b8a6a2e252c84
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9931E271A04B19ABD2206B619C89F6B3A6CDF45755F14003AFE05F62D2DA7CBC008E6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405F64 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Downloads\teamviewer.exe" ,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405FBC
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,?,00000000), ref: 00405FC9
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(?,"C:\Users\user\Downloads\teamviewer.exe" ,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405FCE
                                                                                                                                                                                                                                                                                              • CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405FDE
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • *?|<>/":, xrefs: 00405FAC
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F65
                                                                                                                                                                                                                                                                                              • "C:\Users\user\Downloads\teamviewer.exe" , xrefs: 00405FA0
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Downloads\teamviewer.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                              • API String ID: 589700163-2829495794
                                                                                                                                                                                                                                                                                              • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                                                                                                                                                                                                                                              • Instruction ID: a0964663e3c08fb0288e5f4f4a0160773f2bbbf5a4d40b443b4f636863f092b1
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C611C451808F922EEB3216640C44BBB7F99CF5A760F18007BE9D4B22C2D67C5C429F6E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403F45 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000EB), ref: 00403F62
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 00403F7E
                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00403F8A
                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00403F96
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 00403FA9
                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00403FB9
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00403FD3
                                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00403FDD
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                              • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                                                                                                                                                                                                                                              • Instruction ID: 563dd17f99c902cd34f005863f03740a6a5938172a6e5e033378c94734032825
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4214271908705ABC7219F68DD48F4BBFF8AF01715B048A29E895E26E0D735EA04CB55
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404F12 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4B
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00402FCF,0041F4E8,00000000,0040E8C0,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5B
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(0041F4E8,00402FCF,00402FCF,0041F4E8,00000000,0040E8C0,00000000), ref: 00404F6E
                                                                                                                                                                                                                                                                                              • SetWindowTextA.USER32(0041F4E8,0041F4E8), ref: 00404F80
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FA6
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC0
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FCE
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2531174081-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 558402415f57fe0eb81db75807d2d057a66030d2c136bde9c432be6294094776
                                                                                                                                                                                                                                                                                              • Instruction ID: 5a9a404093729f8c7a4ed64dcb73daf90ff889549f225b9df3951733f5861a8d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 558402415f57fe0eb81db75807d2d057a66030d2c136bde9c432be6294094776
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB219DB1A00119BADF119FA5DD84ADEBFB9EF44354F14807AF904B6290C7788E41DBA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004047DD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047F8
                                                                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404800
                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 0040481A
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,00001111,00000000,?), ref: 0040482C
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404852
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                              • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                                                                                                                                                                                                                                              • Instruction ID: 206dc1e0429e6aa6b627cd25208fa2295557d59b2a7717453fa0c9894da25502
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6015276D00259BADB01DB94DC45FFEBBBCAF55711F10412BBA10B61C0C7B4A501CBA5
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(02957CB3,00000064,0295ABF0), ref: 00402BC5
                                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00402BD5
                                                                                                                                                                                                                                                                                              • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • verifying installer: %d%%, xrefs: 00402BCF
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                                              • Opcode ID: 649971ee7512e9da800057b1e5ac373431693e3f4f1e876899c067cd5a0faa84
                                                                                                                                                                                                                                                                                              • Instruction ID: bd73235a5a2a729140de961e31d76a0e47d27260d0eaef7d75f80e35c4c54abd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 649971ee7512e9da800057b1e5ac373431693e3f4f1e876899c067cd5a0faa84
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF01F471540208BBEF109F60DD49EEE3B79EB04305F008039FA16B51D1D7B59955DF59
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                                                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 39fbd17f46fc9c371fd9deabdbb1a4d81bf886de883c9339f90e348bb50c0e41
                                                                                                                                                                                                                                                                                              • Instruction ID: 55e8cf3ffad71cabca96213aa966ad8f6b0c6824c0bc9dabfeb9c0d6c9f08848
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39fbd17f46fc9c371fd9deabdbb1a4d81bf886de883c9339f90e348bb50c0e41
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03217C71800124BBCF216FA5DE89EAE7A79EF09324F14023AF950762D1C7795D418FA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb4A46.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
                                                                                                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsb4A46.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsb4A46.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsb4A46.tmp
                                                                                                                                                                                                                                                                                              • API String ID: 1356686001-2024944907
                                                                                                                                                                                                                                                                                              • Opcode ID: 1dca66d2d1093a5130de9b07e79a19b0c80f7b3ba9a11136c7381f0e18dd9290
                                                                                                                                                                                                                                                                                              • Instruction ID: 26fcae0a7b2a502e926faea7c6e927eea7b3aae3134fdb689c9e3a18d41500d2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dca66d2d1093a5130de9b07e79a19b0c80f7b3ba9a11136c7381f0e18dd9290
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E1145B1E00108BFEB10AFA5EE89EAF767DEB54358F10403AF505B71D1D6B85D419B28
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A9B
                                                                                                                                                                                                                                                                                              • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                                                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 26d703e6b955c0b1753e13e50ef068aceb5afa025d50a3e8e2eadb28cc0acf60
                                                                                                                                                                                                                                                                                              • Instruction ID: feb6aed171ad8b85e204e5b4e2feb4536d295dbd67c3687bd8867431d3a466b7
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26d703e6b955c0b1753e13e50ef068aceb5afa025d50a3e8e2eadb28cc0acf60
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53117F71A00108FFDF229F90DE89EAE3B7DEB54349B104076FA01B10A0D7749E51DB69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                                                                                                                                                                                                              • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 17232caade98c5884c3b98c25dda3274542a73d841a3bd6b31c87e9b59191b88
                                                                                                                                                                                                                                                                                              • Instruction ID: 14b9f5ff68e8b0ed0f2204d74c17d06140583eb6ed2bbf798243b331d3a4cd3b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17232caade98c5884c3b98c25dda3274542a73d841a3bd6b31c87e9b59191b88
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9F0E7B2A04114AFEB01ABE4DE88DAFB7BDEB54305B10447AF602F6191C7789D018B79
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401D3B
                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                                                                                                                                                                                                                                              • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401DB3
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3808545654-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 54d11e4959632539d7c5822479490e62378c8afe9ef9106c9a33de1f24eaef6b
                                                                                                                                                                                                                                                                                              • Instruction ID: 818c9bdddfe1b1fffd76dbb1b88acba4993fd419864b94457e62d7fc32e1ff32
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54d11e4959632539d7c5822479490e62378c8afe9ef9106c9a33de1f24eaef6b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE016232948740AFE7416B70AE1AFAA3FB4A755305F108479F201B72E3C67811569B3F
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004046D3 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0041FD08,0041FD08,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045EE,000000DF,00000000,00000400,?), ref: 00404771
                                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00404779
                                                                                                                                                                                                                                                                                              • SetDlgItemTextA.USER32(?,0041FD08), ref: 0040478C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                                              • Opcode ID: bbe280539c3cc3020c43bf789c637de2f8d0099704e891219e4d784778b6cf22
                                                                                                                                                                                                                                                                                              • Instruction ID: 079308417c3a62341de1df324b483ce4e469374b9790fc4fe8de96a48b85a08e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbe280539c3cc3020c43bf789c637de2f8d0099704e891219e4d784778b6cf22
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F011A573A0412837EB0065699C45EAF3298DB86374F254637FA25F71D2EA788C5245A8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040393E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetWindowTextA.USER32(00000000,00422F00), ref: 004039D6
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\Downloads\teamviewer.exe" $1033$[qm
                                                                                                                                                                                                                                                                                              • API String ID: 530164218-2613819943
                                                                                                                                                                                                                                                                                              • Opcode ID: 486f1793fc8ee117fab60480f2aa26aac85a5ca9132015367b3694c6ae5d67fc
                                                                                                                                                                                                                                                                                              • Instruction ID: 79edc1b1becbb318b5d11430581b7fe373163fbdb48c995140def98ab9010f1e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 486f1793fc8ee117fab60480f2aa26aac85a5ca9132015367b3694c6ae5d67fc
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B311F3F1B04611ABCB20DF14DD809737BADEBC4756328823FE941A73A0C67D9D029B98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040576B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030C6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 00405771
                                                                                                                                                                                                                                                                                              • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030C6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032C9), ref: 0040577A
                                                                                                                                                                                                                                                                                              • lstrcatA.KERNEL32(?,00409014), ref: 0040578B
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040576B
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                              • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                                                                                              • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                                                                                                                                                                                                                                              • Instruction ID: 00e6a1abdfef3fccf4d12e3b382aa79108487555f8088e95eeaee7bf5793dfbe
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94D0A9B2A05A307AD3122715AC0DE8B2A08CF82300B094023F200B72A2CB3C1D418BFE
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405804 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(?,?,C:\,?,00405870,C:\,C:\,74DF3410,?,C:\Users\user\AppData\Local\Temp\,004055BB,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405812
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 00405817
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(00000000), ref: 0040582B
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext
                                                                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                                                              • Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                                                                                                                                                                                                                                              • Instruction ID: 4ca260c7e1a22d06af12069221c3406c2bee361732d71c1e98a9e22686a99acb
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71F0C253908F942BFB3276641C44B675F88DB55350F04C07BEA80B62C2C6788860CBEA
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,00402DE2,00000001), ref: 00402C15
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                                                                                                                                                                                              • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                                              • Opcode ID: bb4189f2555980a5a403f1716edff6096ea92162ad211e01232e213a33bdd725
                                                                                                                                                                                                                                                                                              • Instruction ID: 69bd14cd8f1a0d496662edafeb8c2727d8675a530a128bc1770b64b88ff4c26b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb4189f2555980a5a403f1716edff6096ea92162ad211e01232e213a33bdd725
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CF05E7090A220ABD6217F64FE0CDDF7BA4FB41B527018576F144B21E4C379988ACB9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404E86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00404EB5
                                                                                                                                                                                                                                                                                              • CallWindowProcA.USER32(?,?,?,?), ref: 00404F06
                                                                                                                                                                                                                                                                                                • Part of subcall function 00403F2A: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403F3C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                              • Opcode ID: d7dba211b113031370aa0d375adf93c2d3682e4ecf800ebd227cab9ba7078c69
                                                                                                                                                                                                                                                                                              • Instruction ID: f49a9e3fcece2dd6490d1841f3d0f5b5163df4d3f93a23d44cf999a9bd086e10
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7dba211b113031370aa0d375adf93c2d3682e4ecf800ebd227cab9ba7078c69
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D10171B110020EABDF209F11DC84A9B3725FBC4754F208037FB11761D1DB799C61A7A9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004057B2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(80000000,C:\Users\user\Downloads,00402CD2,C:\Users\user\Downloads,C:\Users\user\Downloads,C:\Users\user\Downloads\teamviewer.exe,C:\Users\user\Downloads\teamviewer.exe,80000000,00000003), ref: 004057B8
                                                                                                                                                                                                                                                                                              • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Downloads,00402CD2,C:\Users\user\Downloads,C:\Users\user\Downloads,C:\Users\user\Downloads\teamviewer.exe,C:\Users\user\Downloads\teamviewer.exe,80000000,00000003), ref: 004057C6
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\Downloads, xrefs: 004057B2
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Downloads
                                                                                                                                                                                                                                                                                              • API String ID: 2709904686-1992120748
                                                                                                                                                                                                                                                                                              • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                                                                                                                                                                                                                                              • Instruction ID: 15550f116ff3ce815c4487a542d9ae56249738f0e4d38f85a76656e2d55d0e49
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FAD0C7B2409D705EF31353149C08B9F6A58DF16700F195463E141EB591C6785D415BBD
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004058D1 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B2E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058E1
                                                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004058F9
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00405B2E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040590A
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405B2E,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405913
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 0000000C.00000002.2629615163.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629486305.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629760393.0000000000407000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000409000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000421000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.0000000000429000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2629845627.000000000042D000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.000000000042F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 0000000C.00000002.2630378659.0000000000471000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_12_2_400000_teamviewer.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                              • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                                                                                                                                                                                                                                              • Instruction ID: 481a9c588bbd1c68550dea5b76d7ebd72626077616c8f786d6c844a28ee3c139
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EF0F632504418FFCB02AFA5DC0099EBBA8EF46360B2540B9F800F7310D274EF01ABA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                              Execution Coverage:25.9%
                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                                                                              Total number of Nodes:1341
                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:42
                                                                                                                                                                                                                                                                                              execution_graph 4037 402840 4038 402bbf 18 API calls 4037->4038 4040 40284e 4038->4040 4039 402864 4042 405d2e 2 API calls 4039->4042 4040->4039 4041 402bbf 18 API calls 4040->4041 4041->4039 4043 40286a 4042->4043 4065 405d53 GetFileAttributesW CreateFileW 4043->4065 4045 402877 4046 402883 GlobalAlloc 4045->4046 4047 40291a 4045->4047 4050 402911 CloseHandle 4046->4050 4051 40289c 4046->4051 4048 402922 DeleteFileW 4047->4048 4049 402935 4047->4049 4048->4049 4050->4047 4066 40336e SetFilePointer 4051->4066 4053 4028a2 4054 403358 ReadFile 4053->4054 4055 4028ab GlobalAlloc 4054->4055 4056 4028bb 4055->4056 4057 4028ef 4055->4057 4058 4030e7 45 API calls 4056->4058 4059 405e05 WriteFile 4057->4059 4060 4028c8 4058->4060 4061 4028fb GlobalFree 4059->4061 4063 4028e6 GlobalFree 4060->4063 4062 4030e7 45 API calls 4061->4062 4064 40290e 4062->4064 4063->4057 4064->4050 4065->4045 4066->4053 4067 401cc0 4068 402ba2 18 API calls 4067->4068 4069 401cc7 4068->4069 4070 402ba2 18 API calls 4069->4070 4071 401ccf GetDlgItem 4070->4071 4072 402531 4071->4072 4072->4072 4073 4029c0 4074 402ba2 18 API calls 4073->4074 4075 4029c6 4074->4075 4076 4029f9 4075->4076 4077 40281e 4075->4077 4079 4029d4 4075->4079 4076->4077 4078 4061a0 18 API calls 4076->4078 4078->4077 4079->4077 4081 4060c5 wsprintfW 4079->4081 4081->4077 3102 401fc3 3103 401fd5 3102->3103 3104 402087 3102->3104 3122 402bbf 3103->3122 3106 401423 25 API calls 3104->3106 3113 4021e1 3106->3113 3108 402bbf 18 API calls 3109 401fe5 3108->3109 3110 401ffb LoadLibraryExW 3109->3110 3111 401fed GetModuleHandleW 3109->3111 3110->3104 3112 40200c 3110->3112 3111->3110 3111->3112 3128 4065c7 WideCharToMultiByte 3112->3128 3116 402056 3134 4052dd 3116->3134 3117 40201d 3120 40202d 3117->3120 3131 401423 3117->3131 3120->3113 3121 402079 FreeLibrary 3120->3121 3121->3113 3123 402bcb 3122->3123 3145 4061a0 3123->3145 3126 401fdc 3126->3108 3129 4065f1 GetProcAddress 3128->3129 3130 402017 3128->3130 3129->3130 3130->3116 3130->3117 3132 4052dd 25 API calls 3131->3132 3133 401431 3132->3133 3133->3120 3135 4052f8 3134->3135 3136 40539a 3134->3136 3137 405314 lstrlenW 3135->3137 3138 4061a0 18 API calls 3135->3138 3136->3120 3139 405322 lstrlenW 3137->3139 3140 40533d 3137->3140 3138->3137 3139->3136 3141 405334 lstrcatW 3139->3141 3142 405350 3140->3142 3143 405343 SetWindowTextW 3140->3143 3141->3140 3142->3136 3144 405356 SendMessageW SendMessageW SendMessageW 3142->3144 3143->3142 3144->3136 3151 4061ad 3145->3151 3146 4063f8 3147 402bec 3146->3147 3179 40617e lstrcpynW 3146->3179 3147->3126 3163 406412 3147->3163 3149 406260 GetVersion 3149->3151 3150 4063c6 lstrlenW 3150->3151 3151->3146 3151->3149 3151->3150 3152 4061a0 10 API calls 3151->3152 3155 4062db GetSystemDirectoryW 3151->3155 3157 4062ee GetWindowsDirectoryW 3151->3157 3158 406412 5 API calls 3151->3158 3159 4061a0 10 API calls 3151->3159 3160 406367 lstrcatW 3151->3160 3161 406322 SHGetSpecialFolderLocation 3151->3161 3172 40604b RegOpenKeyExW 3151->3172 3177 4060c5 wsprintfW 3151->3177 3178 40617e lstrcpynW 3151->3178 3152->3150 3155->3151 3157->3151 3158->3151 3159->3151 3160->3151 3161->3151 3162 40633a SHGetPathFromIDListW CoTaskMemFree 3161->3162 3162->3151 3164 40641f 3163->3164 3166 406495 3164->3166 3167 406488 CharNextW 3164->3167 3170 406474 CharNextW 3164->3170 3171 406483 CharNextW 3164->3171 3180 405b5f 3164->3180 3165 40649a CharPrevW 3165->3166 3166->3165 3168 4064bb 3166->3168 3167->3164 3167->3166 3168->3126 3170->3164 3171->3167 3173 4060bf 3172->3173 3174 40607f RegQueryValueExW 3172->3174 3173->3151 3175 4060a0 RegCloseKey 3174->3175 3175->3173 3177->3151 3178->3151 3179->3147 3181 405b65 3180->3181 3182 405b7b 3181->3182 3183 405b6c CharNextW 3181->3183 3182->3164 3183->3181 4082 4016c4 4083 402bbf 18 API calls 4082->4083 4084 4016ca GetFullPathNameW 4083->4084 4087 4016e4 4084->4087 4091 401706 4084->4091 4085 40171b GetShortPathNameW 4086 402a4c 4085->4086 4088 4064c1 2 API calls 4087->4088 4087->4091 4089 4016f6 4088->4089 4089->4091 4092 40617e lstrcpynW 4089->4092 4091->4085 4091->4086 4092->4091 4093 406846 4099 4066ca 4093->4099 4094 407035 4095 406754 GlobalAlloc 4095->4094 4095->4099 4096 40674b GlobalFree 4096->4095 4097 4067c2 GlobalFree 4098 4067cb GlobalAlloc 4097->4098 4098->4094 4098->4099 4099->4094 4099->4095 4099->4096 4099->4097 4099->4098 4103 40194e 4104 402bbf 18 API calls 4103->4104 4105 401955 lstrlenW 4104->4105 4106 402531 4105->4106 4107 4027ce 4108 4027d6 4107->4108 4109 4027da FindNextFileW 4108->4109 4111 4027ec 4108->4111 4110 402833 4109->4110 4109->4111 4113 40617e lstrcpynW 4110->4113 4113->4111 4121 405251 4122 405261 4121->4122 4123 405275 4121->4123 4124 405267 4122->4124 4133 4052be 4122->4133 4125 40527d IsWindowVisible 4123->4125 4131 405294 4123->4131 4126 40428e SendMessageW 4124->4126 4127 40528a 4125->4127 4125->4133 4129 405271 4126->4129 4134 404ba7 SendMessageW 4127->4134 4128 4052c3 CallWindowProcW 4128->4129 4131->4128 4139 404c27 4131->4139 4133->4128 4135 404c06 SendMessageW 4134->4135 4136 404bca GetMessagePos ScreenToClient SendMessageW 4134->4136 4138 404bfe 4135->4138 4137 404c03 4136->4137 4136->4138 4137->4135 4138->4131 4148 40617e lstrcpynW 4139->4148 4141 404c3a 4149 4060c5 wsprintfW 4141->4149 4143 404c44 4144 40140b 2 API calls 4143->4144 4145 404c4d 4144->4145 4150 40617e lstrcpynW 4145->4150 4147 404c54 4147->4133 4148->4141 4149->4143 4150->4147 3446 401754 3447 402bbf 18 API calls 3446->3447 3448 40175b 3447->3448 3452 405d82 3448->3452 3450 401762 3451 405d82 2 API calls 3450->3451 3451->3450 3453 405d8f GetTickCount GetTempFileNameW 3452->3453 3454 405dc9 3453->3454 3455 405dc5 3453->3455 3454->3450 3455->3453 3455->3454 3456 4038d5 3457 4038f0 3456->3457 3458 4038e6 CloseHandle 3456->3458 3459 403904 3457->3459 3460 4038fa CloseHandle 3457->3460 3458->3457 3465 403932 3459->3465 3460->3459 3466 403940 3465->3466 3467 403909 3466->3467 3468 403945 FreeLibrary GlobalFree 3466->3468 3469 40596f 3467->3469 3468->3467 3468->3468 3505 405c3a 3469->3505 3472 405997 DeleteFileW 3502 403915 3472->3502 3473 4059ae 3474 405ace 3473->3474 3519 40617e lstrcpynW 3473->3519 3481 4064c1 2 API calls 3474->3481 3474->3502 3476 4059d4 3477 4059e7 3476->3477 3478 4059da lstrcatW 3476->3478 3521 405b7e lstrlenW 3477->3521 3479 4059ed 3478->3479 3482 4059fd lstrcatW 3479->3482 3484 405a08 lstrlenW FindFirstFileW 3479->3484 3483 405af3 3481->3483 3482->3484 3486 405b32 3 API calls 3483->3486 3483->3502 3484->3474 3485 405a2a 3484->3485 3488 405ab1 FindNextFileW 3485->3488 3497 40596f 62 API calls 3485->3497 3501 4052dd 25 API calls 3485->3501 3503 4052dd 25 API calls 3485->3503 3520 40617e lstrcpynW 3485->3520 3525 405927 3485->3525 3533 40601f MoveFileExW 3485->3533 3487 405afd 3486->3487 3489 405927 5 API calls 3487->3489 3488->3485 3492 405ac7 FindClose 3488->3492 3491 405b09 3489->3491 3493 405b23 3491->3493 3496 405b0d 3491->3496 3492->3474 3495 4052dd 25 API calls 3493->3495 3495->3502 3498 4052dd 25 API calls 3496->3498 3496->3502 3497->3485 3499 405b1a 3498->3499 3500 40601f 38 API calls 3499->3500 3500->3502 3501->3488 3503->3485 3537 40617e lstrcpynW 3505->3537 3507 405c4b 3538 405bdd CharNextW CharNextW 3507->3538 3510 40598f 3510->3472 3510->3473 3511 406412 5 API calls 3517 405c61 3511->3517 3512 405c92 lstrlenW 3513 405c9d 3512->3513 3512->3517 3514 405b32 3 API calls 3513->3514 3516 405ca2 GetFileAttributesW 3514->3516 3515 4064c1 2 API calls 3515->3517 3516->3510 3517->3510 3517->3512 3517->3515 3518 405b7e 2 API calls 3517->3518 3518->3512 3519->3476 3520->3485 3522 405b8c 3521->3522 3523 405b92 CharPrevW 3522->3523 3524 405b9e 3522->3524 3523->3522 3523->3524 3524->3479 3526 405d2e 2 API calls 3525->3526 3527 405933 3526->3527 3528 405954 3527->3528 3529 405942 RemoveDirectoryW 3527->3529 3530 40594a DeleteFileW 3527->3530 3528->3485 3531 405950 3529->3531 3530->3531 3531->3528 3532 405960 SetFileAttributesW 3531->3532 3532->3528 3534 406033 3533->3534 3536 406040 3533->3536 3544 405ead lstrcpyW 3534->3544 3536->3485 3537->3507 3540 405c0c 3538->3540 3541 405bfa 3538->3541 3539 405c30 3539->3510 3539->3511 3540->3539 3543 405b5f CharNextW 3540->3543 3541->3540 3542 405c07 CharNextW 3541->3542 3542->3539 3543->3540 3545 405ed5 3544->3545 3546 405efb GetShortPathNameW 3544->3546 3571 405d53 GetFileAttributesW CreateFileW 3545->3571 3548 405f10 3546->3548 3549 40601a 3546->3549 3548->3549 3551 405f18 wsprintfA 3548->3551 3549->3536 3550 405edf CloseHandle GetShortPathNameW 3550->3549 3552 405ef3 3550->3552 3553 4061a0 18 API calls 3551->3553 3552->3546 3552->3549 3554 405f40 3553->3554 3572 405d53 GetFileAttributesW CreateFileW 3554->3572 3556 405f4d 3556->3549 3557 405f5c GetFileSize GlobalAlloc 3556->3557 3558 406013 CloseHandle 3557->3558 3559 405f7e 3557->3559 3558->3549 3560 405dd6 ReadFile 3559->3560 3561 405f86 3560->3561 3561->3558 3573 405cb8 lstrlenA 3561->3573 3564 405fb1 3566 405cb8 4 API calls 3564->3566 3565 405f9d lstrcpyA 3568 405fbf 3565->3568 3566->3568 3567 405ff6 SetFilePointer 3569 405e05 WriteFile 3567->3569 3568->3567 3570 40600c GlobalFree 3569->3570 3570->3558 3571->3550 3572->3556 3574 405cf9 lstrlenA 3573->3574 3575 405d01 3574->3575 3576 405cd2 lstrcmpiA 3574->3576 3575->3564 3575->3565 3576->3575 3577 405cf0 CharNextA 3576->3577 3577->3574 4151 404356 lstrcpynW lstrlenW 4152 401d56 GetDC GetDeviceCaps 4153 402ba2 18 API calls 4152->4153 4154 401d74 MulDiv ReleaseDC 4153->4154 4155 402ba2 18 API calls 4154->4155 4156 401d93 4155->4156 4157 4061a0 18 API calls 4156->4157 4158 401dcc CreateFontIndirectW 4157->4158 4159 402531 4158->4159 4160 401a57 4161 402ba2 18 API calls 4160->4161 4162 401a5d 4161->4162 4163 402ba2 18 API calls 4162->4163 4164 401a05 4163->4164 4165 4014d7 4166 402ba2 18 API calls 4165->4166 4167 4014dd Sleep 4166->4167 4169 402a4c 4167->4169 4170 404c59 GetDlgItem GetDlgItem 4171 404cab 7 API calls 4170->4171 4178 404ec4 4170->4178 4172 404d41 SendMessageW 4171->4172 4173 404d4e DeleteObject 4171->4173 4172->4173 4174 404d57 4173->4174 4176 404d8e 4174->4176 4177 4061a0 18 API calls 4174->4177 4175 404fa8 4180 405054 4175->4180 4190 405001 SendMessageW 4175->4190 4210 404eb7 4175->4210 4179 404242 19 API calls 4176->4179 4181 404d70 SendMessageW SendMessageW 4177->4181 4178->4175 4188 404ba7 5 API calls 4178->4188 4213 404f35 4178->4213 4184 404da2 4179->4184 4182 405066 4180->4182 4183 40505e SendMessageW 4180->4183 4181->4174 4187 40508f 4182->4187 4192 405078 ImageList_Destroy 4182->4192 4193 40507f 4182->4193 4183->4182 4189 404242 19 API calls 4184->4189 4185 4042a9 8 API calls 4191 40524a 4185->4191 4186 404f9a SendMessageW 4186->4175 4195 4051fe 4187->4195 4209 404c27 4 API calls 4187->4209 4217 4050ca 4187->4217 4188->4213 4194 404db0 4189->4194 4196 405016 SendMessageW 4190->4196 4190->4210 4192->4193 4193->4187 4197 405088 GlobalFree 4193->4197 4198 404e85 GetWindowLongW SetWindowLongW 4194->4198 4205 404e7f 4194->4205 4208 404e00 SendMessageW 4194->4208 4211 404e3c SendMessageW 4194->4211 4212 404e4d SendMessageW 4194->4212 4200 405210 ShowWindow GetDlgItem ShowWindow 4195->4200 4195->4210 4199 405029 4196->4199 4197->4187 4201 404e9e 4198->4201 4204 40503a SendMessageW 4199->4204 4200->4210 4202 404ea4 ShowWindow 4201->4202 4203 404ebc 4201->4203 4221 404277 SendMessageW 4202->4221 4222 404277 SendMessageW 4203->4222 4204->4180 4205->4198 4205->4201 4208->4194 4209->4217 4210->4185 4211->4194 4212->4194 4213->4175 4213->4186 4214 4051d4 InvalidateRect 4214->4195 4215 4051ea 4214->4215 4223 404b62 4215->4223 4216 4050f8 SendMessageW 4220 40510e 4216->4220 4217->4216 4217->4220 4219 405182 SendMessageW SendMessageW 4219->4220 4220->4214 4220->4219 4221->4210 4222->4178 4226 404a99 4223->4226 4225 404b77 4225->4195 4227 404ab2 4226->4227 4228 4061a0 18 API calls 4227->4228 4229 404b16 4228->4229 4230 4061a0 18 API calls 4229->4230 4231 404b21 4230->4231 4232 4061a0 18 API calls 4231->4232 4233 404b37 lstrlenW wsprintfW SetDlgItemTextW 4232->4233 4233->4225 4234 40155b 4235 4029f2 4234->4235 4238 4060c5 wsprintfW 4235->4238 4237 4029f7 4238->4237 3908 401ddc 3909 402ba2 18 API calls 3908->3909 3910 401de2 3909->3910 3911 402ba2 18 API calls 3910->3911 3912 401deb 3911->3912 3913 401df2 ShowWindow 3912->3913 3914 401dfd KiUserCallbackDispatcher 3912->3914 3915 402a4c 3913->3915 3914->3915 4239 4046dd 4240 404709 4239->4240 4241 40471a 4239->4241 4300 4058a7 GetDlgItemTextW 4240->4300 4243 404726 GetDlgItem 4241->4243 4249 404785 4241->4249 4244 40473a 4243->4244 4248 40474e SetWindowTextW 4244->4248 4252 405bdd 4 API calls 4244->4252 4245 404869 4298 404a18 4245->4298 4302 4058a7 GetDlgItemTextW 4245->4302 4246 404714 4247 406412 5 API calls 4246->4247 4247->4241 4253 404242 19 API calls 4248->4253 4249->4245 4254 4061a0 18 API calls 4249->4254 4249->4298 4251 4042a9 8 API calls 4256 404a2c 4251->4256 4257 404744 4252->4257 4258 40476a 4253->4258 4259 4047f9 SHBrowseForFolderW 4254->4259 4255 404899 4260 405c3a 18 API calls 4255->4260 4257->4248 4264 405b32 3 API calls 4257->4264 4261 404242 19 API calls 4258->4261 4259->4245 4262 404811 CoTaskMemFree 4259->4262 4263 40489f 4260->4263 4265 404778 4261->4265 4266 405b32 3 API calls 4262->4266 4303 40617e lstrcpynW 4263->4303 4264->4248 4301 404277 SendMessageW 4265->4301 4268 40481e 4266->4268 4271 404855 SetDlgItemTextW 4268->4271 4275 4061a0 18 API calls 4268->4275 4270 40477e 4273 406558 5 API calls 4270->4273 4271->4245 4272 4048b6 4274 406558 5 API calls 4272->4274 4273->4249 4286 4048bd 4274->4286 4276 40483d lstrcmpiW 4275->4276 4276->4271 4278 40484e lstrcatW 4276->4278 4277 4048fe 4304 40617e lstrcpynW 4277->4304 4278->4271 4280 404905 4281 405bdd 4 API calls 4280->4281 4282 40490b GetDiskFreeSpaceW 4281->4282 4284 40492f MulDiv 4282->4284 4287 404956 4282->4287 4284->4287 4285 405b7e 2 API calls 4285->4286 4286->4277 4286->4285 4286->4287 4288 4049c7 4287->4288 4290 404b62 21 API calls 4287->4290 4289 4049ea 4288->4289 4291 40140b 2 API calls 4288->4291 4305 404264 KiUserCallbackDispatcher 4289->4305 4292 4049b4 4290->4292 4291->4289 4294 4049c9 SetDlgItemTextW 4292->4294 4295 4049b9 4292->4295 4294->4288 4296 404a99 21 API calls 4295->4296 4296->4288 4297 404a06 4297->4298 4306 404672 4297->4306 4298->4251 4300->4246 4301->4270 4302->4255 4303->4272 4304->4280 4305->4297 4307 404680 4306->4307 4308 404685 SendMessageW 4306->4308 4307->4308 4308->4298 3985 401bdf 3986 402ba2 18 API calls 3985->3986 3987 401be6 3986->3987 3988 402ba2 18 API calls 3987->3988 3990 401bf0 3988->3990 3989 401c00 3992 401c10 3989->3992 3993 402bbf 18 API calls 3989->3993 3990->3989 3991 402bbf 18 API calls 3990->3991 3991->3989 3994 401c1b 3992->3994 3995 401c5f 3992->3995 3993->3992 3997 402ba2 18 API calls 3994->3997 3996 402bbf 18 API calls 3995->3996 3998 401c64 3996->3998 3999 401c20 3997->3999 4000 402bbf 18 API calls 3998->4000 4001 402ba2 18 API calls 3999->4001 4002 401c6d FindWindowExW 4000->4002 4003 401c29 4001->4003 4006 401c8f 4002->4006 4004 401c31 SendMessageTimeoutW 4003->4004 4005 401c4f SendMessageW 4003->4005 4004->4006 4005->4006 4007 4022df 4008 402bbf 18 API calls 4007->4008 4009 4022ee 4008->4009 4010 402bbf 18 API calls 4009->4010 4011 4022f7 4010->4011 4012 402bbf 18 API calls 4011->4012 4013 402301 GetPrivateProfileStringW 4012->4013 4309 4043df 4311 4043f7 4309->4311 4314 404511 4309->4314 4310 40457b 4312 404585 GetDlgItem 4310->4312 4313 40464d 4310->4313 4317 404242 19 API calls 4311->4317 4315 40460e 4312->4315 4316 40459f 4312->4316 4319 4042a9 8 API calls 4313->4319 4314->4310 4314->4313 4320 40454c GetDlgItem SendMessageW 4314->4320 4315->4313 4324 404620 4315->4324 4316->4315 4323 4045c5 6 API calls 4316->4323 4318 40445e 4317->4318 4321 404242 19 API calls 4318->4321 4322 404648 4319->4322 4340 404264 KiUserCallbackDispatcher 4320->4340 4326 40446b CheckDlgButton 4321->4326 4323->4315 4327 404636 4324->4327 4328 404626 SendMessageW 4324->4328 4338 404264 KiUserCallbackDispatcher 4326->4338 4327->4322 4332 40463c SendMessageW 4327->4332 4328->4327 4329 404576 4330 404672 SendMessageW 4329->4330 4330->4310 4332->4322 4333 404489 GetDlgItem 4339 404277 SendMessageW 4333->4339 4335 40449f SendMessageW 4336 4044c5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4335->4336 4337 4044bc GetSysColor 4335->4337 4336->4322 4337->4336 4338->4333 4339->4335 4340->4329 4341 401960 4342 402ba2 18 API calls 4341->4342 4343 401967 4342->4343 4344 402ba2 18 API calls 4343->4344 4345 401971 4344->4345 4346 402bbf 18 API calls 4345->4346 4347 40197a 4346->4347 4348 40198e lstrlenW 4347->4348 4349 4019ca 4347->4349 4350 401998 4348->4350 4350->4349 4354 40617e lstrcpynW 4350->4354 4352 4019b3 4352->4349 4353 4019c0 lstrlenW 4352->4353 4353->4349 4354->4352 4355 401662 4356 402bbf 18 API calls 4355->4356 4357 401668 4356->4357 4358 4064c1 2 API calls 4357->4358 4359 40166e 4358->4359 4360 4019e4 4361 402bbf 18 API calls 4360->4361 4362 4019eb 4361->4362 4363 402bbf 18 API calls 4362->4363 4364 4019f4 4363->4364 4365 4019fb lstrcmpiW 4364->4365 4366 401a0d lstrcmpW 4364->4366 4367 401a01 4365->4367 4366->4367 4368 4025e5 4369 402ba2 18 API calls 4368->4369 4371 4025f4 4369->4371 4370 40272d 4371->4370 4372 40263a ReadFile 4371->4372 4373 405dd6 ReadFile 4371->4373 4374 40267a MultiByteToWideChar 4371->4374 4375 40272f 4371->4375 4376 405e34 5 API calls 4371->4376 4378 4026a0 SetFilePointer MultiByteToWideChar 4371->4378 4379 402740 4371->4379 4372->4370 4372->4371 4373->4371 4374->4371 4381 4060c5 wsprintfW 4375->4381 4376->4371 4378->4371 4379->4370 4380 402761 SetFilePointer 4379->4380 4380->4370 4381->4370 4389 401e66 4390 402bbf 18 API calls 4389->4390 4391 401e6c 4390->4391 4392 4052dd 25 API calls 4391->4392 4393 401e76 4392->4393 4394 40585e 2 API calls 4393->4394 4395 401e7c 4394->4395 4396 40281e 4395->4396 4397 401edb CloseHandle 4395->4397 4398 401e8c WaitForSingleObject 4395->4398 4397->4396 4399 401e9e 4398->4399 4400 401eb0 GetExitCodeProcess 4399->4400 4403 406594 2 API calls 4399->4403 4401 401ec2 4400->4401 4402 401ecd 4400->4402 4406 4060c5 wsprintfW 4401->4406 4402->4397 4405 401ea5 WaitForSingleObject 4403->4405 4405->4399 4406->4402 3196 401767 3197 402bbf 18 API calls 3196->3197 3198 40176e 3197->3198 3199 401796 3198->3199 3200 40178e 3198->3200 3251 40617e lstrcpynW 3199->3251 3250 40617e lstrcpynW 3200->3250 3203 4017a1 3252 405b32 lstrlenW CharPrevW 3203->3252 3204 401794 3207 406412 5 API calls 3204->3207 3217 4017b3 3207->3217 3211 4017c5 CompareFileTime 3211->3217 3212 401885 3213 4052dd 25 API calls 3212->3213 3215 40188f 3213->3215 3214 4052dd 25 API calls 3216 401871 3214->3216 3235 4030e7 3215->3235 3217->3211 3217->3212 3221 4061a0 18 API calls 3217->3221 3226 40617e lstrcpynW 3217->3226 3233 40185c 3217->3233 3234 405d53 GetFileAttributesW CreateFileW 3217->3234 3255 4064c1 FindFirstFileW 3217->3255 3258 405d2e GetFileAttributesW 3217->3258 3261 4058c3 3217->3261 3220 4018b6 SetFileTime 3222 4018c8 FindCloseChangeNotification 3220->3222 3221->3217 3222->3216 3223 4018d9 3222->3223 3224 4018f1 3223->3224 3225 4018de 3223->3225 3228 4061a0 18 API calls 3224->3228 3227 4061a0 18 API calls 3225->3227 3226->3217 3229 4018e6 lstrcatW 3227->3229 3230 4018f9 3228->3230 3229->3230 3232 4058c3 MessageBoxIndirectW 3230->3232 3232->3216 3233->3214 3233->3216 3234->3217 3236 403112 3235->3236 3237 4030f6 SetFilePointer 3235->3237 3265 4031ef GetTickCount 3236->3265 3237->3236 3242 4031ef 43 API calls 3243 403149 3242->3243 3244 4031b5 ReadFile 3243->3244 3247 403158 3243->3247 3249 4018a2 3243->3249 3244->3249 3246 405dd6 ReadFile 3246->3247 3247->3246 3247->3249 3280 405e05 WriteFile 3247->3280 3249->3220 3249->3222 3250->3204 3251->3203 3253 4017a7 lstrcatW 3252->3253 3254 405b4e lstrcatW 3252->3254 3253->3204 3254->3253 3256 4064e2 3255->3256 3257 4064d7 FindClose 3255->3257 3256->3217 3257->3256 3259 405d40 SetFileAttributesW 3258->3259 3260 405d4d 3258->3260 3259->3260 3260->3217 3262 4058d8 3261->3262 3263 405924 3262->3263 3264 4058ec MessageBoxIndirectW 3262->3264 3263->3217 3264->3263 3266 403347 3265->3266 3267 40321d 3265->3267 3268 402d9f 33 API calls 3266->3268 3282 40336e SetFilePointer 3267->3282 3274 403119 3268->3274 3270 403228 SetFilePointer 3276 40324d 3270->3276 3274->3249 3278 405dd6 ReadFile 3274->3278 3275 405e05 WriteFile 3275->3276 3276->3274 3276->3275 3277 403328 SetFilePointer 3276->3277 3283 403358 3276->3283 3286 402d9f 3276->3286 3300 406697 3276->3300 3277->3266 3279 403132 3278->3279 3279->3242 3279->3249 3281 405e23 3280->3281 3281->3247 3282->3270 3284 405dd6 ReadFile 3283->3284 3285 40336b 3284->3285 3285->3276 3287 402db0 3286->3287 3288 402dc8 3286->3288 3291 402db9 DestroyWindow 3287->3291 3294 402dc0 3287->3294 3289 402dd0 3288->3289 3290 402dd8 GetTickCount 3288->3290 3310 406594 3289->3310 3293 402de6 3290->3293 3290->3294 3291->3294 3295 402e1b CreateDialogParamW ShowWindow 3293->3295 3296 402dee 3293->3296 3294->3276 3295->3294 3296->3294 3307 402d83 3296->3307 3298 402dfc wsprintfW 3299 4052dd 25 API calls 3298->3299 3299->3294 3301 4066bc 3300->3301 3302 4066c4 3300->3302 3301->3276 3302->3301 3303 406754 GlobalAlloc 3302->3303 3304 40674b GlobalFree 3302->3304 3305 4067c2 GlobalFree 3302->3305 3306 4067cb GlobalAlloc 3302->3306 3303->3301 3303->3302 3304->3303 3305->3306 3306->3301 3306->3302 3308 402d92 3307->3308 3309 402d94 MulDiv 3307->3309 3308->3309 3309->3298 3311 4065b1 PeekMessageW 3310->3311 3312 4065c1 3311->3312 3313 4065a7 DispatchMessageW 3311->3313 3312->3294 3313->3311 4407 401ee9 4408 402bbf 18 API calls 4407->4408 4409 401ef0 4408->4409 4410 4064c1 2 API calls 4409->4410 4411 401ef6 4410->4411 4413 401f07 4411->4413 4414 4060c5 wsprintfW 4411->4414 4414->4413 3314 4021ea 3315 402bbf 18 API calls 3314->3315 3316 4021f0 3315->3316 3317 402bbf 18 API calls 3316->3317 3318 4021f9 3317->3318 3319 402bbf 18 API calls 3318->3319 3320 402202 3319->3320 3321 4064c1 2 API calls 3320->3321 3322 40220b 3321->3322 3323 40221c lstrlenW lstrlenW 3322->3323 3324 40220f 3322->3324 3326 4052dd 25 API calls 3323->3326 3325 4052dd 25 API calls 3324->3325 3328 402217 3324->3328 3325->3328 3327 40225a SHFileOperationW 3326->3327 3327->3324 3327->3328 3329 403d6a 3330 403d82 3329->3330 3331 403ebd 3329->3331 3330->3331 3332 403d8e 3330->3332 3333 403f0e 3331->3333 3334 403ece GetDlgItem GetDlgItem 3331->3334 3335 403d99 SetWindowPos 3332->3335 3336 403dac 3332->3336 3338 403f68 3333->3338 3346 401389 2 API calls 3333->3346 3337 404242 19 API calls 3334->3337 3335->3336 3340 403db1 ShowWindow 3336->3340 3341 403dc9 3336->3341 3342 403ef8 SetClassLongW 3337->3342 3357 403eb8 3338->3357 3397 40428e 3338->3397 3340->3341 3343 403dd1 DestroyWindow 3341->3343 3344 403deb 3341->3344 3345 40140b 2 API calls 3342->3345 3396 4041cb 3343->3396 3347 403df0 SetWindowLongW 3344->3347 3348 403e01 3344->3348 3345->3333 3349 403f40 3346->3349 3347->3357 3352 403e0d GetDlgItem 3348->3352 3366 403e78 3348->3366 3349->3338 3353 403f44 SendMessageW 3349->3353 3350 40140b 2 API calls 3386 403f7a 3350->3386 3351 4041cd DestroyWindow KiUserCallbackDispatcher 3351->3396 3356 403e20 SendMessageW IsWindowEnabled 3352->3356 3359 403e3d 3352->3359 3353->3357 3355 4041fc ShowWindow 3355->3357 3356->3357 3356->3359 3358 4061a0 18 API calls 3358->3386 3360 403e4a 3359->3360 3361 403e91 SendMessageW 3359->3361 3362 403e5d 3359->3362 3370 403e42 3359->3370 3360->3361 3360->3370 3361->3366 3364 403e65 3362->3364 3365 403e7a 3362->3365 3410 40140b 3364->3410 3368 40140b 2 API calls 3365->3368 3416 4042a9 3366->3416 3368->3370 3369 404242 19 API calls 3369->3386 3370->3366 3413 40421b 3370->3413 3372 403ff5 GetDlgItem 3373 404012 ShowWindow KiUserCallbackDispatcher 3372->3373 3374 40400a 3372->3374 3403 404264 KiUserCallbackDispatcher 3373->3403 3374->3373 3376 40403c EnableWindow 3379 404050 3376->3379 3377 404055 GetSystemMenu EnableMenuItem SendMessageW 3378 404085 SendMessageW 3377->3378 3377->3379 3378->3379 3379->3377 3404 404277 SendMessageW 3379->3404 3405 40617e lstrcpynW 3379->3405 3382 4040b3 lstrlenW 3383 4061a0 18 API calls 3382->3383 3384 4040c9 SetWindowTextW 3383->3384 3406 401389 3384->3406 3386->3350 3386->3351 3386->3357 3386->3358 3386->3369 3387 40410d DestroyWindow 3386->3387 3400 404242 3386->3400 3388 404127 CreateDialogParamW 3387->3388 3387->3396 3389 40415a 3388->3389 3388->3396 3390 404242 19 API calls 3389->3390 3391 404165 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3390->3391 3392 401389 2 API calls 3391->3392 3393 4041ab 3392->3393 3393->3357 3394 4041b3 ShowWindow 3393->3394 3395 40428e SendMessageW 3394->3395 3395->3396 3396->3355 3396->3357 3398 4042a6 3397->3398 3399 404297 SendMessageW 3397->3399 3398->3386 3399->3398 3401 4061a0 18 API calls 3400->3401 3402 40424d SetDlgItemTextW 3401->3402 3402->3372 3403->3376 3404->3379 3405->3382 3408 401390 3406->3408 3407 4013fe 3407->3386 3408->3407 3409 4013cb MulDiv SendMessageW 3408->3409 3409->3408 3411 401389 2 API calls 3410->3411 3412 401420 3411->3412 3412->3370 3414 404222 3413->3414 3415 404228 SendMessageW 3413->3415 3414->3415 3415->3366 3417 4042c1 GetWindowLongW 3416->3417 3427 40434a 3416->3427 3418 4042d2 3417->3418 3417->3427 3419 4042e1 GetSysColor 3418->3419 3420 4042e4 3418->3420 3419->3420 3421 4042f4 SetBkMode 3420->3421 3422 4042ea SetTextColor 3420->3422 3423 404312 3421->3423 3424 40430c GetSysColor 3421->3424 3422->3421 3425 404323 3423->3425 3426 404319 SetBkColor 3423->3426 3424->3423 3425->3427 3428 404336 DeleteObject 3425->3428 3429 40433d CreateBrushIndirect 3425->3429 3426->3425 3427->3357 3428->3429 3429->3427 4415 40156b 4416 401584 4415->4416 4417 40157b ShowWindow 4415->4417 4418 401592 ShowWindow 4416->4418 4419 402a4c 4416->4419 4417->4416 4418->4419 4420 40226e 4421 402275 4420->4421 4425 402288 4420->4425 4422 4061a0 18 API calls 4421->4422 4423 402282 4422->4423 4424 4058c3 MessageBoxIndirectW 4423->4424 4424->4425 4426 4014f1 SetForegroundWindow 4427 402a4c 4426->4427 4428 401673 4429 402bbf 18 API calls 4428->4429 4430 40167a 4429->4430 4431 402bbf 18 API calls 4430->4431 4432 401683 4431->4432 4433 402bbf 18 API calls 4432->4433 4434 40168c MoveFileW 4433->4434 4435 40169f 4434->4435 4441 401698 4434->4441 4436 4064c1 2 API calls 4435->4436 4439 4021e1 4435->4439 4438 4016ae 4436->4438 4437 401423 25 API calls 4437->4439 4438->4439 4440 40601f 38 API calls 4438->4440 4440->4441 4441->4437 4442 401cfa GetDlgItem GetClientRect 4443 402bbf 18 API calls 4442->4443 4444 401d2c LoadImageW SendMessageW 4443->4444 4445 401d4a DeleteObject 4444->4445 4446 402a4c 4444->4446 4445->4446 3891 40237b 3892 402381 3891->3892 3893 402bbf 18 API calls 3892->3893 3894 402393 3893->3894 3895 402bbf 18 API calls 3894->3895 3896 40239d RegCreateKeyExW 3895->3896 3897 4023c7 3896->3897 3901 402a4c 3896->3901 3898 4023e2 3897->3898 3899 402bbf 18 API calls 3897->3899 3900 4023ee 3898->3900 3903 402ba2 18 API calls 3898->3903 3902 4023d8 lstrlenW 3899->3902 3904 402409 RegSetValueExW 3900->3904 3905 4030e7 45 API calls 3900->3905 3902->3898 3903->3900 3906 40241f RegCloseKey 3904->3906 3905->3904 3906->3901 4454 4027fb 4455 402bbf 18 API calls 4454->4455 4456 402802 FindFirstFileW 4455->4456 4457 40282a 4456->4457 4460 402815 4456->4460 4458 402833 4457->4458 4462 4060c5 wsprintfW 4457->4462 4463 40617e lstrcpynW 4458->4463 4462->4458 4463->4460 4471 4014ff 4472 401507 4471->4472 4474 40151a 4471->4474 4473 402ba2 18 API calls 4472->4473 4473->4474 4475 401000 4476 401037 BeginPaint GetClientRect 4475->4476 4478 40100c DefWindowProcW 4475->4478 4479 4010f3 4476->4479 4482 401179 4478->4482 4480 401073 CreateBrushIndirect FillRect DeleteObject 4479->4480 4481 4010fc 4479->4481 4480->4479 4483 401102 CreateFontIndirectW 4481->4483 4484 401167 EndPaint 4481->4484 4483->4484 4485 401112 6 API calls 4483->4485 4484->4482 4485->4484 4493 401904 4494 40193b 4493->4494 4495 402bbf 18 API calls 4494->4495 4496 401940 4495->4496 4497 40596f 69 API calls 4496->4497 4498 401949 4497->4498 4499 402d04 4500 402d16 SetTimer 4499->4500 4501 402d2f 4499->4501 4500->4501 4502 402d7d 4501->4502 4503 402d83 MulDiv 4501->4503 4504 402d3d wsprintfW SetWindowTextW SetDlgItemTextW 4503->4504 4504->4502 4506 403985 4507 403990 4506->4507 4508 403994 4507->4508 4509 403997 GlobalAlloc 4507->4509 4509->4508 3184 402786 3185 40278d 3184->3185 3188 4029f7 3184->3188 3192 402ba2 3185->3192 3187 402798 3189 40279f SetFilePointer 3187->3189 3189->3188 3190 4027af 3189->3190 3195 4060c5 wsprintfW 3190->3195 3193 4061a0 18 API calls 3192->3193 3194 402bb6 3193->3194 3194->3187 3195->3188 4510 401907 4511 402bbf 18 API calls 4510->4511 4512 40190e 4511->4512 4513 4058c3 MessageBoxIndirectW 4512->4513 4514 401917 4513->4514 4515 401e08 4516 402bbf 18 API calls 4515->4516 4517 401e0e 4516->4517 4518 402bbf 18 API calls 4517->4518 4519 401e17 4518->4519 4520 402bbf 18 API calls 4519->4520 4521 401e20 4520->4521 4522 402bbf 18 API calls 4521->4522 4523 401e29 4522->4523 4524 401423 25 API calls 4523->4524 4525 401e30 ShellExecuteW 4524->4525 4526 401e61 4525->4526 4532 404390 lstrlenW 4533 4043b1 WideCharToMultiByte 4532->4533 4534 4043af 4532->4534 4534->4533 4535 401491 4536 4052dd 25 API calls 4535->4536 4537 401498 4536->4537 4545 401a15 4546 402bbf 18 API calls 4545->4546 4547 401a1e ExpandEnvironmentStringsW 4546->4547 4548 401a32 4547->4548 4550 401a45 4547->4550 4549 401a37 lstrcmpW 4548->4549 4548->4550 4549->4550 4551 402515 4552 402bbf 18 API calls 4551->4552 4553 40251c 4552->4553 4556 405d53 GetFileAttributesW CreateFileW 4553->4556 4555 402528 4556->4555 4557 402095 4558 402bbf 18 API calls 4557->4558 4559 40209c 4558->4559 4560 402bbf 18 API calls 4559->4560 4561 4020a6 4560->4561 4562 402bbf 18 API calls 4561->4562 4563 4020b0 4562->4563 4564 402bbf 18 API calls 4563->4564 4565 4020ba 4564->4565 4566 402bbf 18 API calls 4565->4566 4568 4020c4 4566->4568 4567 402103 CoCreateInstance 4572 402122 4567->4572 4568->4567 4569 402bbf 18 API calls 4568->4569 4569->4567 4570 401423 25 API calls 4571 4021e1 4570->4571 4572->4570 4572->4571 4573 401b16 4574 402bbf 18 API calls 4573->4574 4575 401b1d 4574->4575 4576 402ba2 18 API calls 4575->4576 4577 401b26 wsprintfW 4576->4577 4578 402a4c 4577->4578 4579 404696 4580 4046a6 4579->4580 4581 4046cc 4579->4581 4582 404242 19 API calls 4580->4582 4583 4042a9 8 API calls 4581->4583 4584 4046b3 SetDlgItemTextW 4582->4584 4585 4046d8 4583->4585 4584->4581 4586 40159b 4587 402bbf 18 API calls 4586->4587 4588 4015a2 SetFileAttributesW 4587->4588 4589 4015b4 4588->4589 3916 40541c 3917 4055c6 3916->3917 3918 40543d GetDlgItem GetDlgItem GetDlgItem 3916->3918 3920 4055f7 3917->3920 3921 4055cf GetDlgItem CreateThread CloseHandle 3917->3921 3961 404277 SendMessageW 3918->3961 3923 405622 3920->3923 3924 405647 3920->3924 3925 40560e ShowWindow ShowWindow 3920->3925 3921->3920 3964 4053b0 5 API calls 3921->3964 3922 4054ad 3927 4054b4 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3922->3927 3926 405682 3923->3926 3929 405636 3923->3929 3930 40565c ShowWindow 3923->3930 3931 4042a9 8 API calls 3924->3931 3963 404277 SendMessageW 3925->3963 3926->3924 3936 405690 SendMessageW 3926->3936 3934 405522 3927->3934 3935 405506 SendMessageW SendMessageW 3927->3935 3937 40421b SendMessageW 3929->3937 3932 40567c 3930->3932 3933 40566e 3930->3933 3938 405655 3931->3938 3940 40421b SendMessageW 3932->3940 3939 4052dd 25 API calls 3933->3939 3941 405535 3934->3941 3942 405527 SendMessageW 3934->3942 3935->3934 3936->3938 3943 4056a9 CreatePopupMenu 3936->3943 3937->3924 3939->3932 3940->3926 3945 404242 19 API calls 3941->3945 3942->3941 3944 4061a0 18 API calls 3943->3944 3946 4056b9 AppendMenuW 3944->3946 3947 405545 3945->3947 3948 4056d6 GetWindowRect 3946->3948 3949 4056e9 TrackPopupMenu 3946->3949 3950 405582 GetDlgItem SendMessageW 3947->3950 3951 40554e ShowWindow 3947->3951 3948->3949 3949->3938 3953 405704 3949->3953 3950->3938 3952 4055a9 SendMessageW SendMessageW 3950->3952 3954 405571 3951->3954 3955 405564 ShowWindow 3951->3955 3952->3938 3956 405720 SendMessageW 3953->3956 3962 404277 SendMessageW 3954->3962 3955->3954 3956->3956 3957 40573d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3956->3957 3959 405762 SendMessageW 3957->3959 3959->3959 3960 40578b GlobalUnlock SetClipboardData CloseClipboard 3959->3960 3960->3938 3961->3922 3962->3950 3963->3923 3965 40229d 3966 4022a5 3965->3966 3967 4022ab 3965->3967 3969 402bbf 18 API calls 3966->3969 3968 4022b9 3967->3968 3970 402bbf 18 API calls 3967->3970 3971 4022c7 3968->3971 3972 402bbf 18 API calls 3968->3972 3969->3967 3970->3968 3973 402bbf 18 API calls 3971->3973 3972->3971 3974 4022d0 WritePrivateProfileStringW 3973->3974 4590 401f1d 4591 402bbf 18 API calls 4590->4591 4592 401f24 4591->4592 4593 406558 5 API calls 4592->4593 4594 401f33 4593->4594 4595 401fb7 4594->4595 4596 401f4f GlobalAlloc 4594->4596 4596->4595 4597 401f63 4596->4597 4598 406558 5 API calls 4597->4598 4599 401f6a 4598->4599 4600 406558 5 API calls 4599->4600 4601 401f74 4600->4601 4601->4595 4605 4060c5 wsprintfW 4601->4605 4603 401fa9 4606 4060c5 wsprintfW 4603->4606 4605->4603 4606->4595 3975 40249e 3976 402cc9 19 API calls 3975->3976 3977 4024a8 3976->3977 3978 402ba2 18 API calls 3977->3978 3979 4024b1 3978->3979 3980 4024d5 RegEnumValueW 3979->3980 3981 4024c9 RegEnumKeyW 3979->3981 3982 40281e 3979->3982 3980->3982 3983 4024ee RegCloseKey 3980->3983 3981->3983 3983->3982 4607 40149e 4608 402288 4607->4608 4609 4014ac PostQuitMessage 4607->4609 4609->4608 4014 40231f 4015 402324 4014->4015 4016 40234f 4014->4016 4018 402cc9 19 API calls 4015->4018 4017 402bbf 18 API calls 4016->4017 4020 402356 4017->4020 4019 40232b 4018->4019 4021 402335 4019->4021 4025 40236c 4019->4025 4026 402bff RegOpenKeyExW 4020->4026 4022 402bbf 18 API calls 4021->4022 4023 40233c RegDeleteValueW RegCloseKey 4022->4023 4023->4025 4027 402c93 4026->4027 4031 402c2a 4026->4031 4027->4025 4028 402c50 RegEnumKeyW 4029 402c62 RegCloseKey 4028->4029 4028->4031 4032 406558 5 API calls 4029->4032 4030 402c87 RegCloseKey 4036 402c76 4030->4036 4031->4028 4031->4029 4031->4030 4033 402bff 5 API calls 4031->4033 4034 402c72 4032->4034 4033->4031 4035 402ca2 RegDeleteKeyW 4034->4035 4034->4036 4035->4036 4036->4027 4610 401ca3 4611 402ba2 18 API calls 4610->4611 4612 401ca9 IsWindow 4611->4612 4613 401a05 4612->4613 4614 402a27 SendMessageW 4615 402a41 InvalidateRect 4614->4615 4616 402a4c 4614->4616 4615->4616 3430 40242a 3441 402cc9 3430->3441 3432 402434 3433 402bbf 18 API calls 3432->3433 3434 40243d 3433->3434 3435 402448 RegQueryValueExW 3434->3435 3438 40281e 3434->3438 3436 402468 3435->3436 3437 40246e RegCloseKey 3435->3437 3436->3437 3445 4060c5 wsprintfW 3436->3445 3437->3438 3442 402bbf 18 API calls 3441->3442 3443 402ce2 3442->3443 3444 402cf0 RegOpenKeyExW 3443->3444 3444->3432 3445->3437 4624 40172d 4625 402bbf 18 API calls 4624->4625 4626 401734 SearchPathW 4625->4626 4627 40174f 4626->4627 4628 404a33 4629 404a43 4628->4629 4630 404a5f 4628->4630 4639 4058a7 GetDlgItemTextW 4629->4639 4632 404a92 4630->4632 4633 404a65 SHGetPathFromIDListW 4630->4633 4634 404a7c SendMessageW 4633->4634 4635 404a75 4633->4635 4634->4632 4637 40140b 2 API calls 4635->4637 4636 404a50 SendMessageW 4636->4630 4637->4634 4639->4636 4640 4027b4 4641 4027ba 4640->4641 4642 4027c2 FindClose 4641->4642 4643 402a4c 4641->4643 4642->4643 3578 4033b6 SetErrorMode GetVersion 3579 4033eb 3578->3579 3580 4033f1 3578->3580 3581 406558 5 API calls 3579->3581 3666 4064e8 GetSystemDirectoryW 3580->3666 3581->3580 3583 403407 lstrlenA 3583->3580 3584 403417 3583->3584 3669 406558 GetModuleHandleA 3584->3669 3587 406558 5 API calls 3588 403426 #17 OleInitialize SHGetFileInfoW 3587->3588 3675 40617e lstrcpynW 3588->3675 3590 403463 GetCommandLineW 3676 40617e lstrcpynW 3590->3676 3592 403475 GetModuleHandleW 3593 40348d 3592->3593 3594 405b5f CharNextW 3593->3594 3595 40349c CharNextW 3594->3595 3596 4035c6 GetTempPathW 3595->3596 3607 4034b5 3595->3607 3677 403385 3596->3677 3598 4035de 3599 4035e2 GetWindowsDirectoryW lstrcatW 3598->3599 3600 403638 DeleteFileW 3598->3600 3602 403385 12 API calls 3599->3602 3687 402e41 GetTickCount GetModuleFileNameW 3600->3687 3605 4035fe 3602->3605 3603 405b5f CharNextW 3603->3607 3604 40364c 3606 403703 ExitProcess OleUninitialize 3604->3606 3610 4036ef 3604->3610 3615 405b5f CharNextW 3604->3615 3605->3600 3608 403602 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3605->3608 3611 403839 3606->3611 3612 403719 3606->3612 3607->3603 3609 4035af 3607->3609 3613 4035b1 3607->3613 3614 403385 12 API calls 3608->3614 3609->3596 3717 4039c7 3610->3717 3619 403841 GetCurrentProcess OpenProcessToken 3611->3619 3620 4038bd ExitProcess 3611->3620 3618 4058c3 MessageBoxIndirectW 3612->3618 3773 40617e lstrcpynW 3613->3773 3621 403630 3614->3621 3632 40366b 3615->3632 3624 403727 ExitProcess 3618->3624 3625 403859 LookupPrivilegeValueW AdjustTokenPrivileges 3619->3625 3626 40388d 3619->3626 3621->3600 3621->3606 3622 4036ff 3622->3606 3625->3626 3627 406558 5 API calls 3626->3627 3628 403894 3627->3628 3631 4038a9 ExitWindowsEx 3628->3631 3635 4038b6 3628->3635 3629 4036c9 3634 405c3a 18 API calls 3629->3634 3630 40372f 3776 405846 3630->3776 3631->3620 3631->3635 3632->3629 3632->3630 3637 4036d5 3634->3637 3638 40140b 2 API calls 3635->3638 3637->3606 3774 40617e lstrcpynW 3637->3774 3638->3620 3639 403750 lstrcatW lstrcmpiW 3639->3606 3642 40376c 3639->3642 3640 403745 lstrcatW 3640->3639 3644 403771 3642->3644 3645 403778 3642->3645 3643 4036e4 3775 40617e lstrcpynW 3643->3775 3779 4057ac CreateDirectoryW 3644->3779 3784 405829 CreateDirectoryW 3645->3784 3650 40377d SetCurrentDirectoryW 3651 403798 3650->3651 3652 40378d 3650->3652 3788 40617e lstrcpynW 3651->3788 3787 40617e lstrcpynW 3652->3787 3655 4061a0 18 API calls 3656 4037d7 DeleteFileW 3655->3656 3657 4037e4 CopyFileW 3656->3657 3663 4037a6 3656->3663 3657->3663 3658 40382d 3660 40601f 38 API calls 3658->3660 3659 40601f 38 API calls 3659->3663 3661 403834 3660->3661 3661->3606 3662 4061a0 18 API calls 3662->3663 3663->3655 3663->3658 3663->3659 3663->3662 3665 403818 CloseHandle 3663->3665 3789 40585e CreateProcessW 3663->3789 3665->3663 3667 40650a wsprintfW LoadLibraryExW 3666->3667 3667->3583 3670 406574 3669->3670 3671 40657e GetProcAddress 3669->3671 3672 4064e8 3 API calls 3670->3672 3673 40341f 3671->3673 3674 40657a 3672->3674 3673->3587 3674->3671 3674->3673 3675->3590 3676->3592 3678 406412 5 API calls 3677->3678 3680 403391 3678->3680 3679 40339b 3679->3598 3680->3679 3681 405b32 3 API calls 3680->3681 3682 4033a3 3681->3682 3683 405829 2 API calls 3682->3683 3684 4033a9 3683->3684 3685 405d82 2 API calls 3684->3685 3686 4033b4 3685->3686 3686->3598 3792 405d53 GetFileAttributesW CreateFileW 3687->3792 3689 402e84 3716 402e91 3689->3716 3793 40617e lstrcpynW 3689->3793 3691 402ea7 3692 405b7e 2 API calls 3691->3692 3693 402ead 3692->3693 3794 40617e lstrcpynW 3693->3794 3695 402eb8 GetFileSize 3696 402fb9 3695->3696 3714 402ecf 3695->3714 3697 402d9f 33 API calls 3696->3697 3699 402fc0 3697->3699 3698 403358 ReadFile 3698->3714 3701 402ffc GlobalAlloc 3699->3701 3699->3716 3796 40336e SetFilePointer 3699->3796 3700 403054 3703 402d9f 33 API calls 3700->3703 3702 403013 3701->3702 3708 405d82 2 API calls 3702->3708 3703->3716 3705 402fdd 3706 403358 ReadFile 3705->3706 3709 402fe8 3706->3709 3707 402d9f 33 API calls 3707->3714 3710 403024 CreateFileW 3708->3710 3709->3701 3709->3716 3711 40305e 3710->3711 3710->3716 3795 40336e SetFilePointer 3711->3795 3713 40306c 3715 4030e7 45 API calls 3713->3715 3714->3696 3714->3698 3714->3700 3714->3707 3714->3716 3715->3716 3716->3604 3718 406558 5 API calls 3717->3718 3719 4039db 3718->3719 3720 4039e1 3719->3720 3721 4039f3 3719->3721 3813 4060c5 wsprintfW 3720->3813 3722 40604b 3 API calls 3721->3722 3723 403a23 3722->3723 3724 403a42 lstrcatW 3723->3724 3726 40604b 3 API calls 3723->3726 3727 4039f1 3724->3727 3726->3724 3797 403c9d 3727->3797 3730 405c3a 18 API calls 3731 403a74 3730->3731 3732 403b08 3731->3732 3734 40604b 3 API calls 3731->3734 3733 405c3a 18 API calls 3732->3733 3735 403b0e 3733->3735 3736 403aa6 3734->3736 3737 403b1e LoadImageW 3735->3737 3740 4061a0 18 API calls 3735->3740 3736->3732 3743 403ac7 lstrlenW 3736->3743 3747 405b5f CharNextW 3736->3747 3738 403bc4 3737->3738 3739 403b45 RegisterClassW 3737->3739 3742 40140b 2 API calls 3738->3742 3741 403b7b SystemParametersInfoW CreateWindowExW 3739->3741 3772 403bce 3739->3772 3740->3737 3741->3738 3746 403bca 3742->3746 3744 403ad5 lstrcmpiW 3743->3744 3745 403afb 3743->3745 3744->3745 3749 403ae5 GetFileAttributesW 3744->3749 3750 405b32 3 API calls 3745->3750 3752 403c9d 19 API calls 3746->3752 3746->3772 3748 403ac4 3747->3748 3748->3743 3751 403af1 3749->3751 3753 403b01 3750->3753 3751->3745 3754 405b7e 2 API calls 3751->3754 3755 403bdb 3752->3755 3814 40617e lstrcpynW 3753->3814 3754->3745 3757 403be7 ShowWindow 3755->3757 3758 403c6a 3755->3758 3760 4064e8 3 API calls 3757->3760 3806 4053b0 OleInitialize 3758->3806 3762 403bff 3760->3762 3761 403c70 3763 403c74 3761->3763 3764 403c8c 3761->3764 3765 403c0d GetClassInfoW 3762->3765 3769 4064e8 3 API calls 3762->3769 3771 40140b 2 API calls 3763->3771 3763->3772 3768 40140b 2 API calls 3764->3768 3766 403c21 GetClassInfoW RegisterClassW 3765->3766 3767 403c37 DialogBoxParamW 3765->3767 3766->3767 3770 40140b 2 API calls 3767->3770 3768->3772 3769->3765 3770->3772 3771->3772 3772->3622 3773->3609 3774->3643 3775->3610 3777 406558 5 API calls 3776->3777 3778 403734 lstrcatW 3777->3778 3778->3639 3778->3640 3780 403776 3779->3780 3781 4057fd GetLastError 3779->3781 3780->3650 3781->3780 3782 40580c SetFileSecurityW 3781->3782 3782->3780 3783 405822 GetLastError 3782->3783 3783->3780 3785 405839 3784->3785 3786 40583d GetLastError 3784->3786 3785->3650 3786->3785 3787->3651 3788->3663 3790 405891 CloseHandle 3789->3790 3791 40589d 3789->3791 3790->3791 3791->3663 3792->3689 3793->3691 3794->3695 3795->3713 3796->3705 3798 403cb1 3797->3798 3815 4060c5 wsprintfW 3798->3815 3800 403d22 3801 4061a0 18 API calls 3800->3801 3802 403d2e SetWindowTextW 3801->3802 3803 403a52 3802->3803 3804 403d4a 3802->3804 3803->3730 3804->3803 3805 4061a0 18 API calls 3804->3805 3805->3804 3807 40428e SendMessageW 3806->3807 3808 4053d3 3807->3808 3811 401389 2 API calls 3808->3811 3812 4053fa 3808->3812 3809 40428e SendMessageW 3810 40540c OleUninitialize 3809->3810 3810->3761 3811->3808 3812->3809 3813->3727 3814->3732 3815->3800 3816 401b37 3817 401b44 3816->3817 3818 401b88 3816->3818 3821 401bcd 3817->3821 3826 401b5b 3817->3826 3819 401bb2 GlobalAlloc 3818->3819 3820 401b8d 3818->3820 3823 4061a0 18 API calls 3819->3823 3834 402288 3820->3834 3837 40617e lstrcpynW 3820->3837 3822 4061a0 18 API calls 3821->3822 3821->3834 3824 402282 3822->3824 3823->3821 3829 4058c3 MessageBoxIndirectW 3824->3829 3835 40617e lstrcpynW 3826->3835 3827 401b9f GlobalFree 3827->3834 3829->3834 3830 401b6a 3836 40617e lstrcpynW 3830->3836 3832 401b79 3838 40617e lstrcpynW 3832->3838 3835->3830 3836->3832 3837->3827 3838->3834 3839 402537 3840 402562 3839->3840 3841 40254b 3839->3841 3843 402596 3840->3843 3844 402567 3840->3844 3842 402ba2 18 API calls 3841->3842 3849 402552 3842->3849 3846 402bbf 18 API calls 3843->3846 3845 402bbf 18 API calls 3844->3845 3847 40256e WideCharToMultiByte lstrlenA 3845->3847 3848 40259d lstrlenW 3846->3848 3847->3849 3848->3849 3850 4025e0 3849->3850 3851 4025d2 3849->3851 3853 4025c3 3849->3853 3852 405e05 WriteFile 3851->3852 3852->3850 3856 405e34 SetFilePointer 3853->3856 3857 405e50 3856->3857 3858 4025ca 3856->3858 3859 405dd6 ReadFile 3857->3859 3858->3850 3858->3851 3860 405e5c 3859->3860 3860->3858 3861 405e75 SetFilePointer 3860->3861 3862 405e9d SetFilePointer 3860->3862 3861->3862 3863 405e80 3861->3863 3862->3858 3864 405e05 WriteFile 3863->3864 3864->3858 4644 4014b8 4645 4014be 4644->4645 4646 401389 2 API calls 4645->4646 4647 4014c6 4646->4647 3865 4015b9 3866 402bbf 18 API calls 3865->3866 3867 4015c0 3866->3867 3868 405bdd 4 API calls 3867->3868 3880 4015c9 3868->3880 3869 401629 3871 40165b 3869->3871 3872 40162e 3869->3872 3870 405b5f CharNextW 3870->3880 3875 401423 25 API calls 3871->3875 3873 401423 25 API calls 3872->3873 3874 401635 3873->3874 3884 40617e lstrcpynW 3874->3884 3881 401653 3875->3881 3877 405829 2 API calls 3877->3880 3878 405846 5 API calls 3878->3880 3879 401642 SetCurrentDirectoryW 3879->3881 3880->3869 3880->3870 3880->3877 3880->3878 3882 40160f GetFileAttributesW 3880->3882 3883 4057ac 4 API calls 3880->3883 3882->3880 3883->3880 3884->3879 4655 40293b 4656 402ba2 18 API calls 4655->4656 4657 402941 4656->4657 4658 402964 4657->4658 4659 40297d 4657->4659 4665 40281e 4657->4665 4660 402969 4658->4660 4661 40297a 4658->4661 4662 402993 4659->4662 4663 402987 4659->4663 4669 40617e lstrcpynW 4660->4669 4670 4060c5 wsprintfW 4661->4670 4664 4061a0 18 API calls 4662->4664 4666 402ba2 18 API calls 4663->4666 4664->4665 4666->4665 4669->4665 4670->4665

                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                              Function 004033B6 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 401stringfilecomCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 0 4033b6-4033e9 SetErrorMode GetVersion 1 4033eb-4033f3 call 406558 0->1 2 4033fc 0->2 1->2 8 4033f5 1->8 4 403401-403415 call 4064e8 lstrlenA 2->4 9 403417-40348b call 406558 * 2 #17 OleInitialize SHGetFileInfoW call 40617e GetCommandLineW call 40617e GetModuleHandleW 4->9 8->2 18 403495-4034af call 405b5f CharNextW 9->18 19 40348d-403494 9->19 22 4034b5-4034bb 18->22 23 4035c6-4035e0 GetTempPathW call 403385 18->23 19->18 25 4034c4-4034c8 22->25 26 4034bd-4034c2 22->26 32 4035e2-403600 GetWindowsDirectoryW lstrcatW call 403385 23->32 33 403638-403652 DeleteFileW call 402e41 23->33 27 4034ca-4034ce 25->27 28 4034cf-4034d3 25->28 26->25 26->26 27->28 30 403592-40359f call 405b5f 28->30 31 4034d9-4034df 28->31 46 4035a1-4035a2 30->46 47 4035a3-4035a9 30->47 35 4034e1-4034e9 31->35 36 4034fa-403533 31->36 32->33 52 403602-403632 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403385 32->52 48 403703-403713 ExitProcess OleUninitialize 33->48 49 403658-40365e 33->49 41 4034f0 35->41 42 4034eb-4034ee 35->42 43 403550-40358a 36->43 44 403535-40353a 36->44 41->36 42->36 42->41 43->30 51 40358c-403590 43->51 44->43 50 40353c-403544 44->50 46->47 47->22 53 4035af 47->53 56 403839-40383f 48->56 57 403719-403729 call 4058c3 ExitProcess 48->57 54 4036f3-4036fa call 4039c7 49->54 55 403664-40366f call 405b5f 49->55 58 403546-403549 50->58 59 40354b 50->59 51->30 60 4035b1-4035bf call 40617e 51->60 52->33 52->48 62 4035c4 53->62 71 4036ff 54->71 78 403671-4036a6 55->78 79 4036bd-4036c7 55->79 67 403841-403857 GetCurrentProcess OpenProcessToken 56->67 68 4038bd-4038c5 56->68 58->43 58->59 59->43 60->62 62->23 75 403859-403887 LookupPrivilegeValueW AdjustTokenPrivileges 67->75 76 40388d-40389b call 406558 67->76 72 4038c7 68->72 73 4038cb-4038cf ExitProcess 68->73 71->48 72->73 75->76 84 4038a9-4038b4 ExitWindowsEx 76->84 85 40389d-4038a7 76->85 81 4036a8-4036ac 78->81 82 4036c9-4036d7 call 405c3a 79->82 83 40372f-403743 call 405846 lstrcatW 79->83 86 4036b5-4036b9 81->86 87 4036ae-4036b3 81->87 82->48 94 4036d9-4036ef call 40617e * 2 82->94 97 403750-40376a lstrcatW lstrcmpiW 83->97 98 403745-40374b lstrcatW 83->98 84->68 90 4038b6-4038b8 call 40140b 84->90 85->84 85->90 86->81 91 4036bb 86->91 87->86 87->91 90->68 91->79 94->54 97->48 100 40376c-40376f 97->100 98->97 102 403771-403776 call 4057ac 100->102 103 403778 call 405829 100->103 109 40377d-40378b SetCurrentDirectoryW 102->109 103->109 110 403798-4037c1 call 40617e 109->110 111 40378d-403793 call 40617e 109->111 115 4037c6-4037e2 call 4061a0 DeleteFileW 110->115 111->110 118 403823-40382b 115->118 119 4037e4-4037f4 CopyFileW 115->119 118->115 121 40382d-403834 call 40601f 118->121 119->118 120 4037f6-403816 call 40601f call 4061a0 call 40585e 119->120 120->118 130 403818-40381f CloseHandle 120->130 121->48 130->118
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 004033D9
                                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 004033DF
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403408
                                                                                                                                                                                                                                                                                              • #17.COMCTL32(00000007,00000009), ref: 0040342B
                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403432
                                                                                                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 0040344E
                                                                                                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00429240,NSIS Error), ref: 00403463
                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00000000), ref: 00403476
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000000,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00000020), ref: 0040349D
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 004035D7
                                                                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004035E8
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004035F4
                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403608
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403610
                                                                                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403621
                                                                                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403629
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(1033), ref: 0040363D
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?), ref: 00403703
                                                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?), ref: 00403708
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403729
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 0040373C
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 0040374B
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403756
                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00000000,?), ref: 00403762
                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040377E
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,?), ref: 004037D8
                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,00420EE8,00000001), ref: 004037EC
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000), ref: 00403819
                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403848
                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0040384F
                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403864
                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 00403887
                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004038AC
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004038CF
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Processlstrcat$ExitFile$Handle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $.tmp$1033$C:\Program Files (x86)\TeamViewer$C:\Program Files (x86)\TeamViewer\TVExtractTemp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\TeamViewer$C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                              • API String ID: 354199918-2600104650
                                                                                                                                                                                                                                                                                              • Opcode ID: e8a7877e60441a61d01466cbee3218a59cd968db92503058061a8fd593dce739
                                                                                                                                                                                                                                                                                              • Instruction ID: be8551fa6605ebbbfda7487142ffb020be8bd547a3943651712312bea09c5587
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8a7877e60441a61d01466cbee3218a59cd968db92503058061a8fd593dce739
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AED10571200300ABE7207F659D49A2B3AEDEB4074AF50443FF881B62D2DB7C8956876E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040596F Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 492 40596f-405995 call 405c3a 495 405997-4059a9 DeleteFileW 492->495 496 4059ae-4059b5 492->496 497 405b2b-405b2f 495->497 498 4059b7-4059b9 496->498 499 4059c8-4059d8 call 40617e 496->499 500 405ad9-405ade 498->500 501 4059bf-4059c2 498->501 505 4059e7-4059e8 call 405b7e 499->505 506 4059da-4059e5 lstrcatW 499->506 500->497 503 405ae0-405ae3 500->503 501->499 501->500 507 405ae5-405aeb 503->507 508 405aed-405af5 call 4064c1 503->508 509 4059ed-4059f1 505->509 506->509 507->497 508->497 516 405af7-405b0b call 405b32 call 405927 508->516 512 4059f3-4059fb 509->512 513 4059fd-405a03 lstrcatW 509->513 512->513 515 405a08-405a24 lstrlenW FindFirstFileW 512->515 513->515 517 405a2a-405a32 515->517 518 405ace-405ad2 515->518 532 405b23-405b26 call 4052dd 516->532 533 405b0d-405b10 516->533 521 405a52-405a66 call 40617e 517->521 522 405a34-405a3c 517->522 518->500 520 405ad4 518->520 520->500 534 405a68-405a70 521->534 535 405a7d-405a88 call 405927 521->535 524 405ab1-405ac1 FindNextFileW 522->524 525 405a3e-405a46 522->525 524->517 531 405ac7-405ac8 FindClose 524->531 525->521 528 405a48-405a50 525->528 528->521 528->524 531->518 532->497 533->507 538 405b12-405b21 call 4052dd call 40601f 533->538 534->524 539 405a72-405a76 call 40596f 534->539 545 405aa9-405aac call 4052dd 535->545 546 405a8a-405a8d 535->546 538->497 544 405a7b 539->544 544->524 545->524 548 405aa1-405aa7 546->548 549 405a8f-405a9f call 4052dd call 40601f 546->549 548->524 549->524
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,74DF3420,74DF2EE0,00000000), ref: 00405998
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\*.*,\*.*), ref: 004059E0
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405A03
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405A09
                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405A19
                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AB9
                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405AC8
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\*.*$\*.*
                                                                                                                                                                                                                                                                                              • API String ID: 2035342205-2642303553
                                                                                                                                                                                                                                                                                              • Opcode ID: 3e74ea5c1780804c8595fdd51fd85a972d4f395f22791088baa2fc53644d391a
                                                                                                                                                                                                                                                                                              • Instruction ID: 6c547db7f4d1248ed83a6ec2b2b7cf99957869ea0eb35c9edb1a86952611c1c3
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e74ea5c1780804c8595fdd51fd85a972d4f395f22791088baa2fc53644d391a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A41B530A40914A6CB21AB659CC9AAF7678EF41724F20427FF801711D1D77C5986DE6E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004064C1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(74DF3420,00426778,C:\,00405C83,C:\,C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0), ref: 004064CC
                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004064D8
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                              • String ID: C:\$xgB
                                                                                                                                                                                                                                                                                              • API String ID: 2295610775-2001824454
                                                                                                                                                                                                                                                                                              • Opcode ID: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                                                                                                                                                                                                                                              • Instruction ID: 909a2899cbbcfc21b24ab628f9350e7a3c7b3772aa6d432f74911df6ac2d0bb5
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BD0C9315045209BC2111778AE4C85B7A98AF553317628A36B466F12A0C674CC22869C
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406846 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: ead38b7015f9474378dd182d16c601773bd961a48b8ca1aefc3332049c463b86
                                                                                                                                                                                                                                                                                              • Instruction ID: 84f5b91c3f937eb173619b21672ae23043901769df73ed9f159891f0fc81c8d0
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ead38b7015f9474378dd182d16c601773bd961a48b8ca1aefc3332049c463b86
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F18671D04229CBDF18CFA8C8946ADBBB0FF45305F25816ED856BB281D7385A8ACF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040541C Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 131 40541c-405437 132 4055c6-4055cd 131->132 133 40543d-405504 GetDlgItem * 3 call 404277 call 404b7a GetClientRect GetSystemMetrics SendMessageW * 2 131->133 135 4055f7-405604 132->135 136 4055cf-4055f1 GetDlgItem CreateThread CloseHandle 132->136 153 405522-405525 133->153 154 405506-405520 SendMessageW * 2 133->154 138 405622-40562c 135->138 139 405606-40560c 135->139 136->135 143 405682-405686 138->143 144 40562e-405634 138->144 141 405647-405650 call 4042a9 139->141 142 40560e-40561d ShowWindow * 2 call 404277 139->142 157 405655-405659 141->157 142->138 143->141 146 405688-40568e 143->146 148 405636-405642 call 40421b 144->148 149 40565c-40566c ShowWindow 144->149 146->141 155 405690-4056a3 SendMessageW 146->155 148->141 151 40567c-40567d call 40421b 149->151 152 40566e-405677 call 4052dd 149->152 151->143 152->151 160 405535-40554c call 404242 153->160 161 405527-405533 SendMessageW 153->161 154->153 162 4057a5-4057a7 155->162 163 4056a9-4056d4 CreatePopupMenu call 4061a0 AppendMenuW 155->163 170 405582-4055a3 GetDlgItem SendMessageW 160->170 171 40554e-405562 ShowWindow 160->171 161->160 162->157 168 4056d6-4056e6 GetWindowRect 163->168 169 4056e9-4056fe TrackPopupMenu 163->169 168->169 169->162 173 405704-40571b 169->173 170->162 172 4055a9-4055c1 SendMessageW * 2 170->172 174 405571 171->174 175 405564-40556f ShowWindow 171->175 172->162 176 405720-40573b SendMessageW 173->176 177 405577-40557d call 404277 174->177 175->177 176->176 178 40573d-405760 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 176->178 177->170 180 405762-405789 SendMessageW 178->180 180->180 181 40578b-40579f GlobalUnlock SetClipboardData CloseClipboard 180->181 181->162
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040547A
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405489
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004054C6
                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 004054CD
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054EE
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054FF
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405512
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405520
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405533
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405555
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405569
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040558A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040559A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055B3
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055BF
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405498
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404277: SendMessageW.USER32(00000028,?,00000001,004040A3), ref: 00404285
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004055DC
                                                                                                                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_000053B0,00000000), ref: 004055EA
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004055F1
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405615
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040561A
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405664
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405698
                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004056A9
                                                                                                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056BD
                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004056DD
                                                                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056F6
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040572E
                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 0040573E
                                                                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 00405744
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405750
                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0040575A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040576E
                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0040578E
                                                                                                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405799
                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0040579F
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                              • String ID: (7B${
                                                                                                                                                                                                                                                                                              • API String ID: 590372296-525222780
                                                                                                                                                                                                                                                                                              • Opcode ID: 3356856100fded7762ccce4ebf21ef6244253d3db3b1b0b4e2cb175bf3461c6d
                                                                                                                                                                                                                                                                                              • Instruction ID: 3349dadf3efb3a8fdffdb79f187be012afacb07b5928e089a4a7fd9dccbac2fd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3356856100fded7762ccce4ebf21ef6244253d3db3b1b0b4e2cb175bf3461c6d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60B15670900608FFDB119FA0DD89EAE3B79FB48354F40847AFA45A61A0CB754E52DF68
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403D6A Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 182 403d6a-403d7c 183 403d82-403d88 182->183 184 403ebd-403ecc 182->184 183->184 185 403d8e-403d97 183->185 186 403f1b-403f30 184->186 187 403ece-403f16 GetDlgItem * 2 call 404242 SetClassLongW call 40140b 184->187 188 403d99-403da6 SetWindowPos 185->188 189 403dac-403daf 185->189 191 403f70-403f75 call 40428e 186->191 192 403f32-403f35 186->192 187->186 188->189 194 403db1-403dc3 ShowWindow 189->194 195 403dc9-403dcf 189->195 200 403f7a-403f95 191->200 197 403f37-403f42 call 401389 192->197 198 403f68-403f6a 192->198 194->195 201 403dd1-403de6 DestroyWindow 195->201 202 403deb-403dee 195->202 197->198 219 403f44-403f63 SendMessageW 197->219 198->191 199 40420f 198->199 207 404211-404218 199->207 205 403f97-403f99 call 40140b 200->205 206 403f9e-403fa4 200->206 208 4041ec-4041f2 201->208 210 403df0-403dfc SetWindowLongW 202->210 211 403e01-403e07 202->211 205->206 215 403faa-403fb5 206->215 216 4041cd-4041e6 DestroyWindow KiUserCallbackDispatcher 206->216 208->199 213 4041f4-4041fa 208->213 210->207 217 403eaa-403eb8 call 4042a9 211->217 218 403e0d-403e1e GetDlgItem 211->218 213->199 221 4041fc-404205 ShowWindow 213->221 215->216 222 403fbb-404008 call 4061a0 call 404242 * 3 GetDlgItem 215->222 216->208 217->207 223 403e20-403e37 SendMessageW IsWindowEnabled 218->223 224 403e3d-403e40 218->224 219->207 221->199 252 404012-40404e ShowWindow KiUserCallbackDispatcher call 404264 EnableWindow 222->252 253 40400a-40400f 222->253 223->199 223->224 227 403e42-403e43 224->227 228 403e45-403e48 224->228 232 403e73-403e78 call 40421b 227->232 229 403e56-403e5b 228->229 230 403e4a-403e50 228->230 233 403e91-403ea4 SendMessageW 229->233 235 403e5d-403e63 229->235 230->233 234 403e52-403e54 230->234 232->217 233->217 234->232 238 403e65-403e6b call 40140b 235->238 239 403e7a-403e83 call 40140b 235->239 248 403e71 238->248 239->217 249 403e85-403e8f 239->249 248->232 249->248 256 404050-404051 252->256 257 404053 252->257 253->252 258 404055-404083 GetSystemMenu EnableMenuItem SendMessageW 256->258 257->258 259 404085-404096 SendMessageW 258->259 260 404098 258->260 261 40409e-4040dc call 404277 call 40617e lstrlenW call 4061a0 SetWindowTextW call 401389 259->261 260->261 261->200 270 4040e2-4040e4 261->270 270->200 271 4040ea-4040ee 270->271 272 4040f0-4040f6 271->272 273 40410d-404121 DestroyWindow 271->273 272->199 274 4040fc-404102 272->274 273->208 275 404127-404154 CreateDialogParamW 273->275 274->200 276 404108 274->276 275->208 277 40415a-4041b1 call 404242 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 275->277 276->199 277->199 282 4041b3-4041c6 ShowWindow call 40428e 277->282 284 4041cb 282->284 284->208
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403DA6
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403DC3
                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403DD7
                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DF3
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403E14
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E28
                                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403E2F
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403EDD
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00403EE7
                                                                                                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00403F01
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F52
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00403FF8
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00404019
                                                                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040402B
                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404046
                                                                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040405C
                                                                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00404063
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040407B
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040408E
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00423728,?,00423728,00429240), ref: 004040B7
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00423728), ref: 004040CB
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 004041FF
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                              • String ID: (7B
                                                                                                                                                                                                                                                                                              • API String ID: 3282139019-3251261122
                                                                                                                                                                                                                                                                                              • Opcode ID: f1306570f035e21c4f068449413519e45d51919a909de34d05465df8e21c2881
                                                                                                                                                                                                                                                                                              • Instruction ID: 4530f9416eb169af0d44378ddba5762a1eee688012323a74912104aead4a3b33
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1306570f035e21c4f068449413519e45d51919a909de34d05465df8e21c2881
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5C1FFB1640200FFCB206F61EE84E2B3AA8EB95745F40057EF641B21F1CB7999529B6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004039C7 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 285 4039c7-4039df call 406558 288 4039e1-4039f1 call 4060c5 285->288 289 4039f3-403a2a call 40604b 285->289 297 403a4d-403a76 call 403c9d call 405c3a 288->297 293 403a42-403a48 lstrcatW 289->293 294 403a2c-403a3d call 40604b 289->294 293->297 294->293 303 403b08-403b10 call 405c3a 297->303 304 403a7c-403a81 297->304 310 403b12-403b19 call 4061a0 303->310 311 403b1e-403b43 LoadImageW 303->311 304->303 305 403a87-403aa1 call 40604b 304->305 309 403aa6-403aaf 305->309 309->303 314 403ab1-403ab5 309->314 310->311 312 403bc4-403bcc call 40140b 311->312 313 403b45-403b75 RegisterClassW 311->313 328 403bd6-403be1 call 403c9d 312->328 329 403bce-403bd1 312->329 316 403c93 313->316 317 403b7b-403bbf SystemParametersInfoW CreateWindowExW 313->317 319 403ac7-403ad3 lstrlenW 314->319 320 403ab7-403ac4 call 405b5f 314->320 321 403c95-403c9c 316->321 317->312 322 403ad5-403ae3 lstrcmpiW 319->322 323 403afb-403b03 call 405b32 call 40617e 319->323 320->319 322->323 327 403ae5-403aef GetFileAttributesW 322->327 323->303 331 403af1-403af3 327->331 332 403af5-403af6 call 405b7e 327->332 338 403be7-403c01 ShowWindow call 4064e8 328->338 339 403c6a-403c6b call 4053b0 328->339 329->321 331->323 331->332 332->323 346 403c03-403c08 call 4064e8 338->346 347 403c0d-403c1f GetClassInfoW 338->347 342 403c70-403c72 339->342 344 403c74-403c7a 342->344 345 403c8c-403c8e call 40140b 342->345 344->329 350 403c80-403c87 call 40140b 344->350 345->316 346->347 348 403c21-403c31 GetClassInfoW RegisterClassW 347->348 349 403c37-403c5a DialogBoxParamW call 40140b 347->349 348->349 355 403c5f-403c68 call 403917 349->355 350->329 355->321
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(1033,00423728), ref: 00403A48
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\TeamViewer,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,74DF3420), ref: 00403AC8
                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\TeamViewer,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403ADB
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403AE6
                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\TeamViewer), ref: 00403B2F
                                                                                                                                                                                                                                                                                                • Part of subcall function 004060C5: wsprintfW.USER32 ref: 004060D2
                                                                                                                                                                                                                                                                                              • RegisterClassW.USER32(004291E0), ref: 00403B6C
                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B84
                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403BB9
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403BEF
                                                                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403C1B
                                                                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403C28
                                                                                                                                                                                                                                                                                              • RegisterClassW.USER32(004291E0), ref: 00403C31
                                                                                                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403D6A,00000000), ref: 00403C50
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\TeamViewer$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                              • API String ID: 1975747703-3362945017
                                                                                                                                                                                                                                                                                              • Opcode ID: e4b79f2775376875fb57570f8962d2b7733680286c700de63aaa8ea03b262410
                                                                                                                                                                                                                                                                                              • Instruction ID: e7f44595d902892b35b801f2f0c3734befc0b18a393fec54347386a87508d522
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4b79f2775376875fb57570f8962d2b7733680286c700de63aaa8ea03b262410
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8661C570244200BAD730AF669D49E2B3A7CEB84B49F40453FF981B62E2DB7D5912C63D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402E41 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 359 402e41-402e8f GetTickCount GetModuleFileNameW call 405d53 362 402e91-402e96 359->362 363 402e9b-402ec9 call 40617e call 405b7e call 40617e GetFileSize 359->363 364 4030e0-4030e4 362->364 371 402fb9-402fc7 call 402d9f 363->371 372 402ecf-402ee6 363->372 379 403098-40309d 371->379 380 402fcd-402fd0 371->380 374 402ee8 372->374 375 402eea-402ef7 call 403358 372->375 374->375 381 403054-40305c call 402d9f 375->381 382 402efd-402f03 375->382 379->364 383 402fd2-402fea call 40336e call 403358 380->383 384 402ffc-403048 GlobalAlloc call 406677 call 405d82 CreateFileW 380->384 381->379 385 402f83-402f87 382->385 386 402f05-402f1d call 405d0e 382->386 383->379 407 402ff0-402ff6 383->407 410 40304a-40304f 384->410 411 40305e-40308e call 40336e call 4030e7 384->411 390 402f90-402f96 385->390 391 402f89-402f8f call 402d9f 385->391 386->390 405 402f1f-402f26 386->405 398 402f98-402fa6 call 406609 390->398 399 402fa9-402fb3 390->399 391->390 398->399 399->371 399->372 405->390 409 402f28-402f2f 405->409 407->379 407->384 409->390 412 402f31-402f38 409->412 410->364 418 403093-403096 411->418 412->390 414 402f3a-402f41 412->414 414->390 416 402f43-402f63 414->416 416->379 419 402f69-402f6d 416->419 418->379 420 40309f-4030b0 418->420 421 402f75-402f7d 419->421 422 402f6f-402f73 419->422 423 4030b2 420->423 424 4030b8-4030bd 420->424 421->390 425 402f7f-402f81 421->425 422->371 422->421 423->424 426 4030be-4030c4 424->426 425->390 426->426 427 4030c6-4030de call 405d0e 426->427 427->364
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402E55
                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,00000400), ref: 00402E71
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,80000000,00000003), ref: 00402EBA
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403001
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Null, xrefs: 00402F3A
                                                                                                                                                                                                                                                                                              • "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" , xrefs: 00402E41
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe, xrefs: 00402E5B, 00402E6A, 00402E7E, 00402E9B
                                                                                                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040304A
                                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00402E91
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\TeamViewer, xrefs: 00402E9C, 00402EA1, 00402EA7
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00402E4B, 00403019
                                                                                                                                                                                                                                                                                              • Inst, xrefs: 00402F28
                                                                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403098
                                                                                                                                                                                                                                                                                              • soft, xrefs: 00402F31
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\TeamViewer$C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                              • API String ID: 2803837635-1247182566
                                                                                                                                                                                                                                                                                              • Opcode ID: a88f7b64cf2f84ce6159e852375487555ed60e3ec4e5ecaf9a54fe269baa00ef
                                                                                                                                                                                                                                                                                              • Instruction ID: e866f1dd798e5fb15c0a347603bcfded6ce2f229c2e481af73dd86df93422dd6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a88f7b64cf2f84ce6159e852375487555ed60e3ec4e5ecaf9a54fe269baa00ef
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9761C431A00215ABDB209F75DD49B9E7BB8EB00359F20817FF500F62D1DABD9A448B5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004061A0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 430 4061a0-4061ab 431 4061ad-4061bc 430->431 432 4061be-4061d4 430->432 431->432 433 4061da-4061e7 432->433 434 4063ec-4063f2 432->434 433->434 435 4061ed-4061f4 433->435 436 4063f8-406403 434->436 437 4061f9-406206 434->437 435->434 439 406405-406409 call 40617e 436->439 440 40640e-40640f 436->440 437->436 438 40620c-406218 437->438 441 4063d9 438->441 442 40621e-40625a 438->442 439->440 444 4063e7-4063ea 441->444 445 4063db-4063e5 441->445 446 406260-40626b GetVersion 442->446 447 40637a-40637e 442->447 444->434 445->434 448 406285 446->448 449 40626d-406271 446->449 450 406380-406384 447->450 451 4063b3-4063b7 447->451 457 40628c-406293 448->457 449->448 454 406273-406277 449->454 455 406394-4063a1 call 40617e 450->455 456 406386-406392 call 4060c5 450->456 452 4063c6-4063d7 lstrlenW 451->452 453 4063b9-4063c1 call 4061a0 451->453 452->434 453->452 454->448 459 406279-40627d 454->459 468 4063a6-4063af 455->468 456->468 461 406295-406297 457->461 462 406298-40629a 457->462 459->448 464 40627f-406283 459->464 461->462 466 4062d6-4062d9 462->466 467 40629c-4062b9 call 40604b 462->467 464->457 469 4062e9-4062ec 466->469 470 4062db-4062e7 GetSystemDirectoryW 466->470 473 4062be-4062c2 467->473 468->452 472 4063b1 468->472 476 406357-406359 469->476 477 4062ee-4062fc GetWindowsDirectoryW 469->477 475 40635b-40635f 470->475 474 406372-406378 call 406412 472->474 478 406361-406365 473->478 479 4062c8-4062d1 call 4061a0 473->479 474->452 475->474 475->478 476->475 480 4062fe-406308 476->480 477->476 478->474 483 406367-40636d lstrcatW 478->483 479->475 485 406322-406338 SHGetSpecialFolderLocation 480->485 486 40630a-40630d 480->486 483->474 489 406353 485->489 490 40633a-406351 SHGetPathFromIDListW CoTaskMemFree 485->490 486->485 488 40630f-406316 486->488 491 40631e-406320 488->491 489->476 490->475 490->489 491->475 491->485
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32(00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,?,00405314,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000), ref: 00406263
                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 004062E1
                                                                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 004062F4
                                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00406330
                                                                                                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(?,Remove folder: ), ref: 0040633E
                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 00406349
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040636D
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,?,00405314,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000), ref: 004063C7
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                              • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                              • API String ID: 900638850-573077702
                                                                                                                                                                                                                                                                                              • Opcode ID: ad7f9d25d5d15659371a18125183daf3d831ef86bf1ddb5fded95f80f67ed536
                                                                                                                                                                                                                                                                                              • Instruction ID: 57c77dc533264c97ace6329bd87f7d674c2bea75a5b3d90d15d675b8bae5a73d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad7f9d25d5d15659371a18125183daf3d831ef86bf1ddb5fded95f80f67ed536
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E611571A00104EBDF209F24CC40AAE37A5AF15314F56817FED56BA2D0D73D8AA2CB9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004052DD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 556 4052dd-4052f2 557 4052f8-405309 556->557 558 4053a9-4053ad 556->558 559 405314-405320 lstrlenW 557->559 560 40530b-40530f call 4061a0 557->560 562 405322-405332 lstrlenW 559->562 563 40533d-405341 559->563 560->559 562->558 564 405334-405338 lstrcatW 562->564 565 405350-405354 563->565 566 405343-40534a SetWindowTextW 563->566 564->563 567 405356-405398 SendMessageW * 3 565->567 568 40539a-40539c 565->568 566->565 567->568 568->558 569 40539e-4053a1 568->569 569->558
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00402E19,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\), ref: 0040534A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\
                                                                                                                                                                                                                                                                                              • API String ID: 2531174081-2458091388
                                                                                                                                                                                                                                                                                              • Opcode ID: 972aac7018336843b0c890e7bd87d5dddbcc3b404b63b40d4461520666951a00
                                                                                                                                                                                                                                                                                              • Instruction ID: d14990956ab1253184f877e9e8298894284f42a30aea32824f5004b5108fa95f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 972aac7018336843b0c890e7bd87d5dddbcc3b404b63b40d4461520666951a00
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62217F71900518BACF119FA6DD44ACFBFB8EF85354F10807AF904B62A1C7B94A51DFA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401767 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 570 401767-40178c call 402bbf call 405ba9 575 401796-4017a8 call 40617e call 405b32 lstrcatW 570->575 576 40178e-401794 call 40617e 570->576 581 4017ad-4017ae call 406412 575->581 576->581 585 4017b3-4017b7 581->585 586 4017b9-4017c3 call 4064c1 585->586 587 4017ea-4017ed 585->587 595 4017d5-4017e7 586->595 596 4017c5-4017d3 CompareFileTime 586->596 589 4017f5-401811 call 405d53 587->589 590 4017ef-4017f0 call 405d2e 587->590 597 401813-401816 589->597 598 401885-4018ae call 4052dd call 4030e7 589->598 590->589 595->587 596->595 599 401867-401871 call 4052dd 597->599 600 401818-401856 call 40617e * 2 call 4061a0 call 40617e call 4058c3 597->600 612 4018b0-4018b4 598->612 613 4018b6-4018c2 SetFileTime 598->613 610 40187a-401880 599->610 600->585 633 40185c-40185d 600->633 614 402a55 610->614 612->613 616 4018c8-4018d3 FindCloseChangeNotification 612->616 613->616 617 402a57-402a5b 614->617 619 4018d9-4018dc 616->619 620 402a4c-402a4f 616->620 621 4018f1-4018f4 call 4061a0 619->621 622 4018de-4018ef call 4061a0 lstrcatW 619->622 620->614 628 4018f9-40228d call 4058c3 621->628 622->628 628->617 628->620 633->610 634 40185f-401860 633->634 634->599
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017A8
                                                                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,InstallTeamViewer(): Error!!! Installation files could not be extracted. Installation aborted!,InstallTeamViewer(): Error!!! Installation files could not be extracted. Installation aborted!,00000000,00000000,InstallTeamViewer(): Error!!! Installation files could not be extracted. Installation aborted!,C:\Program Files (x86)\TeamViewer\TVExtractTemp,?,?,00000031), ref: 004017CD
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\TeamViewer\TVExtractTemp$InstallTeamViewer(): Error!!! Installation files could not be extracted. Installation aborted!
                                                                                                                                                                                                                                                                                              • API String ID: 1941528284-3531762384
                                                                                                                                                                                                                                                                                              • Opcode ID: 1862fb3b77c31d46c0470bd97efe8d86f4df64904e2d1f4c121f71988b6a393e
                                                                                                                                                                                                                                                                                              • Instruction ID: b64174440326d41e90dd14f1ad6608c73badddfa8ee8632f400ec40acf256ac3
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1862fb3b77c31d46c0470bd97efe8d86f4df64904e2d1f4c121f71988b6a393e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C41C431900515BACF117FB5CC46DAE3679EF05329B20827BF422F51E2DA3C86629A6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402D9F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 636 402d9f-402dae 637 402db0-402db7 636->637 638 402dc8-402dce 636->638 641 402dc0-402dc6 637->641 642 402db9-402dba DestroyWindow 637->642 639 402dd0-402dd6 call 406594 638->639 640 402dd8-402de4 GetTickCount 638->640 645 402e3e-402e40 639->645 644 402de6-402dec 640->644 640->645 641->645 642->641 647 402e1b-402e38 CreateDialogParamW ShowWindow 644->647 648 402dee-402df5 644->648 647->645 648->645 649 402df7-402e14 call 402d83 wsprintfW call 4052dd 648->649 653 402e19 649->653 653->645
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402DBA
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402DD8
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402E06
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402E2A
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402E38
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402D83: MulDiv.KERNEL32(00056D4F,00000064,0005783C), ref: 00402D98
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                                                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                                                                                                                                                                                              • Opcode ID: fea16c4b337e24937a113fc6e035eb6b9d553e5e7cb87782fe297e9c5fc018cb
                                                                                                                                                                                                                                                                                              • Instruction ID: 67f39cb704aca6262626a7976268bb3bb8a333bdab68892006d91dd8afb4411f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fea16c4b337e24937a113fc6e035eb6b9d553e5e7cb87782fe297e9c5fc018cb
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96016D70541614EBC721AB60EF4DA9B7A68AF00706B14417FF885F12E0CBF85865CBEE
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004057AC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 654 4057ac-4057f7 CreateDirectoryW 655 4057f9-4057fb 654->655 656 4057fd-40580a GetLastError 654->656 657 405824-405826 655->657 656->657 658 40580c-405820 SetFileSecurityW 656->658 658->655 659 405822 GetLastError 658->659 659->657
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004057EF
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405803
                                                                                                                                                                                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405818
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405822
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\TeamViewer, xrefs: 004057AC
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004057D2
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\TeamViewer
                                                                                                                                                                                                                                                                                              • API String ID: 3449924974-1407503551
                                                                                                                                                                                                                                                                                              • Opcode ID: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                                                                                                                                                                                                                                              • Instruction ID: b278f7ea68de5888e34302da86fdb06c438f4ef9b03e74a9ab654546e4f81ce2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89010871D00619DADF10DBA0D9447EFBFB8EB04304F00803ADA44B6190E7789618DFA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004064E8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 660 4064e8-406508 GetSystemDirectoryW 661 40650a 660->661 662 40650c-40650e 660->662 661->662 663 406510-406519 662->663 664 40651f-406521 662->664 663->664 665 40651b-40651d 663->665 666 406522-406555 wsprintfW LoadLibraryExW 664->666 665->666
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004064FF
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0040653A
                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040654E
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                              • Opcode ID: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                                                                                                                                                                                                                                              • Instruction ID: c6b4a3c42f63eea3762d57d51081eb848d485012b63e63803453d9912f42ff06
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AF0FC70500219BADB10AB64ED0DF9B366CAB00304F10403AA646F10D0EB7CD725CBA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D82 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 667 405d82-405d8e 668 405d8f-405dc3 GetTickCount GetTempFileNameW 667->668 669 405dd2-405dd4 668->669 670 405dc5-405dc7 668->670 672 405dcc-405dcf 669->672 670->668 671 405dc9 670->671 671->672
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405DA0
                                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,004033B4,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00405DBB
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" , xrefs: 00405D82
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405D87
                                                                                                                                                                                                                                                                                              • nsa, xrefs: 00405D8F
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                                              • API String ID: 1716503409-3160278628
                                                                                                                                                                                                                                                                                              • Opcode ID: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                                                                                                                                                                                                                                              • Instruction ID: a69a53d4b23f3d63feeda802a3e8a765614c71270742c911b33c62312df6cecc
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32F06D76600608BBDB008B59DD09AABBBB8EF91710F10803BEE01F7190E6B09A548B64
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402BFF Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 673 402bff-402c28 RegOpenKeyExW 674 402c93-402c97 673->674 675 402c2a-402c35 673->675 676 402c50-402c60 RegEnumKeyW 675->676 677 402c62-402c74 RegCloseKey call 406558 676->677 678 402c37-402c3a 676->678 686 402c76-402c85 677->686 687 402c9a-402ca0 677->687 679 402c87-402c8a RegCloseKey 678->679 680 402c3c-402c4e call 402bff 678->680 684 402c90-402c92 679->684 680->676 680->677 684->674 686->674 687->684 688 402ca2-402cb0 RegDeleteKeyW 687->688 688->684 689 402cb2 688->689 689->674
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402C20
                                                                                                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 58c60bd3f3897121054778c1da70f1d8408b3ab71b88223ff436e3f080a0af7a
                                                                                                                                                                                                                                                                                              • Instruction ID: b9f5b7c8593eadded22e2ca3cbb8d83d08b5e31647f9888e60cfbaa55d101d4e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58c60bd3f3897121054778c1da70f1d8408b3ab71b88223ff436e3f080a0af7a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66116A71504119FFEF10AF90DF8CEAE3B79FB14384B10007AF905E11A0D7B58E55AA69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 691 401bdf-401bf7 call 402ba2 * 2 696 401c03-401c07 691->696 697 401bf9-401c00 call 402bbf 691->697 699 401c13-401c19 696->699 700 401c09-401c10 call 402bbf 696->700 697->696 703 401c1b-401c2f call 402ba2 * 2 699->703 704 401c5f-401c89 call 402bbf * 2 FindWindowExW 699->704 700->699 715 401c31-401c4d SendMessageTimeoutW 703->715 716 401c4f-401c5d SendMessageW 703->716 714 401c8f 704->714 717 401c92-401c95 714->717 715->717 716->714 718 401c9b 717->718 719 402a4c-402a5b 717->719 718->719
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                              • Opcode ID: 298dafdcb9fb76c6349735f3086c7c7de60bc97eebb8a6152003ba88438aff8e
                                                                                                                                                                                                                                                                                              • Instruction ID: 9ab6cbc1baff8286944736a18d7265b6422843b7a732a624d4201333bc7942cf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 298dafdcb9fb76c6349735f3086c7c7de60bc97eebb8a6152003ba88438aff8e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2219071940209BEEF01AFB5CE4AABE7B75EF44744F10403EFA01B61D1D6B88A409B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040604B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,Remove folder: ,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,Remove folder: ,?), ref: 00406075
                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,Remove folder: ,?), ref: 00406096
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,Remove folder: ,?), ref: 004060B9
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                              • String ID: Remove folder:
                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-1958208860
                                                                                                                                                                                                                                                                                              • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                                                                                                                                                                              • Instruction ID: 0186f18981595c0b19feb364ea02d5f95392918b8fa258a18f8687652683a575
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4501483115020AEADF21CF66ED08E9B3BA8EF84390B01402AF845D2220D735D964DBA5
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040237B Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(0040B5D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                                                                                                                                                                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1356686001-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 67c77c8d659d9d4bc82cacddac1e216fe0077c84403bdf1d9c96e54a2d3d16bf
                                                                                                                                                                                                                                                                                              • Instruction ID: d84b147cfae213de6894e87518a1957a70c03431d85ade02b305fde94438308f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67c77c8d659d9d4bc82cacddac1e216fe0077c84403bdf1d9c96e54a2d3d16bf
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E511C071E00108BFEB10AFA4DE89DAE777DEB14358F11403AF904B71D1DBB85E409668
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004038D5 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403708,?), ref: 004038E7
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403708,?), ref: 004038FB
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\, xrefs: 0040390B
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004038DA
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\
                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-284943167
                                                                                                                                                                                                                                                                                              • Opcode ID: f084a8137c272c7609008576fb265960e9ac12256820a4da339362f4de570230
                                                                                                                                                                                                                                                                                              • Instruction ID: 23b98c188a40640ee87c89e263e7d2a3484f90a0975adae1b2ea6fd77d705eba
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f084a8137c272c7609008576fb265960e9ac12256820a4da339362f4de570230
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78E086B14407149AC124AF7CAD495853A185F453357248726F178F20F0C778996B5E9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004015B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(?,?,C:\,?,00405C51,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612
                                                                                                                                                                                                                                                                                                • Part of subcall function 004057AC: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004057EF
                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\TeamViewer\TVExtractTemp,?,00000000,000000F0), ref: 00401645
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\TeamViewer\TVExtractTemp, xrefs: 00401638
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                              • String ID: C:\Program Files (x86)\TeamViewer\TVExtractTemp
                                                                                                                                                                                                                                                                                              • API String ID: 1892508949-3084337345
                                                                                                                                                                                                                                                                                              • Opcode ID: 2305ffb504cd1727ef0d2f6d990949bd10217623809cec2c7a11ebe9bcb6ddd7
                                                                                                                                                                                                                                                                                              • Instruction ID: 18abe7de9e9977a76830232601504265d2e6edcedfe07fce7f69d5744a4425eb
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2305ffb504cd1727ef0d2f6d990949bd10217623809cec2c7a11ebe9bcb6ddd7
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F911E631500504EBCF207FA0CD0199E3AB2EF44364B25453BF906B61F2DA3D4A819E5E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405C3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(?,?,C:\,?,00405C51,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405C93
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0), ref: 00405CA3
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                                                                              • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                                                                                              • Opcode ID: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                                                                                                                                                                                                                                              • Instruction ID: 790be11e20efdccda9c73cacd4945748764c6204d4d0b11914a12a4c94a1ccfd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41F0F925108F6515F62233790D05EAF2554CF82394755067FF891B12D1DB3C9D938C7D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406C7B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 6748365695d0b60958ae2de605dce3010a9a46cb287cd8314348fa6e45a6e7ef
                                                                                                                                                                                                                                                                                              • Instruction ID: 95c87b37ce546c92696c349aad8761a6baa0f42cb897a758cf539d426e2a5a70
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6748365695d0b60958ae2de605dce3010a9a46cb287cd8314348fa6e45a6e7ef
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65A13471D00229CBDF28CFA8C844AADBBB1FF44305F15816AD956BB281D7785A86DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406E7C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: e6b96a49f958b7a8d2aa4cc917083ea926a28b83a61870a924df7985f049b653
                                                                                                                                                                                                                                                                                              • Instruction ID: dd225a6952a4a1885b566de7f95e3528e0c965b1b64db9b9769652e5c735704b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6b96a49f958b7a8d2aa4cc917083ea926a28b83a61870a924df7985f049b653
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D913370D04229CBDF28CFA8C844BADBBB1FF44305F15816AD856BB291C7789A86DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406B92 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 683f34e5330f3119535e65c3fcc014917b66dea9351a733ad05ad489270f429c
                                                                                                                                                                                                                                                                                              • Instruction ID: c728d5504c89e28601c55753f21d2f559f3974f1a6ce44cf054f885a45476dee
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 683f34e5330f3119535e65c3fcc014917b66dea9351a733ad05ad489270f429c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06813471D04228CFDF24CFA8C844BADBBB1FB44305F25816AD856BB291C7789A86DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406697 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: a646d1c18714c06b63ca95da94aa03745834858b299022791e2b3ebf89425e7d
                                                                                                                                                                                                                                                                                              • Instruction ID: 5389f57cfb4a3ea8b0a271fe5c21418892ef356aef38e154ca47b5156c43700c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a646d1c18714c06b63ca95da94aa03745834858b299022791e2b3ebf89425e7d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37816831D04229CBDF24CFA8C844BADBBB0FF44305F11816AD956BB281D7785986DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406AE5 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 96da27bd456154c1aedaa85bcfc68d0a261e277abb4cee4e4020ac7d50c7f0c5
                                                                                                                                                                                                                                                                                              • Instruction ID: 7cecadd07089ef5f508d2048bcf4206a214b5fe31ba49bd0cdf53ec9cfb3ce0b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96da27bd456154c1aedaa85bcfc68d0a261e277abb4cee4e4020ac7d50c7f0c5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35712175D04228CBDF28CFA8C844BADBBB1FB44305F15816AD806BB281D7789A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406C03 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 29e3b149f88ae6fd458fdcc74d478f48b2ed7dfe8c3e809ea2d72e9fd2fa3729
                                                                                                                                                                                                                                                                                              • Instruction ID: f96eec566abe8136b7696836c8602221009d3abbc3cba5cf828ad5cd02611e0d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29e3b149f88ae6fd458fdcc74d478f48b2ed7dfe8c3e809ea2d72e9fd2fa3729
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56713371D04228CBEF28CFA8C844BADBBB1FF44305F15816AD856BB281C7789996DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406B4F Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: b9c673c2534040230f9089defbd7d825788091a80835a4c341425c1e948b069d
                                                                                                                                                                                                                                                                                              • Instruction ID: 17f295adf0ba2181094cfffbed918b39bb4908eb68d6975640ddb9889f0749db
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9c673c2534040230f9089defbd7d825788091a80835a4c341425c1e948b069d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2714531D04229CBEF28CF98C844BADBBB1FF44305F11816AD816BB291C7785A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004031EF Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403203
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040336E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403119,00000004,00000000,00000000,?,?,00403093,000000FF,00000000,00000000,0040A230,?), ref: 00403236
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(02A37769,00000000,00000000,00414ED0,00004000,?,00000000,00403119,00000004,00000000,00000000,?,?,00403093,000000FF,00000000), ref: 00403331
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1092082344-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 60a078b62880e419fd8869ad6c2e376d7a0a18806c11cc7e2be6b3a6e40e2614
                                                                                                                                                                                                                                                                                              • Instruction ID: 2fd669d0756999c0d63da40b5d988076205959dac08f3783f289fe1fafb1afdd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60a078b62880e419fd8869ad6c2e376d7a0a18806c11cc7e2be6b3a6e40e2614
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19314B72500204DBD710DF69EEC49663FA9F74075A718423FE900F22E0CBB55D458B9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FEE
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FFF
                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 0040207C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 334405425-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 24cdcc8e17645b09c8dba356bdc9c6051ea27a3cc416b1f1b75791a7a23ceb8f
                                                                                                                                                                                                                                                                                              • Instruction ID: 135227bab5bbd0cb957ad13063370cb04025123e1843093ab7a3381522db9c00
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24cdcc8e17645b09c8dba356bdc9c6051ea27a3cc416b1f1b75791a7a23ceb8f
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21A731900219EBCF20AFA5CE48A9E7E71BF00354F20427BF511B51E1DBBD8A81DA5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401B37 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00401BA7
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BB9
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • InstallTeamViewer(): Error!!! Installation files could not be extracted. Installation aborted!, xrefs: 00401B5E, 00401B64, 00401B7E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                                              • String ID: InstallTeamViewer(): Error!!! Installation files could not be extracted. Installation aborted!
                                                                                                                                                                                                                                                                                              • API String ID: 3394109436-3224948528
                                                                                                                                                                                                                                                                                              • Opcode ID: e295b54685931270dff86f202c2fdefb044b2b91f5e4e3df0bc5e06abf08786f
                                                                                                                                                                                                                                                                                              • Instruction ID: 7cdfc3cbb2e69f4264c6c6693aec6085e55c642d7687a467de19211c04d07d9e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e295b54685931270dff86f202c2fdefb044b2b91f5e4e3df0bc5e06abf08786f
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67219672A00100EBDB20EB94CD85D5E77B6AF84314B21453BF502F72E1DA7898618F5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402537 Relevance: 4.6, APIs: 3, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,0040B5D8,000000FF,0040ADD8,00000400,?,?,00000021), ref: 00402583
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0040ADD8,?,?,0040B5D8,000000FF,0040ADD8,00000400,?,?,00000021), ref: 0040258E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3109718747-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 850b0114aee89c8d8b14894d23efcefd65d0faa324c372d2657d007c57cf9cb9
                                                                                                                                                                                                                                                                                              • Instruction ID: 4789cac02ba757069cd1743e95fa376523a080456913a55bd7acca95e4ec0b97
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 850b0114aee89c8d8b14894d23efcefd65d0faa324c372d2657d007c57cf9cb9
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA11E772A01204BADB10AFB18F4EE9E32659F54355F20403BF502F65C1DAFC8E51576E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004021EA Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064C1: FindFirstFileW.KERNELBASE(74DF3420,00426778,C:\,00405C83,C:\,C:\,00000000,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0), ref: 004064CC
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064C1: FindClose.KERNEL32(00000000), ref: 004064D8
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32 ref: 0040222A
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00000000), ref: 00402235
                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 0040225E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1486964399-0
                                                                                                                                                                                                                                                                                              • Opcode ID: f9a99ba4a91a9f4c9246cf651f25ea3f75fba1548a7733be5ccfd7ea764f24a6
                                                                                                                                                                                                                                                                                              • Instruction ID: 9c43d8eab5e28b8efadc9e1ada5fd511aa80cab417b32b1cb638ddde26c09318
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9a99ba4a91a9f4c9246cf651f25ea3f75fba1548a7733be5ccfd7ea764f24a6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4711707190021896CB10EFF98D4999EB7F8AF04314F10807FA905FB2DAE6B8D9018B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040249E Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024CD
                                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024E0
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 167947723-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 60ac1395f0a982b77a3977587a1bd86f46e362b2f506b0714e0df90dc524a01b
                                                                                                                                                                                                                                                                                              • Instruction ID: c7ec42ec2a5b8cbcf97019b844e04a4f9c539befeef3331d530b96059407f5ff
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60ac1395f0a982b77a3977587a1bd86f46e362b2f506b0714e0df90dc524a01b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCF03171A14204EBEB209F65DE8CABF767DEF80354B10843FF505B61D0DAB84D419B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405927 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D2E: GetFileAttributesW.KERNELBASE(?,?,00405933,?,?,00000000,00405B09,?,?,?,?), ref: 00405D33
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D2E: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405D47
                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B09), ref: 00405942
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B09), ref: 0040594A
                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405962
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 4d7e10e481d95c5c5c7c05f6c7e2fdde8e74fc3924f4c20308c7a9621a850695
                                                                                                                                                                                                                                                                                              • Instruction ID: ecea3d8082f0941e5ee01c5501cf82e541f4c7e763f85e657b920a2cf98d934c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d7e10e481d95c5c5c7c05f6c7e2fdde8e74fc3924f4c20308c7a9621a850695
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EE09B72105A91D6D21067349E0CB5F2AD8DF96335F09493EF595F11D0C778880ACA7D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040421B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000408,?,00000000,00403E78), ref: 00404239
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                              • String ID: x
                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                                                                              • Opcode ID: 3e871ac91d012b6cae2f90b6371e3effc72337ca5df1d59cb8fc0e815e15e1ac
                                                                                                                                                                                                                                                                                              • Instruction ID: 9e34857be529cc3efc5f0a7cea2a0d9e3d50e3e0a723924f26ebfb3191f04208
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e871ac91d012b6cae2f90b6371e3effc72337ca5df1d59cb8fc0e815e15e1ac
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78C012B1240200FBCA209B00EE00B167A20F7A8702F2089BDF380200B086718822DB2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004030E7 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403093,000000FF,00000000,00000000,0040A230,?), ref: 0040310C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 5362526f818bdb809ad5cab08ae3c06d9fff902eb4395bb37ab99caf6aafdfc9
                                                                                                                                                                                                                                                                                              • Instruction ID: 040f2acbe5348ef8c996952313d322865bd2faa87b76d8d9ba7109e69b0e4b3d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5362526f818bdb809ad5cab08ae3c06d9fff902eb4395bb37ab99caf6aafdfc9
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22316B30200219EBDB108F55ED84ADA3F68EB08359F20813AF905EA1D0DB79DF50DBA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040242A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7c5d0e18f6a429da2bc85dc3c2d089be0215a696c23f31d9e61351b332a472c5
                                                                                                                                                                                                                                                                                              • Instruction ID: a4ed2935f8c713a64b441f8b02302a8faa8aa65f3841d01997d269d515fb9b23
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c5d0e18f6a429da2bc85dc3c2d089be0215a696c23f31d9e61351b332a472c5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D119131911205EBDB10CFA0CA489AEB7B4EF44354B20843FE446B72D0D6B85A41DB19
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                                                                                                                                                                                                                                              • Instruction ID: d65e0694727b7210e6f7bc09f77efd2c0147e56cffd904cd4a2c980f2ed28b93
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D01D131724210EBEB195B789D04B2A3698E714314F1089BAF855F62F1DA788C128B5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040231F Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040233E
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402347
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 849931509-0
                                                                                                                                                                                                                                                                                              • Opcode ID: af1b21a11892d4ef4174ae2b41b7854131aa20919259ada3e53a4d904ddc093b
                                                                                                                                                                                                                                                                                              • Instruction ID: b5033fe3495a5d5fbf66e52db86fe43622c16bf705f2fe0f4142c4154f9543e6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af1b21a11892d4ef4174ae2b41b7854131aa20919259ada3e53a4d904ddc093b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F04F32A04110ABEB11BFB59B4EABE726A9B40314F15807BF501B71D5D9FC99025629
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004053B0 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 004053C0
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040428E: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A0
                                                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 0040540C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2896919175-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 3868b5a52622b10a1177551b7cc78a5ffd836502efb30cae45cbc154cdcfe80d
                                                                                                                                                                                                                                                                                              • Instruction ID: fd15c1a48ffcd0bde852b119af7687a848e5b357f1d71b2c4b4b2b4c4c2fcb19
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3868b5a52622b10a1177551b7cc78a5ffd836502efb30cae45cbc154cdcfe80d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55F0F076645601CBD3101B54AD05B5B7268EF80781F56407EEE44A23F1CABA48428B2E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406558 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064E8: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004064FF
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064E8: wsprintfW.USER32 ref: 0040653A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064E8: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040654E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 45558713834216164227cc70c45b1d33d53decf29647882cb75fd2fc812b7039
                                                                                                                                                                                                                                                                                              • Instruction ID: 8c1a5bb66f910ccc430fc34c4425cef617f316e2833151c7c1ff8c8a0ee84b40
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45558713834216164227cc70c45b1d33d53decf29647882cb75fd2fc812b7039
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3E086326042206BD6105B706E0893762BC9ED8740302483EF946F2084D778DC329A6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DF2
                                                                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(00000000,00000000), ref: 00401DFD
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CallbackDispatcherShowUserWindow
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 82835404-0
                                                                                                                                                                                                                                                                                              • Opcode ID: f95c109804867172db61b1135defe61bd419d678e2b077b04fc1289a75674494
                                                                                                                                                                                                                                                                                              • Instruction ID: 21ddd3577add1129786b8edf5e015a7aca6159172531db4ba1f8ff50d12c07f3
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f95c109804867172db61b1135defe61bd419d678e2b077b04fc1289a75674494
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D3E08C326005009BCB20AFB5AA4999D3375EF50369710017BE402F10E1CABC9C408A2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403932 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(?,74DF3420,00000000,74DF2EE0,00403909,C:\Users\user\AppData\Local\Temp\,00403708,?), ref: 0040394C
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00403953
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                              • Opcode ID: f4316848cbc6ebdc68634a281282690bfac6e24f3e15d004bec6d27d8a9ac131
                                                                                                                                                                                                                                                                                              • Instruction ID: 420717e04dc644aaadfe3aeddcd4797dc829437e29e913c3c6529364dabb0ba4
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4316848cbc6ebdc68634a281282690bfac6e24f3e15d004bec6d27d8a9ac131
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41E012739011309BC6225F95ED44B5E7B6D6F95B32F0A423AE9807B26087B45D838FD8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D53 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                                                                                                                                                                                                              • Instruction ID: e98dd403a5e5432679a9d4e257ef455d3d6759c2e5ed6cf280caa05d5291d686
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3D09E71654601EFEF098F20DF16F2E7AA2EB84B00F11562CB682940E0DA7158199B19
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D2E Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405933,?,?,00000000,00405B09,?,?,?,?), ref: 00405D33
                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405D47
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                                                                                                                                                                                                              • Instruction ID: 62c1218995ad43f24aa052634507c0d83541fa9dca801c4eab67991220ff17ac
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40D01272504520AFC2513738EF0C89BBF95EB543B17028B35FAF9A22F0DB304C568A98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405829 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,004033A9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 0040582F
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040583D
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                                                                                                                                                                                                              • Instruction ID: d963a2520b22da8993c1f0374a54a6368e12bf2bf52e26206a68f99a8800bbf8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DC04C31204B029AD7506B609F097177954AB50781F11C8396946E00A0DE348465DE2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0
                                                                                                                                                                                                                                                                                                • Part of subcall function 004060C5: wsprintfW.USER32 ref: 004060D2
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 327478801-0
                                                                                                                                                                                                                                                                                              • Opcode ID: a43271754c7f07c99b9378ce98c7c6ca1c5cab0cf9015cd4f7670726b0543b0b
                                                                                                                                                                                                                                                                                              • Instruction ID: 0f14848d4f24c16631b00b750435c060a764b4453362ef8260df6bafad2d34e7
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a43271754c7f07c99b9378ce98c7c6ca1c5cab0cf9015cd4f7670726b0543b0b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FE01A71601114ABDB11EBA59E4ACAE766AAB40328B10443BF501F14E1CAB988619A2E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040229D Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004022D4
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 390214022-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 014b14aad264ab3d9278ecb8b720997d0a3792ab61640f4b6d401bffeacc1512
                                                                                                                                                                                                                                                                                              • Instruction ID: a822d11f1d05533bca3208a69e79300e3559a9020bae074bf72d5f6ed1f8f9d7
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 014b14aad264ab3d9278ecb8b720997d0a3792ab61640f4b6d401bffeacc1512
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BCE04F319001246ADB113EF10E8ED7F31695B40314B1405BFB551B66C6D9FC0D4246A9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405E05 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00410E86,0040CED0,004032EF,0040CED0,00410E86,00414ED0,00004000,?,00000000,00403119,00000004), ref: 00405E19
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                                                                                                                                                                              • Instruction ID: dac0b8971ba2920abb5474f128329a0fa477ab7403896bbfc0984bb8014ca22f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AE08632100119ABCF105F50DC00EEB376CEB00350F004832FA65E2040E230EA219BE4
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402CC9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Open
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                                                                                                                                                                                                                                              • Instruction ID: ef45ff86538a2d51f1b0222ec8c1b297abd10be8bd22699319dc95f068cee933
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE08676244108BFDB00DFA8DE47FD537ECAB14700F004031BA08D70D1C674E5508768
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405DD6 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040336B,0040A230,0040A230,0040326F,00414ED0,00004000,?,00000000,00403119), ref: 00405DEA
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                                                                                                                                                                                                                                              • Instruction ID: f39de87387fc754cac4ceee649b5e38243fe2bf9183d254406dbd5143e25ae03
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57E0EC3221125AABDF509F65DC08AEB7B6DEF05360F008837F955E6160D631E9219BE8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004058C3 Relevance: 1.5, APIs: 1, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • MessageBoxIndirectW.USER32(0040A3E8), ref: 0040591E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: IndirectMessage
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1874166685-0
                                                                                                                                                                                                                                                                                              • Opcode ID: ad30b8c57171d568f185787def9c3cb3c84c161905c8a48c9e8b193500a59949
                                                                                                                                                                                                                                                                                              • Instruction ID: 321c8730501e623a228f699c15320e1e2f592dc12f854a1532b6ac915461554a
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad30b8c57171d568f185787def9c3cb3c84c161905c8a48c9e8b193500a59949
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCF0F272A10701CBC768CF18EA44B1A3BE0E704304F50817AE854A23B0D77998E2DF1E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004022DF Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402310
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: PrivateProfileString
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1096422788-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2412c5e6e38f405480bfb5068b9d3e64da5a88d06b16ee9e0a03aeafae2b93d0
                                                                                                                                                                                                                                                                                              • Instruction ID: 815fd251d1ef055c124add3867079dbd89389a2e6f50d5753089410e689aa70c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2412c5e6e38f405480bfb5068b9d3e64da5a88d06b16ee9e0a03aeafae2b93d0
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91E04F30800208BBDF01AFA4CE49DBD3B79AF00344F14043AF940AB0D5E7F89A819749
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404242 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040425C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ItemText
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3367045223-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7233622df6a7a8fb633e185686b3ac587ee5e59de1f4571593d5d0ba3e8b76bd
                                                                                                                                                                                                                                                                                              • Instruction ID: 65f8c73b99d4ee7bdc81e4beaf37a5475fca5134ded6dd21b3b8f91a9c360ad6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7233622df6a7a8fb633e185686b3ac587ee5e59de1f4571593d5d0ba3e8b76bd
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2C04C76148200BFE641A755CC42F1FB799EF9431AF40C52EB59CE51D2C63994309A2A
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040428E Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A0
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                              • Opcode ID: c2a25a807fea80bd58a61b321fa2af33aa5b35e52655131f61520799e32131e4
                                                                                                                                                                                                                                                                                              • Instruction ID: 8584b4a80e8197aea4c9dd325401cbfcfbe68695eba590e205f4256e4e85e437
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2a25a807fea80bd58a61b321fa2af33aa5b35e52655131f61520799e32131e4
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67C04C71740600BBDA20CB649D45F1677546754740F1448697640A60E0C674D420D62C
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040336E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                                                                                                                                                                                                                                              • Instruction ID: 64c0fffafe8abe290eaf2022e63b776f1a4a3bd25e2fde741040b5855636c72c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70B01231140300BFDA214F00DF09F057B21AB90700F10C034B344780F086711075EB0D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404277 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,004040A3), ref: 00404285
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                                                                                                                                                                                                                                                              • Instruction ID: 3e0bacd84e958153637e663f6e0df00a268db6e73930f78988907d41dcf2010e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bbf2f5232cd2574a5b007ccbcd78797cc8e3f4bb2dd07224d7ba7f17a9ad77c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32B01235290A00FBDE214B00EE09F457E62F76C701F008478B340240F0CAB300B1DB19
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404264 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,0040403C), ref: 0040426E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 8a62e99fe4a67b047fdc914663d327e58adf51456459288db10dd5d3044e9a2e
                                                                                                                                                                                                                                                                                              • Instruction ID: ea629541fdd2228df96855dc4de4e407fdbb002a66502a1a5a86269346c048a7
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a62e99fe4a67b047fdc914663d327e58adf51456459288db10dd5d3044e9a2e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0A001B6644500ABCE129F90EF49D0ABBB2EBE8742B518579A285900348A364961EB59
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                              Function 00404C59 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404C71
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404C7C
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CC6
                                                                                                                                                                                                                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404CD9
                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,00405251), ref: 00404CF2
                                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D06
                                                                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D18
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404D2E
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D3A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D4C
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404D4F
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D7A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D86
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E1C
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E47
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E5B
                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404E8A
                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404E98
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404EA9
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FA6
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040500B
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405020
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405044
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405064
                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00405079
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00405089
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405102
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 004051AB
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051BA
                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004051DA
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405228
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00405233
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 0040523A
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                                                                                                              • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                                                              • Opcode ID: c57cb45ce89cd192e0511e30eec95623b06f81766ebd804847a276e94d887aeb
                                                                                                                                                                                                                                                                                              • Instruction ID: ce840dee0c3a5b827351c7f25dbf2e3605d0905f5c54158640504e6bfb71dde6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c57cb45ce89cd192e0511e30eec95623b06f81766ebd804847a276e94d887aeb
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C023EB0A00209EFDF209F64CD45AAE7BB5FB84355F10817AE610BA2E1C7799D52CF58
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004043DF Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 207windowstringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040447D
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404491
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044AE
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004044BF
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044CD
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044DB
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 004044E0
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044ED
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404502
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040455B
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 00404562
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 0040458D
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045D0
                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004045DE
                                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004045E1
                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(0000070B,open,004281E0,00000000,00000000,00000001), ref: 004045F6
                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404602
                                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404605
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404634
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404646
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                                                              • String ID: N$Remove folder: $VC@$open
                                                                                                                                                                                                                                                                                              • API String ID: 3615053054-2721566001
                                                                                                                                                                                                                                                                                              • Opcode ID: 33f5e1601642234e7e85cd0b58378a626179fffef457767216124dc14c27a8cd
                                                                                                                                                                                                                                                                                              • Instruction ID: ef28e404984a924d02769b335405a58d84a4f5c10dd13b46e9d300bde90bb2c1
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33f5e1601642234e7e85cd0b58378a626179fffef457767216124dc14c27a8cd
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 717191B1A00209BFDB10AF60DD45E6A7B69FB94344F00843AFB05B62E0D779AD51CF98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                              • Opcode ID: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                                                                                                                                                                                                                                              • Instruction ID: fbc3582f0be17511ef24b6208279bd62f68a22b1f89f17edcf88e24f0ff4dafb
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E418A71800209AFCF058F95DE459AFBBB9FF44310F00842EF991AA1A0C738EA55DFA4
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004046DD Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040472C
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404756
                                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404807
                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404812
                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(Remove folder: ,00423728,00000000,?,?), ref: 00404844
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404850
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404862
                                                                                                                                                                                                                                                                                                • Part of subcall function 004058A7: GetDlgItemTextW.USER32(?,?,00000400,00404899), ref: 004058BA
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406475
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharNextW.USER32(?,?,?,00000000), ref: 00406484
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406489
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 0040649C
                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,00000001,004216F8,?,?,000003FB,?), ref: 00404925
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404940
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404A99: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3A
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404A99: wsprintfW.USER32 ref: 00404B43
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404A99: SetDlgItemTextW.USER32(?,00423728), ref: 00404B56
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: (7B$A$C:\Program Files (x86)\TeamViewer$Remove folder:
                                                                                                                                                                                                                                                                                              • API String ID: 2624150263-1696410446
                                                                                                                                                                                                                                                                                              • Opcode ID: c0b61ef350f3b11f3d6e2819161bdb8859453bf742527bbdd3f0f7a625ed1280
                                                                                                                                                                                                                                                                                              • Instruction ID: d5aaf60bd55b21875b9c8b9a8d0b3d7e01f34e6f89f3adcbdcc63617e1d21faf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0b61ef350f3b11f3d6e2819161bdb8859453bf742527bbdd3f0f7a625ed1280
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7A191F1A00209ABDB11AFA5CC45AAF77B8EF84354F10847BF601B62D1D77C99418B6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405EAD Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00426DC8,NUL), ref: 00405EBC
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,00406040,?,?), ref: 00405EE0
                                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00405EE9
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405CB8: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CC8
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405CB8: lstrlenA.KERNEL32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CFA
                                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(004275C8,004275C8,00000400), ref: 00405F06
                                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405F24
                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 00405F5F
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F6E
                                                                                                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A588,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A588,00000000,[Rename],00000000,00000000,00000000), ref: 00405FFC
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406014
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                                                                                                                              • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                                                                                                                                                                                              • API String ID: 222337774-899692902
                                                                                                                                                                                                                                                                                              • Opcode ID: 30f1ad71034d6c445b7df81822845e1e30d199c7f1bc078365d62d19a968fdd2
                                                                                                                                                                                                                                                                                              • Instruction ID: 52ae09e4e2a5e81e4d5588e003ad531eff1fe7f7ae6e2de5146a23cae23f7ad9
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30f1ad71034d6c445b7df81822845e1e30d199c7f1bc078365d62d19a968fdd2
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB315330241B19BBD2206B209D08F2B3A5CEF85758F15043BF942F62C2EA7CC9118EBD
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406412 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406475
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000), ref: 00406484
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00406489
                                                                                                                                                                                                                                                                                              • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" ,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 0040649C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" , xrefs: 00406412
                                                                                                                                                                                                                                                                                              • *?|<>/":, xrefs: 00406464
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406413
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                              • API String ID: 589700163-1352648990
                                                                                                                                                                                                                                                                                              • Opcode ID: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                                                                                                                                                                                                                                              • Instruction ID: c1b46f2de1f90aebbf911330ce555e940da56993e608f70b6a8db31027969b8c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5311C85680121299DB307B588C40AB7A2B8EF55754F52803FEDCA732C1E77C5C9286BD
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004042A9 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004042C6
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 004042E2
                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 004042EE
                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 004042FA
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 0040430D
                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0040431D
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404337
                                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404341
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                              • Opcode ID: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                                                                                                                                                                                                                                              • Instruction ID: 2a82f640caf94e13ad52f77eccc7f6a005bf570db5d4005cc44859485eb84fad
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F215171600704ABCB219F68DE08B4BBBF8AF81714F04892DED95E26A0D738E904CB64
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 0040264D
                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405E34: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E4A
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                              • String ID: 9
                                                                                                                                                                                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                              • Opcode ID: 01588cc1e6d12b9eb48a34a041857950361e167f935f48975bd7f3d5c8a3ade6
                                                                                                                                                                                                                                                                                              • Instruction ID: fbd7f9394f7a40dbbdef10ea3a20ac1ae57b35180e29dd1ddeb30b88b5afce05
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01588cc1e6d12b9eb48a34a041857950361e167f935f48975bd7f3d5c8a3ade6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19510774D00219ABDF209F94CA88AAEB779FF04344F50447BE501B72E0D7B99982DB69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404BA7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BC2
                                                                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404BCA
                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404BE4
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BF6
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C1C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                              • Opcode ID: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                                                                                                                                                                                                                                              • Instruction ID: 45e0f6331f39cfe7836e80c9775163861a3897288b26a0b158bc224782e9bc0b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9015271901218BAEB00DB94DD45FFEBBBCAF54711F10012BBA51B61D0C7B495018B54
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401D56 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401D59
                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401DD1
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                                              • String ID: Tahoma
                                                                                                                                                                                                                                                                                              • API String ID: 3808545654-3580928618
                                                                                                                                                                                                                                                                                              • Opcode ID: 5a25ca78bc8c32752d7f72089744ea34f9941ea911f474610dde7174e3f6db02
                                                                                                                                                                                                                                                                                              • Instruction ID: 9e8fd183d3d9d3ef172346538d4b27734d94fdc92d2c471f4f64b2fa811a60c8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a25ca78bc8c32752d7f72089744ea34f9941ea911f474610dde7174e3f6db02
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F601A271544641EFEB016BB0AF4AF9A3F75BB65301F104579F152B61E2CA7C0006AB2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402D04 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402D56
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402D66
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D78
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                                                                                              • Opcode ID: 3598370c3c9dfc29f84c7b8ed24a957720a686991d5537ef1c6dff233380f4e6
                                                                                                                                                                                                                                                                                              • Instruction ID: 006a23aec332b8a1771af90dfa9c1e08c84c5b856183a3bf167901723993fe13
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3598370c3c9dfc29f84c7b8ed24a957720a686991d5537ef1c6dff233380f4e6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FF0367050020CABEF206F50DD49BEA3B69FF44305F00803AFA55B51D0DBF959558F59
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402840 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                              • Opcode ID: e8b18edfeea79fa09e45a72486dc9901f693ae42d48326bb65f86fff18046ac9
                                                                                                                                                                                                                                                                                              • Instruction ID: 9003099e8900d80eaa65f9bf21adae6f43ee9946aaa6f9d478ae9c17af360c06
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8b18edfeea79fa09e45a72486dc9901f693ae42d48326bb65f86fff18046ac9
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6216F72801118BBCF216FA5CE49D9E7F79EF09364F24423AF550762E0CB794E419B98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404A99 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3A
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404B43
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00423728), ref: 00404B56
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: %u.%u%s%s$(7B
                                                                                                                                                                                                                                                                                              • API String ID: 3540041739-1320723960
                                                                                                                                                                                                                                                                                              • Opcode ID: 81ae9ae8dc439d9931515dbc50321e52771afc0a6870d61e722dcea37f1a3983
                                                                                                                                                                                                                                                                                              • Instruction ID: 8555a1dc09e6b234f76c08cd80d60a8511de1cbf1cdbca66d7a603e4fd23a7b2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81ae9ae8dc439d9931515dbc50321e52771afc0a6870d61e722dcea37f1a3983
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E911EB736441283BDB0095AD9C45F9E3298DB85378F150237FA26F71D1DA79D82286EC
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 6491dc860a80c02085eecb14b1266a63ebbf57ab5d60057a90a3d7af6463b562
                                                                                                                                                                                                                                                                                              • Instruction ID: c287ee2e14a47dfcdc45124cadc9b4dd0eb33b5564dd8f2f51e592e83ba53e14
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6491dc860a80c02085eecb14b1266a63ebbf57ab5d60057a90a3d7af6463b562
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33F0E172600504AFD701DBE4DE88CEEBBBDEB48311B104476F541F51A1CA749D018B38
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405BDD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,?,C:\,?,00405C51,C:\,C:\,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext
                                                                                                                                                                                                                                                                                              • String ID: C:\
                                                                                                                                                                                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                                                              • Opcode ID: 97bda6209b414f3be7afdaeea7f60dfeaed0a7be6e9491b65ace1fa1eacd3bf0
                                                                                                                                                                                                                                                                                              • Instruction ID: 6e78a38a92844ebddfb5a00e32717de03c0cdfda6ab0f65e84db47d2e3257ff5
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97bda6209b414f3be7afdaeea7f60dfeaed0a7be6e9491b65ace1fa1eacd3bf0
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83F0B411949F1D95FF3177584C45A7BA7BCEB55360B00803BEA41B72C1D7B84C818EEA
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405B32 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004033A3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00405B38
                                                                                                                                                                                                                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004033A3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035DE), ref: 00405B42
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405B54
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B32
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                              • API String ID: 2659869361-3081826266
                                                                                                                                                                                                                                                                                              • Opcode ID: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                                                                                                                                                                                                                                                              • Instruction ID: 1c34604f245f66d13fb295c2dca74b2082213948d97efa3850964b8affffb698
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50926409037afd5c3b117ee0fc1a0f088670877cc81c495d68363141157855c1
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57D05E31101934AAC2116B448C04DDB73AC9E46304341442AF201B70A6C778695286FD
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsl56E9.tmp\), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040585E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 00405887
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040585E: CloseHandle.KERNEL32(?), ref: 00405894
                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3585118688-0
                                                                                                                                                                                                                                                                                              • Opcode ID: bb4ed085c638bd443c710e2d7f0342cbaf51ccc2adafb456e5dd98b29d2a060b
                                                                                                                                                                                                                                                                                              • Instruction ID: 5702df78c33f9bd13decba52644e1012fe72a42f767711efff684f6f7274af03
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb4ed085c638bd443c710e2d7f0342cbaf51ccc2adafb456e5dd98b29d2a060b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF11A131900508EBCF21AF91CD4499E7AB6AF40314F21407BFA05B61F1D7798A92DB99
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403C9D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,00429240), ref: 00403D35
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                                                                                                                                              • String ID: "C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" $1033
                                                                                                                                                                                                                                                                                              • API String ID: 530164218-2390827199
                                                                                                                                                                                                                                                                                              • Opcode ID: 9d022d01f112da27556ef407cc074c94f0222ef42f22569fe4f3b5c0e17e7ae8
                                                                                                                                                                                                                                                                                              • Instruction ID: 4786a0dcc4ba2f930af81554b1ec9cb86176e7a1d2ad565e9f211a7c6dcc4e6b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d022d01f112da27556ef407cc074c94f0222ef42f22569fe4f3b5c0e17e7ae8
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7111C331B44210ABD7359F15EC40A337B6CEF85715B28427BE801AB3A1C63A9D1296A9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00405280
                                                                                                                                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004052D1
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040428E: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A0
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                              • Opcode ID: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                                                                                                                                                                                                                                              • Instruction ID: 35360b72f4910b777185a6264b25dc7760dbd7dc789205491e41d57b326ac1ec
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B019E71210708ABDF208F11DD84E9B3A35EF94321F60443AFA00761D1C77A8D529E6A
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040585E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 00405887
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405894
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00405871
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                              • Opcode ID: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                                                                                                                                                                                                                                              • Instruction ID: 0fb7bd0647ee639374dbc29985885c8cd5f4694ddcbbc5ba66c50ad851a9a680
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22E04FB0A002097FEB009B64ED45F7B77ACEB04208F408431BD00F2150D77498248A78
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405B7E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp\TeamViewer,00402EAD,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,80000000,00000003), ref: 00405B84
                                                                                                                                                                                                                                                                                              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp\TeamViewer,00402EAD,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\TeamViewer,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,C:\Users\user\AppData\Local\Temp\TeamViewer\TeamViewer_.exe,80000000,00000003), ref: 00405B94
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Users\user\AppData\Local\Temp\TeamViewer, xrefs: 00405B7E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\TeamViewer
                                                                                                                                                                                                                                                                                              • API String ID: 2709904686-2550921564
                                                                                                                                                                                                                                                                                              • Opcode ID: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                                                                                                                                                                                                                                                              • Instruction ID: 87bbc210c64b19a6b78a00595756172ded5dec919d443e3f73ce50da7c0279be
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e2f59ad4ff0707ecda417660e1f53ddee00da6e1af2314932cd9a88429354c1
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4D05EB24009209AD312AB04DD00DAF77ACEF163007464426E841AB166D778BC8186BC
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405CB8 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CC8
                                                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405CE0
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CF1
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CFA
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000010.00000002.2604273418.0000000000401000.00000020.00000001.01000000.00000017.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604202374.0000000000400000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604330965.0000000000408000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000040A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000422000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000425000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.000000000042C000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000430000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604382922.0000000000435000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.0000000000485000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000010.00000002.2604748399.00000000004C7000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_16_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                              • Opcode ID: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                                                                                                                                                                                                                                              • Instruction ID: b09c91cad7c2282b041c35ea214dbdd3f15ee75aa50bf55fe933874c09a5e2ef
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFF0F631104954FFD702DFA5DD04E9FBBA8EF06350B2180BAE841F7210D674DE01ABA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                              Execution Coverage:19.9%
                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                                                                                              Total number of Nodes:1344
                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:34
                                                                                                                                                                                                                                                                                              execution_graph 3882 402840 3883 402bbf 18 API calls 3882->3883 3885 40284e 3883->3885 3884 402864 3887 405d2e 2 API calls 3884->3887 3885->3884 3886 402bbf 18 API calls 3885->3886 3886->3884 3888 40286a 3887->3888 3910 405d53 GetFileAttributesW CreateFileW 3888->3910 3890 402877 3891 402883 GlobalAlloc 3890->3891 3892 40291a 3890->3892 3895 402911 CloseHandle 3891->3895 3896 40289c 3891->3896 3893 402922 DeleteFileW 3892->3893 3894 402935 3892->3894 3893->3894 3895->3892 3911 40336e SetFilePointer 3896->3911 3898 4028a2 3899 403358 ReadFile 3898->3899 3900 4028ab GlobalAlloc 3899->3900 3901 4028bb 3900->3901 3902 4028ef 3900->3902 3903 4030e7 45 API calls 3901->3903 3904 405e05 WriteFile 3902->3904 3905 4028c8 3903->3905 3906 4028fb GlobalFree 3904->3906 3908 4028e6 GlobalFree 3905->3908 3907 4030e7 45 API calls 3906->3907 3909 40290e 3907->3909 3908->3902 3909->3895 3910->3890 3911->3898 3912 401cc0 3913 402ba2 18 API calls 3912->3913 3914 401cc7 3913->3914 3915 402ba2 18 API calls 3914->3915 3916 401ccf GetDlgItem 3915->3916 3917 402531 3916->3917 3917->3917 3918 4029c0 3919 402ba2 18 API calls 3918->3919 3920 4029c6 3919->3920 3921 4029f9 3920->3921 3922 40281e 3920->3922 3924 4029d4 3920->3924 3921->3922 3923 4061a0 18 API calls 3921->3923 3923->3922 3924->3922 3926 4060c5 wsprintfW 3924->3926 3926->3922 3101 401fc3 3102 401fd5 3101->3102 3103 402087 3101->3103 3121 402bbf 3102->3121 3106 401423 25 API calls 3103->3106 3112 4021e1 3106->3112 3107 402bbf 18 API calls 3108 401fe5 3107->3108 3109 401ffb LoadLibraryExW 3108->3109 3110 401fed GetModuleHandleW 3108->3110 3109->3103 3111 40200c 3109->3111 3110->3109 3110->3111 3127 4065c7 WideCharToMultiByte 3111->3127 3115 402056 3133 4052dd 3115->3133 3116 40201d 3119 40202d 3116->3119 3130 401423 3116->3130 3119->3112 3120 402079 FreeLibrary 3119->3120 3120->3112 3122 402bcb 3121->3122 3144 4061a0 3122->3144 3125 401fdc 3125->3107 3128 4065f1 GetProcAddress 3127->3128 3129 402017 3127->3129 3128->3129 3129->3115 3129->3116 3131 4052dd 25 API calls 3130->3131 3132 401431 3131->3132 3132->3119 3134 4052f8 3133->3134 3135 40539a 3133->3135 3136 405314 lstrlenW 3134->3136 3137 4061a0 18 API calls 3134->3137 3135->3119 3138 405322 lstrlenW 3136->3138 3139 40533d 3136->3139 3137->3136 3138->3135 3140 405334 lstrcatW 3138->3140 3141 405350 3139->3141 3142 405343 SetWindowTextW 3139->3142 3140->3139 3141->3135 3143 405356 SendMessageW SendMessageW SendMessageW 3141->3143 3142->3141 3143->3135 3149 4061ad 3144->3149 3145 4063f8 3146 402bec 3145->3146 3178 40617e lstrcpynW 3145->3178 3146->3125 3162 406412 3146->3162 3148 406260 GetVersion 3148->3149 3149->3145 3149->3148 3150 4063c6 lstrlenW 3149->3150 3151 4061a0 10 API calls 3149->3151 3154 4062db GetSystemDirectoryW 3149->3154 3156 4062ee GetWindowsDirectoryW 3149->3156 3157 406412 5 API calls 3149->3157 3158 4061a0 10 API calls 3149->3158 3159 406367 lstrcatW 3149->3159 3160 406322 SHGetSpecialFolderLocation 3149->3160 3171 40604b RegOpenKeyExW 3149->3171 3176 4060c5 wsprintfW 3149->3176 3177 40617e lstrcpynW 3149->3177 3150->3149 3151->3150 3154->3149 3156->3149 3157->3149 3158->3149 3159->3149 3160->3149 3161 40633a SHGetPathFromIDListW CoTaskMemFree 3160->3161 3161->3149 3163 40641f 3162->3163 3165 406495 3163->3165 3166 406488 CharNextW 3163->3166 3169 406474 CharNextW 3163->3169 3170 406483 CharNextW 3163->3170 3179 405b5f 3163->3179 3164 40649a CharPrevW 3164->3165 3165->3164 3167 4064bb 3165->3167 3166->3163 3166->3165 3167->3125 3169->3163 3170->3166 3172 4060bf 3171->3172 3173 40607f RegQueryValueExW 3171->3173 3172->3149 3174 4060a0 RegCloseKey 3173->3174 3174->3172 3176->3149 3177->3149 3178->3146 3180 405b65 3179->3180 3181 405b7b 3180->3181 3182 405b6c CharNextW 3180->3182 3181->3163 3182->3180 3927 4016c4 3928 402bbf 18 API calls 3927->3928 3929 4016ca GetFullPathNameW 3928->3929 3932 4016e4 3929->3932 3936 401706 3929->3936 3930 40171b GetShortPathNameW 3931 402a4c 3930->3931 3933 4064c1 2 API calls 3932->3933 3932->3936 3934 4016f6 3933->3934 3934->3936 3937 40617e lstrcpynW 3934->3937 3936->3930 3936->3931 3937->3936 3938 406846 3944 4066ca 3938->3944 3939 407035 3940 406754 GlobalAlloc 3940->3939 3940->3944 3941 40674b GlobalFree 3941->3940 3942 4067c2 GlobalFree 3943 4067cb GlobalAlloc 3942->3943 3943->3939 3943->3944 3944->3939 3944->3940 3944->3941 3944->3942 3944->3943 3355 4027ce 3356 4027d6 3355->3356 3357 4027da FindNextFileW 3356->3357 3359 4027ec 3356->3359 3358 402833 3357->3358 3357->3359 3361 40617e lstrcpynW 3358->3361 3361->3359 3948 40194e 3949 402bbf 18 API calls 3948->3949 3950 401955 lstrlenW 3949->3950 3951 402531 3950->3951 3959 405251 3960 405261 3959->3960 3961 405275 3959->3961 3962 405267 3960->3962 3971 4052be 3960->3971 3963 40527d IsWindowVisible 3961->3963 3969 405294 3961->3969 3964 40428e SendMessageW 3962->3964 3965 40528a 3963->3965 3963->3971 3967 405271 3964->3967 3972 404ba7 SendMessageW 3965->3972 3966 4052c3 CallWindowProcW 3966->3967 3969->3966 3977 404c27 3969->3977 3971->3966 3973 404c06 SendMessageW 3972->3973 3974 404bca GetMessagePos ScreenToClient SendMessageW 3972->3974 3976 404bfe 3973->3976 3975 404c03 3974->3975 3974->3976 3975->3973 3976->3969 3986 40617e lstrcpynW 3977->3986 3979 404c3a 3987 4060c5 wsprintfW 3979->3987 3981 404c44 3982 40140b 2 API calls 3981->3982 3983 404c4d 3982->3983 3988 40617e lstrcpynW 3983->3988 3985 404c54 3985->3971 3986->3979 3987->3981 3988->3985 3415 401754 3416 402bbf 18 API calls 3415->3416 3417 40175b 3416->3417 3421 405d82 3417->3421 3419 401762 3420 405d82 2 API calls 3419->3420 3420->3419 3422 405d8f GetTickCount GetTempFileNameW 3421->3422 3423 405dc9 3422->3423 3424 405dc5 3422->3424 3423->3419 3424->3422 3424->3423 3425 4038d5 3426 4038f0 3425->3426 3427 4038e6 CloseHandle 3425->3427 3428 403904 3426->3428 3429 4038fa CloseHandle 3426->3429 3427->3426 3434 403932 3428->3434 3429->3428 3435 403940 3434->3435 3436 403909 3435->3436 3437 403945 FreeLibrary GlobalFree 3435->3437 3438 40596f 3436->3438 3437->3436 3437->3437 3474 405c3a 3438->3474 3441 405997 DeleteFileW 3471 403915 3441->3471 3442 4059ae 3443 405ace 3442->3443 3488 40617e lstrcpynW 3442->3488 3450 4064c1 2 API calls 3443->3450 3443->3471 3445 4059d4 3446 4059e7 3445->3446 3447 4059da lstrcatW 3445->3447 3489 405b7e lstrlenW 3446->3489 3448 4059ed 3447->3448 3451 4059fd lstrcatW 3448->3451 3453 405a08 lstrlenW FindFirstFileW 3448->3453 3452 405af3 3450->3452 3451->3453 3455 405b32 3 API calls 3452->3455 3452->3471 3453->3443 3454 405a2a 3453->3454 3457 405ab1 FindNextFileW 3454->3457 3466 40596f 62 API calls 3454->3466 3470 4052dd 25 API calls 3454->3470 3472 4052dd 25 API calls 3454->3472 3473 40601f 38 API calls 3454->3473 3493 40617e lstrcpynW 3454->3493 3494 405927 3454->3494 3456 405afd 3455->3456 3458 405927 5 API calls 3456->3458 3457->3454 3461 405ac7 FindClose 3457->3461 3460 405b09 3458->3460 3462 405b23 3460->3462 3465 405b0d 3460->3465 3461->3443 3464 4052dd 25 API calls 3462->3464 3464->3471 3467 4052dd 25 API calls 3465->3467 3465->3471 3466->3454 3468 405b1a 3467->3468 3469 40601f 38 API calls 3468->3469 3469->3471 3470->3457 3472->3454 3473->3454 3502 40617e lstrcpynW 3474->3502 3476 405c4b 3503 405bdd CharNextW CharNextW 3476->3503 3479 40598f 3479->3441 3479->3442 3480 406412 5 API calls 3486 405c61 3480->3486 3481 405c92 lstrlenW 3482 405c9d 3481->3482 3481->3486 3483 405b32 3 API calls 3482->3483 3485 405ca2 GetFileAttributesW 3483->3485 3484 4064c1 2 API calls 3484->3486 3485->3479 3486->3479 3486->3481 3486->3484 3487 405b7e 2 API calls 3486->3487 3487->3481 3488->3445 3490 405b8c 3489->3490 3491 405b92 CharPrevW 3490->3491 3492 405b9e 3490->3492 3491->3490 3491->3492 3492->3448 3493->3454 3495 405d2e 2 API calls 3494->3495 3496 405933 3495->3496 3497 405954 3496->3497 3498 405942 RemoveDirectoryW 3496->3498 3499 40594a DeleteFileW 3496->3499 3497->3454 3500 405950 3498->3500 3499->3500 3500->3497 3501 405960 SetFileAttributesW 3500->3501 3501->3497 3502->3476 3505 405c0c 3503->3505 3506 405bfa 3503->3506 3504 405c30 3504->3479 3504->3480 3505->3504 3508 405b5f CharNextW 3505->3508 3506->3505 3507 405c07 CharNextW 3506->3507 3507->3504 3508->3505 3989 404356 lstrcpynW lstrlenW 3990 401d56 GetDC GetDeviceCaps 3991 402ba2 18 API calls 3990->3991 3992 401d74 MulDiv ReleaseDC 3991->3992 3993 402ba2 18 API calls 3992->3993 3994 401d93 3993->3994 3995 4061a0 18 API calls 3994->3995 3996 401dcc CreateFontIndirectW 3995->3996 3997 402531 3996->3997 3998 401a57 3999 402ba2 18 API calls 3998->3999 4000 401a5d 3999->4000 4001 402ba2 18 API calls 4000->4001 4002 401a05 4001->4002 4003 4014d7 4004 402ba2 18 API calls 4003->4004 4005 4014dd Sleep 4004->4005 4007 402a4c 4005->4007 4008 404c59 GetDlgItem GetDlgItem 4009 404cab 7 API calls 4008->4009 4016 404ec4 4008->4016 4010 404d41 SendMessageW 4009->4010 4011 404d4e DeleteObject 4009->4011 4010->4011 4012 404d57 4011->4012 4014 404d8e 4012->4014 4015 4061a0 18 API calls 4012->4015 4013 404fa8 4018 405054 4013->4018 4028 405001 SendMessageW 4013->4028 4048 404eb7 4013->4048 4059 404242 4014->4059 4019 404d70 SendMessageW SendMessageW 4015->4019 4016->4013 4026 404ba7 5 API calls 4016->4026 4051 404f35 4016->4051 4020 405066 4018->4020 4021 40505e SendMessageW 4018->4021 4019->4012 4025 40508f 4020->4025 4030 405078 ImageList_Destroy 4020->4030 4031 40507f 4020->4031 4021->4020 4022 404da2 4027 404242 19 API calls 4022->4027 4024 404f9a SendMessageW 4024->4013 4033 4051fe 4025->4033 4047 404c27 4 API calls 4025->4047 4055 4050ca 4025->4055 4026->4051 4032 404db0 4027->4032 4034 405016 SendMessageW 4028->4034 4028->4048 4030->4031 4031->4025 4035 405088 GlobalFree 4031->4035 4036 404e85 GetWindowLongW SetWindowLongW 4032->4036 4043 404e7f 4032->4043 4046 404e00 SendMessageW 4032->4046 4049 404e3c SendMessageW 4032->4049 4050 404e4d SendMessageW 4032->4050 4038 405210 ShowWindow GetDlgItem ShowWindow 4033->4038 4033->4048 4037 405029 4034->4037 4035->4025 4039 404e9e 4036->4039 4042 40503a SendMessageW 4037->4042 4038->4048 4040 404ea4 ShowWindow 4039->4040 4041 404ebc 4039->4041 4062 404277 SendMessageW 4040->4062 4063 404277 SendMessageW 4041->4063 4042->4018 4043->4036 4043->4039 4046->4032 4047->4055 4067 4042a9 4048->4067 4049->4032 4050->4032 4051->4013 4051->4024 4052 4051d4 InvalidateRect 4052->4033 4053 4051ea 4052->4053 4064 404b62 4053->4064 4054 4050f8 SendMessageW 4058 40510e 4054->4058 4055->4054 4055->4058 4057 405182 SendMessageW SendMessageW 4057->4058 4058->4052 4058->4057 4060 4061a0 18 API calls 4059->4060 4061 40424d SetDlgItemTextW 4060->4061 4061->4022 4062->4048 4063->4016 4081 404a99 4064->4081 4066 404b77 4066->4033 4068 4042c1 GetWindowLongW 4067->4068 4078 40434a 4067->4078 4069 4042d2 4068->4069 4068->4078 4070 4042e1 GetSysColor 4069->4070 4071 4042e4 4069->4071 4070->4071 4072 4042f4 SetBkMode 4071->4072 4073 4042ea SetTextColor 4071->4073 4074 404312 4072->4074 4075 40430c GetSysColor 4072->4075 4073->4072 4076 404319 SetBkColor 4074->4076 4077 404323 4074->4077 4075->4074 4076->4077 4077->4078 4079 404336 DeleteObject 4077->4079 4080 40433d CreateBrushIndirect 4077->4080 4079->4080 4080->4078 4082 404ab2 4081->4082 4083 4061a0 18 API calls 4082->4083 4084 404b16 4083->4084 4085 4061a0 18 API calls 4084->4085 4086 404b21 4085->4086 4087 4061a0 18 API calls 4086->4087 4088 404b37 lstrlenW wsprintfW SetDlgItemTextW 4087->4088 4088->4066 4089 40155b 4090 4029f2 4089->4090 4093 4060c5 wsprintfW 4090->4093 4092 4029f7 4093->4092 4094 401ddc 4095 402ba2 18 API calls 4094->4095 4096 401de2 4095->4096 4097 402ba2 18 API calls 4096->4097 4098 401deb 4097->4098 4099 401df2 ShowWindow 4098->4099 4100 401dfd EnableWindow 4098->4100 4101 402a4c 4099->4101 4100->4101 4102 4046dd 4103 404709 4102->4103 4104 40471a 4102->4104 4163 4058a7 GetDlgItemTextW 4103->4163 4106 404726 GetDlgItem 4104->4106 4112 404785 4104->4112 4107 40473a 4106->4107 4111 40474e SetWindowTextW 4107->4111 4115 405bdd 4 API calls 4107->4115 4108 404869 4161 404a18 4108->4161 4165 4058a7 GetDlgItemTextW 4108->4165 4109 404714 4110 406412 5 API calls 4109->4110 4110->4104 4116 404242 19 API calls 4111->4116 4112->4108 4117 4061a0 18 API calls 4112->4117 4112->4161 4114 4042a9 8 API calls 4119 404a2c 4114->4119 4120 404744 4115->4120 4121 40476a 4116->4121 4122 4047f9 SHBrowseForFolderW 4117->4122 4118 404899 4123 405c3a 18 API calls 4118->4123 4120->4111 4127 405b32 3 API calls 4120->4127 4124 404242 19 API calls 4121->4124 4122->4108 4125 404811 CoTaskMemFree 4122->4125 4126 40489f 4123->4126 4128 404778 4124->4128 4129 405b32 3 API calls 4125->4129 4166 40617e lstrcpynW 4126->4166 4127->4111 4164 404277 SendMessageW 4128->4164 4131 40481e 4129->4131 4134 404855 SetDlgItemTextW 4131->4134 4138 4061a0 18 API calls 4131->4138 4133 40477e 4136 406558 5 API calls 4133->4136 4134->4108 4135 4048b6 4137 406558 5 API calls 4135->4137 4136->4112 4149 4048bd 4137->4149 4139 40483d lstrcmpiW 4138->4139 4139->4134 4141 40484e lstrcatW 4139->4141 4140 4048fe 4167 40617e lstrcpynW 4140->4167 4141->4134 4143 404905 4144 405bdd 4 API calls 4143->4144 4145 40490b GetDiskFreeSpaceW 4144->4145 4147 40492f MulDiv 4145->4147 4150 404956 4145->4150 4147->4150 4148 405b7e 2 API calls 4148->4149 4149->4140 4149->4148 4149->4150 4151 4049c7 4150->4151 4153 404b62 21 API calls 4150->4153 4152 4049ea 4151->4152 4154 40140b 2 API calls 4151->4154 4168 404264 EnableWindow 4152->4168 4155 4049b4 4153->4155 4154->4152 4157 4049c9 SetDlgItemTextW 4155->4157 4158 4049b9 4155->4158 4157->4151 4159 404a99 21 API calls 4158->4159 4159->4151 4160 404a06 4160->4161 4169 404672 4160->4169 4161->4114 4163->4109 4164->4133 4165->4118 4166->4135 4167->4143 4168->4160 4170 404680 4169->4170 4171 404685 SendMessageW 4169->4171 4170->4171 4171->4161 3850 4022df 3851 402bbf 18 API calls 3850->3851 3852 4022ee 3851->3852 3853 402bbf 18 API calls 3852->3853 3854 4022f7 3853->3854 3855 402bbf 18 API calls 3854->3855 3856 402301 GetPrivateProfileStringW 3855->3856 4172 4043df 4174 4043f7 4172->4174 4177 404511 4172->4177 4173 40457b 4175 404585 GetDlgItem 4173->4175 4176 40464d 4173->4176 4178 404242 19 API calls 4174->4178 4179 40460e 4175->4179 4180 40459f 4175->4180 4183 4042a9 8 API calls 4176->4183 4177->4173 4177->4176 4181 40454c GetDlgItem SendMessageW 4177->4181 4182 40445e 4178->4182 4179->4176 4188 404620 4179->4188 4180->4179 4187 4045c5 6 API calls 4180->4187 4203 404264 EnableWindow 4181->4203 4185 404242 19 API calls 4182->4185 4186 404648 4183->4186 4190 40446b CheckDlgButton 4185->4190 4187->4179 4191 404636 4188->4191 4192 404626 SendMessageW 4188->4192 4189 404576 4193 404672 SendMessageW 4189->4193 4201 404264 EnableWindow 4190->4201 4191->4186 4195 40463c SendMessageW 4191->4195 4192->4191 4193->4173 4195->4186 4196 404489 GetDlgItem 4202 404277 SendMessageW 4196->4202 4198 40449f SendMessageW 4199 4044c5 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4198->4199 4200 4044bc GetSysColor 4198->4200 4199->4186 4200->4199 4201->4196 4202->4198 4203->4189 4204 401bdf 4205 402ba2 18 API calls 4204->4205 4206 401be6 4205->4206 4207 402ba2 18 API calls 4206->4207 4208 401bf0 4207->4208 4209 401c00 4208->4209 4210 402bbf 18 API calls 4208->4210 4211 401c10 4209->4211 4212 402bbf 18 API calls 4209->4212 4210->4209 4213 401c1b 4211->4213 4214 401c5f 4211->4214 4212->4211 4215 402ba2 18 API calls 4213->4215 4216 402bbf 18 API calls 4214->4216 4217 401c20 4215->4217 4218 401c64 4216->4218 4219 402ba2 18 API calls 4217->4219 4220 402bbf 18 API calls 4218->4220 4221 401c29 4219->4221 4222 401c6d FindWindowExW 4220->4222 4223 401c31 SendMessageTimeoutW 4221->4223 4224 401c4f SendMessageW 4221->4224 4225 401c8f 4222->4225 4223->4225 4224->4225 4226 401960 4227 402ba2 18 API calls 4226->4227 4228 401967 4227->4228 4229 402ba2 18 API calls 4228->4229 4230 401971 4229->4230 4231 402bbf 18 API calls 4230->4231 4232 40197a 4231->4232 4233 40198e lstrlenW 4232->4233 4234 4019ca 4232->4234 4235 401998 4233->4235 4235->4234 4239 40617e lstrcpynW 4235->4239 4237 4019b3 4237->4234 4238 4019c0 lstrlenW 4237->4238 4238->4234 4239->4237 4240 401662 4241 402bbf 18 API calls 4240->4241 4242 401668 4241->4242 4243 4064c1 2 API calls 4242->4243 4244 40166e 4243->4244 4245 4019e4 4246 402bbf 18 API calls 4245->4246 4247 4019eb 4246->4247 4248 402bbf 18 API calls 4247->4248 4249 4019f4 4248->4249 4250 4019fb lstrcmpiW 4249->4250 4251 401a0d lstrcmpW 4249->4251 4252 401a01 4250->4252 4251->4252 4253 4025e5 4254 402ba2 18 API calls 4253->4254 4256 4025f4 4254->4256 4255 40272d 4256->4255 4257 40263a ReadFile 4256->4257 4258 405dd6 ReadFile 4256->4258 4259 40267a MultiByteToWideChar 4256->4259 4260 40272f 4256->4260 4261 405e34 5 API calls 4256->4261 4263 4026a0 SetFilePointer MultiByteToWideChar 4256->4263 4264 402740 4256->4264 4257->4255 4257->4256 4258->4256 4259->4256 4266 4060c5 wsprintfW 4260->4266 4261->4256 4263->4256 4264->4255 4265 402761 SetFilePointer 4264->4265 4265->4255 4266->4255 3183 401e66 3184 402bbf 18 API calls 3183->3184 3185 401e6c 3184->3185 3186 4052dd 25 API calls 3185->3186 3187 401e76 3186->3187 3200 40585e CreateProcessW 3187->3200 3190 40281e 3191 401edb FindCloseChangeNotification 3191->3190 3192 401e8c WaitForSingleObject 3193 401e9e 3192->3193 3194 401eb0 GetExitCodeProcess 3193->3194 3203 406594 3193->3203 3195 401ec2 3194->3195 3196 401ecd 3194->3196 3207 4060c5 wsprintfW 3195->3207 3196->3191 3201 405891 CloseHandle 3200->3201 3202 401e7c 3200->3202 3201->3202 3202->3190 3202->3191 3202->3192 3204 4065b1 PeekMessageW 3203->3204 3205 401ea5 WaitForSingleObject 3204->3205 3206 4065a7 DispatchMessageW 3204->3206 3205->3193 3206->3204 3207->3196 3220 401767 3221 402bbf 18 API calls 3220->3221 3222 40176e 3221->3222 3223 401796 3222->3223 3224 40178e 3222->3224 3275 40617e lstrcpynW 3223->3275 3274 40617e lstrcpynW 3224->3274 3227 4017a1 3276 405b32 lstrlenW CharPrevW 3227->3276 3228 401794 3231 406412 5 API calls 3228->3231 3241 4017b3 3231->3241 3235 4017c5 CompareFileTime 3235->3241 3236 401885 3237 4052dd 25 API calls 3236->3237 3239 40188f 3237->3239 3238 4052dd 25 API calls 3240 401871 3238->3240 3259 4030e7 3239->3259 3241->3235 3241->3236 3245 4061a0 18 API calls 3241->3245 3250 40617e lstrcpynW 3241->3250 3257 40185c 3241->3257 3258 405d53 GetFileAttributesW CreateFileW 3241->3258 3279 4064c1 FindFirstFileW 3241->3279 3282 405d2e GetFileAttributesW 3241->3282 3285 4058c3 3241->3285 3244 4018b6 SetFileTime 3246 4018c8 FindCloseChangeNotification 3244->3246 3245->3241 3246->3240 3247 4018d9 3246->3247 3248 4018f1 3247->3248 3249 4018de 3247->3249 3252 4061a0 18 API calls 3248->3252 3251 4061a0 18 API calls 3249->3251 3250->3241 3253 4018e6 lstrcatW 3251->3253 3254 4018f9 3252->3254 3253->3254 3256 4058c3 MessageBoxIndirectW 3254->3256 3256->3240 3257->3238 3257->3240 3258->3241 3260 403112 3259->3260 3261 4030f6 SetFilePointer 3259->3261 3289 4031ef GetTickCount 3260->3289 3261->3260 3266 4031ef 43 API calls 3267 403149 3266->3267 3268 4031b5 ReadFile 3267->3268 3271 403158 3267->3271 3273 4018a2 3267->3273 3268->3273 3270 405dd6 ReadFile 3270->3271 3271->3270 3271->3273 3304 405e05 WriteFile 3271->3304 3273->3244 3273->3246 3274->3228 3275->3227 3277 4017a7 lstrcatW 3276->3277 3278 405b4e lstrcatW 3276->3278 3277->3228 3278->3277 3280 4064e2 3279->3280 3281 4064d7 FindClose 3279->3281 3280->3241 3281->3280 3283 405d40 SetFileAttributesW 3282->3283 3284 405d4d 3282->3284 3283->3284 3284->3241 3286 4058d8 3285->3286 3287 405924 3286->3287 3288 4058ec MessageBoxIndirectW 3286->3288 3287->3241 3288->3287 3290 403347 3289->3290 3291 40321d 3289->3291 3292 402d9f 33 API calls 3290->3292 3306 40336e SetFilePointer 3291->3306 3298 403119 3292->3298 3294 403228 SetFilePointer 3300 40324d 3294->3300 3298->3273 3302 405dd6 ReadFile 3298->3302 3299 405e05 WriteFile 3299->3300 3300->3298 3300->3299 3301 403328 SetFilePointer 3300->3301 3307 403358 3300->3307 3310 406697 3300->3310 3317 402d9f 3300->3317 3301->3290 3303 403132 3302->3303 3303->3266 3303->3273 3305 405e23 3304->3305 3305->3271 3306->3294 3308 405dd6 ReadFile 3307->3308 3309 40336b 3308->3309 3309->3300 3311 4066bc 3310->3311 3316 4066c4 3310->3316 3311->3300 3312 406754 GlobalAlloc 3312->3311 3312->3316 3313 40674b GlobalFree 3313->3312 3314 4067c2 GlobalFree 3315 4067cb GlobalAlloc 3314->3315 3315->3311 3315->3316 3316->3311 3316->3312 3316->3313 3316->3314 3316->3315 3318 402db0 3317->3318 3319 402dc8 3317->3319 3320 402db9 DestroyWindow 3318->3320 3324 402dc0 3318->3324 3321 402dd0 3319->3321 3322 402dd8 GetTickCount 3319->3322 3320->3324 3325 406594 2 API calls 3321->3325 3323 402de6 3322->3323 3322->3324 3326 402e1b CreateDialogParamW ShowWindow 3323->3326 3327 402dee 3323->3327 3324->3300 3325->3324 3326->3324 3327->3324 3332 402d83 3327->3332 3329 402dfc wsprintfW 3330 4052dd 25 API calls 3329->3330 3331 402e19 3330->3331 3331->3324 3333 402d92 3332->3333 3334 402d94 MulDiv 3332->3334 3333->3334 3334->3329 4274 401ee9 4275 402bbf 18 API calls 4274->4275 4276 401ef0 4275->4276 4277 4064c1 2 API calls 4276->4277 4278 401ef6 4277->4278 4280 401f07 4278->4280 4281 4060c5 wsprintfW 4278->4281 4281->4280 4282 403d6a 4283 403d82 4282->4283 4284 403ebd 4282->4284 4283->4284 4285 403d8e 4283->4285 4286 403f0e 4284->4286 4287 403ece GetDlgItem GetDlgItem 4284->4287 4288 403d99 SetWindowPos 4285->4288 4289 403dac 4285->4289 4291 403f68 4286->4291 4299 401389 2 API calls 4286->4299 4290 404242 19 API calls 4287->4290 4288->4289 4293 403db1 ShowWindow 4289->4293 4294 403dc9 4289->4294 4295 403ef8 SetClassLongW 4290->4295 4292 40428e SendMessageW 4291->4292 4310 403eb8 4291->4310 4339 403f7a 4292->4339 4293->4294 4296 403dd1 DestroyWindow 4294->4296 4297 403deb 4294->4297 4298 40140b 2 API calls 4295->4298 4349 4041cb 4296->4349 4300 403df0 SetWindowLongW 4297->4300 4301 403e01 4297->4301 4298->4286 4302 403f40 4299->4302 4300->4310 4305 403e0d GetDlgItem 4301->4305 4319 403e78 4301->4319 4302->4291 4306 403f44 SendMessageW 4302->4306 4303 40140b 2 API calls 4303->4339 4304 4041cd DestroyWindow EndDialog 4304->4349 4309 403e20 SendMessageW IsWindowEnabled 4305->4309 4312 403e3d 4305->4312 4306->4310 4307 4042a9 8 API calls 4307->4310 4308 4041fc ShowWindow 4308->4310 4309->4310 4309->4312 4311 4061a0 18 API calls 4311->4339 4313 403e4a 4312->4313 4314 403e91 SendMessageW 4312->4314 4315 403e5d 4312->4315 4323 403e42 4312->4323 4313->4314 4313->4323 4314->4319 4317 403e65 4315->4317 4318 403e7a 4315->4318 4320 40140b 2 API calls 4317->4320 4321 40140b 2 API calls 4318->4321 4319->4307 4320->4323 4321->4323 4322 404242 19 API calls 4322->4339 4323->4319 4350 40421b 4323->4350 4324 404242 19 API calls 4325 403ff5 GetDlgItem 4324->4325 4326 404012 ShowWindow EnableWindow 4325->4326 4327 40400a 4325->4327 4353 404264 EnableWindow 4326->4353 4327->4326 4329 40403c EnableWindow 4332 404050 4329->4332 4330 404055 GetSystemMenu EnableMenuItem SendMessageW 4331 404085 SendMessageW 4330->4331 4330->4332 4331->4332 4332->4330 4354 404277 SendMessageW 4332->4354 4355 40617e lstrcpynW 4332->4355 4335 4040b3 lstrlenW 4336 4061a0 18 API calls 4335->4336 4337 4040c9 SetWindowTextW 4336->4337 4338 401389 2 API calls 4337->4338 4338->4339 4339->4303 4339->4304 4339->4310 4339->4311 4339->4322 4339->4324 4340 40410d DestroyWindow 4339->4340 4341 404127 CreateDialogParamW 4340->4341 4340->4349 4342 40415a 4341->4342 4341->4349 4343 404242 19 API calls 4342->4343 4344 404165 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4343->4344 4345 401389 2 API calls 4344->4345 4346 4041ab 4345->4346 4346->4310 4347 4041b3 ShowWindow 4346->4347 4348 40428e SendMessageW 4347->4348 4348->4349 4349->4308 4349->4310 4351 404222 4350->4351 4352 404228 SendMessageW 4350->4352 4351->4352 4352->4319 4353->4329 4354->4332 4355->4335 4356 4021ea 4357 402bbf 18 API calls 4356->4357 4358 4021f0 4357->4358 4359 402bbf 18 API calls 4358->4359 4360 4021f9 4359->4360 4361 402bbf 18 API calls 4360->4361 4362 402202 4361->4362 4363 4064c1 2 API calls 4362->4363 4364 40220b 4363->4364 4365 40221c lstrlenW lstrlenW 4364->4365 4366 40220f 4364->4366 4368 4052dd 25 API calls 4365->4368 4367 4052dd 25 API calls 4366->4367 4370 402217 4366->4370 4367->4370 4369 40225a SHFileOperationW 4368->4369 4369->4366 4369->4370 4371 40156b 4372 401584 4371->4372 4373 40157b ShowWindow 4371->4373 4374 401592 ShowWindow 4372->4374 4375 402a4c 4372->4375 4373->4372 4374->4375 4376 40226e 4377 402275 4376->4377 4381 402288 4376->4381 4378 4061a0 18 API calls 4377->4378 4379 402282 4378->4379 4380 4058c3 MessageBoxIndirectW 4379->4380 4380->4381 4382 4014f1 SetForegroundWindow 4383 402a4c 4382->4383 3362 401673 3363 402bbf 18 API calls 3362->3363 3364 40167a 3363->3364 3365 402bbf 18 API calls 3364->3365 3366 401683 3365->3366 3367 402bbf 18 API calls 3366->3367 3368 40168c MoveFileW 3367->3368 3369 40169f 3368->3369 3375 401698 3368->3375 3370 4064c1 2 API calls 3369->3370 3373 4021e1 3369->3373 3372 4016ae 3370->3372 3371 401423 25 API calls 3371->3373 3372->3373 3376 40601f MoveFileExW 3372->3376 3375->3371 3377 406042 3376->3377 3378 406033 3376->3378 3377->3375 3381 405ead lstrcpyW 3378->3381 3382 405ed5 3381->3382 3383 405efb GetShortPathNameW 3381->3383 3408 405d53 GetFileAttributesW CreateFileW 3382->3408 3384 405f10 3383->3384 3385 40601a 3383->3385 3384->3385 3387 405f18 wsprintfA 3384->3387 3385->3377 3390 4061a0 18 API calls 3387->3390 3388 405edf CloseHandle GetShortPathNameW 3388->3385 3389 405ef3 3388->3389 3389->3383 3389->3385 3391 405f40 3390->3391 3409 405d53 GetFileAttributesW CreateFileW 3391->3409 3393 405f4d 3393->3385 3394 405f5c GetFileSize GlobalAlloc 3393->3394 3395 406013 CloseHandle 3394->3395 3396 405f7e 3394->3396 3395->3385 3397 405dd6 ReadFile 3396->3397 3398 405f86 3397->3398 3398->3395 3410 405cb8 lstrlenA 3398->3410 3401 405fb1 3403 405cb8 4 API calls 3401->3403 3402 405f9d lstrcpyA 3404 405fbf 3402->3404 3403->3404 3405 405ff6 SetFilePointer 3404->3405 3406 405e05 WriteFile 3405->3406 3407 40600c GlobalFree 3406->3407 3407->3395 3408->3388 3409->3393 3411 405cf9 lstrlenA 3410->3411 3412 405d01 3411->3412 3413 405cd2 lstrcmpiA 3411->3413 3412->3401 3412->3402 3413->3412 3414 405cf0 CharNextA 3413->3414 3414->3411 4384 401cfa GetDlgItem GetClientRect 4385 402bbf 18 API calls 4384->4385 4386 401d2c LoadImageW SendMessageW 4385->4386 4387 401d4a DeleteObject 4386->4387 4388 402a4c 4386->4388 4387->4388 3830 4027fb 3831 402bbf 18 API calls 3830->3831 3832 402802 FindFirstFileW 3831->3832 3833 40282a 3832->3833 3836 402815 3832->3836 3834 402833 3833->3834 3838 4060c5 wsprintfW 3833->3838 3839 40617e lstrcpynW 3834->3839 3838->3834 3839->3836 4389 40237b 4390 402381 4389->4390 4391 402bbf 18 API calls 4390->4391 4392 402393 4391->4392 4393 402bbf 18 API calls 4392->4393 4394 40239d RegCreateKeyExW 4393->4394 4395 4023c7 4394->4395 4399 402a4c 4394->4399 4396 4023e2 4395->4396 4397 402bbf 18 API calls 4395->4397 4398 4023ee 4396->4398 4401 402ba2 18 API calls 4396->4401 4400 4023d8 lstrlenW 4397->4400 4402 402409 RegSetValueExW 4398->4402 4403 4030e7 45 API calls 4398->4403 4400->4396 4401->4398 4404 40241f RegCloseKey 4402->4404 4403->4402 4404->4399 4420 4014ff 4421 401507 4420->4421 4423 40151a 4420->4423 4422 402ba2 18 API calls 4421->4422 4422->4423 4424 401000 4425 401037 BeginPaint GetClientRect 4424->4425 4427 40100c DefWindowProcW 4424->4427 4428 4010f3 4425->4428 4431 401179 4427->4431 4429 401073 CreateBrushIndirect FillRect DeleteObject 4428->4429 4430 4010fc 4428->4430 4429->4428 4432 401102 CreateFontIndirectW 4430->4432 4433 401167 EndPaint 4430->4433 4432->4433 4434 401112 6 API calls 4432->4434 4433->4431 4434->4433 4442 401904 4443 40193b 4442->4443 4444 402bbf 18 API calls 4443->4444 4445 401940 4444->4445 4446 40596f 69 API calls 4445->4446 4447 401949 4446->4447 4448 402d04 4449 402d16 SetTimer 4448->4449 4450 402d2f 4448->4450 4449->4450 4451 402d7d 4450->4451 4452 402d83 MulDiv 4450->4452 4453 402d3d wsprintfW SetWindowTextW SetDlgItemTextW 4452->4453 4453->4451 4455 403985 4456 403990 4455->4456 4457 403994 4456->4457 4458 403997 GlobalAlloc 4456->4458 4458->4457 3208 402786 3209 40278d 3208->3209 3212 4029f7 3208->3212 3216 402ba2 3209->3216 3211 402798 3213 40279f SetFilePointer 3211->3213 3213->3212 3214 4027af 3213->3214 3219 4060c5 wsprintfW 3214->3219 3217 4061a0 18 API calls 3216->3217 3218 402bb6 3217->3218 3218->3211 3219->3212 4459 401907 4460 402bbf 18 API calls 4459->4460 4461 40190e 4460->4461 4462 4058c3 MessageBoxIndirectW 4461->4462 4463 401917 4462->4463 4464 401e08 4465 402bbf 18 API calls 4464->4465 4466 401e0e 4465->4466 4467 402bbf 18 API calls 4466->4467 4468 401e17 4467->4468 4469 402bbf 18 API calls 4468->4469 4470 401e20 4469->4470 4471 402bbf 18 API calls 4470->4471 4472 401e29 4471->4472 4473 401423 25 API calls 4472->4473 4474 401e30 ShellExecuteW 4473->4474 4475 401e61 4474->4475 3335 401389 3337 401390 3335->3337 3336 4013fe 3337->3336 3338 4013cb MulDiv SendMessageW 3337->3338 3338->3337 4481 404390 lstrlenW 4482 4043b1 WideCharToMultiByte 4481->4482 4483 4043af 4481->4483 4483->4482 4484 401491 4485 4052dd 25 API calls 4484->4485 4486 401498 4485->4486 4494 401a15 4495 402bbf 18 API calls 4494->4495 4496 401a1e ExpandEnvironmentStringsW 4495->4496 4497 401a32 4496->4497 4499 401a45 4496->4499 4498 401a37 lstrcmpW 4497->4498 4497->4499 4498->4499 4500 402515 4501 402bbf 18 API calls 4500->4501 4502 40251c 4501->4502 4505 405d53 GetFileAttributesW CreateFileW 4502->4505 4504 402528 4505->4504 4506 402095 4507 402bbf 18 API calls 4506->4507 4508 40209c 4507->4508 4509 402bbf 18 API calls 4508->4509 4510 4020a6 4509->4510 4511 402bbf 18 API calls 4510->4511 4512 4020b0 4511->4512 4513 402bbf 18 API calls 4512->4513 4514 4020ba 4513->4514 4515 402bbf 18 API calls 4514->4515 4517 4020c4 4515->4517 4516 402103 CoCreateInstance 4521 402122 4516->4521 4517->4516 4518 402bbf 18 API calls 4517->4518 4518->4516 4519 401423 25 API calls 4520 4021e1 4519->4520 4521->4519 4521->4520 4522 401b16 4523 402bbf 18 API calls 4522->4523 4524 401b1d 4523->4524 4525 402ba2 18 API calls 4524->4525 4526 401b26 wsprintfW 4525->4526 4527 402a4c 4526->4527 4528 404696 4529 4046a6 4528->4529 4530 4046cc 4528->4530 4532 404242 19 API calls 4529->4532 4531 4042a9 8 API calls 4530->4531 4533 4046d8 4531->4533 4534 4046b3 SetDlgItemTextW 4532->4534 4534->4530 4535 40159b 4536 402bbf 18 API calls 4535->4536 4537 4015a2 SetFileAttributesW 4536->4537 4538 4015b4 4537->4538 4539 40541c 4540 4055c6 4539->4540 4541 40543d GetDlgItem GetDlgItem GetDlgItem 4539->4541 4543 4055f7 4540->4543 4544 4055cf GetDlgItem CreateThread CloseHandle 4540->4544 4584 404277 SendMessageW 4541->4584 4546 405622 4543->4546 4547 405647 4543->4547 4548 40560e ShowWindow ShowWindow 4543->4548 4544->4543 4545 4054ad 4550 4054b4 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4545->4550 4549 405682 4546->4549 4552 405636 4546->4552 4553 40565c ShowWindow 4546->4553 4554 4042a9 8 API calls 4547->4554 4586 404277 SendMessageW 4548->4586 4549->4547 4559 405690 SendMessageW 4549->4559 4557 405522 4550->4557 4558 405506 SendMessageW SendMessageW 4550->4558 4560 40421b SendMessageW 4552->4560 4555 40567c 4553->4555 4556 40566e 4553->4556 4561 405655 4554->4561 4563 40421b SendMessageW 4555->4563 4562 4052dd 25 API calls 4556->4562 4564 405535 4557->4564 4565 405527 SendMessageW 4557->4565 4558->4557 4559->4561 4566 4056a9 CreatePopupMenu 4559->4566 4560->4547 4562->4555 4563->4549 4568 404242 19 API calls 4564->4568 4565->4564 4567 4061a0 18 API calls 4566->4567 4569 4056b9 AppendMenuW 4567->4569 4570 405545 4568->4570 4571 4056d6 GetWindowRect 4569->4571 4572 4056e9 TrackPopupMenu 4569->4572 4573 405582 GetDlgItem SendMessageW 4570->4573 4574 40554e ShowWindow 4570->4574 4571->4572 4572->4561 4576 405704 4572->4576 4573->4561 4575 4055a9 SendMessageW SendMessageW 4573->4575 4577 405571 4574->4577 4578 405564 ShowWindow 4574->4578 4575->4561 4579 405720 SendMessageW 4576->4579 4585 404277 SendMessageW 4577->4585 4578->4577 4579->4579 4580 40573d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4579->4580 4582 405762 SendMessageW 4580->4582 4582->4582 4583 40578b GlobalUnlock SetClipboardData CloseClipboard 4582->4583 4583->4561 4584->4545 4585->4573 4586->4546 4587 401f1d 4588 402bbf 18 API calls 4587->4588 4589 401f24 4588->4589 4590 406558 5 API calls 4589->4590 4591 401f33 4590->4591 4592 401fb7 4591->4592 4593 401f4f GlobalAlloc 4591->4593 4593->4592 4594 401f63 4593->4594 4595 406558 5 API calls 4594->4595 4596 401f6a 4595->4596 4597 406558 5 API calls 4596->4597 4598 401f74 4597->4598 4598->4592 4602 4060c5 wsprintfW 4598->4602 4600 401fa9 4603 4060c5 wsprintfW 4600->4603 4602->4600 4603->4592 4604 40229d 4605 4022a5 4604->4605 4606 4022ab 4604->4606 4607 402bbf 18 API calls 4605->4607 4608 4022b9 4606->4608 4609 402bbf 18 API calls 4606->4609 4607->4606 4610 402bbf 18 API calls 4608->4610 4612 4022c7 4608->4612 4609->4608 4610->4612 4611 402bbf 18 API calls 4613 4022d0 WritePrivateProfileStringW 4611->4613 4612->4611 3840 40249e 3841 402cc9 19 API calls 3840->3841 3842 4024a8 3841->3842 3843 402ba2 18 API calls 3842->3843 3844 4024b1 3843->3844 3845 40281e 3844->3845 3846 4024d5 RegEnumValueW 3844->3846 3847 4024c9 RegEnumKeyW 3844->3847 3846->3845 3848 4024ee RegCloseKey 3846->3848 3847->3848 3848->3845 4614 40149e 4615 402288 4614->4615 4616 4014ac PostQuitMessage 4614->4616 4616->4615 3857 40231f 3858 402324 3857->3858 3859 40234f 3857->3859 3861 402cc9 19 API calls 3858->3861 3860 402bbf 18 API calls 3859->3860 3863 402356 3860->3863 3862 40232b 3861->3862 3864 402335 3862->3864 3868 40236c 3862->3868 3869 402bff RegOpenKeyExW 3863->3869 3865 402bbf 18 API calls 3864->3865 3866 40233c RegDeleteValueW RegCloseKey 3865->3866 3866->3868 3870 402c90 3869->3870 3874 402c2a 3869->3874 3870->3868 3871 402c50 RegEnumKeyW 3872 402c62 RegCloseKey 3871->3872 3871->3874 3875 406558 5 API calls 3872->3875 3873 402c87 RegCloseKey 3873->3870 3874->3871 3874->3872 3874->3873 3876 402bff 5 API calls 3874->3876 3877 402c72 3875->3877 3876->3874 3878 402c76 RegDeleteKeyExW 3877->3878 3879 402c9a 3877->3879 3878->3870 3879->3870 3880 402ca2 RegDeleteKeyW 3879->3880 3880->3870 3881 402cb2 3880->3881 3881->3870 4617 401ca3 4618 402ba2 18 API calls 4617->4618 4619 401ca9 IsWindow 4618->4619 4620 401a05 4619->4620 4621 402a27 SendMessageW 4622 402a41 InvalidateRect 4621->4622 4623 402a4c 4621->4623 4622->4623 3339 40242a 3350 402cc9 3339->3350 3341 402434 3342 402bbf 18 API calls 3341->3342 3343 40243d 3342->3343 3344 402448 RegQueryValueExW 3343->3344 3347 40281e 3343->3347 3345 402468 3344->3345 3346 40246e RegCloseKey 3344->3346 3345->3346 3354 4060c5 wsprintfW 3345->3354 3346->3347 3351 402bbf 18 API calls 3350->3351 3352 402ce2 3351->3352 3353 402cf0 RegOpenKeyExW 3352->3353 3353->3341 3354->3346 4631 40172d 4632 402bbf 18 API calls 4631->4632 4633 401734 SearchPathW 4632->4633 4634 40174f 4633->4634 4635 404a33 4636 404a43 4635->4636 4637 404a5f 4635->4637 4646 4058a7 GetDlgItemTextW 4636->4646 4639 404a92 4637->4639 4640 404a65 SHGetPathFromIDListW 4637->4640 4641 404a7c SendMessageW 4640->4641 4642 404a75 4640->4642 4641->4639 4644 40140b 2 API calls 4642->4644 4643 404a50 SendMessageW 4643->4637 4644->4641 4646->4643 4647 4027b4 4648 4027ba 4647->4648 4649 4027c2 FindClose 4648->4649 4650 402a4c 4648->4650 4649->4650 3509 4033b6 SetErrorMode GetVersion 3510 4033eb 3509->3510 3511 4033f1 3509->3511 3512 406558 5 API calls 3510->3512 3597 4064e8 GetSystemDirectoryW 3511->3597 3512->3511 3514 403407 lstrlenA 3514->3511 3515 403417 3514->3515 3600 406558 GetModuleHandleA 3515->3600 3518 406558 5 API calls 3519 403426 #17 OleInitialize SHGetFileInfoW 3518->3519 3606 40617e lstrcpynW 3519->3606 3521 403463 GetCommandLineW 3607 40617e lstrcpynW 3521->3607 3523 403475 GetModuleHandleW 3524 40348d 3523->3524 3525 405b5f CharNextW 3524->3525 3526 40349c CharNextW 3525->3526 3527 4035c6 GetTempPathW 3526->3527 3529 4034b5 3526->3529 3608 403385 3527->3608 3529->3529 3534 405b5f CharNextW 3529->3534 3540 4035af 3529->3540 3544 4035b1 3529->3544 3530 4035de 3531 4035e2 GetWindowsDirectoryW lstrcatW 3530->3531 3532 403638 DeleteFileW 3530->3532 3533 403385 12 API calls 3531->3533 3618 402e41 GetTickCount GetModuleFileNameW 3532->3618 3537 4035fe 3533->3537 3534->3529 3536 40364c 3538 403703 ExitProcess OleUninitialize 3536->3538 3541 4036ef 3536->3541 3546 405b5f CharNextW 3536->3546 3537->3532 3539 403602 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3537->3539 3542 403839 3538->3542 3543 403719 3538->3543 3545 403385 12 API calls 3539->3545 3540->3527 3648 4039c7 3541->3648 3550 403841 GetCurrentProcess OpenProcessToken 3542->3550 3551 4038bd ExitProcess 3542->3551 3549 4058c3 MessageBoxIndirectW 3543->3549 3705 40617e lstrcpynW 3544->3705 3552 403630 3545->3552 3563 40366b 3546->3563 3555 403727 ExitProcess 3549->3555 3556 403859 LookupPrivilegeValueW AdjustTokenPrivileges 3550->3556 3557 40388d 3550->3557 3552->3532 3552->3538 3556->3557 3558 406558 5 API calls 3557->3558 3559 403894 3558->3559 3562 4038a9 ExitWindowsEx 3559->3562 3566 4038b6 3559->3566 3560 4036c9 3565 405c3a 18 API calls 3560->3565 3561 40372f 3708 405846 3561->3708 3562->3551 3562->3566 3563->3560 3563->3561 3568 4036d5 3565->3568 3721 40140b 3566->3721 3568->3538 3706 40617e lstrcpynW 3568->3706 3570 403750 lstrcatW lstrcmpiW 3570->3538 3572 40376c 3570->3572 3571 403745 lstrcatW 3571->3570 3574 403771 3572->3574 3575 403778 3572->3575 3711 4057ac CreateDirectoryW 3574->3711 3716 405829 CreateDirectoryW 3575->3716 3576 4036e4 3707 40617e lstrcpynW 3576->3707 3581 40377d SetCurrentDirectoryW 3582 403798 3581->3582 3583 40378d 3581->3583 3720 40617e lstrcpynW 3582->3720 3719 40617e lstrcpynW 3583->3719 3586 4061a0 18 API calls 3587 4037d7 DeleteFileW 3586->3587 3588 4037e4 CopyFileW 3587->3588 3594 4037a6 3587->3594 3588->3594 3589 40382d 3591 40601f 38 API calls 3589->3591 3590 40601f 38 API calls 3590->3594 3592 403834 3591->3592 3592->3538 3593 4061a0 18 API calls 3593->3594 3594->3586 3594->3589 3594->3590 3594->3593 3595 40585e 2 API calls 3594->3595 3596 403818 CloseHandle 3594->3596 3595->3594 3596->3594 3598 40650a wsprintfW LoadLibraryExW 3597->3598 3598->3514 3601 406574 3600->3601 3602 40657e GetProcAddress 3600->3602 3603 4064e8 3 API calls 3601->3603 3604 40341f 3602->3604 3605 40657a 3603->3605 3604->3518 3605->3602 3605->3604 3606->3521 3607->3523 3609 406412 5 API calls 3608->3609 3611 403391 3609->3611 3610 40339b 3610->3530 3611->3610 3612 405b32 3 API calls 3611->3612 3613 4033a3 3612->3613 3614 405829 2 API calls 3613->3614 3615 4033a9 3614->3615 3616 405d82 2 API calls 3615->3616 3617 4033b4 3616->3617 3617->3530 3724 405d53 GetFileAttributesW CreateFileW 3618->3724 3620 402e84 3647 402e91 3620->3647 3725 40617e lstrcpynW 3620->3725 3622 402ea7 3623 405b7e 2 API calls 3622->3623 3624 402ead 3623->3624 3726 40617e lstrcpynW 3624->3726 3626 402eb8 GetFileSize 3627 402fb9 3626->3627 3645 402ecf 3626->3645 3628 402d9f 33 API calls 3627->3628 3630 402fc0 3628->3630 3629 403358 ReadFile 3629->3645 3632 402ffc GlobalAlloc 3630->3632 3630->3647 3728 40336e SetFilePointer 3630->3728 3631 403054 3634 402d9f 33 API calls 3631->3634 3633 403013 3632->3633 3639 405d82 2 API calls 3633->3639 3634->3647 3636 402fdd 3637 403358 ReadFile 3636->3637 3640 402fe8 3637->3640 3638 402d9f 33 API calls 3638->3645 3641 403024 CreateFileW 3639->3641 3640->3632 3640->3647 3642 40305e 3641->3642 3641->3647 3727 40336e SetFilePointer 3642->3727 3644 40306c 3646 4030e7 45 API calls 3644->3646 3645->3627 3645->3629 3645->3631 3645->3638 3645->3647 3646->3647 3647->3536 3649 406558 5 API calls 3648->3649 3650 4039db 3649->3650 3651 4039e1 3650->3651 3652 4039f3 3650->3652 3738 4060c5 wsprintfW 3651->3738 3653 40604b 3 API calls 3652->3653 3654 403a23 3653->3654 3655 403a42 lstrcatW 3654->3655 3657 40604b 3 API calls 3654->3657 3658 4039f1 3655->3658 3657->3655 3729 403c9d 3658->3729 3661 405c3a 18 API calls 3662 403a74 3661->3662 3663 403b08 3662->3663 3665 40604b 3 API calls 3662->3665 3664 405c3a 18 API calls 3663->3664 3666 403b0e 3664->3666 3667 403aa6 3665->3667 3668 403b1e LoadImageW 3666->3668 3671 4061a0 18 API calls 3666->3671 3667->3663 3674 403ac7 lstrlenW 3667->3674 3678 405b5f CharNextW 3667->3678 3669 403bc4 3668->3669 3670 403b45 RegisterClassW 3668->3670 3673 40140b 2 API calls 3669->3673 3672 403b7b SystemParametersInfoW CreateWindowExW 3670->3672 3681 4036ff 3670->3681 3671->3668 3672->3669 3677 403bca 3673->3677 3675 403ad5 lstrcmpiW 3674->3675 3676 403afb 3674->3676 3675->3676 3680 403ae5 GetFileAttributesW 3675->3680 3682 405b32 3 API calls 3676->3682 3677->3681 3684 403c9d 19 API calls 3677->3684 3679 403ac4 3678->3679 3679->3674 3683 403af1 3680->3683 3681->3538 3685 403b01 3682->3685 3683->3676 3686 405b7e 2 API calls 3683->3686 3687 403bdb 3684->3687 3739 40617e lstrcpynW 3685->3739 3686->3676 3689 403be7 ShowWindow 3687->3689 3690 403c6a 3687->3690 3692 4064e8 3 API calls 3689->3692 3740 4053b0 OleInitialize 3690->3740 3694 403bff 3692->3694 3693 403c70 3695 403c74 3693->3695 3696 403c8c 3693->3696 3697 403c0d GetClassInfoW 3694->3697 3701 4064e8 3 API calls 3694->3701 3695->3681 3703 40140b 2 API calls 3695->3703 3700 40140b 2 API calls 3696->3700 3698 403c21 GetClassInfoW RegisterClassW 3697->3698 3699 403c37 DialogBoxParamW 3697->3699 3698->3699 3702 40140b 2 API calls 3699->3702 3700->3681 3701->3697 3704 403c5f 3702->3704 3703->3681 3704->3681 3705->3540 3706->3576 3707->3541 3709 406558 5 API calls 3708->3709 3710 403734 lstrcatW 3709->3710 3710->3570 3710->3571 3712 4057fd GetLastError 3711->3712 3713 403776 3711->3713 3712->3713 3714 40580c SetFileSecurityW 3712->3714 3713->3581 3714->3713 3715 405822 GetLastError 3714->3715 3715->3713 3717 405839 3716->3717 3718 40583d GetLastError 3716->3718 3717->3581 3718->3717 3719->3582 3720->3594 3722 401389 2 API calls 3721->3722 3723 401420 3722->3723 3723->3551 3724->3620 3725->3622 3726->3626 3727->3644 3728->3636 3730 403cb1 3729->3730 3747 4060c5 wsprintfW 3730->3747 3732 403d22 3733 4061a0 18 API calls 3732->3733 3734 403d2e SetWindowTextW 3733->3734 3735 403a52 3734->3735 3736 403d4a 3734->3736 3735->3661 3736->3735 3737 4061a0 18 API calls 3736->3737 3737->3736 3738->3658 3739->3663 3748 40428e 3740->3748 3742 4053d3 3746 4053fa 3742->3746 3751 401389 3742->3751 3743 40428e SendMessageW 3744 40540c OleUninitialize 3743->3744 3744->3693 3746->3743 3747->3732 3749 4042a6 3748->3749 3750 404297 SendMessageW 3748->3750 3749->3742 3750->3749 3753 401390 3751->3753 3752 4013fe 3752->3742 3753->3752 3754 4013cb MulDiv SendMessageW 3753->3754 3754->3753 3755 402537 3756 402562 3755->3756 3757 40254b 3755->3757 3759 402596 3756->3759 3760 402567 3756->3760 3758 402ba2 18 API calls 3757->3758 3765 402552 3758->3765 3762 402bbf 18 API calls 3759->3762 3761 402bbf 18 API calls 3760->3761 3763 40256e WideCharToMultiByte lstrlenA 3761->3763 3764 40259d lstrlenW 3762->3764 3763->3765 3764->3765 3766 4025e0 3765->3766 3767 4025d2 3765->3767 3769 4025c3 3765->3769 3768 405e05 WriteFile 3767->3768 3768->3766 3772 405e34 SetFilePointer 3769->3772 3773 405e50 3772->3773 3774 4025ca 3772->3774 3775 405dd6 ReadFile 3773->3775 3774->3766 3774->3767 3776 405e5c 3775->3776 3776->3774 3777 405e75 SetFilePointer 3776->3777 3778 405e9d SetFilePointer 3776->3778 3777->3778 3779 405e80 3777->3779 3778->3774 3780 405e05 WriteFile 3779->3780 3780->3774 3781 401b37 3782 401b44 3781->3782 3783 401b88 3781->3783 3786 401bcd 3782->3786 3791 401b5b 3782->3791 3784 401bb2 GlobalAlloc 3783->3784 3785 401b8d 3783->3785 3788 4061a0 18 API calls 3784->3788 3799 402288 3785->3799 3802 40617e lstrcpynW 3785->3802 3787 4061a0 18 API calls 3786->3787 3786->3799 3789 402282 3787->3789 3788->3786 3794 4058c3 MessageBoxIndirectW 3789->3794 3800 40617e lstrcpynW 3791->3800 3792 401b9f GlobalFree 3792->3799 3794->3799 3795 401b6a 3801 40617e lstrcpynW 3795->3801 3797 401b79 3803 40617e lstrcpynW 3797->3803 3800->3795 3801->3797 3802->3792 3803->3799 4651 4014b8 4652 4014be 4651->4652 4653 401389 2 API calls 4652->4653 4654 4014c6 4653->4654 3810 4015b9 3811 402bbf 18 API calls 3810->3811 3812 4015c0 3811->3812 3813 405bdd 4 API calls 3812->3813 3825 4015c9 3813->3825 3814 401629 3816 40165b 3814->3816 3817 40162e 3814->3817 3815 405b5f CharNextW 3815->3825 3819 401423 25 API calls 3816->3819 3818 401423 25 API calls 3817->3818 3820 401635 3818->3820 3827 401653 3819->3827 3829 40617e lstrcpynW 3820->3829 3822 405829 2 API calls 3822->3825 3823 405846 5 API calls 3823->3825 3824 401642 SetCurrentDirectoryW 3824->3827 3825->3814 3825->3815 3825->3822 3825->3823 3826 40160f GetFileAttributesW 3825->3826 3828 4057ac 4 API calls 3825->3828 3826->3825 3828->3825 3829->3824 4662 40293b 4663 402ba2 18 API calls 4662->4663 4664 402941 4663->4664 4665 402964 4664->4665 4666 40297d 4664->4666 4672 40281e 4664->4672 4667 402969 4665->4667 4668 40297a 4665->4668 4669 402993 4666->4669 4670 402987 4666->4670 4676 40617e lstrcpynW 4667->4676 4677 4060c5 wsprintfW 4668->4677 4671 4061a0 18 API calls 4669->4671 4673 402ba2 18 API calls 4670->4673 4671->4672 4673->4672 4676->4672 4677->4672

                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                              Function 004033B6 Relevance: 84.4, APIs: 34, Strings: 14, Instructions: 401stringfilecomCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 0 4033b6-4033e9 SetErrorMode GetVersion 1 4033eb-4033f3 call 406558 0->1 2 4033fc 0->2 1->2 7 4033f5 1->7 4 403401-403415 call 4064e8 lstrlenA 2->4 9 403417-40348b call 406558 * 2 #17 OleInitialize SHGetFileInfoW call 40617e GetCommandLineW call 40617e GetModuleHandleW 4->9 7->2 18 403495-4034af call 405b5f CharNextW 9->18 19 40348d-403494 9->19 22 4034b5-4034bb 18->22 23 4035c6-4035e0 GetTempPathW call 403385 18->23 19->18 25 4034c4-4034c8 22->25 26 4034bd-4034c2 22->26 32 4035e2-403600 GetWindowsDirectoryW lstrcatW call 403385 23->32 33 403638-403652 DeleteFileW call 402e41 23->33 28 4034ca-4034ce 25->28 29 4034cf-4034d3 25->29 26->25 26->26 28->29 30 403592-40359f call 405b5f 29->30 31 4034d9-4034df 29->31 51 4035a1-4035a2 30->51 52 4035a3-4035a9 30->52 34 4034e1-4034e9 31->34 35 4034fa-403533 31->35 32->33 50 403602-403632 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403385 32->50 46 403703-403713 ExitProcess OleUninitialize 33->46 47 403658-40365e 33->47 40 4034f0 34->40 41 4034eb-4034ee 34->41 42 403550-40358a 35->42 43 403535-40353a 35->43 40->35 41->35 41->40 42->30 49 40358c-403590 42->49 43->42 48 40353c-403544 43->48 56 403839-40383f 46->56 57 403719-403729 call 4058c3 ExitProcess 46->57 54 4036f3-4036fa call 4039c7 47->54 55 403664-40366f call 405b5f 47->55 58 403546-403549 48->58 59 40354b 48->59 49->30 60 4035b1-4035bf call 40617e 49->60 50->33 50->46 51->52 52->22 53 4035af 52->53 62 4035c4 53->62 71 4036ff 54->71 77 403671-4036a6 55->77 78 4036bd-4036c7 55->78 67 403841-403857 GetCurrentProcess OpenProcessToken 56->67 68 4038bd-4038c5 56->68 58->42 58->59 59->42 60->62 62->23 75 403859-403887 LookupPrivilegeValueW AdjustTokenPrivileges 67->75 76 40388d-40389b call 406558 67->76 72 4038c7 68->72 73 4038cb-4038cf ExitProcess 68->73 71->46 72->73 75->76 84 4038a9-4038b4 ExitWindowsEx 76->84 85 40389d-4038a7 76->85 81 4036a8-4036ac 77->81 82 4036c9-4036d7 call 405c3a 78->82 83 40372f-403743 call 405846 lstrcatW 78->83 86 4036b5-4036b9 81->86 87 4036ae-4036b3 81->87 82->46 98 4036d9-4036ef call 40617e * 2 82->98 96 403750-40376a lstrcatW lstrcmpiW 83->96 97 403745-40374b lstrcatW 83->97 84->68 90 4038b6-4038b8 call 40140b 84->90 85->84 85->90 86->81 91 4036bb 86->91 87->86 87->91 90->68 91->78 96->46 99 40376c-40376f 96->99 97->96 98->54 101 403771-403776 call 4057ac 99->101 102 403778 call 405829 99->102 109 40377d-40378b SetCurrentDirectoryW 101->109 102->109 110 403798-4037c1 call 40617e 109->110 111 40378d-403793 call 40617e 109->111 115 4037c6-4037e2 call 4061a0 DeleteFileW 110->115 111->110 118 403823-40382b 115->118 119 4037e4-4037f4 CopyFileW 115->119 118->115 120 40382d-403834 call 40601f 118->120 119->118 121 4037f6-403816 call 40601f call 4061a0 call 40585e 119->121 120->46 121->118 130 403818-40381f CloseHandle 121->130 130->118
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNELBASE ref: 004033D9
                                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32 ref: 004033DF
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403408
                                                                                                                                                                                                                                                                                              • #17.COMCTL32(00000007,00000009), ref: 0040342B
                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403432
                                                                                                                                                                                                                                                                                              • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 0040344E
                                                                                                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(00429240,NSIS Error), ref: 00403463
                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00000000), ref: 00403476
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000000,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00000020), ref: 0040349D
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000400,00437800), ref: 004035D7
                                                                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(00437800,000003FB), ref: 004035E8
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00437800,\Temp), ref: 004035F4
                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(000003FC,00437800,00437800,\Temp), ref: 00403608
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00437800,Low), ref: 00403610
                                                                                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,00437800,00437800,Low), ref: 00403621
                                                                                                                                                                                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,00437800), ref: 00403629
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(00437000), ref: 0040363D
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32(?), ref: 00403703
                                                                                                                                                                                                                                                                                              • OleUninitialize.OLE32(?), ref: 00403708
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00403729
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00437800,~nsu), ref: 0040373C
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00437800,0040A328), ref: 0040374B
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00437800,.tmp), ref: 00403756
                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(00437800,00436800,00437800,.tmp,00437800,~nsu,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00000000,?), ref: 00403762
                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00437800,00437800), ref: 0040377E
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,?), ref: 004037D8
                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,00420EE8,00000001), ref: 004037EC
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000), ref: 00403819
                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403848
                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 0040384F
                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403864
                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 00403887
                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004038AC
                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004038CF
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Processlstrcat$ExitFile$Handle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE$.tmp$C:\Program Files (x86)\TeamViewer$C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                              • API String ID: 354199918-2060707457
                                                                                                                                                                                                                                                                                              • Opcode ID: adc4d748d9836f5a15988fa3e2f94b2f0245c9efab62edd68d6b1bb0daacd0ec
                                                                                                                                                                                                                                                                                              • Instruction ID: be8551fa6605ebbbfda7487142ffb020be8bd547a3943651712312bea09c5587
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adc4d748d9836f5a15988fa3e2f94b2f0245c9efab62edd68d6b1bb0daacd0ec
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AED10571200300ABE7207F659D49A2B3AEDEB4074AF50443FF881B62D2DB7C8956876E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040596F Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 338 40596f-405995 call 405c3a 341 405997-4059a9 DeleteFileW 338->341 342 4059ae-4059b5 338->342 343 405b2b-405b2f 341->343 344 4059b7-4059b9 342->344 345 4059c8-4059d8 call 40617e 342->345 346 405ad9-405ade 344->346 347 4059bf-4059c2 344->347 351 4059e7-4059e8 call 405b7e 345->351 352 4059da-4059e5 lstrcatW 345->352 346->343 349 405ae0-405ae3 346->349 347->345 347->346 353 405ae5-405aeb 349->353 354 405aed-405af5 call 4064c1 349->354 355 4059ed-4059f1 351->355 352->355 353->343 354->343 362 405af7-405b0b call 405b32 call 405927 354->362 358 4059f3-4059fb 355->358 359 4059fd-405a03 lstrcatW 355->359 358->359 361 405a08-405a24 lstrlenW FindFirstFileW 358->361 359->361 363 405a2a-405a32 361->363 364 405ace-405ad2 361->364 378 405b23-405b26 call 4052dd 362->378 379 405b0d-405b10 362->379 367 405a52-405a66 call 40617e 363->367 368 405a34-405a3c 363->368 364->346 366 405ad4 364->366 366->346 380 405a68-405a70 367->380 381 405a7d-405a88 call 405927 367->381 370 405ab1-405ac1 FindNextFileW 368->370 371 405a3e-405a46 368->371 370->363 377 405ac7-405ac8 FindClose 370->377 371->367 374 405a48-405a50 371->374 374->367 374->370 377->364 378->343 379->353 384 405b12-405b21 call 4052dd call 40601f 379->384 380->370 385 405a72-405a7b call 40596f 380->385 391 405aa9-405aac call 4052dd 381->391 392 405a8a-405a8d 381->392 384->343 385->370 391->370 394 405aa1-405aa7 392->394 395 405a8f-405a9f call 4052dd call 40601f 392->395 394->370 395->370
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,74DF3420,74DF2EE0,00000000), ref: 00405998
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(C:\Windows\TEMP\nsv94CD.tmp\*.*,\*.*), ref: 004059E0
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405A03
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Windows\TEMP\nsv94CD.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405A09
                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(C:\Windows\TEMP\nsv94CD.tmp\*.*,?,?,?,0040A014,?,C:\Windows\TEMP\nsv94CD.tmp\*.*,?,?,74DF3420,74DF2EE0,00000000), ref: 00405A19
                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AB9
                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405AC8
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE$C:\Windows\TEMP\nsv94CD.tmp\*.*$\*.*
                                                                                                                                                                                                                                                                                              • API String ID: 2035342205-1920135926
                                                                                                                                                                                                                                                                                              • Opcode ID: fd57f151e8af197d71c8fed8a04c65ccd5cf3bf9c4040b497ebf2cee1ecae55f
                                                                                                                                                                                                                                                                                              • Instruction ID: 6c547db7f4d1248ed83a6ec2b2b7cf99957869ea0eb35c9edb1a86952611c1c3
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd57f151e8af197d71c8fed8a04c65ccd5cf3bf9c4040b497ebf2cee1ecae55f
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A41B530A40914A6CB21AB659CC9AAF7678EF41724F20427FF801711D1D77C5986DE6E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406846 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 553 406846-40684b 554 4068bc-4068da 553->554 555 40684d-40687c 553->555 556 406eb2-406ec7 554->556 557 406883-406887 555->557 558 40687e-406881 555->558 562 406ee1-406ef7 556->562 563 406ec9-406edf 556->563 560 406889-40688d 557->560 561 40688f 557->561 559 406893-406896 558->559 564 4068b4-4068b7 559->564 565 406898-4068a1 559->565 560->559 561->559 566 406efa-406f01 562->566 563->566 569 406a89-406aa7 564->569 567 4068a3 565->567 568 4068a6-4068b2 565->568 570 406f03-406f07 566->570 571 406f28-406f34 566->571 567->568 574 40691c-40694a 568->574 572 406aa9-406abd 569->572 573 406abf-406ad1 569->573 575 4070b6-4070c0 570->575 576 406f0d-406f25 570->576 580 4066ca-4066d3 571->580 578 406ad4-406ade 572->578 573->578 581 406966-406980 574->581 582 40694c-406964 574->582 579 4070cc-4070df 575->579 576->571 585 406ae0 578->585 586 406a81-406a87 578->586 584 4070e4-4070e8 579->584 587 4070e1 580->587 588 4066d9 580->588 583 406983-40698d 581->583 582->583 590 406993 583->590 591 406904-40690a 583->591 607 406a66-406a7e 585->607 608 407068-407072 585->608 586->569 589 406a25-406a2f 586->589 587->584 593 4066e0-4066e4 588->593 594 406820-406841 588->594 595 406785-406789 588->595 596 4067f5-4067f9 588->596 603 407074-40707e 589->603 604 406a35-406bfe 589->604 613 407050-40705a 590->613 614 4068e9-406901 590->614 605 406910-406916 591->605 606 4069bd-4069c3 591->606 593->579 600 4066ea-4066f7 593->600 594->556 598 407035-40703f 595->598 599 40678f-4067a8 595->599 601 407044-40704e 596->601 602 4067ff-406813 596->602 598->579 609 4067ab-4067af 599->609 600->587 612 4066fd-406743 600->612 601->579 615 406816-40681e 602->615 603->579 604->580 605->574 610 406a21 605->610 606->610 611 4069c5-4069e3 606->611 607->586 608->579 609->595 617 4067b1-4067b7 609->617 610->589 618 4069e5-4069f9 611->618 619 4069fb-406a0d 611->619 620 406745-406749 612->620 621 40676b-40676d 612->621 613->579 614->591 615->594 615->596 622 4067e1-4067f3 617->622 623 4067b9-4067c0 617->623 624 406a10-406a1a 618->624 619->624 625 406754-406762 GlobalAlloc 620->625 626 40674b-40674e GlobalFree 620->626 627 40677b-406783 621->627 628 40676f-406779 621->628 622->615 629 4067c2-4067c5 GlobalFree 623->629 630 4067cb-4067db GlobalAlloc 623->630 624->606 631 406a1c 624->631 625->587 632 406768 625->632 626->625 627->609 628->627 628->628 629->630 630->587 630->622 634 4069a2-4069ba 631->634 635 40705c-407066 631->635 632->621 634->606 635->579
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: ead38b7015f9474378dd182d16c601773bd961a48b8ca1aefc3332049c463b86
                                                                                                                                                                                                                                                                                              • Instruction ID: 84f5b91c3f937eb173619b21672ae23043901769df73ed9f159891f0fc81c8d0
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ead38b7015f9474378dd182d16c601773bd961a48b8ca1aefc3332049c463b86
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72F18671D04229CBDF18CFA8C8946ADBBB0FF45305F25816ED856BB281D7385A8ACF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004064C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 659 4064c1-4064d5 FindFirstFileW 660 4064e2 659->660 661 4064d7-4064e0 FindClose 659->661 662 4064e4-4064e5 660->662 661->662
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(74DF3420,00426778,00425F30,00405C83,00425F30,00425F30,00000000,00425F30,00425F30,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0), ref: 004064CC
                                                                                                                                                                                                                                                                                              • FindClose.KERNELBASE(00000000), ref: 004064D8
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                              • String ID: xgB
                                                                                                                                                                                                                                                                                              • API String ID: 2295610775-399326502
                                                                                                                                                                                                                                                                                              • Opcode ID: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                                                                                                                                                                                                                                              • Instruction ID: 909a2899cbbcfc21b24ab628f9350e7a3c7b3772aa6d432f74911df6ac2d0bb5
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4403a27f78f835125bd15cd158b53f866fd18ebbb8f54cd400289453990cbd04
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BD0C9315045209BC2111778AE4C85B7A98AF553317628A36B466F12A0C674CC22869C
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040280A
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 760ba12aea5bac669ea06a92ce868f6cfbbc58d79179603cd607c726fd559e33
                                                                                                                                                                                                                                                                                              • Instruction ID: ca82d2f7608ddbe9a9db451b4e667c54ef54e9945bbc135f2cbc761c4928cd6d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 760ba12aea5bac669ea06a92ce868f6cfbbc58d79179603cd607c726fd559e33
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CF08275600114DBC711EBE4DD49AAEB374FF00324F2045BBE105F31E1D7B499559B2A
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004039C7 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 131 4039c7-4039df call 406558 134 4039e1-4039f1 call 4060c5 131->134 135 4039f3-403a2a call 40604b 131->135 143 403a4d-403a76 call 403c9d call 405c3a 134->143 139 403a42-403a48 lstrcatW 135->139 140 403a2c-403a3d call 40604b 135->140 139->143 140->139 149 403b08-403b10 call 405c3a 143->149 150 403a7c-403a81 143->150 156 403b12-403b19 call 4061a0 149->156 157 403b1e-403b43 LoadImageW 149->157 150->149 151 403a87-403aa1 call 40604b 150->151 155 403aa6-403aaf 151->155 155->149 160 403ab1-403ab5 155->160 156->157 158 403bc4-403bcc call 40140b 157->158 159 403b45-403b75 RegisterClassW 157->159 174 403bd6-403be1 call 403c9d 158->174 175 403bce-403bd1 158->175 162 403c93 159->162 163 403b7b-403bbf SystemParametersInfoW CreateWindowExW 159->163 165 403ac7-403ad3 lstrlenW 160->165 166 403ab7-403ac4 call 405b5f 160->166 167 403c95-403c9c 162->167 163->158 168 403ad5-403ae3 lstrcmpiW 165->168 169 403afb-403b03 call 405b32 call 40617e 165->169 166->165 168->169 173 403ae5-403aef GetFileAttributesW 168->173 169->149 177 403af1-403af3 173->177 178 403af5-403af6 call 405b7e 173->178 184 403be7-403c01 ShowWindow call 4064e8 174->184 185 403c6a-403c72 call 4053b0 174->185 175->167 177->169 177->178 178->169 192 403c03-403c08 call 4064e8 184->192 193 403c0d-403c1f GetClassInfoW 184->193 190 403c74-403c7a 185->190 191 403c8c-403c8e call 40140b 185->191 190->175 196 403c80-403c87 call 40140b 190->196 191->162 192->193 194 403c21-403c31 GetClassInfoW RegisterClassW 193->194 195 403c37-403c68 DialogBoxParamW call 40140b call 403917 193->195 194->195 195->167 196->175
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406558: GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00437000,00423728), ref: 00403A48
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(004281E0,?,?,?,004281E0,00000000,C:\Program Files (x86)\TeamViewer,00437000,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,74DF3420), ref: 00403AC8
                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(004281D8,.exe,004281E0,?,?,?,004281E0,00000000,C:\Program Files (x86)\TeamViewer,00437000,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403ADB
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(004281E0), ref: 00403AE6
                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\TeamViewer), ref: 00403B2F
                                                                                                                                                                                                                                                                                                • Part of subcall function 004060C5: wsprintfW.USER32 ref: 004060D2
                                                                                                                                                                                                                                                                                              • RegisterClassW.USER32(004291E0), ref: 00403B6C
                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B84
                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403BB9
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403BEF
                                                                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403C1B
                                                                                                                                                                                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403C28
                                                                                                                                                                                                                                                                                              • RegisterClassW.USER32(004291E0), ref: 00403C31
                                                                                                                                                                                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403D6A,00000000), ref: 00403C50
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE$(7B$.DEFAULT\Control Panel\International$.exe$C:\Program Files (x86)\TeamViewer$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                              • API String ID: 1975747703-3031017473
                                                                                                                                                                                                                                                                                              • Opcode ID: d6eb97ecc45ceecdb0e2d203f76fda1198e4e833a1627c35b81ac0c75580ce77
                                                                                                                                                                                                                                                                                              • Instruction ID: e7f44595d902892b35b801f2f0c3734befc0b18a393fec54347386a87508d522
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6eb97ecc45ceecdb0e2d203f76fda1198e4e833a1627c35b81ac0c75580ce77
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8661C570244200BAD730AF669D49E2B3A7CEB84B49F40453FF981B62E2DB7D5912C63D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402E41 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 203memoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 205 402e41-402e8f GetTickCount GetModuleFileNameW call 405d53 208 402e91-402e96 205->208 209 402e9b-402ec9 call 40617e call 405b7e call 40617e GetFileSize 205->209 210 4030e0-4030e4 208->210 217 402fb9-402fc7 call 402d9f 209->217 218 402ecf-402ee6 209->218 225 403098-40309d 217->225 226 402fcd-402fd0 217->226 220 402ee8 218->220 221 402eea-402ef7 call 403358 218->221 220->221 227 403054-40305c call 402d9f 221->227 228 402efd-402f03 221->228 225->210 229 402fd2-402fea call 40336e call 403358 226->229 230 402ffc-403048 GlobalAlloc call 406677 call 405d82 CreateFileW 226->230 227->225 231 402f83-402f87 228->231 232 402f05-402f1d call 405d0e 228->232 229->225 253 402ff0-402ff6 229->253 256 40304a-40304f 230->256 257 40305e-40308e call 40336e call 4030e7 230->257 236 402f90-402f96 231->236 237 402f89-402f8f call 402d9f 231->237 232->236 251 402f1f-402f26 232->251 244 402f98-402fa6 call 406609 236->244 245 402fa9-402fb3 236->245 237->236 244->245 245->217 245->218 251->236 255 402f28-402f2f 251->255 253->225 253->230 255->236 258 402f31-402f38 255->258 256->210 264 403093-403096 257->264 258->236 260 402f3a-402f41 258->260 260->236 262 402f43-402f63 260->262 262->225 265 402f69-402f6d 262->265 264->225 266 40309f-4030b0 264->266 267 402f75-402f7d 265->267 268 402f6f-402f73 265->268 269 4030b2 266->269 270 4030b8-4030bd 266->270 267->236 271 402f7f-402f81 267->271 268->217 268->267 269->270 272 4030be-4030c4 270->272 271->236 272->272 273 4030c6-4030de call 405d0e 272->273 273->210
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402E55
                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,00000400), ref: 00402E71
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,00436800,00436800,C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,80000000,00000003), ref: 00402EBA
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403001
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040304A
                                                                                                                                                                                                                                                                                              • soft, xrefs: 00402F31
                                                                                                                                                                                                                                                                                              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403098
                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe, xrefs: 00402E5B, 00402E6A, 00402E7E, 00402E9B
                                                                                                                                                                                                                                                                                              • Inst, xrefs: 00402F28
                                                                                                                                                                                                                                                                                              • "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE, xrefs: 00402E41
                                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00402E91
                                                                                                                                                                                                                                                                                              • Null, xrefs: 00402F3A
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE$C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                              • API String ID: 2803837635-429661633
                                                                                                                                                                                                                                                                                              • Opcode ID: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                                                                                                                                                                                                                                                              • Instruction ID: e866f1dd798e5fb15c0a347603bcfded6ce2f229c2e481af73dd86df93422dd6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc8dbefb85167051c5f544e5004306f35bb35ae70e2c75d84afc589ab8111160
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9761C431A00215ABDB209F75DD49B9E7BB8EB00359F20817FF500F62D1DABD9A448B5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004061A0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 207stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 276 4061a0-4061ab 277 4061ad-4061bc 276->277 278 4061be-4061d4 276->278 277->278 279 4061da-4061e7 278->279 280 4063ec-4063f2 278->280 279->280 283 4061ed-4061f4 279->283 281 4063f8-406403 280->281 282 4061f9-406206 280->282 285 406405-406409 call 40617e 281->285 286 40640e-40640f 281->286 282->281 284 40620c-406218 282->284 283->280 287 4063d9 284->287 288 40621e-40625a 284->288 285->286 290 4063e7-4063ea 287->290 291 4063db-4063e5 287->291 292 406260-40626b GetVersion 288->292 293 40637a-40637e 288->293 290->280 291->280 294 406285 292->294 295 40626d-406271 292->295 296 406380-406384 293->296 297 4063b3-4063b7 293->297 301 40628c-406293 294->301 295->294 298 406273-406277 295->298 299 406394-4063a1 call 40617e 296->299 300 406386-406392 call 4060c5 296->300 302 4063c6-4063d7 lstrlenW 297->302 303 4063b9-4063c1 call 4061a0 297->303 298->294 305 406279-40627d 298->305 314 4063a6-4063af 299->314 300->314 307 406295-406297 301->307 308 406298-40629a 301->308 302->280 303->302 305->294 310 40627f-406283 305->310 307->308 312 4062d6-4062d9 308->312 313 40629c-4062b9 call 40604b 308->313 310->301 315 4062e9-4062ec 312->315 316 4062db-4062e7 GetSystemDirectoryW 312->316 322 4062be-4062c2 313->322 314->302 318 4063b1 314->318 320 406357-406359 315->320 321 4062ee-4062fc GetWindowsDirectoryW 315->321 319 40635b-40635f 316->319 323 406372-406378 call 406412 318->323 319->323 324 406361-406365 319->324 320->319 326 4062fe-406308 320->326 321->320 322->324 327 4062c8-4062d1 call 4061a0 322->327 323->302 324->323 329 406367-40636d lstrcatW 324->329 331 406322-406338 SHGetSpecialFolderLocation 326->331 332 40630a-40630d 326->332 327->319 329->323 335 406353 331->335 336 40633a-406351 SHGetPathFromIDListW CoTaskMemFree 331->336 332->331 334 40630f-406320 332->334 334->319 334->331 335->320 336->319 336->335
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetVersion.KERNEL32(00000000,00422708,?,00405314,00422708,00000000,00000000,00000000), ref: 00406263
                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(004281E0,00000400), ref: 004062E1
                                                                                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(004281E0,00000400), ref: 004062F4
                                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00406330
                                                                                                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(?,004281E0), ref: 0040633E
                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 00406349
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(004281E0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040636D
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(004281E0,00000000,00422708,?,00405314,00422708,00000000,00000000,00000000), ref: 004063C7
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Software\Microsoft\Windows\CurrentVersion, xrefs: 004062AF
                                                                                                                                                                                                                                                                                              • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406367
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                              • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                              • API String ID: 900638850-730719616
                                                                                                                                                                                                                                                                                              • Opcode ID: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                                                                                                                                                                                                                                                              • Instruction ID: 57c77dc533264c97ace6329bd87f7d674c2bea75a5b3d90d15d675b8bae5a73d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 978d560dfc87019ac3657ebba0841bd774ce65c1ae89d16051c02eb976f42344
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E611571A00104EBDF209F24CC40AAE37A5AF15314F56817FED56BA2D0D73D8AA2CB9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004064E8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 402 4064e8-406508 GetSystemDirectoryW 403 40650a 402->403 404 40650c-40650e 402->404 403->404 405 406510-406519 404->405 406 40651f-406521 404->406 405->406 407 40651b-40651d 405->407 408 406522-406555 wsprintfW LoadLibraryExW 406->408 407->408
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004064FF
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 0040653A
                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040654E
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                              • Opcode ID: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                                                                                                                                                                                                                                              • Instruction ID: c6b4a3c42f63eea3762d57d51081eb848d485012b63e63803453d9912f42ff06
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e72c25e5c980310d69f0fc98d502c706aefd7165560ee14c5a883ad11fb6337
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3AF0FC70500219BADB10AB64ED0DF9B366CAB00304F10403AA646F10D0EB7CD725CBA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402BFF Relevance: 9.1, APIs: 6, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 409 402bff-402c28 RegOpenKeyExW 410 402c93-402c97 409->410 411 402c2a-402c35 409->411 412 402c50-402c60 RegEnumKeyW 411->412 413 402c62-402c74 RegCloseKey call 406558 412->413 414 402c37-402c3a 412->414 422 402c76-402c85 RegDeleteKeyExW 413->422 423 402c9a-402ca0 413->423 415 402c87-402c8a RegCloseKey 414->415 416 402c3c-402c47 call 402bff 414->416 420 402c90-402c92 415->420 421 402c4c-402c4e 416->421 420->410 421->412 421->413 422->410 423->420 424 402ca2-402cb0 RegDeleteKeyW 423->424 424->420 425 402cb2 424->425 425->410
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402C20
                                                                                                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?), ref: 00402C65
                                                                                                                                                                                                                                                                                              • RegDeleteKeyExW.KERNELBASE(?,?,00000000,00000003), ref: 00402C83
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseDelete$EnumOpen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 345360480-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 4ec6df6a7822e6832b209296c93603dddbd7b2fdc8aeab19611781db4307b28d
                                                                                                                                                                                                                                                                                              • Instruction ID: b9f5b7c8593eadded22e2ca3cbb8d83d08b5e31647f9888e60cfbaa55d101d4e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ec6df6a7822e6832b209296c93603dddbd7b2fdc8aeab19611781db4307b28d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 66116A71504119FFEF10AF90DF8CEAE3B79FB14384B10007AF905E11A0D7B58E55AA69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401767 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 426 401767-40178c call 402bbf call 405ba9 431 401796-4017a8 call 40617e call 405b32 lstrcatW 426->431 432 40178e-401794 call 40617e 426->432 437 4017ad-4017ae call 406412 431->437 432->437 441 4017b3-4017b7 437->441 442 4017b9-4017c3 call 4064c1 441->442 443 4017ea-4017ed 441->443 451 4017d5-4017e7 442->451 452 4017c5-4017d3 CompareFileTime 442->452 445 4017f5-401811 call 405d53 443->445 446 4017ef-4017f0 call 405d2e 443->446 453 401813-401816 445->453 454 401885-4018ae call 4052dd call 4030e7 445->454 446->445 451->443 452->451 455 401867-401871 call 4052dd 453->455 456 401818-401856 call 40617e * 2 call 4061a0 call 40617e call 4058c3 453->456 468 4018b0-4018b4 454->468 469 4018b6-4018c2 SetFileTime 454->469 466 40187a-401880 455->466 456->441 489 40185c-40185d 456->489 470 402a55 466->470 468->469 472 4018c8-4018d3 FindCloseChangeNotification 468->472 469->472 473 402a57-402a5b 470->473 475 4018d9-4018dc 472->475 476 402a4c-402a4f 472->476 477 4018f1-4018f4 call 4061a0 475->477 478 4018de-4018ef call 4061a0 lstrcatW 475->478 476->470 484 4018f9-40228d call 4058c3 477->484 478->484 484->473 484->476 489->466 490 40185f-401860 489->490 490->455
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017A8
                                                                                                                                                                                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,0040A5D8,0040A5D8,00000000,00000000,0040A5D8,00436000,?,?,00000031), ref: 004017CD
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1941528284-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 691a1510b89acce80dd3805f8ce29c63c215ef208285089eafd6533280d8da0c
                                                                                                                                                                                                                                                                                              • Instruction ID: b64174440326d41e90dd14f1ad6608c73badddfa8ee8632f400ec40acf256ac3
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 691a1510b89acce80dd3805f8ce29c63c215ef208285089eafd6533280d8da0c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C41C431900515BACF117FB5CC46DAE3679EF05329B20827BF422F51E2DA3C86629A6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D82 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 492 405d82-405d8e 493 405d8f-405dc3 GetTickCount GetTempFileNameW 492->493 494 405dd2-405dd4 493->494 495 405dc5-405dc7 493->495 497 405dcc-405dcf 494->497 495->493 496 405dc9 495->496 496->497
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00405DA0
                                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,004033B4,00437000,00437800,00437800,00437800,00437800,00437800,00437800,004035DE), ref: 00405DBB
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE, xrefs: 00405D82
                                                                                                                                                                                                                                                                                              • nsa, xrefs: 00405D8F
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE$nsa
                                                                                                                                                                                                                                                                                              • API String ID: 1716503409-2804713399
                                                                                                                                                                                                                                                                                              • Opcode ID: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                                                                                                                                                                                                                                              • Instruction ID: a69a53d4b23f3d63feeda802a3e8a765614c71270742c911b33c62312df6cecc
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba752c91d03ec01f63b9c4f62f06acfe59d2ba7d741f037e803b5e880a418ded
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32F06D76600608BBDB008B59DD09AABBBB8EF91710F10803BEE01F7190E6B09A548B64
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040237B Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 498 40237b-4023c1 call 402cb4 call 402bbf * 2 RegCreateKeyExW 505 4023c7-4023cf 498->505 506 402a4c-402a5b 498->506 508 4023d1-4023de call 402bbf lstrlenW 505->508 509 4023e2-4023e5 505->509 508->509 511 4023f5-4023f8 509->511 512 4023e7-4023f4 call 402ba2 509->512 516 402409-40241d RegSetValueExW 511->516 517 4023fa-402404 call 4030e7 511->517 512->511 520 402422-4024fc RegCloseKey 516->520 521 40241f 516->521 517->516 520->506 521->520
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(0040B5D8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(?,?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1356686001-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 67c77c8d659d9d4bc82cacddac1e216fe0077c84403bdf1d9c96e54a2d3d16bf
                                                                                                                                                                                                                                                                                              • Instruction ID: d84b147cfae213de6894e87518a1957a70c03431d85ade02b305fde94438308f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67c77c8d659d9d4bc82cacddac1e216fe0077c84403bdf1d9c96e54a2d3d16bf
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E511C071E00108BFEB10AFA4DE89DAE777DEB14358F11403AF904B71D1DBB85E409668
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 523 401e66-401e81 call 402bbf call 4052dd call 40585e 530 401e87-401e8a 523->530 531 40281e-402825 523->531 533 401edb-401ee4 FindCloseChangeNotification 530->533 534 401e8c-401e9c WaitForSingleObject 530->534 532 402a4c-402a5b 531->532 533->532 536 401eac-401eae 534->536 537 401eb0-401ec0 GetExitCodeProcess 536->537 538 401e9e-401eaa call 406594 WaitForSingleObject 536->538 540 401ec2-401ecd call 4060c5 537->540 541 401ecf-401ed2 537->541 538->536 540->533 541->533 544 401ed4 541->544 544->533
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040585E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 00405887
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040585E: CloseHandle.KERNEL32(?), ref: 00405894
                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                                                                                                                                                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CloseObjectProcessSingleWaitlstrlen$ChangeCodeCreateExitFindHandleNotificationTextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2769198804-0
                                                                                                                                                                                                                                                                                              • Opcode ID: a78f467d102d634b70d0cd300a6522cd21a94210720227bbe75178bdad148be0
                                                                                                                                                                                                                                                                                              • Instruction ID: 5702df78c33f9bd13decba52644e1012fe72a42f767711efff684f6f7274af03
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a78f467d102d634b70d0cd300a6522cd21a94210720227bbe75178bdad148be0
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF11A131900508EBCF21AF91CD4499E7AB6AF40314F21407BFA05B61F1D7798A92DB99
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004057AC Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 547 4057ac-4057f7 CreateDirectoryW 548 4057f9-4057fb 547->548 549 4057fd-40580a GetLastError 547->549 550 405824-405826 548->550 549->550 551 40580c-405820 SetFileSecurityW 549->551 551->548 552 405822 GetLastError 551->552 552->550
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,?,00437800), ref: 004057EF
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405803
                                                                                                                                                                                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405818
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00405822
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3449924974-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                                                                                                                                                                                                                                              • Instruction ID: b278f7ea68de5888e34302da86fdb06c438f4ef9b03e74a9ab654546e4f81ce2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ae7c342d9c1b50a082fcf4789916780a4d0616efa07736c5e287c1420eecf92
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89010871D00619DADF10DBA0D9447EFBFB8EB04304F00803ADA44B6190E7789618DFA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405C3A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                              control_flow_graph 636 405c3a-405c55 call 40617e call 405bdd 641 405c57-405c59 636->641 642 405c5b-405c68 call 406412 636->642 643 405cb3-405cb5 641->643 646 405c78-405c7c 642->646 647 405c6a-405c70 642->647 649 405c92-405c9b lstrlenW 646->649 647->641 648 405c72-405c76 647->648 648->641 648->646 650 405c9d-405cb1 call 405b32 GetFileAttributesW 649->650 651 405c7e-405c85 call 4064c1 649->651 650->643 656 405c87-405c8a 651->656 657 405c8c-405c8d call 405b7e 651->657 656->641 656->657 657->649
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040617E: lstrcpynW.KERNEL32(?,?,00000400,00403463,00429240,NSIS Error), ref: 0040618B
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(?,?,00425F30,?,00405C51,00425F30,00425F30,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405C93
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0), ref: 00405CA3
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                              • String ID: 0_B
                                                                                                                                                                                                                                                                                              • API String ID: 3248276644-2128305573
                                                                                                                                                                                                                                                                                              • Opcode ID: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                                                                                                                                                                                                                                              • Instruction ID: 790be11e20efdccda9c73cacd4945748764c6204d4d0b11914a12a4c94a1ccfd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c509004bd2409bcc8bce800ca11afa93321ed7f3e6ee2afcf27be4b7ee26805
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41F0F925108F6515F62233790D05EAF2554CF82394755067FF891B12D1DB3C9D938C7D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406C7B Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 6748365695d0b60958ae2de605dce3010a9a46cb287cd8314348fa6e45a6e7ef
                                                                                                                                                                                                                                                                                              • Instruction ID: 95c87b37ce546c92696c349aad8761a6baa0f42cb897a758cf539d426e2a5a70
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6748365695d0b60958ae2de605dce3010a9a46cb287cd8314348fa6e45a6e7ef
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65A13471D00229CBDF28CFA8C844AADBBB1FF44305F15816AD956BB281D7785A86DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406E7C Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: e6b96a49f958b7a8d2aa4cc917083ea926a28b83a61870a924df7985f049b653
                                                                                                                                                                                                                                                                                              • Instruction ID: dd225a6952a4a1885b566de7f95e3528e0c965b1b64db9b9769652e5c735704b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6b96a49f958b7a8d2aa4cc917083ea926a28b83a61870a924df7985f049b653
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D913370D04229CBDF28CFA8C844BADBBB1FF44305F15816AD856BB291C7789A86DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406B92 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 683f34e5330f3119535e65c3fcc014917b66dea9351a733ad05ad489270f429c
                                                                                                                                                                                                                                                                                              • Instruction ID: c728d5504c89e28601c55753f21d2f559f3974f1a6ce44cf054f885a45476dee
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 683f34e5330f3119535e65c3fcc014917b66dea9351a733ad05ad489270f429c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06813471D04228CFDF24CFA8C844BADBBB1FB44305F25816AD856BB291C7789A86DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406697 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: a646d1c18714c06b63ca95da94aa03745834858b299022791e2b3ebf89425e7d
                                                                                                                                                                                                                                                                                              • Instruction ID: 5389f57cfb4a3ea8b0a271fe5c21418892ef356aef38e154ca47b5156c43700c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a646d1c18714c06b63ca95da94aa03745834858b299022791e2b3ebf89425e7d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37816831D04229CBDF24CFA8C844BADBBB0FF44305F11816AD956BB281D7785986DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406AE5 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 96da27bd456154c1aedaa85bcfc68d0a261e277abb4cee4e4020ac7d50c7f0c5
                                                                                                                                                                                                                                                                                              • Instruction ID: 7cecadd07089ef5f508d2048bcf4206a214b5fe31ba49bd0cdf53ec9cfb3ce0b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 96da27bd456154c1aedaa85bcfc68d0a261e277abb4cee4e4020ac7d50c7f0c5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35712175D04228CBDF28CFA8C844BADBBB1FB44305F15816AD806BB281D7789A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406C03 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: 29e3b149f88ae6fd458fdcc74d478f48b2ed7dfe8c3e809ea2d72e9fd2fa3729
                                                                                                                                                                                                                                                                                              • Instruction ID: f96eec566abe8136b7696836c8602221009d3abbc3cba5cf828ad5cd02611e0d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29e3b149f88ae6fd458fdcc74d478f48b2ed7dfe8c3e809ea2d72e9fd2fa3729
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56713371D04228CBEF28CFA8C844BADBBB1FF44305F15816AD856BB281C7789996DF45
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406B4F Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                              • Opcode ID: b9c673c2534040230f9089defbd7d825788091a80835a4c341425c1e948b069d
                                                                                                                                                                                                                                                                                              • Instruction ID: 17f295adf0ba2181094cfffbed918b39bb4908eb68d6975640ddb9889f0749db
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b9c673c2534040230f9089defbd7d825788091a80835a4c341425c1e948b069d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2714531D04229CBEF28CF98C844BADBBB1FF44305F11816AD816BB291C7785A96DF44
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004031EF Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403203
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040336E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403119,00000004,00000000,00000000,?,?,00403093,000000FF,00000000,00000000,0040A230,?), ref: 00403236
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(0037CB24,00000000,00000000,00414ED0,00004000,?,00000000,00403119,00000004,00000000,00000000,?,?,00403093,000000FF,00000000), ref: 00403331
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer$CountTick
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1092082344-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                                                                                                                                                                                                                                                              • Instruction ID: 2fd669d0756999c0d63da40b5d988076205959dac08f3783f289fe1fafb1afdd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f87ec3f3126c4afc5deb31522855fdbb853a78037bb661dde8e94ffc6001a55
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19314B72500204DBD710DF69EEC49663FA9F74075A718423FE900F22E0CBB55D458B9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FEE
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FFF
                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 0040207C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 334405425-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 3af2946ff99008b209debd4f1eb8d373454f26c3ddb3991e3b063650c9d6d31f
                                                                                                                                                                                                                                                                                              • Instruction ID: 135227bab5bbd0cb957ad13063370cb04025123e1843093ab7a3381522db9c00
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3af2946ff99008b209debd4f1eb8d373454f26c3ddb3991e3b063650c9d6d31f
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D21A731900219EBCF20AFA5CE48A9E7E71BF00354F20427BF511B51E1DBBD8A81DA5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402537 Relevance: 4.6, APIs: 3, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,0040B5D8,000000FF,0040ADD8,00000400,?,?,00000021), ref: 00402583
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(0040ADD8,?,?,0040B5D8,000000FF,0040ADD8,00000400,?,?,00000021), ref: 0040258E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3109718747-0
                                                                                                                                                                                                                                                                                              • Opcode ID: e7f3211d175e5301a81dcf8418a50b190afa44f623bbf1836edc17c3b72aee6a
                                                                                                                                                                                                                                                                                              • Instruction ID: 4789cac02ba757069cd1743e95fa376523a080456913a55bd7acca95e4ec0b97
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7f3211d175e5301a81dcf8418a50b190afa44f623bbf1836edc17c3b72aee6a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA11E772A01204BADB10AFB18F4EE9E32659F54355F20403BF502F65C1DAFC8E51576E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040604B Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?,00000002,004281E0,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,004281E0,?), ref: 00406075
                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,?,?,?,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,004281E0,?), ref: 00406096
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,004062BE,80000002,Software\Microsoft\Windows\CurrentVersion,?,004281E0,?), ref: 004060B9
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                              • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                                                                                                                                                                              • Instruction ID: 0186f18981595c0b19feb364ea02d5f95392918b8fa258a18f8687652683a575
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4501483115020AEADF21CF66ED08E9B3BA8EF84390B01402AF845D2220D735D964DBA5
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040249E Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024CD
                                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024E0
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 167947723-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 60ac1395f0a982b77a3977587a1bd86f46e362b2f506b0714e0df90dc524a01b
                                                                                                                                                                                                                                                                                              • Instruction ID: c7ec42ec2a5b8cbcf97019b844e04a4f9c539befeef3331d530b96059407f5ff
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60ac1395f0a982b77a3977587a1bd86f46e362b2f506b0714e0df90dc524a01b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCF03171A14204EBEB209F65DE8CABF767DEF80354B10843FF505B61D0DAB84D419B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405927 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D2E: GetFileAttributesW.KERNELBASE(?,?,00405933,?,?,00000000,00405B09,?,?,?,?), ref: 00405D33
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D2E: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405D47
                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B09), ref: 00405942
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B09), ref: 0040594A
                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405962
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 4d7e10e481d95c5c5c7c05f6c7e2fdde8e74fc3924f4c20308c7a9621a850695
                                                                                                                                                                                                                                                                                              • Instruction ID: ecea3d8082f0941e5ee01c5501cf82e541f4c7e763f85e657b920a2cf98d934c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d7e10e481d95c5c5c7c05f6c7e2fdde8e74fc3924f4c20308c7a9621a850695
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EE09B72105A91D6D21067349E0CB5F2AD8DF96335F09493EF595F11D0C778880ACA7D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004038D5 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00437800,00403708,?), ref: 004038E7
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00437800,00403708,?), ref: 004038FB
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • C:\Windows\TEMP\nsv94CD.tmp\, xrefs: 0040390B
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                              • String ID: C:\Windows\TEMP\nsv94CD.tmp\
                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-1141803531
                                                                                                                                                                                                                                                                                              • Opcode ID: f084a8137c272c7609008576fb265960e9ac12256820a4da339362f4de570230
                                                                                                                                                                                                                                                                                              • Instruction ID: 23b98c188a40640ee87c89e263e7d2a3484f90a0975adae1b2ea6fd77d705eba
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f084a8137c272c7609008576fb265960e9ac12256820a4da339362f4de570230
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78E086B14407149AC124AF7CAD495853A185F453357248726F178F20F0C778996B5E9D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004030E7 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403093,000000FF,00000000,00000000,0040A230,?), ref: 0040310C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                                                                                                                                                                                                                                                              • Instruction ID: 040f2acbe5348ef8c996952313d322865bd2faa87b76d8d9ba7109e69b0e4b3d
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1aa85c7260de761b297061d79344dc340e95e4778a17b24641d9514d9a29d692
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22316B30200219EBDB108F55ED84ADA3F68EB08359F20813AF905EA1D0DB79DF50DBA9
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004015B9 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(?,?,00425F30,?,00405C51,00425F30,00425F30,74DF3420,?,74DF2EE0,0040598F,?,74DF3420,74DF2EE0,00000000), ref: 00405BEB
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405BF0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405BDD: CharNextW.USER32(00000000), ref: 00405C08
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612
                                                                                                                                                                                                                                                                                                • Part of subcall function 004057AC: CreateDirectoryW.KERNELBASE(?,?,00437800), ref: 004057EF
                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,00436000,?,00000000,000000F0), ref: 00401645
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1892508949-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2305ffb504cd1727ef0d2f6d990949bd10217623809cec2c7a11ebe9bcb6ddd7
                                                                                                                                                                                                                                                                                              • Instruction ID: 18abe7de9e9977a76830232601504265d2e6edcedfe07fce7f69d5744a4425eb
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2305ffb504cd1727ef0d2f6d990949bd10217623809cec2c7a11ebe9bcb6ddd7
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F911E631500504EBCF207FA0CD0199E3AB2EF44364B25453BF906B61F2DA3D4A819E5E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040242A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNELBASE(?,?,?,0040B5D8,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7c5d0e18f6a429da2bc85dc3c2d089be0215a696c23f31d9e61351b332a472c5
                                                                                                                                                                                                                                                                                              • Instruction ID: a4ed2935f8c713a64b441f8b02302a8faa8aa65f3841d01997d269d515fb9b23
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c5d0e18f6a429da2bc85dc3c2d089be0215a696c23f31d9e61351b332a472c5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D119131911205EBDB10CFA0CA489AEB7B4EF44354B20843FE446B72D0D6B85A41DB19
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                                                                                                                                                                                                                                              • Instruction ID: d65e0694727b7210e6f7bc09f77efd2c0147e56cffd904cd4a2c980f2ed28b93
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ee467f7d586eb782eae2bae36c3decf9d7e0780ea8b642ce91f4ebf2c7a7eb5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D01D131724210EBEB195B789D04B2A3698E714314F1089BAF855F62F1DA788C128B5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040231F Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040233E
                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402347
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 849931509-0
                                                                                                                                                                                                                                                                                              • Opcode ID: af1b21a11892d4ef4174ae2b41b7854131aa20919259ada3e53a4d904ddc093b
                                                                                                                                                                                                                                                                                              • Instruction ID: b5033fe3495a5d5fbf66e52db86fe43622c16bf705f2fe0f4142c4154f9543e6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af1b21a11892d4ef4174ae2b41b7854131aa20919259ada3e53a4d904ddc093b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F04F32A04110ABEB11BFB59B4EABE726A9B40314F15807BF501B71D5D9FC99025629
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406558 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,0040341F,00000009), ref: 0040656A
                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406585
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064E8: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004064FF
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064E8: wsprintfW.USER32 ref: 0040653A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004064E8: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 0040654E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                                                                                                                                                                                                                                                              • Instruction ID: 8c1a5bb66f910ccc430fc34c4425cef617f316e2833151c7c1ff8c8a0ee84b40
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31197a09b32f9822319ed056a1c078f96e3f7aaf520cdba8edd4f010bc886546
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3E086326042206BD6105B706E0893762BC9ED8740302483EF946F2084D778DC329A6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403932 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNELBASE(?,74DF3420,00000000,74DF2EE0,00403909,00437800,00403708,?), ref: 0040394C
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00403953
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                              • Opcode ID: f4316848cbc6ebdc68634a281282690bfac6e24f3e15d004bec6d27d8a9ac131
                                                                                                                                                                                                                                                                                              • Instruction ID: 420717e04dc644aaadfe3aeddcd4797dc829437e29e913c3c6529364dabb0ba4
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4316848cbc6ebdc68634a281282690bfac6e24f3e15d004bec6d27d8a9ac131
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41E012739011309BC6225F95ED44B5E7B6D6F95B32F0A423AE9807B26087B45D838FD8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D53 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                                                                                                                                                                                                              • Instruction ID: e98dd403a5e5432679a9d4e257ef455d3d6759c2e5ed6cf280caa05d5291d686
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3D09E71654601EFEF098F20DF16F2E7AA2EB84B00F11562CB682940E0DA7158199B19
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405D2E Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405933,?,?,00000000,00405B09,?,?,?,?), ref: 00405D33
                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405D47
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: AttributesFile
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                                                                                                                                                                                                              • Instruction ID: 62c1218995ad43f24aa052634507c0d83541fa9dca801c4eab67991220ff17ac
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40D01272504520AFC2513738EF0C89BBF95EB543B17028B35FAF9A22F0DB304C568A98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405829 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,004033A9,00437800,00437800,00437800,00437800,00437800,004035DE), ref: 0040582F
                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0040583D
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                                                                                                                                                                                                              • Instruction ID: d963a2520b22da8993c1f0374a54a6368e12bf2bf52e26206a68f99a8800bbf8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DC04C31204B029AD7506B609F097177954AB50781F11C8396946E00A0DE348465DE2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401B37 Relevance: 2.6, APIs: 2, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00401BA7
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BB9
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3394109436-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 554d17eb3c6d1829cbb52a784c7af5d6f88ef092a67b5b7707c292645e37930e
                                                                                                                                                                                                                                                                                              • Instruction ID: 7cdfc3cbb2e69f4264c6c6693aec6085e55c642d7687a467de19211c04d07d9e
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 554d17eb3c6d1829cbb52a784c7af5d6f88ef092a67b5b7707c292645e37930e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67219672A00100EBDB20EB94CD85D5E77B6AF84314B21453BF502F72E1DA7898618F5D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401673 Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(00000000,00000000), ref: 0040168E
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileMove
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3562171763-0
                                                                                                                                                                                                                                                                                              • Opcode ID: a51ebfd131b5ce1ad24a1fd58dead1362408043bc730019d15f3e82182553067
                                                                                                                                                                                                                                                                                              • Instruction ID: f96437beda5fd31dd1875ddb5f908f1f3267c620ccf54a3d4895ce3c899c2c08
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a51ebfd131b5ce1ad24a1fd58dead1362408043bc730019d15f3e82182553067
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50F0B431604114D7CB20BF7A4F0DD5E32A59F82338B25437BF912B62E6DAFC8A41956E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004027CE Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(00000000,?,?), ref: 004027E2
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileFindNext
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2029273394-0
                                                                                                                                                                                                                                                                                              • Opcode ID: cc0804f4c103f793c784cf4c7483c4fcd77a3d298a483efa9ec2adbee381f28d
                                                                                                                                                                                                                                                                                              • Instruction ID: 03c77e44a5bd49d5adcbbbc7357f2d618ce2ff781a2b40b59b4f28f65829b406
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc0804f4c103f793c784cf4c7483c4fcd77a3d298a483efa9ec2adbee381f28d
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9E06576600115DBCB50DFD0DE48AAEB3B4AF04314F10447BD101F61D1E6F889519B6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402786 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0
                                                                                                                                                                                                                                                                                                • Part of subcall function 004060C5: wsprintfW.USER32 ref: 004060D2
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointerwsprintf
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 327478801-0
                                                                                                                                                                                                                                                                                              • Opcode ID: a43271754c7f07c99b9378ce98c7c6ca1c5cab0cf9015cd4f7670726b0543b0b
                                                                                                                                                                                                                                                                                              • Instruction ID: 0f14848d4f24c16631b00b750435c060a764b4453362ef8260df6bafad2d34e7
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a43271754c7f07c99b9378ce98c7c6ca1c5cab0cf9015cd4f7670726b0543b0b
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7FE01A71601114ABDB11EBA59E4ACAE766AAB40328B10443BF501F14E1CAB988619A2E
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405E05 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040DA15,0040CED0,004032EF,0040CED0,0040DA15,00414ED0,00004000,?,00000000,00403119,00000004), ref: 00405E19
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileWrite
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                                                                                                                                                                              • Instruction ID: dac0b8971ba2920abb5474f128329a0fa477ab7403896bbfc0984bb8014ca22f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AE08632100119ABCF105F50DC00EEB376CEB00350F004832FA65E2040E230EA219BE4
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402CC9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Open
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                                                                                                                                                                                                                                              • Instruction ID: ef45ff86538a2d51f1b0222ec8c1b297abd10be8bd22699319dc95f068cee933
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2cb17219caef5c2c057f25c6a0d5a563c17eea178cedf0001938d6a474f7be63
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE08676244108BFDB00DFA8DE47FD537ECAB14700F004031BA08D70D1C674E5508768
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405DD6 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040336B,0040A230,0040A230,0040326F,00414ED0,00004000,?,00000000,00403119), ref: 00405DEA
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                                                                                                                                                                                                                                              • Instruction ID: f39de87387fc754cac4ceee649b5e38243fe2bf9183d254406dbd5143e25ae03
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 367723d41a66009c2099c483b716accd4a6fea8915a9694eb2152ff5aa97eb4c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57E0EC3221125AABDF509F65DC08AEB7B6DEF05360F008837F955E6160D631E9219BE8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004022DF Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402310
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: PrivateProfileString
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1096422788-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 2412c5e6e38f405480bfb5068b9d3e64da5a88d06b16ee9e0a03aeafae2b93d0
                                                                                                                                                                                                                                                                                              • Instruction ID: 815fd251d1ef055c124add3867079dbd89389a2e6f50d5753089410e689aa70c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2412c5e6e38f405480bfb5068b9d3e64da5a88d06b16ee9e0a03aeafae2b93d0
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91E04F30800208BBDF01AFA4CE49DBD3B79AF00344F14043AF940AB0D5E7F89A819749
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040601F Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • MoveFileExW.KERNELBASE(?,?,00000005,00405B21,?,00000000,000000F1,?,?,?,?,?), ref: 00406029
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: lstrcpyW.KERNEL32(00426DC8,NUL), ref: 00405EBC
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,00406040,?,?), ref: 00405EE0
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00405EE9
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: GetShortPathNameW.KERNEL32(004275C8,004275C8,00000400), ref: 00405F06
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: wsprintfA.USER32 ref: 00405F24
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 00405F5F
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F6E
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405EAD: SetFilePointer.KERNEL32(0040A588,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A588,00000000,[Rename],00000000,00000000,00000000), ref: 00405FFC
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$NamePathShortlstrcpy$AllocCloseGlobalHandleMovePointerSizewsprintf
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2305538632-0
                                                                                                                                                                                                                                                                                              • Opcode ID: c3375b46b30391636c211c7ba3bb6b5856b401a82baf414915ce8378752f4d8e
                                                                                                                                                                                                                                                                                              • Instruction ID: 18bddb7de20ac1970eb55a3559b5efcfaddd6cd83010f6772ef5631c43e5a1b0
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3375b46b30391636c211c7ba3bb6b5856b401a82baf414915ce8378752f4d8e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBD0C73124C601BFDB255B10DD0591B7BA5FB90355F11C43EF595900B2E7368461EF0D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040336E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                                                                                                                                                                                                                                              • Instruction ID: 64c0fffafe8abe290eaf2022e63b776f1a4a3bd25e2fde741040b5855636c72c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c6da78d27ebc38603b4c87e6ff41e0916c1b34e9bb95e36f46a9ca6431a4e31
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70B01231140300BFDA214F00DF09F057B21AB90700F10C034B344780F086711075EB0D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                              Function 00404C59 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404C71
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404C7C
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CC6
                                                                                                                                                                                                                                                                                              • LoadBitmapW.USER32(0000006E), ref: 00404CD9
                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000FC,00405251), ref: 00404CF2
                                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D06
                                                                                                                                                                                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D18
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404D2E
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D3A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D4C
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00404D4F
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D7A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D86
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E1C
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E47
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E5B
                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404E8A
                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404E98
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00404EA9
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FA6
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040500B
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405020
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405044
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405064
                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 00405079
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00405089
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405102
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 004051AB
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051BA
                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004051DA
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00405228
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 00405233
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 0040523A
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                              • String ID: $M$N
                                                                                                                                                                                                                                                                                              • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                                                              • Opcode ID: 2479b366cad44d8d2a02fbd124e29c277f71441e1411fda8dea8c44bba4244d6
                                                                                                                                                                                                                                                                                              • Instruction ID: ce840dee0c3a5b827351c7f25dbf2e3605d0905f5c54158640504e6bfb71dde6
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2479b366cad44d8d2a02fbd124e29c277f71441e1411fda8dea8c44bba4244d6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C023EB0A00209EFDF209F64CD45AAE7BB5FB84355F10817AE610BA2E1C7799D52CF58
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040541C Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 0040547A
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405489
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004054C6
                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 004054CD
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054EE
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004054FF
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405512
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405520
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405533
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405555
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405569
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 0040558A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040559A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055B3
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055BF
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405498
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404277: SendMessageW.USER32(00000028,?,00000001,004040A3), ref: 00404285
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 004055DC
                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_000053B0,00000000), ref: 004055EA
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004055F1
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 00405615
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 0040561A
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405664
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405698
                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004056A9
                                                                                                                                                                                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056BD
                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004056DD
                                                                                                                                                                                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056F6
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040572E
                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 0040573E
                                                                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 00405744
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405750
                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0040575A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040576E
                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0040578E
                                                                                                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405799
                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 0040579F
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                              • String ID: (7B${
                                                                                                                                                                                                                                                                                              • API String ID: 590372296-525222780
                                                                                                                                                                                                                                                                                              • Opcode ID: 7d3ad4f7b905998d9e0ff1ed48f107a225979fc90d670cd13e2faa1d61a6de43
                                                                                                                                                                                                                                                                                              • Instruction ID: 3349dadf3efb3a8fdffdb79f187be012afacb07b5928e089a4a7fd9dccbac2fd
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d3ad4f7b905998d9e0ff1ed48f107a225979fc90d670cd13e2faa1d61a6de43
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60B15670900608FFDB119FA0DD89EAE3B79FB48354F40847AFA45A61A0CB754E52DF68
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00403D6A Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403DA6
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?), ref: 00403DC3
                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00403DD7
                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DF3
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403E14
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E28
                                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403E2F
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00403EDD
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 00403EE7
                                                                                                                                                                                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00403F01
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F52
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 00403FF8
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 00404019
                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 0040402B
                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,?), ref: 00404046
                                                                                                                                                                                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040405C
                                                                                                                                                                                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00404063
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040407B
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040408E
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00423728,?,00423728,00429240), ref: 004040B7
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00423728), ref: 004040CB
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 004041FF
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                                              • String ID: (7B
                                                                                                                                                                                                                                                                                              • API String ID: 184305955-3251261122
                                                                                                                                                                                                                                                                                              • Opcode ID: dd9405652fbbb87ab488d8a14d0aeb81f33be68f6094b2cdc8f2b1d388c01c08
                                                                                                                                                                                                                                                                                              • Instruction ID: 4530f9416eb169af0d44378ddba5762a1eee688012323a74912104aead4a3b33
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd9405652fbbb87ab488d8a14d0aeb81f33be68f6094b2cdc8f2b1d388c01c08
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5C1FFB1640200FFCB206F61EE84E2B3AA8EB95745F40057EF641B21F1CB7999529B6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004043DF Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 207windowstringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040447D
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 00404491
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044AE
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 004044BF
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044CD
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044DB
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?), ref: 004044E0
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044ED
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404502
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 0040455B
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000), ref: 00404562
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 0040458D
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045D0
                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004045DE
                                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 004045E1
                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(0000070B,open,004281E0,00000000,00000000,00000001), ref: 004045F6
                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404602
                                                                                                                                                                                                                                                                                              • SetCursor.USER32(00000000), ref: 00404605
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404634
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404646
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                                                                                              • String ID: N$VC@$open
                                                                                                                                                                                                                                                                                              • API String ID: 3615053054-3831744127
                                                                                                                                                                                                                                                                                              • Opcode ID: 33f5e1601642234e7e85cd0b58378a626179fffef457767216124dc14c27a8cd
                                                                                                                                                                                                                                                                                              • Instruction ID: ef28e404984a924d02769b335405a58d84a4f5c10dd13b46e9d300bde90bb2c1
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33f5e1601642234e7e85cd0b58378a626179fffef457767216124dc14c27a8cd
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 717191B1A00209BFDB10AF60DD45E6A7B69FB94344F00843AFB05B62E0D779AD51CF98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                              • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                              • String ID: F
                                                                                                                                                                                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                              • Opcode ID: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                                                                                                                                                                                                                                              • Instruction ID: fbc3582f0be17511ef24b6208279bd62f68a22b1f89f17edcf88e24f0ff4dafb
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 709e975422cda7ccbb1a7a25ffea5b6ea87087be701c8afe7ff27c60fd663942
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E418A71800209AFCF058F95DE459AFBBB9FF44310F00842EF991AA1A0C738EA55DFA4
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405EAD Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00426DC8,NUL), ref: 00405EBC
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,?,00406040,?,?), ref: 00405EE0
                                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00405EE9
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405CB8: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CC8
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405CB8: lstrlenA.KERNEL32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CFA
                                                                                                                                                                                                                                                                                              • GetShortPathNameW.KERNEL32(004275C8,004275C8,00000400), ref: 00405F06
                                                                                                                                                                                                                                                                                              • wsprintfA.USER32 ref: 00405F24
                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 00405F5F
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F6E
                                                                                                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA6
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(0040A588,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A588,00000000,[Rename],00000000,00000000,00000000), ref: 00405FFC
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406014
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe,80000000,00000003), ref: 00405D57
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405D53: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D79
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                                                                                                                              • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                                                                                                                                                                                              • API String ID: 222337774-899692902
                                                                                                                                                                                                                                                                                              • Opcode ID: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                                                                                                                                                                                                                                                              • Instruction ID: 52ae09e4e2a5e81e4d5588e003ad531eff1fe7f7ae6e2de5146a23cae23f7ad9
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b79c81f05b1b833d126071e3cf8f1dbc038624686787cc5f02dad872694d8803
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB315330241B19BBD2206B209D08F2B3A5CEF85758F15043BF942F62C2EA7CC9118EBD
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004046DD Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 0040472C
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00404756
                                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404807
                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 00404812
                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(004281E0,00423728,00000000,?,?), ref: 00404844
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(?,004281E0), ref: 00404850
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404862
                                                                                                                                                                                                                                                                                                • Part of subcall function 004058A7: GetDlgItemTextW.USER32(?,?,00000400,00404899), ref: 004058BA
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,00437800,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00403391,00437800,00437800,004035DE), ref: 00406475
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharNextW.USER32(?,?,?,00000000), ref: 00406484
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharNextW.USER32(?,00000000,74DF3420,00437800,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00403391,00437800,00437800,004035DE), ref: 00406489
                                                                                                                                                                                                                                                                                                • Part of subcall function 00406412: CharPrevW.USER32(?,?,74DF3420,00437800,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00403391,00437800,00437800,004035DE), ref: 0040649C
                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,00000001,004216F8,?,?,000003FB,?), ref: 00404925
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404940
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404A99: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3A
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404A99: wsprintfW.USER32 ref: 00404B43
                                                                                                                                                                                                                                                                                                • Part of subcall function 00404A99: SetDlgItemTextW.USER32(?,00423728), ref: 00404B56
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: (7B$A$C:\Program Files (x86)\TeamViewer
                                                                                                                                                                                                                                                                                              • API String ID: 2624150263-2237299938
                                                                                                                                                                                                                                                                                              • Opcode ID: b1c988a2c75076f1e590c134e256cc95cfc43452e7a67f3061b6eea54995cb3a
                                                                                                                                                                                                                                                                                              • Instruction ID: d5aaf60bd55b21875b9c8b9a8d0b3d7e01f34e6f89f3adcbdcc63617e1d21faf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1c988a2c75076f1e590c134e256cc95cfc43452e7a67f3061b6eea54995cb3a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7A191F1A00209ABDB11AFA5CC45AAF77B8EF84354F10847BF601B62D1D77C99418B6D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004042A9 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004042C6
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000000), ref: 004042E2
                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 004042EE
                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,?), ref: 004042FA
                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(?), ref: 0040430D
                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0040431D
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00404337
                                                                                                                                                                                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404341
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                              • Opcode ID: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                                                                                                                                                                                                                                              • Instruction ID: 2a82f640caf94e13ad52f77eccc7f6a005bf570db5d4005cc44859485eb84fad
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c443cadc41ebc586ff1270cf4c3a90a0d5c0685d314312a93ad56e7471fbb8ef
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F215171600704ABCB219F68DE08B4BBBF8AF81714F04892DED95E26A0D738E904CB64
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 0040264D
                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1
                                                                                                                                                                                                                                                                                                • Part of subcall function 00405E34: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E4A
                                                                                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                              • String ID: 9
                                                                                                                                                                                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                              • Opcode ID: 01588cc1e6d12b9eb48a34a041857950361e167f935f48975bd7f3d5c8a3ade6
                                                                                                                                                                                                                                                                                              • Instruction ID: fbd7f9394f7a40dbbdef10ea3a20ac1ae57b35180e29dd1ddeb30b88b5afce05
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01588cc1e6d12b9eb48a34a041857950361e167f935f48975bd7f3d5c8a3ade6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19510774D00219ABDF209F94CA88AAEB779FF04344F50447BE501B72E0D7B99982DB69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 004052DD Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                              • lstrcatW.KERNEL32(00422708,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2531174081-0
                                                                                                                                                                                                                                                                                              • Opcode ID: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                                                                                                                                                                                                                                                              • Instruction ID: d14990956ab1253184f877e9e8298894284f42a30aea32824f5004b5108fa95f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0d278b4f454602652d1392a5fb3045d02927be56822f9b38c604404e895085a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62217F71900518BACF119FA6DD44ACFBFB8EF85354F10807AF904B62A1C7B94A51DFA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00406412 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,00437800,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00403391,00437800,00437800,004035DE), ref: 00406475
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,?,?,00000000), ref: 00406484
                                                                                                                                                                                                                                                                                              • CharNextW.USER32(?,00000000,74DF3420,00437800,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00403391,00437800,00437800,004035DE), ref: 00406489
                                                                                                                                                                                                                                                                                              • CharPrevW.USER32(?,?,74DF3420,00437800,"C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE,00403391,00437800,00437800,004035DE), ref: 0040649C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • *?|<>/":, xrefs: 00406464
                                                                                                                                                                                                                                                                                              • "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE, xrefs: 00406412
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                              • String ID: "C:\Program Files (x86)\TeamViewer\RollbackTemp\TeamViewer_.exe" /RESTORE$*?|<>/":
                                                                                                                                                                                                                                                                                              • API String ID: 589700163-1944370740
                                                                                                                                                                                                                                                                                              • Opcode ID: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                                                                                                                                                                                                                                              • Instruction ID: c1b46f2de1f90aebbf911330ce555e940da56993e608f70b6a8db31027969b8c
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3235da6fa7aa45e9bf0ecdfd9fa5d30a804d535f67a6192059b6605710e04147
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5311C85680121299DB307B588C40AB7A2B8EF55754F52803FEDCA732C1E77C5C9286BD
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402D9F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000), ref: 00402DBA
                                                                                                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402DD8
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402E06
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 00405315
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrlenW.KERNEL32(00402E19,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 00405325
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: lstrcatW.KERNEL32(00422708,00402E19), ref: 00405338
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SetWindowTextW.USER32(00422708,00422708), ref: 0040534A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538A
                                                                                                                                                                                                                                                                                                • Part of subcall function 004052DD: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405398
                                                                                                                                                                                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402E2A
                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00402E38
                                                                                                                                                                                                                                                                                                • Part of subcall function 00402D83: MulDiv.KERNEL32(00000000,00000064,000FCACD), ref: 00402D98
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                                                                                              • String ID: ... %d%%
                                                                                                                                                                                                                                                                                              • API String ID: 722711167-2449383134
                                                                                                                                                                                                                                                                                              • Opcode ID: 8ee64202bb889ad073ab03690c1da717cfa73e4708a38b32ca01aecf011a85b8
                                                                                                                                                                                                                                                                                              • Instruction ID: 67f39cb704aca6262626a7976268bb3bb8a333bdab68892006d91dd8afb4411f
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ee64202bb889ad073ab03690c1da717cfa73e4708a38b32ca01aecf011a85b8
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96016D70541614EBC721AB60EF4DA9B7A68AF00706B14417FF885F12E0CBF85865CBEE
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404BA7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BC2
                                                                                                                                                                                                                                                                                              • GetMessagePos.USER32 ref: 00404BCA
                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404BE4
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BF6
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C1C
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                              • String ID: f
                                                                                                                                                                                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                              • Opcode ID: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                                                                                                                                                                                                                                              • Instruction ID: 45e0f6331f39cfe7836e80c9775163861a3897288b26a0b158bc224782e9bc0b
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0086211f2de0e1ca33d279ef662edcfa4b2f35d2ca496e99dd6aa4820b9c6f7a
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9015271901218BAEB00DB94DD45FFEBBBCAF54711F10012BBA51B61D0C7B495018B54
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402D04 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00402D56
                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402D66
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D78
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                              • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                                                                              • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                                                                                              • Opcode ID: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                                                                                                                                                                                                                                                              • Instruction ID: 006a23aec332b8a1771af90dfa9c1e08c84c5b856183a3bf167901723993fe13
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f920e2d473a8442ab140d7cb001c2dea54e1cd42605ecc10fb631262ba466dce
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2FF0367050020CABEF206F50DD49BEA3B69FF44305F00803AFA55B51D0DBF959558F59
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00402840 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 268536b817805fd7c6aa0ddf0c0313c96854f1d95891718e15f9d7c13f840f6f
                                                                                                                                                                                                                                                                                              • Instruction ID: 9003099e8900d80eaa65f9bf21adae6f43ee9946aaa6f9d478ae9c17af360c06
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 268536b817805fd7c6aa0ddf0c0313c96854f1d95891718e15f9d7c13f840f6f
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6216F72801118BBCF216FA5CE49D9E7F79EF09364F24423AF550762E0CB794E419B98
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00404A99 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3A
                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00404B43
                                                                                                                                                                                                                                                                                              • SetDlgItemTextW.USER32(?,00423728), ref: 00404B56
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                              • String ID: %u.%u%s%s$(7B
                                                                                                                                                                                                                                                                                              • API String ID: 3540041739-1320723960
                                                                                                                                                                                                                                                                                              • Opcode ID: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                                                                                                                                                                                                                                                              • Instruction ID: 8555a1dc09e6b234f76c08cd80d60a8511de1cbf1cdbca66d7a603e4fd23a7b2
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f8edb7a0e5a20212aa5a449d05d7effc420c8931a1b74a790ae22a69f051c3
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E911EB736441283BDB0095AD9C45F9E3298DB85378F150237FA26F71D1DA79D82286EC
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 6491dc860a80c02085eecb14b1266a63ebbf57ab5d60057a90a3d7af6463b562
                                                                                                                                                                                                                                                                                              • Instruction ID: c287ee2e14a47dfcdc45124cadc9b4dd0eb33b5564dd8f2f51e592e83ba53e14
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6491dc860a80c02085eecb14b1266a63ebbf57ab5d60057a90a3d7af6463b562
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33F0E172600504AFD701DBE4DE88CEEBBBDEB48311B104476F541F51A1CA749D018B38
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401D56 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • GetDC.USER32(?), ref: 00401D59
                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                                                                                                                                                                                                                              • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401DD1
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3808545654-0
                                                                                                                                                                                                                                                                                              • Opcode ID: 020d429652f6eb968a81cc61bdee73d82fb2a6d644655b906a561d6cebbfb8f5
                                                                                                                                                                                                                                                                                              • Instruction ID: 9e8fd183d3d9d3ef172346538d4b27734d94fdc92d2c471f4f64b2fa811a60c8
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 020d429652f6eb968a81cc61bdee73d82fb2a6d644655b906a561d6cebbfb8f5
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F601A271544641EFEB016BB0AF4AF9A3F75BB65301F104579F152B61E2CA7C0006AB2D
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                              • String ID: !
                                                                                                                                                                                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                              • Opcode ID: 298dafdcb9fb76c6349735f3086c7c7de60bc97eebb8a6152003ba88438aff8e
                                                                                                                                                                                                                                                                                              • Instruction ID: 9ab6cbc1baff8286944736a18d7265b6422843b7a732a624d4201333bc7942cf
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 298dafdcb9fb76c6349735f3086c7c7de60bc97eebb8a6152003ba88438aff8e
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2219071940209BEEF01AFB5CE4AABE7B75EF44744F10403EFA01B61D1D6B88A409B69
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 00405280
                                                                                                                                                                                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004052D1
                                                                                                                                                                                                                                                                                                • Part of subcall function 0040428E: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A0
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                              • Opcode ID: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                                                                                                                                                                                                                                              • Instruction ID: 35360b72f4910b777185a6264b25dc7760dbd7dc789205491e41d57b326ac1ec
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c38682ff548693de77d02b4aeee144e7a7efb8abd51762e205331c359b10038
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B019E71210708ABDF208F11DD84E9B3A35EF94321F60443AFA00761D1C77A8D529E6A
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 0040585E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 00405887
                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405894
                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                              • Error launching installer, xrefs: 00405871
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                              • String ID: Error launching installer
                                                                                                                                                                                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                                              • Opcode ID: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                                                                                                                                                                                                                                              • Instruction ID: 0fb7bd0647ee639374dbc29985885c8cd5f4694ddcbbc5ba66c50ad851a9a680
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 03ab27a360793ac613c0483ba4ee8f6366951212bcf32abb356d437eb8ce57e6
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22E04FB0A002097FEB009B64ED45F7B77ACEB04208F408431BD00F2150D77498248A78
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                              Function 00405CB8 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CC8
                                                                                                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405CE0
                                                                                                                                                                                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CF1
                                                                                                                                                                                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405F99,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CFA
                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                              • Source File: 00000013.00000002.2384421055.0000000000401000.00000020.00000001.01000000.00000020.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384249486.0000000000400000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384499233.0000000000408000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000040A000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000425000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000427000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.000000000042C000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000430000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000435000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2384601202.0000000000438000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.0000000000485000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              • Associated: 00000013.00000002.2386101656.00000000004C7000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_19_2_400000_TeamViewer_.jbxd
                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                              • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                              • Opcode ID: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                                                                                                                                                                                                                                              • Instruction ID: b09c91cad7c2282b041c35ea214dbdd3f15ee75aa50bf55fe933874c09a5e2ef
                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d13a305aa79855a3845d1893bd1e44018cb4e3b8a4cc5142433a7699c001be6c
                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFF0F631104954FFD702DFA5DD04E9FBBA8EF06350B2180BAE841F7210D674DE01ABA8
                                                                                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                                                                                              Uniqueness Score: -1.00%